Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/0167eb-0d16-4cc1-8047-142fcacd7a49/1/YlpFPniypybkZM1ZBw-C8KWUyp8.roa
File:                     YlpFPniypybkZM1ZBw-C8KWUyp8.roa (raw, json)
Hash identifier:          iooXjvxy+Bk3zY7Voy8fVswxtcpUJRnsGCsiV3Ns50M=
Subject key identifier:   62:5A:45:3E:78:B2:A7:26:E4:64:CD:59:07:0F:82:F0:A5:94:CA:9F
Certificate issuer:       /CN=e3154adb5a2ed999cf1db9c1271b2209dad3449e
Certificate serial:       018CC6B7FB3F03BD437DF62537984CD5905B
Authority key identifier: E3:15:4A:DB:5A:2E:D9:99:CF:1D:B9:C1:27:1B:22:09:DA:D3:44:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xVK21ou2ZnPHbnBJxsiCdrTRJ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/0167eb-0d16-4cc1-8047-142fcacd7a49/1/YlpFPniypybkZM1ZBw-C8KWUyp8.roa
Signing time:             Mon 01 Jan 2024 20:29:55 +0000
ROA not before:           Mon 01 Jan 2024 20:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34729
IP address blocks:        193.138.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/0167eb-0d16-4cc1-8047-142fcacd7a49/1/4xVK21ou2ZnPHbnBJxsiCdrTRJ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/0167eb-0d16-4cc1-8047-142fcacd7a49/1/4xVK21ou2ZnPHbnBJxsiCdrTRJ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xVK21ou2ZnPHbnBJxsiCdrTRJ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:fb:3f:03:bd:43:7d:f6:25:37:98:4c:d5:90:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3154adb5a2ed999cf1db9c1271b2209dad3449e
        Validity
            Not Before: Jan  1 20:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=625a453e78b2a726e464cd59070f82f0a594ca9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:09:24:70:75:fc:03:d1:70:4f:29:d6:2a:8f:
                    0a:b4:c7:a2:90:e5:32:27:db:74:47:96:0e:cf:8f:
                    cb:db:1b:24:c2:14:ec:6b:12:73:3c:aa:2c:b8:cd:
                    6b:e9:a9:2e:0e:cb:82:d7:06:a4:8f:d7:a9:ce:48:
                    e4:3f:78:4c:a8:4e:c1:1f:dc:4b:c0:ca:cf:5c:49:
                    b3:f3:25:49:69:9b:88:de:94:e8:69:b9:fc:35:4f:
                    68:d9:6d:97:fe:d1:99:86:e6:fa:05:21:e6:7d:51:
                    f3:5e:22:17:9b:ba:6c:fe:f1:5c:2d:23:ce:62:a8:
                    53:09:ca:22:1b:d8:7e:1f:50:4c:92:dc:f4:1d:69:
                    d5:bd:b9:25:36:5f:14:59:e8:89:71:52:88:fc:0d:
                    d2:9a:68:51:94:ee:44:3e:22:84:23:68:86:e9:48:
                    2b:8a:99:1a:09:15:af:22:a6:6a:d2:0c:84:c3:9f:
                    c9:ff:40:ac:b9:71:c5:66:c7:a2:5e:8b:46:b7:4c:
                    1e:d9:55:b0:d9:29:44:fa:c0:a8:02:02:b4:9f:2b:
                    21:07:3f:0a:17:4e:b8:46:f0:97:ba:42:7c:91:3e:
                    d0:8c:58:26:59:98:e2:ee:7b:8d:7b:ba:be:1c:6c:
                    bd:c1:f2:07:ca:44:5b:20:b2:32:21:43:8d:91:d3:
                    be:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:5A:45:3E:78:B2:A7:26:E4:64:CD:59:07:0F:82:F0:A5:94:CA:9F
            X509v3 Authority Key Identifier:
                keyid:E3:15:4A:DB:5A:2E:D9:99:CF:1D:B9:C1:27:1B:22:09:DA:D3:44:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xVK21ou2ZnPHbnBJxsiCdrTRJ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/0167eb-0d16-4cc1-8047-142fcacd7a49/1/YlpFPniypybkZM1ZBw-C8KWUyp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/0167eb-0d16-4cc1-8047-142fcacd7a49/1/4xVK21ou2ZnPHbnBJxsiCdrTRJ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:e4:15:ce:e8:22:94:08:2a:6c:ed:1b:6e:d2:27:38:ee:d3:
         c1:0b:13:a8:6a:b5:19:3d:9a:78:72:1d:38:c9:13:e1:72:30:
         00:be:cc:b5:f6:c4:e1:80:64:e4:73:0c:1f:b7:cb:e0:54:c8:
         1a:81:ea:83:a5:3d:91:4d:fa:79:ae:04:76:f8:29:4f:52:c1:
         b6:0b:9d:c8:c0:d3:70:20:01:f3:8d:c1:9a:98:de:fa:eb:0b:
         35:36:85:de:d7:d4:6e:ed:f1:9f:ad:95:21:7d:e4:e5:24:6c:
         77:d7:74:1a:76:88:dd:8b:64:d7:d3:85:7b:7b:8e:2b:67:8b:
         a7:60:cb:9e:5c:10:6d:33:b1:ae:38:b6:c1:65:eb:1e:a2:e5:
         8b:ca:5b:46:66:06:59:eb:1b:38:00:51:1f:8f:7f:0d:1a:26:
         0d:82:d3:5f:08:d4:81:39:3f:0d:39:b8:6a:3f:22:29:98:41:
         8f:bc:9a:47:e3:8d:82:3a:de:f9:0d:87:b5:39:ed:d8:42:e4:
         6e:81:51:8b:bd:93:a5:d7:1c:0e:96:df:85:bd:3d:85:31:9a:
         90:28:f8:75:45:98:47:81:ae:2a:47:84:44:53:50:a7:e8:29:
         b5:f4:a7:cc:c9:5e:05:b0:e4:c9:4c:64:be:05:f3:cf:49:db:
         f1:13:2e:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt/s/A71DffYlN5hM1ZBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTU0YWRiNWEyZWQ5OTljZjFkYjljMTI3MWIyMjA5ZGFk
MzQ0OWUwHhcNMjQwMTAxMjAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjVhNDUzZTc4YjJhNzI2ZTQ2NGNkNTkwNzBmODJmMGE1OTRjYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwkkcHX8A9FwTynWKo8KtMeikOUy
J9t0R5YOz4/L2xskwhTsaxJzPKosuM1r6akuDsuC1wakj9epzkjkP3hMqE7BH9xL
wMrPXEmz8yVJaZuI3pToabn8NU9o2W2X/tGZhub6BSHmfVHzXiIXm7ps/vFcLSPO
YqhTCcoiG9h+H1BMktz0HWnVvbklNl8UWeiJcVKI/A3SmmhRlO5EPiKEI2iG6Ugr
ipkaCRWvIqZq0gyEw5/J/0CsuXHFZseiXotGt0we2VWw2SlE+sCoAgK0nyshBz8K
F064RvCXukJ8kT7QjFgmWZji7nuNe7q+HGy9wfIHykRbILIyIUONkdO+OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJaRT54sqcm5GTNWQcPgvCllMqfMB8GA1UdIwQY
MBaAFOMVSttaLtmZzx25wScbIgna00SeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhWSzIxb3UyWm5QSGJuQkp4c2lDZHJUUko0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8wMTY3ZWItMGQxNi00Y2MxLTgwNDct
MTQyZmNhY2Q3YTQ5LzEvWWxwRlBuaXlweWJrWk0xWkJ3LUM4S1dVeXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8wMTY3ZWItMGQxNi00Y2MxLTgwNDctMTQyZmNhY2Q3YTQ5
LzEvNHhWSzIxb3UyWm5QSGJuQkp4c2lDZHJUUko0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYoIMA0G
CSqGSIb3DQEBCwUAA4IBAQBY5BXO6CKUCCps7Rtu0ic47tPBCxOoarUZPZp4ch04
yRPhcjAAvsy19sThgGTkcwwft8vgVMgageqDpT2RTfp5rgR2+ClPUsG2C53IwNNw
IAHzjcGamN766ws1NoXe19Ru7fGfrZUhfeTlJGx313Qadojdi2TX04V7e44rZ4un
YMueXBBtM7GuOLbBZeseouWLyltGZgZZ6xs4AFEfj38NGiYNgtNfCNSBOT8NObhq
PyIpmEGPvJpH442COt75DYe1Oe3YQuRugVGLvZOl1xwOlt+FvT2FMZqQKPh1RZhH
ga4qR4REU1Cn6Cm19KfMyV4FsOTJTGS+BfPPSdvxEy7l
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:59:14 2024 by rpki-client on console-fra.rpki-client.org