Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/A5c1Q-FjCc_jEWCNtVE_rUfMjoc.roa
File:                     A5c1Q-FjCc_jEWCNtVE_rUfMjoc.roa (raw, json)
Hash identifier:          w8N7uudj9yGZdwnDoZQ53EALs9rRSqIY2UYmPh+Extg=
Subject key identifier:   03:97:35:43:E1:63:09:CF:E3:11:60:8D:B5:51:3F:AD:47:CC:8E:87
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018CC86FC59F22E05F1161EF59940AC3B6B5
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/A5c1Q-FjCc_jEWCNtVE_rUfMjoc.roa
Signing time:             Tue 02 Jan 2024 04:30:17 +0000
ROA not before:           Tue 02 Jan 2024 04:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208757
IP address blocks:        193.36.222.0/23 maxlen: 23
                          91.239.220.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c5:9f:22:e0:5f:11:61:ef:59:94:0a:c3:b6:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 04:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03973543e16309cfe311608db5513fad47cc8e87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c4:13:d4:7b:aa:14:f9:62:51:99:f9:fc:2b:
                    ab:6b:82:4b:1e:6b:89:73:4d:8a:bd:8f:30:c7:54:
                    55:3c:27:11:d6:4a:45:59:4e:eb:80:d5:3f:41:cf:
                    82:91:b4:98:a6:f3:2d:48:d0:c6:40:7a:0c:b1:15:
                    de:10:ad:75:ff:43:f2:ae:7f:f4:d8:5c:9b:b1:5a:
                    1b:a9:df:84:75:71:7b:b2:26:8a:5d:60:e9:03:ae:
                    3c:5c:e0:d7:5f:22:e3:1e:fb:da:7a:df:fa:6b:79:
                    f2:f9:29:a8:ec:3f:fc:bb:ba:bf:f1:36:cd:f3:ce:
                    69:34:58:55:a5:f1:6f:39:89:da:1b:a6:44:08:10:
                    f7:48:5b:02:32:83:f8:be:e7:13:25:27:4f:ad:e6:
                    d2:5a:ef:c6:98:01:b3:bb:45:35:5c:a5:2b:43:60:
                    87:ae:f3:37:73:d7:d0:2e:34:ef:96:d8:a1:05:05:
                    18:9d:56:24:60:b5:ef:0e:7a:93:f5:ca:e8:61:e0:
                    a0:66:81:56:f1:24:8f:7d:95:02:1b:4a:8c:d4:87:
                    2b:2f:a6:8d:62:d8:f7:fc:6b:d5:3c:ef:6e:f7:ff:
                    dc:26:dd:08:d1:f1:32:6c:36:a3:5e:d8:e4:4e:84:
                    d0:97:60:a1:a2:a8:2b:a2:74:52:34:7a:f8:59:d0:
                    a8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:97:35:43:E1:63:09:CF:E3:11:60:8D:B5:51:3F:AD:47:CC:8E:87
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/A5c1Q-FjCc_jEWCNtVE_rUfMjoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.220.0/23
                  193.36.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:d1:f3:12:c8:0d:09:9e:9e:0d:a7:03:d3:5f:a7:81:a3:d1:
         ae:18:c2:2f:af:31:0a:4a:a1:cd:30:55:cf:36:5d:4a:ff:3c:
         13:51:f2:bb:5c:ba:54:e6:ca:73:60:bf:3e:19:b3:ec:f4:e3:
         6d:db:1b:94:fa:42:35:e4:53:1b:66:f9:d4:3f:c5:7a:d0:e3:
         13:36:6d:15:52:e1:37:61:9d:c1:0f:72:9a:f1:54:9f:6b:2b:
         4a:2b:9d:c5:1b:90:26:aa:96:db:41:c4:93:fc:19:6e:1d:49:
         b7:5e:4c:bb:b2:31:63:df:c7:31:29:72:bc:73:77:7f:5c:af:
         71:b5:ba:d8:6a:fd:57:5d:fe:ed:aa:79:5f:e2:88:3c:07:2b:
         63:47:40:00:64:f8:74:3d:29:cb:e5:50:ff:c9:21:13:d6:88:
         05:8d:ed:51:7a:ac:00:7f:7a:67:2e:71:3a:68:bf:da:9d:55:
         ba:c5:cf:bb:d3:d4:5d:66:ee:1e:c9:ac:14:d0:f1:73:ab:f6:
         b6:80:c1:44:d8:e7:cb:9f:22:b5:1c:78:92:26:fb:a0:b4:4d:
         52:be:1f:a2:0c:14:9e:e0:72:c8:c2:e0:96:18:de:44:f2:81:
         a0:74:e9:b5:c5:fb:6b:5e:bf:b8:72:79:63:2b:c6:a7:e3:fa:
         cb:dd:dd:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb8WfIuBfEWHvWZQKw7a1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzk3MzU0M2UxNjMwOWNmZTMxMTYwOGRiNTUxM2ZhZDQ3Y2M4ZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMQT1HuqFPliUZn5/Cura4JLHmuJ
c02KvY8wx1RVPCcR1kpFWU7rgNU/Qc+CkbSYpvMtSNDGQHoMsRXeEK11/0Pyrn/0
2FybsVobqd+EdXF7siaKXWDpA648XODXXyLjHvvaet/6a3ny+Smo7D/8u7q/8TbN
885pNFhVpfFvOYnaG6ZECBD3SFsCMoP4vucTJSdPrebSWu/GmAGzu0U1XKUrQ2CH
rvM3c9fQLjTvltihBQUYnVYkYLXvDnqT9croYeCgZoFW8SSPfZUCG0qM1IcrL6aN
Ytj3/GvVPO9u9//cJt0I0fEybDajXtjkToTQl2ChoqgronRSNHr4WdCouwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAOXNUPhYwnP4xFgjbVRP61HzI6HMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvQTVjMVEtRmpDY19qRVdDTnRWRV9yVWZNam9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+/cAwQB
wSTeMA0GCSqGSIb3DQEBCwUAA4IBAQB00fMSyA0Jnp4NpwPTX6eBo9GuGMIvrzEK
SqHNMFXPNl1K/zwTUfK7XLpU5spzYL8+GbPs9ONt2xuU+kI15FMbZvnUP8V60OMT
Nm0VUuE3YZ3BD3Ka8VSfaytKK53FG5AmqpbbQcST/BluHUm3Xky7sjFj38cxKXK8
c3d/XK9xtbrYav1XXf7tqnlf4og8BytjR0AAZPh0PSnL5VD/ySET1ogFje1ReqwA
f3pnLnE6aL/anVW6xc+709RdZu4eyawU0PFzq/a2gMFE2OfLnyK1HHiSJvugtE1S
vh+iDBSe4HLIwuCWGN5E8oGgdOm1xftrXr+4cnljK8an4/rL3d3i
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:09:47 2024 by rpki-client on console-fra.rpki-client.org