Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/938430-07b4-45b3-9496-f53ee32ed816/1/lyroA4dCT7RkBVImmk7axDw7Ac0.roa
File:                     lyroA4dCT7RkBVImmk7axDw7Ac0.roa (raw, json)
Hash identifier:          zJCYvY8kuH+vRYajnq9zpJeQBbUV6UuxVmErfr3KHtw=
Subject key identifier:   97:2A:E8:03:87:42:4F:B4:64:05:52:26:9A:4E:DA:C4:3C:3B:01:CD
Certificate issuer:       /CN=d8aaac05996a5b4614c6eedaffe7f8f5f9a2bc67
Certificate serial:       018CC86F690B3245FBE0635CB46E4DAE16F5
Authority key identifier: D8:AA:AC:05:99:6A:5B:46:14:C6:EE:DA:FF:E7:F8:F5:F9:A2:BC:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2KqsBZlqW0YUxu7a_-f49fmivGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/938430-07b4-45b3-9496-f53ee32ed816/1/lyroA4dCT7RkBVImmk7axDw7Ac0.roa
Signing time:             Tue 02 Jan 2024 04:29:53 +0000
ROA not before:           Tue 02 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56595
IP address blocks:        192.124.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/938430-07b4-45b3-9496-f53ee32ed816/1/2KqsBZlqW0YUxu7a_-f49fmivGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/938430-07b4-45b3-9496-f53ee32ed816/1/2KqsBZlqW0YUxu7a_-f49fmivGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2KqsBZlqW0YUxu7a_-f49fmivGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:69:0b:32:45:fb:e0:63:5c:b4:6e:4d:ae:16:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8aaac05996a5b4614c6eedaffe7f8f5f9a2bc67
        Validity
            Not Before: Jan  2 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=972ae80387424fb4640552269a4edac43c3b01cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5a:40:c6:bd:f5:2b:85:2b:7a:d4:53:72:3a:
                    c6:ca:35:33:fe:90:2e:00:a8:d0:6f:26:e9:15:a3:
                    f5:0e:6d:67:a7:04:f3:0e:7a:af:06:9e:94:88:34:
                    49:48:4e:2e:08:37:1a:7f:b0:54:8b:8f:df:58:78:
                    76:20:43:7a:5b:00:f6:38:cd:46:83:f4:d2:73:93:
                    9d:cb:59:7a:84:70:86:86:dc:1c:4c:91:ec:44:0d:
                    40:2d:e6:65:e5:78:a8:e3:03:ad:88:e8:01:3d:f2:
                    c1:1e:92:fd:c8:95:df:34:d7:dc:c0:ad:16:89:84:
                    34:8e:50:f2:29:a9:9e:d7:3e:34:ee:e1:33:80:4c:
                    14:75:df:2d:7f:59:f4:56:49:10:4e:cf:31:49:9d:
                    91:66:c1:25:14:ce:d8:bb:fd:d2:9e:15:b1:13:e2:
                    9b:d7:1e:7a:85:0e:f7:1a:53:fc:0c:78:3b:fc:6d:
                    53:ef:f9:81:3c:11:af:8a:e3:51:2d:c0:4c:79:ee:
                    48:ce:58:7a:80:44:66:b5:e4:e1:63:75:57:2c:e3:
                    0c:76:9b:be:ef:96:15:ed:7a:c2:f0:03:d8:e1:da:
                    b1:5d:49:57:ee:43:a5:51:a9:15:8b:64:a6:7b:ca:
                    29:ac:41:28:c2:6a:0d:d8:62:f7:5c:b4:2b:ad:42:
                    fb:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:2A:E8:03:87:42:4F:B4:64:05:52:26:9A:4E:DA:C4:3C:3B:01:CD
            X509v3 Authority Key Identifier:
                keyid:D8:AA:AC:05:99:6A:5B:46:14:C6:EE:DA:FF:E7:F8:F5:F9:A2:BC:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2KqsBZlqW0YUxu7a_-f49fmivGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/938430-07b4-45b3-9496-f53ee32ed816/1/lyroA4dCT7RkBVImmk7axDw7Ac0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/938430-07b4-45b3-9496-f53ee32ed816/1/2KqsBZlqW0YUxu7a_-f49fmivGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:7d:45:c0:63:52:22:8f:de:d0:dd:64:0a:39:9e:2c:f7:cd:
         07:75:04:dd:61:7c:fd:29:3c:fb:d7:28:e0:fb:c3:8c:74:c6:
         2f:9a:e8:77:0b:39:3c:98:5d:89:77:64:4d:7e:03:88:0f:4d:
         f3:5a:5d:aa:f5:bf:b5:57:2d:25:45:9f:8f:3a:7e:f6:6b:d6:
         1e:1f:75:c4:3c:43:7e:0b:7c:95:34:89:ef:44:ac:c2:f0:7c:
         fe:b4:14:8f:73:2a:3c:ad:72:b9:56:2f:d0:19:01:d0:30:03:
         a2:c9:97:a2:66:3e:72:e9:03:67:28:2d:6e:2c:72:29:c3:75:
         9e:30:8f:75:25:a3:9f:70:5e:a9:a4:a7:b7:14:d8:08:0d:15:
         6e:b8:5b:a1:b5:f5:59:d6:52:b4:ba:5f:eb:2f:27:eb:fc:a2:
         15:7e:64:c2:54:4b:da:25:1f:95:3b:cf:31:ae:50:76:c3:05:
         9d:32:be:ea:6b:55:a4:74:4b:3e:8d:5b:83:7c:f8:55:58:c5:
         43:10:8c:a0:06:87:8a:79:d5:69:63:93:74:2a:e4:a3:97:45:
         51:4a:94:37:e1:bc:ce:0c:03:c3:44:e1:75:1c:b7:55:e1:b2:
         10:d1:d0:c4:ad:8b:9b:d4:eb:60:3c:05:78:46:cc:73:1d:3a:
         01:70:ba:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb2kLMkX74GNctG5Nrhb1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YWFhYzA1OTk2YTViNDYxNGM2ZWVkYWZmZTdmOGY1Zjlh
MmJjNjcwHhcNMjQwMTAyMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzJhZTgwMzg3NDI0ZmI0NjQwNTUyMjY5YTRlZGFjNDNjM2IwMWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFpAxr31K4UretRTcjrGyjUz/pAu
AKjQbybpFaP1Dm1npwTzDnqvBp6UiDRJSE4uCDcaf7BUi4/fWHh2IEN6WwD2OM1G
g/TSc5Ody1l6hHCGhtwcTJHsRA1ALeZl5Xio4wOtiOgBPfLBHpL9yJXfNNfcwK0W
iYQ0jlDyKame1z407uEzgEwUdd8tf1n0VkkQTs8xSZ2RZsElFM7Yu/3SnhWxE+Kb
1x56hQ73GlP8DHg7/G1T7/mBPBGviuNRLcBMee5Izlh6gERmteThY3VXLOMMdpu+
75YV7XrC8APY4dqxXUlX7kOlUakVi2Sme8oprEEowmoN2GL3XLQrrUL7swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcq6AOHQk+0ZAVSJppO2sQ8OwHNMB8GA1UdIwQY
MBaAFNiqrAWZaltGFMbu2v/n+PX5orxnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMktxc0JabHFXMFlVeHU3YV8tZjQ5Zm1pdkdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy85Mzg0MzAtMDdiNC00NWIzLTk0OTYt
ZjUzZWUzMmVkODE2LzEvbHlyb0E0ZENUN1JrQlZJbW1rN2F4RHc3QWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy85Mzg0MzAtMDdiNC00NWIzLTk0OTYtZjUzZWUzMmVkODE2
LzEvMktxc0JabHFXMFlVeHU3YV8tZjQ5Zm1pdkdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHzJMA0G
CSqGSIb3DQEBCwUAA4IBAQA+fUXAY1Iij97Q3WQKOZ4s980HdQTdYXz9KTz71yjg
+8OMdMYvmuh3Czk8mF2Jd2RNfgOID03zWl2q9b+1Vy0lRZ+POn72a9YeH3XEPEN+
C3yVNInvRKzC8Hz+tBSPcyo8rXK5Vi/QGQHQMAOiyZeiZj5y6QNnKC1uLHIpw3We
MI91JaOfcF6ppKe3FNgIDRVuuFuhtfVZ1lK0ul/rLyfr/KIVfmTCVEvaJR+VO88x
rlB2wwWdMr7qa1WkdEs+jVuDfPhVWMVDEIygBoeKedVpY5N0KuSjl0VRSpQ34bzO
DAPDROF1HLdV4bIQ0dDErYub1OtgPAV4RsxzHToBcLrC
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:00:41 2024 by rpki-client on console-ams.rpki-client.org