Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/L1laDd3yKHr-pHkuY4J7xAEC1oE.roa
File:                     L1laDd3yKHr-pHkuY4J7xAEC1oE.roa (raw, json)
Hash identifier:          YE1BMczhmFEGz39++sm77tSR1SHDqQVc+L50fPoO+To=
Subject key identifier:   2F:59:5A:0D:DD:F2:28:7A:FE:A4:79:2E:63:82:7B:C4:01:02:D6:81
Certificate issuer:       /CN=0057ad09ae9a1a98012275851aabe69e4e15a2f4
Certificate serial:       018CCA99B043BF2A107EDFA0E4B6AA9B550A
Authority key identifier: 00:57:AD:09:AE:9A:1A:98:01:22:75:85:1A:AB:E6:9E:4E:15:A2:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AFetCa6aGpgBInWFGqvmnk4VovQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/L1laDd3yKHr-pHkuY4J7xAEC1oE.roa
Signing time:             Tue 02 Jan 2024 14:35:18 +0000
ROA not before:           Tue 02 Jan 2024 14:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209304
IP address blocks:        213.217.12.0/22 maxlen: 24
                          5.11.56.0/22 maxlen: 24
                          2a09:5940::/29 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/AFetCa6aGpgBInWFGqvmnk4VovQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/AFetCa6aGpgBInWFGqvmnk4VovQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AFetCa6aGpgBInWFGqvmnk4VovQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:b0:43:bf:2a:10:7e:df:a0:e4:b6:aa:9b:55:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0057ad09ae9a1a98012275851aabe69e4e15a2f4
        Validity
            Not Before: Jan  2 14:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f595a0dddf2287afea4792e63827bc40102d681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b9:64:a7:63:ea:7c:e1:af:07:d3:22:4e:4a:
                    d1:c4:f0:24:0a:cc:83:7c:73:1d:fb:c6:2a:82:75:
                    34:72:de:71:0e:54:0b:17:a2:d6:07:30:67:60:45:
                    b5:ad:14:26:7e:af:3b:84:20:2c:fe:ed:9e:f8:82:
                    74:bc:07:af:28:e7:2f:9b:97:68:d7:c4:ef:4a:d1:
                    30:d8:66:6d:c5:c4:0c:fb:3c:87:5d:6f:72:09:9a:
                    c0:41:72:ff:1c:a4:15:a5:97:c4:7a:41:6f:f0:41:
                    15:bd:3f:8b:b1:db:3c:d8:fd:08:13:30:6f:ac:f7:
                    29:f0:84:8e:5e:d3:02:4e:57:97:d2:19:08:0b:68:
                    d8:0f:7a:41:a7:12:42:98:96:43:a1:18:6e:9f:65:
                    ed:4c:cd:a3:46:eb:3f:b0:ef:6c:5a:6e:9f:78:b9:
                    2c:0e:e0:89:ed:ea:fa:90:b5:e7:1d:b8:02:b1:2e:
                    4c:2c:3e:02:e8:bb:8c:5e:0e:cf:4c:d0:76:cd:83:
                    23:b1:8a:9f:de:b2:49:cb:48:53:01:4a:94:51:28:
                    66:a6:8c:b3:19:73:ef:27:00:b6:8c:4a:9a:e3:79:
                    f8:77:02:61:ce:21:45:e7:24:d9:1e:60:9d:b7:51:
                    0a:f6:ee:12:36:12:18:4b:49:04:c8:9c:47:01:35:
                    5a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:59:5A:0D:DD:F2:28:7A:FE:A4:79:2E:63:82:7B:C4:01:02:D6:81
            X509v3 Authority Key Identifier:
                keyid:00:57:AD:09:AE:9A:1A:98:01:22:75:85:1A:AB:E6:9E:4E:15:A2:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AFetCa6aGpgBInWFGqvmnk4VovQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/L1laDd3yKHr-pHkuY4J7xAEC1oE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/4c32b9-f775-4868-923d-dca38d59a158/1/AFetCa6aGpgBInWFGqvmnk4VovQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.56.0/22
                  213.217.12.0/22
                IPv6:
                  2a09:5940::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:ae:54:9f:14:27:f3:0a:0c:ee:8e:44:b6:3e:79:ab:76:cb:
         a0:23:ba:de:76:03:19:d3:c9:12:57:f9:e7:47:a1:e3:8f:f9:
         ff:5e:7e:ce:5a:69:b9:19:9f:f5:2a:81:98:ac:77:89:1f:08:
         a9:c7:66:8e:b1:b3:e9:62:19:9a:c8:9f:2d:9d:98:8d:1f:b7:
         6f:e2:b9:22:af:4d:19:66:26:b4:22:44:2a:c5:c7:57:3c:22:
         06:6d:4a:5c:b4:bf:80:48:c2:82:50:8f:62:df:ea:56:aa:82:
         c8:61:5d:1a:d7:5f:f7:0b:ea:f8:65:11:4b:9c:34:70:c6:c3:
         ca:ce:01:c5:3e:16:08:87:c2:12:cf:23:72:12:ef:f9:a8:94:
         00:cf:58:3d:9d:9f:6a:b4:f3:fb:b8:65:bd:d2:b5:1f:97:a4:
         00:d8:39:16:89:87:66:fa:32:78:3d:27:ac:df:fa:bc:32:0a:
         af:e8:5a:5b:af:5a:8f:2f:33:5d:4e:4f:7e:96:ca:54:46:a3:
         10:02:68:87:01:dd:0c:29:cc:2e:da:af:97:2a:f7:dd:9f:ee:
         11:53:7b:3c:f8:35:f6:2e:d9:16:b9:86:96:ce:18:20:02:63:
         4c:e5:f7:fa:36:c4:f0:81:d3:c0:9f:bd:7f:80:16:35:9f:51:
         48:f8:3c:b3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKmbBDvyoQft+g5Laqm1UKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNTdhZDA5YWU5YTFhOTgwMTIyNzU4NTFhYWJlNjllNGUx
NWEyZjQwHhcNMjQwMTAyMTQzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjU5NWEwZGRkZjIyODdhZmVhNDc5MmU2MzgyN2JjNDAxMDJkNjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrlkp2PqfOGvB9MiTkrRxPAkCsyD
fHMd+8YqgnU0ct5xDlQLF6LWBzBnYEW1rRQmfq87hCAs/u2e+IJ0vAevKOcvm5do
18TvStEw2GZtxcQM+zyHXW9yCZrAQXL/HKQVpZfEekFv8EEVvT+Lsds82P0IEzBv
rPcp8ISOXtMCTleX0hkIC2jYD3pBpxJCmJZDoRhun2XtTM2jRus/sO9sWm6feLks
DuCJ7er6kLXnHbgCsS5MLD4C6LuMXg7PTNB2zYMjsYqf3rJJy0hTAUqUUShmpoyz
GXPvJwC2jEqa43n4dwJhziFF5yTZHmCdt1EK9u4SNhIYS0kEyJxHATVatQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFC9ZWg3d8ih6/qR5LmOCe8QBAtaBMB8GA1UdIwQY
MBaAFABXrQmumhqYASJ1hRqr5p5OFaL0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZldENhNmFHcGdCSW5XRkdxdm1uazRWb3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy80YzMyYjktZjc3NS00ODY4LTkyM2Qt
ZGNhMzhkNTlhMTU4LzEvTDFsYURkM3lLSHItcEhrdVk0Sjd4QUVDMW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy80YzMyYjktZjc3NS00ODY4LTkyM2QtZGNhMzhkNTlhMTU4
LzEvQUZldENhNmFHcGdCSW5XRkdxdm1uazRWb3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCBQs4AwQC
1dkMMA0EAgACMAcDBQMqCVlAMA0GCSqGSIb3DQEBCwUAA4IBAQAHrlSfFCfzCgzu
jkS2PnmrdsugI7redgMZ08kSV/nnR6Hjj/n/Xn7OWmm5GZ/1KoGYrHeJHwipx2aO
sbPpYhmayJ8tnZiNH7dv4rkir00ZZia0IkQqxcdXPCIGbUpctL+ASMKCUI9i3+pW
qoLIYV0a11/3C+r4ZRFLnDRwxsPKzgHFPhYIh8ISzyNyEu/5qJQAz1g9nZ9qtPP7
uGW90rUfl6QA2DkWiYdm+jJ4PSes3/q8Mgqv6Fpbr1qPLzNdTk9+lspURqMQAmiH
Ad0MKcwu2q+XKvfdn+4RU3s8+DX2LtkWuYaWzhggAmNM5ff6NsTwgdPAn71/gBY1
n1FI+Dyz
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:36:22 2024 by rpki-client on console-ams.rpki-client.org