Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/f2ec09-5445-44ff-9915-dee9aaeffc9d/1/ENl-lExvFxp1Az6gm2DFpNRC0m8.roa
File:                     ENl-lExvFxp1Az6gm2DFpNRC0m8.roa (raw, json)
Hash identifier:          /NZxYsXba0biaj1cXoka2win4iDEdWrjnnHXcaKKWko=
Subject key identifier:   10:D9:7E:94:4C:6F:17:1A:75:03:3E:A0:9B:60:C5:A4:D4:42:D2:6F
Certificate issuer:       /CN=21abe0e06900d7b96076c00bb50d4f9dc0392f59
Certificate serial:       018DE475CFCB5C7517CA3D3B7F8D010B820B
Authority key identifier: 21:AB:E0:E0:69:00:D7:B9:60:76:C0:0B:B5:0D:4F:9D:C0:39:2F:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iavg4GkA17lgdsALtQ1PncA5L1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/f2ec09-5445-44ff-9915-dee9aaeffc9d/1/ENl-lExvFxp1Az6gm2DFpNRC0m8.roa
Signing time:             Mon 26 Feb 2024 08:09:02 +0000
ROA not before:           Mon 26 Feb 2024 08:09:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39872
IP address blocks:        195.170.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/f2ec09-5445-44ff-9915-dee9aaeffc9d/1/Iavg4GkA17lgdsALtQ1PncA5L1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/f2ec09-5445-44ff-9915-dee9aaeffc9d/1/Iavg4GkA17lgdsALtQ1PncA5L1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iavg4GkA17lgdsALtQ1PncA5L1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e4:75:cf:cb:5c:75:17:ca:3d:3b:7f:8d:01:0b:82:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21abe0e06900d7b96076c00bb50d4f9dc0392f59
        Validity
            Not Before: Feb 26 08:09:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10d97e944c6f171a75033ea09b60c5a4d442d26f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ac:8a:13:06:a7:87:67:8e:9c:03:c6:a5:93:
                    76:fc:11:87:10:27:34:10:0e:bb:27:69:68:6a:63:
                    01:12:5b:22:db:00:e3:43:7a:5e:cd:da:08:62:3a:
                    5b:0b:cd:f8:05:ac:f7:b2:e6:56:a2:b4:e7:0b:8c:
                    d1:84:44:e8:75:fd:f0:77:0b:d0:3f:c3:f1:8a:46:
                    45:67:f4:85:92:04:55:e8:3c:b6:24:26:02:28:bb:
                    cb:68:d8:b6:dc:aa:0e:af:ff:e2:c6:63:72:aa:d8:
                    7d:bb:eb:a1:95:49:a3:a8:11:d7:db:4b:96:95:4e:
                    af:fc:84:54:c3:ac:2a:33:98:30:eb:70:bc:d9:42:
                    d5:36:33:49:74:ae:32:4b:f3:03:61:79:7f:80:dc:
                    b9:b7:12:10:89:cf:b5:31:3e:01:de:9a:d8:85:54:
                    66:92:0d:fa:36:7a:b2:36:a4:11:86:ce:d2:6d:df:
                    72:0b:c3:7f:01:8e:7c:07:a8:5c:cf:69:9f:88:99:
                    3c:93:6e:60:d7:8f:41:03:49:77:a1:fa:b0:0d:3b:
                    65:20:94:2c:95:69:08:a0:4b:09:e3:80:af:da:53:
                    71:c6:c1:25:6c:44:22:f4:13:ab:a1:fc:4f:86:3e:
                    ed:cb:38:66:d5:a3:70:1d:57:eb:a3:35:e9:7e:c1:
                    89:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:D9:7E:94:4C:6F:17:1A:75:03:3E:A0:9B:60:C5:A4:D4:42:D2:6F
            X509v3 Authority Key Identifier:
                keyid:21:AB:E0:E0:69:00:D7:B9:60:76:C0:0B:B5:0D:4F:9D:C0:39:2F:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iavg4GkA17lgdsALtQ1PncA5L1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f2ec09-5445-44ff-9915-dee9aaeffc9d/1/ENl-lExvFxp1Az6gm2DFpNRC0m8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f2ec09-5445-44ff-9915-dee9aaeffc9d/1/Iavg4GkA17lgdsALtQ1PncA5L1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:9e:c6:c9:95:0e:39:1c:ee:fe:38:19:e3:53:7d:0f:11:a2:
         2a:e8:a2:bb:ab:c2:fc:e2:6f:33:1d:db:ed:e0:a7:bc:13:d0:
         7e:db:62:8c:77:91:4e:30:64:58:cb:8a:a8:f6:93:38:6c:74:
         18:84:42:57:a8:80:1e:98:f3:86:a0:0c:9b:07:ea:69:37:b6:
         43:f9:f1:4e:f2:92:5a:26:fa:3b:3f:f8:35:3c:7a:f1:c3:6d:
         5a:33:c7:be:e2:65:21:06:8a:74:e9:e9:fb:b3:b2:50:c2:b1:
         b6:f3:17:af:50:ae:e3:84:2a:a1:47:da:68:09:f1:2c:3e:81:
         b8:dc:96:c4:fa:26:8b:c8:ba:0a:77:96:d2:ca:b4:a8:c8:4f:
         c0:77:d4:6d:99:b1:69:71:34:22:e3:bf:e5:ea:04:65:3c:8f:
         b6:7e:07:c8:05:b0:19:51:e6:08:b6:b4:2c:4f:72:ff:8a:a5:
         ae:19:2f:dd:a1:73:ca:0b:e7:ce:24:31:cb:3c:d7:d0:3b:25:
         56:8a:a6:ce:b1:c5:40:f7:39:a4:37:3f:05:9a:e9:a6:e4:c0:
         aa:d2:fd:03:79:14:65:82:a6:36:76:12:c7:eb:06:1e:45:94:
         81:92:b2:86:a3:3f:3c:82:bf:fd:68:65:9e:22:fd:1c:09:9f:
         35:f3:f9:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3kdc/LXHUXyj07f40BC4ILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYWJlMGUwNjkwMGQ3Yjk2MDc2YzAwYmI1MGQ0ZjlkYzAz
OTJmNTkwHhcNMjQwMjI2MDgwOTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGQ5N2U5NDRjNmYxNzFhNzUwMzNlYTA5YjYwYzVhNGQ0NDJkMjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuayKEwanh2eOnAPGpZN2/BGHECc0
EA67J2loamMBElsi2wDjQ3pezdoIYjpbC834Baz3suZWorTnC4zRhETodf3wdwvQ
P8PxikZFZ/SFkgRV6Dy2JCYCKLvLaNi23KoOr//ixmNyqth9u+uhlUmjqBHX20uW
lU6v/IRUw6wqM5gw63C82ULVNjNJdK4yS/MDYXl/gNy5txIQic+1MT4B3prYhVRm
kg36NnqyNqQRhs7Sbd9yC8N/AY58B6hcz2mfiJk8k25g149BA0l3ofqwDTtlIJQs
lWkIoEsJ44Cv2lNxxsElbEQi9BOrofxPhj7tyzhm1aNwHVfrozXpfsGJzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBDZfpRMbxcadQM+oJtgxaTUQtJvMB8GA1UdIwQY
MBaAFCGr4OBpANe5YHbAC7UNT53AOS9ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWF2ZzRHa0ExN2xnZHNBTHRRMVBuY0E1TDFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9mMmVjMDktNTQ0NS00NGZmLTk5MTUt
ZGVlOWFhZWZmYzlkLzEvRU5sLWxFeHZGeHAxQXo2Z20yREZwTlJDMG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9mMmVjMDktNTQ0NS00NGZmLTk5MTUtZGVlOWFhZWZmYzlk
LzEvSWF2ZzRHa0ExN2xnZHNBTHRRMVBuY0E1TDFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6qxMA0G
CSqGSIb3DQEBCwUAA4IBAQANnsbJlQ45HO7+OBnjU30PEaIq6KK7q8L84m8zHdvt
4Ke8E9B+22KMd5FOMGRYy4qo9pM4bHQYhEJXqIAemPOGoAybB+ppN7ZD+fFO8pJa
Jvo7P/g1PHrxw21aM8e+4mUhBop06en7s7JQwrG28xevUK7jhCqhR9poCfEsPoG4
3JbE+iaLyLoKd5bSyrSoyE/Ad9RtmbFpcTQi47/l6gRlPI+2fgfIBbAZUeYItrQs
T3L/iqWuGS/doXPKC+fOJDHLPNfQOyVWiqbOscVA9zmkNz8Fmumm5MCq0v0DeRRl
gqY2dhLH6wYeRZSBkrKGoz88gr/9aGWeIv0cCZ818/kv
-----END CERTIFICATE-----
Generated at Tue Nov 26 22:53:58 2024 by rpki-client on console-fra.rpki-client.org