Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/ZBy7Fz6DnFqFYZyZydiPZCzk1pM.roa
File:                     ZBy7Fz6DnFqFYZyZydiPZCzk1pM.roa (raw, json)
Hash identifier:          alwFQtCLcujEeo5U/sL5yi4tnlB6DwQt3vJg1TTLjFE=
Subject key identifier:   64:1C:BB:17:3E:83:9C:5A:85:61:9C:99:C9:D8:8F:64:2C:E4:D6:93
Certificate issuer:       /CN=c5de32bb9cc99e115ddbaf6b7fa23051789f2f61
Certificate serial:       018CC42450180C02DD581E8FCF844E5A8A02
Authority key identifier: C5:DE:32:BB:9C:C9:9E:11:5D:DB:AF:6B:7F:A2:30:51:78:9F:2F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xd4yu5zJnhFd269rf6IwUXifL2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/ZBy7Fz6DnFqFYZyZydiPZCzk1pM.roa
Signing time:             Mon 01 Jan 2024 08:29:23 +0000
ROA not before:           Mon 01 Jan 2024 08:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.29.58.0/24 maxlen: 24
                          194.29.57.0/24 maxlen: 24
                          194.29.56.0/24 maxlen: 24
                          194.29.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/xd4yu5zJnhFd269rf6IwUXifL2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/xd4yu5zJnhFd269rf6IwUXifL2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xd4yu5zJnhFd269rf6IwUXifL2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:50:18:0c:02:dd:58:1e:8f:cf:84:4e:5a:8a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5de32bb9cc99e115ddbaf6b7fa23051789f2f61
        Validity
            Not Before: Jan  1 08:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=641cbb173e839c5a85619c99c9d88f642ce4d693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d7:dc:ba:63:94:e6:f2:b3:9b:21:24:89:ca:
                    12:69:fd:2e:c3:9d:d8:7f:a3:5f:6e:d6:98:1d:b3:
                    f0:95:2a:bc:1b:58:6d:b2:9f:d0:77:1c:6b:45:85:
                    9d:9e:98:9c:ba:3d:6c:ba:ff:7d:48:df:99:33:02:
                    8e:5c:ee:b2:24:0e:21:36:a2:13:83:2b:90:89:fa:
                    de:9d:4c:14:c6:da:3a:e9:d6:ed:e6:7d:7b:7b:53:
                    37:3a:23:f2:b3:7f:e9:2f:83:e0:95:01:f2:f1:b9:
                    03:62:c0:47:5f:1c:1d:1a:4a:d4:91:c5:6c:f8:7a:
                    a2:6b:49:6c:03:8c:2c:02:c1:8b:ac:c5:16:2e:b2:
                    ba:b3:54:09:da:3a:69:86:16:d5:17:7b:b2:2f:a9:
                    55:ed:65:75:72:c1:1b:8a:fa:60:7e:f4:be:d9:09:
                    29:28:e1:34:f4:8b:a1:26:7b:cd:fe:3c:96:67:b3:
                    9c:da:86:6f:f8:59:a9:7f:0a:d2:9d:8c:03:dd:5b:
                    c7:98:58:2d:e3:2a:8d:c6:0d:b8:3b:dd:6c:9c:d6:
                    a6:13:9e:b1:95:b4:87:11:fd:d1:f3:8c:f7:b6:93:
                    6a:c5:c6:1e:22:89:a9:70:64:5c:ac:0b:8b:a9:1a:
                    9d:cc:26:68:33:5c:96:ba:d1:32:47:ce:5d:72:d9:
                    95:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:1C:BB:17:3E:83:9C:5A:85:61:9C:99:C9:D8:8F:64:2C:E4:D6:93
            X509v3 Authority Key Identifier:
                keyid:C5:DE:32:BB:9C:C9:9E:11:5D:DB:AF:6B:7F:A2:30:51:78:9F:2F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xd4yu5zJnhFd269rf6IwUXifL2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/ZBy7Fz6DnFqFYZyZydiPZCzk1pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bd09e7-c40b-47a6-8a2e-0636753679b6/1/xd4yu5zJnhFd269rf6IwUXifL2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.29.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:5f:06:6a:d3:5a:f5:c0:9d:22:ff:ae:b1:05:28:64:30:6f:
         5c:6b:51:c9:fe:c3:79:da:fd:13:ba:dc:d0:db:a6:f2:4a:ab:
         1e:dc:58:ef:c7:a9:c6:55:b9:ff:38:d0:35:fb:60:df:5f:46:
         b3:b4:bf:9e:6a:8b:fc:98:37:8a:72:aa:05:dd:29:1f:77:37:
         cf:8b:fa:8a:9d:b8:0d:a5:9d:c4:ac:c0:cc:57:81:07:1c:79:
         80:ba:99:0c:53:9b:f1:5a:84:96:f6:2d:bf:8a:17:98:f3:7f:
         61:21:e2:c4:4d:d8:ae:16:90:f6:2c:3b:e9:02:95:0f:5c:e6:
         5d:a3:09:0e:43:3d:2f:f4:4f:87:29:57:cd:5b:1a:18:ab:bf:
         72:ee:e2:ed:8f:f7:64:82:f9:90:ca:49:a8:79:b1:0c:99:55:
         65:7b:9c:42:81:1e:e6:77:dd:dd:78:3e:92:68:e0:1e:86:44:
         c7:60:2a:2c:d2:ff:9a:86:80:2d:64:71:c4:c4:68:6c:aa:cf:
         b8:a9:7a:04:00:71:7e:b7:5e:31:e1:bd:e1:8b:a9:a3:b2:57:
         d2:46:66:4d:8c:50:87:63:fc:4e:f8:f5:a9:71:fe:ea:25:3d:
         59:c4:1d:74:62:51:ee:b9:89:c6:ba:10:cf:c7:a8:98:83:b9:
         8d:d8:0f:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFAYDALdWB6Pz4ROWooCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZGUzMmJiOWNjOTllMTE1ZGRiYWY2YjdmYTIzMDUxNzg5
ZjJmNjEwHhcNMjQwMTAxMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDFjYmIxNzNlODM5YzVhODU2MTljOTljOWQ4OGY2NDJjZTRkNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutfcumOU5vKzmyEkicoSaf0uw53Y
f6NfbtaYHbPwlSq8G1htsp/QdxxrRYWdnpicuj1suv99SN+ZMwKOXO6yJA4hNqIT
gyuQifrenUwUxto66dbt5n17e1M3OiPys3/pL4PglQHy8bkDYsBHXxwdGkrUkcVs
+Hqia0lsA4wsAsGLrMUWLrK6s1QJ2jpphhbVF3uyL6lV7WV1csEbivpgfvS+2Qkp
KOE09IuhJnvN/jyWZ7Oc2oZv+FmpfwrSnYwD3VvHmFgt4yqNxg24O91snNamE56x
lbSHEf3R84z3tpNqxcYeIompcGRcrAuLqRqdzCZoM1yWutEyR85dctmV9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQcuxc+g5xahWGcmcnYj2Qs5NaTMB8GA1UdIwQY
MBaAFMXeMrucyZ4RXduva3+iMFF4ny9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGQ0eXU1ekpuaEZkMjY5cmY2SXdVWGlmTDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9iZDA5ZTctYzQwYi00N2E2LThhMmUt
MDYzNjc1MzY3OWI2LzEvWkJ5N0Z6NkRuRnFGWVp5WnlkaVBaQ3prMXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9iZDA5ZTctYzQwYi00N2E2LThhMmUtMDYzNjc1MzY3OWI2
LzEveGQ0eXU1ekpuaEZkMjY5cmY2SXdVWGlmTDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwh04MA0G
CSqGSIb3DQEBCwUAA4IBAQBRXwZq01r1wJ0i/66xBShkMG9ca1HJ/sN52v0TutzQ
26bySqse3Fjvx6nGVbn/ONA1+2DfX0aztL+eaov8mDeKcqoF3SkfdzfPi/qKnbgN
pZ3ErMDMV4EHHHmAupkMU5vxWoSW9i2/iheY839hIeLETdiuFpD2LDvpApUPXOZd
owkOQz0v9E+HKVfNWxoYq79y7uLtj/dkgvmQykmoebEMmVVle5xCgR7md93deD6S
aOAehkTHYCos0v+ahoAtZHHExGhsqs+4qXoEAHF+t14x4b3hi6mjslfSRmZNjFCH
Y/xO+PWpcf7qJT1ZxB10YlHuuYnGuhDPx6iYg7mN2A9/
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:13:09 2024 by rpki-client on console-ams.rpki-client.org