Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/3490f8-7e9b-4e8e-b8ed-9d3e59da5ad1/1/fiUTXXgZZphjfHhVhtGHbrCXFfo.roa
File:                     fiUTXXgZZphjfHhVhtGHbrCXFfo.roa (raw, json)
Hash identifier:          srI9yezaW4tkb1ZdG1BaAKgPdcQrqm/TjPyvbv1GAm8=
Subject key identifier:   7E:25:13:5D:78:19:66:98:63:7C:78:55:86:D1:87:6E:B0:97:15:FA
Certificate issuer:       /CN=5c4b777d6a0175febba05b48b47cdf0a6b89d7fb
Certificate serial:       018CC26D25CC4DD21039BAB0B7E401EB1644
Authority key identifier: 5C:4B:77:7D:6A:01:75:FE:BB:A0:5B:48:B4:7C:DF:0A:6B:89:D7:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XEt3fWoBdf67oFtItHzfCmuJ1_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/3490f8-7e9b-4e8e-b8ed-9d3e59da5ad1/1/fiUTXXgZZphjfHhVhtGHbrCXFfo.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.42.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/3490f8-7e9b-4e8e-b8ed-9d3e59da5ad1/1/XEt3fWoBdf67oFtItHzfCmuJ1_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/3490f8-7e9b-4e8e-b8ed-9d3e59da5ad1/1/XEt3fWoBdf67oFtItHzfCmuJ1_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XEt3fWoBdf67oFtItHzfCmuJ1_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:25:cc:4d:d2:10:39:ba:b0:b7:e4:01:eb:16:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c4b777d6a0175febba05b48b47cdf0a6b89d7fb
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e25135d78196698637c785586d1876eb09715fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c8:0e:c8:5f:37:93:b5:75:3e:33:d8:7c:ab:
                    28:dd:71:73:20:c1:8c:8e:ad:eb:ca:eb:04:47:42:
                    68:fb:6b:31:a8:73:75:98:59:d9:33:a5:18:bf:25:
                    bf:43:98:29:60:4c:d6:25:97:6d:2a:9d:53:e0:50:
                    32:e9:1a:b5:68:70:91:2e:82:9c:01:5c:69:23:db:
                    74:01:e3:27:54:9d:29:ec:07:72:2c:c7:88:76:a9:
                    45:a7:fa:a7:04:a3:9b:ae:2c:8c:41:30:d0:b4:77:
                    fb:f6:d4:03:c9:0d:ea:b6:77:c6:66:b1:ce:fc:a3:
                    56:69:e4:b5:6f:97:cf:b1:94:d1:64:50:a9:32:35:
                    5a:b0:08:c6:5e:2d:97:bf:7c:fe:b2:28:46:1b:37:
                    da:2d:3f:de:c7:8b:af:7d:1b:e8:78:63:df:4c:c0:
                    48:9f:aa:88:36:19:f1:bb:8d:13:f3:49:20:bf:3a:
                    0c:de:f7:ea:93:f7:1c:a8:ce:4d:ac:83:cd:27:84:
                    54:04:a5:34:83:a9:91:c4:61:13:31:4b:dc:18:d9:
                    64:00:30:07:e5:6b:6d:3c:cc:da:25:1d:bb:8b:78:
                    61:15:0c:e2:39:c2:11:4a:3b:1d:c6:81:7e:3d:d7:
                    4d:df:42:7c:48:45:20:78:91:8c:9b:d5:60:86:11:
                    41:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:25:13:5D:78:19:66:98:63:7C:78:55:86:D1:87:6E:B0:97:15:FA
            X509v3 Authority Key Identifier:
                keyid:5C:4B:77:7D:6A:01:75:FE:BB:A0:5B:48:B4:7C:DF:0A:6B:89:D7:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XEt3fWoBdf67oFtItHzfCmuJ1_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/3490f8-7e9b-4e8e-b8ed-9d3e59da5ad1/1/fiUTXXgZZphjfHhVhtGHbrCXFfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/3490f8-7e9b-4e8e-b8ed-9d3e59da5ad1/1/XEt3fWoBdf67oFtItHzfCmuJ1_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.42.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         96:55:11:c5:bc:28:4b:2c:0e:f4:6f:28:ff:2c:ed:52:94:62:
         b8:ab:b0:a1:4f:ed:a4:3a:4c:2b:eb:ab:f6:16:c0:72:f2:20:
         9a:96:6e:0d:65:d7:fa:c4:af:4a:3c:5a:db:9b:fa:65:fc:9f:
         4b:a3:67:79:3b:b8:c8:9f:ef:1b:85:a9:cc:3e:4f:d5:3a:8e:
         71:c6:79:cf:e7:67:de:a0:3f:ec:31:8c:7f:9c:30:f7:83:fd:
         59:a4:45:96:76:15:37:5f:14:82:36:28:f2:3e:6e:ff:a6:75:
         5d:f9:03:3e:08:f4:d8:1b:9e:d9:0e:9d:07:a2:d9:95:d8:67:
         e1:d3:2a:65:a2:9d:cf:0c:32:60:4a:af:88:c0:14:18:a7:b9:
         ec:fa:33:da:17:98:82:e5:0f:89:c6:05:17:98:11:79:c7:4b:
         a1:5f:52:c8:25:a2:c2:4c:e3:73:b1:ec:a7:8b:45:a4:2e:73:
         92:c5:ba:75:79:7d:1b:c0:8e:8f:94:e0:ac:82:99:54:87:a9:
         5f:bd:a1:81:5d:a6:70:94:18:6c:15:80:d2:ab:f0:d6:03:07:
         a9:c5:45:c0:3f:55:53:f8:fa:34:95:5b:b0:d8:3f:21:72:43:
         56:aa:10:0d:13:94:e7:33:18:03:20:89:bb:d3:99:58:f5:30:
         a2:34:6a:c4
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzCbSXMTdIQObqwt+QB6xZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNGI3NzdkNmEwMTc1ZmViYmEwNWI0OGI0N2NkZjBhNmI4
OWQ3ZmIwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTI1MTM1ZDc4MTk2Njk4NjM3Yzc4NTU4NmQxODc2ZWIwOTcxNWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMgOyF83k7V1PjPYfKso3XFzIMGM
jq3ryusER0Jo+2sxqHN1mFnZM6UYvyW/Q5gpYEzWJZdtKp1T4FAy6Rq1aHCRLoKc
AVxpI9t0AeMnVJ0p7AdyLMeIdqlFp/qnBKObriyMQTDQtHf79tQDyQ3qtnfGZrHO
/KNWaeS1b5fPsZTRZFCpMjVasAjGXi2Xv3z+sihGGzfaLT/ex4uvfRvoeGPfTMBI
n6qINhnxu40T80kgvzoM3vfqk/ccqM5NrIPNJ4RUBKU0g6mRxGETMUvcGNlkADAH
5WttPMzaJR27i3hhFQziOcIRSjsdxoF+PddN30J8SEUgeJGMm9VghhFBYQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFH4lE114GWaYY3x4VYbRh26wlxX6MB8GA1UdIwQY
MBaAFFxLd31qAXX+u6BbSLR83wpridf7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEV0M2ZXb0JkZjY3b0Z0SXRIemZDbXVKMV9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zNDkwZjgtN2U5Yi00ZThlLWI4ZWQt
OWQzZTU5ZGE1YWQxLzEvZmlVVFhYZ1pacGhqZkhoVmh0R0hickNYRmZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zNDkwZjgtN2U5Yi00ZThlLWI4ZWQtOWQzZTU5ZGE1YWQx
LzEvWEV0M2ZXb0JkZjY3b0Z0SXRIemZDbXVKMV9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjSowDQYJ
KoZIhvcNAQELBQADggEBAJZVEcW8KEssDvRvKP8s7VKUYrirsKFP7aQ6TCvrq/YW
wHLyIJqWbg1l1/rEr0o8Wtub+mX8n0ujZ3k7uMif7xuFqcw+T9U6jnHGec/nZ96g
P+wxjH+cMPeD/VmkRZZ2FTdfFII2KPI+bv+mdV35Az4I9NgbntkOnQei2ZXYZ+HT
KmWinc8MMmBKr4jAFBinuez6M9oXmILlD4nGBReYEXnHS6FfUsglosJM43Ox7KeL
RaQuc5LFunV5fRvAjo+U4KyCmVSHqV+9oYFdpnCUGGwVgNKr8NYDB6nFRcA/VVP4
+jSVW7DYPyFyQ1aqEA0TlOczGAMgibvTmVj1MKI0asQ=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:00:45 2024 by rpki-client on console-ams.rpki-client.org