Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/ua2D3DZ_yFjqLtiaonk0Ekn2xWw.roa
File:                     ua2D3DZ_yFjqLtiaonk0Ekn2xWw.roa (raw, json)
Hash identifier:          QJ9Ho0jYdXTiLzW+Tmdnr+5RyxpgnT1FVAg0oVraMeo=
Subject key identifier:   B9:AD:83:DC:36:7F:C8:58:EA:2E:D8:9A:A2:79:34:12:49:F6:C5:6C
Certificate issuer:       /CN=a5a42d260d5ecdc2fa2b0b5dbf603b90d715444d
Certificate serial:       018CC7275E4C08704C8B30A61BFC0ED74A1C
Authority key identifier: A5:A4:2D:26:0D:5E:CD:C2:FA:2B:0B:5D:BF:60:3B:90:D7:15:44:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/paQtJg1ezcL6Kwtdv2A7kNcVRE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/ua2D3DZ_yFjqLtiaonk0Ekn2xWw.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44097
IP address blocks:        193.27.0.0/24 maxlen: 24
                          193.43.214.0/24 maxlen: 24
                          2001:67c:ec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/paQtJg1ezcL6Kwtdv2A7kNcVRE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/paQtJg1ezcL6Kwtdv2A7kNcVRE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/paQtJg1ezcL6Kwtdv2A7kNcVRE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5e:4c:08:70:4c:8b:30:a6:1b:fc:0e:d7:4a:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5a42d260d5ecdc2fa2b0b5dbf603b90d715444d
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9ad83dc367fc858ea2ed89aa279341249f6c56c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9e:76:d9:ad:4f:31:72:30:1d:00:f6:65:e5:
                    1d:3c:c1:1f:e1:9e:05:fa:b1:9a:d5:bc:50:05:73:
                    82:2a:a2:00:35:9f:3c:05:0f:39:eb:7f:02:f0:87:
                    67:f1:96:ce:de:b6:0b:aa:dc:12:7a:39:fa:7d:78:
                    51:5a:59:cb:60:aa:e1:d8:79:bf:e9:15:83:50:7d:
                    78:55:18:6a:30:bc:cb:07:1f:90:75:fc:79:24:ce:
                    17:05:5b:56:62:07:ee:99:9c:68:ff:b6:55:c9:b5:
                    f5:bd:a9:64:0b:fd:d4:4b:8d:3a:db:75:2f:a0:72:
                    61:f8:d2:a5:2b:e6:dc:f1:e7:0e:96:f3:bb:13:3e:
                    f5:ae:3f:54:1c:c5:77:b4:81:06:7a:d6:1f:19:54:
                    bc:c6:c9:02:0e:f3:1d:cc:2f:71:19:43:d5:f8:0a:
                    f4:a6:14:bc:0f:22:b3:9c:63:17:b4:97:0b:12:ca:
                    73:b9:38:44:54:91:ed:ad:f3:29:c1:0a:34:dc:26:
                    3a:75:87:c0:c0:5c:3d:cb:0d:bd:50:de:ea:3f:40:
                    53:a8:e9:21:e3:98:7d:c7:c6:15:fc:bd:55:81:03:
                    97:26:2e:64:1c:fd:2d:87:c8:8b:74:71:10:36:69:
                    d3:ed:f7:1f:53:86:e1:07:e2:41:4f:f6:d4:0a:f8:
                    13:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:AD:83:DC:36:7F:C8:58:EA:2E:D8:9A:A2:79:34:12:49:F6:C5:6C
            X509v3 Authority Key Identifier:
                keyid:A5:A4:2D:26:0D:5E:CD:C2:FA:2B:0B:5D:BF:60:3B:90:D7:15:44:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/paQtJg1ezcL6Kwtdv2A7kNcVRE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/ua2D3DZ_yFjqLtiaonk0Ekn2xWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c392d7-0a99-41c9-a2cd-f0d2b943cb53/1/paQtJg1ezcL6Kwtdv2A7kNcVRE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.0.0/24
                  193.43.214.0/24
                IPv6:
                  2001:67c:ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:e4:a5:18:9c:6f:04:6d:6a:36:a8:a8:fa:ae:45:7d:79:e0:
         09:98:e1:91:69:ea:5f:09:74:f6:47:83:29:4f:42:80:9f:67:
         74:dd:77:88:f7:33:8c:35:50:fe:4b:3a:3f:a9:43:ec:ee:c9:
         9e:10:ae:86:28:c3:f9:b8:bc:ac:0b:0e:5b:14:41:b7:4f:a0:
         9e:39:9c:b5:d5:e3:ea:35:2e:99:3c:46:7f:a3:62:29:aa:f1:
         f6:68:6b:c6:1b:8f:05:46:26:f9:2f:73:d6:f1:60:0f:93:0e:
         f5:d6:4f:61:5d:94:a7:96:6c:a0:82:1b:50:4a:0a:28:eb:35:
         b4:02:01:9e:55:73:ac:32:cd:28:ef:15:39:d8:cf:f6:86:d3:
         8f:94:ee:64:28:ca:a4:4b:54:1e:18:9e:78:df:25:6e:bf:27:
         5e:17:fc:ca:73:30:5a:05:db:9c:57:e8:1b:90:12:57:49:40:
         24:e3:58:58:ac:c0:74:63:17:7d:df:4b:56:63:b6:76:b9:53:
         00:c7:02:25:d1:eb:01:c9:13:71:13:3e:9b:b0:fb:e4:f9:4b:
         a5:b0:0a:c1:75:37:1c:6b:9f:9a:10:07:b3:64:c7:0c:30:9f:
         4b:54:e1:05:ee:48:50:57:8e:10:20:a4:e7:e8:d0:e5:ef:12:
         80:f7:8b:c0
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzHJ15MCHBMizCmG/wO10ocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTQyZDI2MGQ1ZWNkYzJmYTJiMGI1ZGJmNjAzYjkwZDcx
NTQ0NGQwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWFkODNkYzM2N2ZjODU4ZWEyZWQ4OWFhMjc5MzQxMjQ5ZjZjNTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZ522a1PMXIwHQD2ZeUdPMEf4Z4F
+rGa1bxQBXOCKqIANZ88BQ85638C8Idn8ZbO3rYLqtwSejn6fXhRWlnLYKrh2Hm/
6RWDUH14VRhqMLzLBx+Qdfx5JM4XBVtWYgfumZxo/7ZVybX1valkC/3US40623Uv
oHJh+NKlK+bc8ecOlvO7Ez71rj9UHMV3tIEGetYfGVS8xskCDvMdzC9xGUPV+Ar0
phS8DyKznGMXtJcLEspzuThEVJHtrfMpwQo03CY6dYfAwFw9yw29UN7qP0BTqOkh
45h9x8YV/L1VgQOXJi5kHP0th8iLdHEQNmnT7fcfU4bhB+JBT/bUCvgT/wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLmtg9w2f8hY6i7YmqJ5NBJJ9sVsMB8GA1UdIwQY
MBaAFKWkLSYNXs3C+isLXb9gO5DXFURNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFRdEpnMWV6Y0w2S3d0ZHYyQTdrTmNWUkUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jMzkyZDctMGE5OS00MWM5LWEyY2Qt
ZjBkMmI5NDNjYjUzLzEvdWEyRDNEWl95RmpxTHRpYW9uazBFa24yeFd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jMzkyZDctMGE5OS00MWM5LWEyY2QtZjBkMmI5NDNjYjUz
LzEvcGFRdEpnMWV6Y0w2S3d0ZHYyQTdrTmNWUkUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwRsAAwQA
wSvWMA8EAgACMAkDBwAgAQZ8AOwwDQYJKoZIhvcNAQELBQADggEBAJjkpRicbwRt
ajaoqPquRX154AmY4ZFp6l8JdPZHgylPQoCfZ3Tdd4j3M4w1UP5LOj+pQ+zuyZ4Q
roYow/m4vKwLDlsUQbdPoJ45nLXV4+o1Lpk8Rn+jYimq8fZoa8YbjwVGJvkvc9bx
YA+TDvXWT2FdlKeWbKCCG1BKCijrNbQCAZ5Vc6wyzSjvFTnYz/aG04+U7mQoyqRL
VB4YnnjfJW6/J14X/MpzMFoF25xX6BuQEldJQCTjWFiswHRjF33fS1Zjtna5UwDH
AiXR6wHJE3ETPpuw++T5S6WwCsF1Nxxrn5oQB7Nkxwwwn0tU4QXuSFBXjhAgpOfo
0OXvEoD3i8A=
-----END CERTIFICATE-----
Generated at Wed Nov 27 14:30:32 2024 by rpki-client on console-fra.rpki-client.org