Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-CAHj82r7nK4Czz8VRkLL2BKpAk.roa
File:                     1-CAHj82r7nK4Czz8VRkLL2BKpAk.roa (raw, json)
Hash identifier:          ZcSXjc6wSkgkbcj86NyonKcu8GMs5bK04QGIh4ewHHc=
Subject key identifier:   F8:20:07:8F:CD:AB:EE:72:B8:0B:3C:FC:55:19:0B:2F:60:4A:A4:09
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0191B39E9EE456BF15783CD22FF5B1C4DBFC
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-CAHj82r7nK4Czz8VRkLL2BKpAk.roa
Signing time:             Mon 02 Sep 2024 16:43:22 +0000
ROA not before:           Mon 02 Sep 2024 16:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214304
IP address blocks:        5.144.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Dec 2024 16:33:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b3:9e:9e:e4:56:bf:15:78:3c:d2:2f:f5:b1:c4:db:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Sep  2 16:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f820078fcdabee72b80b3cfc55190b2f604aa409
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cd:7c:a2:b2:f6:bd:03:6d:bf:db:f4:ae:2a:
                    fe:5c:1e:01:84:d5:0e:c0:8d:2f:f7:93:cb:fb:bb:
                    a6:fa:49:35:40:db:1c:60:99:56:79:21:34:67:dc:
                    f6:07:f3:49:b1:7a:a1:5d:91:29:d2:ad:c8:6c:d8:
                    d1:8c:d9:32:f7:b8:9a:ff:61:89:61:64:72:1b:22:
                    c6:c8:98:7f:23:0d:ae:b6:78:f4:dd:0b:fc:a9:90:
                    52:93:1a:bc:90:7d:4a:10:3d:1f:92:fe:bb:49:c6:
                    1a:26:45:62:86:bb:a4:fd:c4:b2:94:9b:a8:09:c9:
                    de:6e:23:45:c6:72:5f:30:d5:c0:80:fc:f2:ec:d6:
                    2f:da:cd:9a:2d:08:50:33:3a:03:ac:77:eb:da:f7:
                    6f:e5:87:3f:75:3e:c9:54:51:07:fb:75:73:5d:4f:
                    e0:45:1f:ce:58:ad:1e:b5:46:ef:44:2a:00:f0:ec:
                    2a:39:5b:d7:f7:69:0e:5e:79:ab:de:4a:23:5e:2e:
                    29:7e:a8:95:34:1c:ac:21:04:e3:b5:3a:86:6b:01:
                    90:4a:80:78:15:61:6d:36:35:77:b3:5a:22:4e:63:
                    60:3f:98:b9:10:35:82:82:89:19:54:9f:e8:53:b1:
                    9e:36:05:92:62:26:0a:5a:e1:f0:b2:52:a2:cd:9e:
                    dd:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:20:07:8F:CD:AB:EE:72:B8:0B:3C:FC:55:19:0B:2F:60:4A:A4:09
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-CAHj82r7nK4Czz8VRkLL2BKpAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c5:17:42:52:25:f0:3f:db:9b:a2:9b:9f:67:c8:35:ea:5b:
         e0:42:65:2d:fe:e3:c3:79:61:f7:ec:06:fd:c0:94:a1:d6:ec:
         66:29:61:d1:7a:1d:d2:1e:78:c0:8d:00:4c:31:7b:df:83:fb:
         c9:4c:04:7e:0a:55:9a:37:1d:8b:de:19:9c:0e:2d:9c:f2:3e:
         90:c3:99:13:fb:34:6c:6e:0e:e7:b4:3d:66:9c:31:9b:a4:15:
         6f:32:dc:d7:0c:99:f4:0e:4d:3f:a6:02:8d:22:4b:74:6e:c7:
         ba:00:b5:6e:cd:68:13:52:35:a2:06:20:dc:b7:db:a5:56:40:
         1e:9d:80:f4:92:54:60:56:0d:55:1f:a1:88:da:1e:a1:98:f0:
         0f:e2:c1:ae:72:f2:36:22:33:3d:48:3b:75:67:40:b2:06:63:
         ca:54:4d:86:19:ad:1b:19:8e:89:8f:0e:7f:f9:87:d7:e4:eb:
         1b:d7:03:e6:94:e0:87:a1:5c:df:83:02:bd:14:41:8b:40:1c:
         8a:e6:57:4e:17:cb:2f:af:cc:08:f3:25:e4:ce:e0:07:ec:32:
         cb:a7:81:81:43:0f:87:56:06:c9:20:a5:a7:23:9c:1c:c8:02:
         db:d3:78:32:32:37:ef:d6:91:57:9c:7b:f0:aa:3c:d1:a7:ab:
         c5:89:1e:af
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZGznp7kVr8VeDzSL/WxxNv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwOTAyMTY0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODIwMDc4ZmNkYWJlZTcyYjgwYjNjZmM1NTE5MGIyZjYwNGFhNDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc18orL2vQNtv9v0rir+XB4BhNUO
wI0v95PL+7um+kk1QNscYJlWeSE0Z9z2B/NJsXqhXZEp0q3IbNjRjNky97ia/2GJ
YWRyGyLGyJh/Iw2utnj03Qv8qZBSkxq8kH1KED0fkv67ScYaJkVihruk/cSylJuo
CcnebiNFxnJfMNXAgPzy7NYv2s2aLQhQMzoDrHfr2vdv5Yc/dT7JVFEH+3VzXU/g
RR/OWK0etUbvRCoA8OwqOVvX92kOXnmr3kojXi4pfqiVNBysIQTjtTqGawGQSoB4
FWFtNjV3s1oiTmNgP5i5EDWCgokZVJ/oU7GeNgWSYiYKWuHwslKizZ7d7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPggB4/Nq+5yuAs8/FUZCy9gSqQJMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvMS1DQUhqODJyN25LNEN6ejhWUmtMTDJCS3BBay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvODlmMDcxLTU2MzEtNDVkYi1hN2U1LWNkNjE1MjI2MWM2
Zi8xL0V4aUJjeW8tSkZxVm04WjU0RVdNT2ZpVDVHcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAWQsTAN
BgkqhkiG9w0BAQsFAAOCAQEAScUXQlIl8D/bm6Kbn2fINepb4EJlLf7jw3lh9+wG
/cCUodbsZilh0Xod0h54wI0ATDF734P7yUwEfgpVmjcdi94ZnA4tnPI+kMOZE/s0
bG4O57Q9Zpwxm6QVbzLc1wyZ9A5NP6YCjSJLdG7HugC1bs1oE1I1ogYg3LfbpVZA
Hp2A9JJUYFYNVR+hiNoeoZjwD+LBrnLyNiIzPUg7dWdAsgZjylRNhhmtGxmOiY8O
f/mH1+TrG9cD5pTgh6Fc34MCvRRBi0AciuZXThfLL6/MCPMl5M7gB+wyy6eBgUMP
h1YGySClpyOcHMgC29N4MjI379aRV5x78Ko80aerxYkerw==
-----END CERTIFICATE-----
Generated at Tue Dec 10 22:45:49 2024 by rpki-client on console-ams.rpki-client.org