Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/1-pidP3Ie3B_dZsu5BQm1HlyXHEM.roa
File:                     1-pidP3Ie3B_dZsu5BQm1HlyXHEM.roa (raw, json)
Hash identifier:          nHGRlh3ljxHkgL+XSAc+UiRxMpE+QdYpUDtMmEI6X/I=
Subject key identifier:   FA:98:9D:3F:72:1E:DC:1F:DD:66:CB:B9:05:09:B5:1E:5C:97:1C:43
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93B21F21C476D550E536EC98CB6C3
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/1-pidP3Ie3B_dZsu5BQm1HlyXHEM.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16015
IP address blocks:        213.253.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3b:21:f2:1c:47:6d:55:0e:53:6e:c9:8c:b6:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa989d3f721edc1fdd66cbb90509b51e5c971c43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:39:c2:4a:ae:b0:b3:71:a8:98:fb:10:9b:26:
                    d3:da:5e:27:d0:d8:da:0a:e8:36:78:4b:3e:bc:38:
                    7a:5b:c6:5e:12:a2:7e:d7:06:de:da:5b:06:1e:ce:
                    52:43:50:4c:71:ca:18:fe:ee:78:f7:b1:15:7b:be:
                    d6:a9:2a:1e:2c:d7:e3:b5:66:a6:36:fb:9a:09:eb:
                    75:d9:12:f8:5b:33:39:79:38:f2:3e:0b:ea:d3:b7:
                    68:6f:9a:e8:f5:4c:8e:ec:1f:74:86:91:9a:19:1d:
                    23:85:af:c6:40:87:71:c0:9e:e6:27:f6:2e:24:5d:
                    41:3c:41:97:06:70:d2:d7:fe:0f:2b:17:5f:db:79:
                    e0:20:ef:5a:d3:a9:4c:aa:5f:e7:57:0d:ff:17:2a:
                    ae:30:a4:00:42:80:bb:74:64:0b:99:7b:1e:17:63:
                    79:52:97:20:10:25:4f:69:30:a7:f4:4d:45:38:14:
                    80:07:80:f9:3b:14:37:b1:e4:71:31:41:04:9e:31:
                    ba:70:29:05:53:54:d5:ea:c6:de:c6:a3:f9:96:e5:
                    39:10:f4:34:97:46:82:ab:b4:ab:49:73:82:aa:c1:
                    ba:da:79:48:0d:d3:4c:59:01:32:9a:f6:ec:c7:6a:
                    d3:a9:ca:10:b6:51:f1:6b:ae:6c:e2:ee:a8:f5:d5:
                    c2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:98:9D:3F:72:1E:DC:1F:DD:66:CB:B9:05:09:B5:1E:5C:97:1C:43
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/1-pidP3Ie3B_dZsu5BQm1HlyXHEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.253.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:9d:7d:b9:11:7e:b5:e5:8b:46:e2:0c:0f:6b:2e:e6:37:77:
         92:92:d8:fb:98:46:29:53:95:26:27:9e:ca:67:1b:1d:df:83:
         ad:3d:e6:f1:94:b3:96:a3:88:68:ae:ec:d9:fa:51:9f:8a:fe:
         92:83:46:0c:e9:9b:29:e3:53:62:9e:6d:fa:05:ca:ab:cd:b9:
         af:bb:4e:63:36:d6:9f:ea:59:ee:12:a1:e4:b1:d5:b1:a8:17:
         8e:cd:b5:4e:5e:c9:ff:94:7c:a8:b6:42:db:e5:a7:18:da:1f:
         03:00:25:67:b6:59:b7:b5:72:a5:15:56:ac:cb:af:d6:0f:c3:
         0c:27:7b:b1:23:2b:ca:a3:0f:4f:8c:e9:90:f9:ad:61:e5:2d:
         08:9e:71:fe:3e:7c:f7:aa:b5:5c:a4:18:cf:7d:ea:a7:da:c7:
         3c:91:68:bd:1b:b4:1a:56:26:fd:2c:e0:e2:51:67:0e:d0:a5:
         4d:05:18:10:ab:47:87:99:12:25:90:04:3d:39:5c:6b:59:47:
         b6:1b:9b:a5:14:02:43:7a:f1:ba:32:90:b0:4e:bf:ed:3a:dc:
         38:92:60:21:14:9c:1b:8a:6b:71:46:a8:42:48:2b:a2:a3:ec:
         f1:ba:a3:e5:35:59:94:68:13:43:42:30:e9:cf:29:94:28:14:
         21:12:b9:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuTsh8hxHbVUOU27JjLbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTk4OWQzZjcyMWVkYzFmZGQ2NmNiYjkwNTA5YjUxZTVjOTcxYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DnCSq6ws3GomPsQmybT2l4n0Nja
Cug2eEs+vDh6W8ZeEqJ+1wbe2lsGHs5SQ1BMccoY/u5497EVe77WqSoeLNfjtWam
NvuaCet12RL4WzM5eTjyPgvq07dob5ro9UyO7B90hpGaGR0jha/GQIdxwJ7mJ/Yu
JF1BPEGXBnDS1/4PKxdf23ngIO9a06lMql/nVw3/FyquMKQAQoC7dGQLmXseF2N5
UpcgECVPaTCn9E1FOBSAB4D5OxQ3seRxMUEEnjG6cCkFU1TV6sbexqP5luU5EPQ0
l0aCq7SrSXOCqsG62nlIDdNMWQEymvbsx2rTqcoQtlHxa65s4u6o9dXCXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqYnT9yHtwf3WbLuQUJtR5clxxDMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvMS1waWRQM0llM0JfZFpzdTVCUW0xSGx5WEhFTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjcvZjJjNWU4LThkMzctNDgzOC1hMzNiLWVjYzQ5YmRjMmFk
OC8xL3Y3Q1hvMndqSmRFREhfUUpHNkFLaGtXZFFvZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANX9wjAN
BgkqhkiG9w0BAQsFAAOCAQEAZZ19uRF+teWLRuIMD2su5jd3kpLY+5hGKVOVJiee
ymcbHd+DrT3m8ZSzlqOIaK7s2fpRn4r+koNGDOmbKeNTYp5t+gXKq825r7tOYzbW
n+pZ7hKh5LHVsagXjs21Tl7J/5R8qLZC2+WnGNofAwAlZ7ZZt7VypRVWrMuv1g/D
DCd7sSMryqMPT4zpkPmtYeUtCJ5x/j5896q1XKQYz33qp9rHPJFovRu0GlYm/Szg
4lFnDtClTQUYEKtHh5kSJZAEPTlca1lHthubpRQCQ3rxujKQsE6/7TrcOJJgIRSc
G4prcUaoQkgroqPs8bqj5TVZlGgTQ0Iw6c8plCgUIRK5CQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:05:39 2024 by rpki-client on console-fra.rpki-client.org