Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/cN7Eo7MWEJehqZjlwGTRBze-lW0.roa
File:                     cN7Eo7MWEJehqZjlwGTRBze-lW0.roa (raw, json)
Hash identifier:          NNuZuULDB4b1iWHmt7NpRTe46Jc0b6/YEB05QVMhWoQ=
Subject key identifier:   70:DE:C4:A3:B3:16:10:97:A1:A9:98:E5:C0:64:D1:07:37:BE:95:6D
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       018CC6B8F97E0037E400438398435C21335F
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/cN7Eo7MWEJehqZjlwGTRBze-lW0.roa
Signing time:             Mon 01 Jan 2024 20:31:00 +0000
ROA not before:           Mon 01 Jan 2024 20:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     764
IP address blocks:        194.211.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f9:7e:00:37:e4:00:43:83:98:43:5c:21:33:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Jan  1 20:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70dec4a3b3161097a1a998e5c064d10737be956d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5a:f3:88:7b:0c:48:d9:7c:38:e0:d8:e6:d5:
                    27:82:0f:fd:a5:b4:fa:c2:24:fb:b8:06:7a:bc:95:
                    ec:1f:77:bc:a0:04:f8:fb:12:e3:33:af:9e:1c:bd:
                    08:d0:f7:20:ca:ee:ac:f6:69:36:86:2c:25:f9:07:
                    36:95:b1:71:d6:89:dd:da:c5:3a:d6:ca:61:57:47:
                    c4:cf:b0:5c:97:49:ca:ab:57:d9:c1:9b:fb:f8:21:
                    f6:4a:73:37:b6:15:be:cf:40:99:38:79:b8:d4:8d:
                    0e:bf:05:03:9c:d3:17:2d:fb:c3:b1:1b:c1:f4:3d:
                    3d:ad:ba:2b:21:72:e5:65:9e:15:41:36:9e:e5:49:
                    40:1e:c2:46:5f:a3:85:6b:c1:15:27:32:80:04:bf:
                    f2:d3:89:f7:af:be:0d:37:90:11:c9:69:43:a4:ad:
                    c0:28:a1:20:67:0c:8b:29:7e:a2:7d:a5:05:44:57:
                    82:dd:e6:a5:2b:cd:08:a7:fb:be:4d:86:27:65:ab:
                    e8:42:10:5e:c5:17:b0:95:80:d5:5c:14:9d:05:42:
                    c4:89:96:89:54:c7:f4:35:41:36:f2:59:22:e4:ba:
                    76:99:0a:3d:a6:12:c8:91:eb:71:81:e6:ec:8f:e3:
                    72:6a:bf:ee:5a:2a:98:d0:df:21:fd:f3:90:41:9d:
                    df:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:DE:C4:A3:B3:16:10:97:A1:A9:98:E5:C0:64:D1:07:37:BE:95:6D
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/cN7Eo7MWEJehqZjlwGTRBze-lW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.211.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:22:f3:df:09:14:10:67:7b:fc:ad:3c:17:d7:b2:b4:89:d2:
         fb:c7:67:47:39:de:36:2d:3a:1c:64:97:e0:92:8f:98:2b:a5:
         10:ed:67:57:08:81:d2:6b:86:18:ba:39:df:eb:af:1c:13:00:
         f6:27:9d:ba:a2:26:6b:a8:08:b9:01:d2:6a:0a:1b:e0:11:47:
         39:62:ab:e3:f6:71:8b:e1:b1:d6:e7:6d:c5:42:e5:a7:44:3f:
         35:ba:e9:73:91:f8:3e:56:5e:63:64:db:30:d6:2f:d5:3d:8e:
         82:ad:c1:3b:50:7a:43:48:dd:70:f6:33:08:24:33:14:e1:63:
         d9:24:3e:52:b7:08:e1:2a:3c:e9:de:58:ff:b6:3e:48:44:33:
         09:ff:41:7d:3c:c9:ff:f4:95:44:ed:e7:d1:45:71:a9:d0:26:
         ba:42:7e:bd:3b:04:7f:1e:48:43:82:d7:41:96:18:76:b8:29:
         01:96:c8:ed:ea:ec:ba:8a:e2:9a:0c:cf:ca:44:42:ed:f9:4e:
         b9:18:f9:dc:33:a0:d3:89:0d:a0:2d:d7:e6:b3:65:d7:03:f1:
         51:f5:06:cf:c8:5c:d2:fe:49:00:80:05:54:a1:8c:20:08:30:
         2c:49:47:ec:0b:29:c3:52:c4:6b:38:68:4d:61:eb:2c:eb:5f:
         3f:84:36:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPl+ADfkAEODmENcITNfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjQwMTAxMjAzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGRlYzRhM2IzMTYxMDk3YTFhOTk4ZTVjMDY0ZDEwNzM3YmU5NTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVrziHsMSNl8OODY5tUngg/9pbT6
wiT7uAZ6vJXsH3e8oAT4+xLjM6+eHL0I0Pcgyu6s9mk2hiwl+Qc2lbFx1ond2sU6
1sphV0fEz7Bcl0nKq1fZwZv7+CH2SnM3thW+z0CZOHm41I0OvwUDnNMXLfvDsRvB
9D09rborIXLlZZ4VQTae5UlAHsJGX6OFa8EVJzKABL/y04n3r74NN5ARyWlDpK3A
KKEgZwyLKX6ifaUFRFeC3ealK80Ip/u+TYYnZavoQhBexRewlYDVXBSdBULEiZaJ
VMf0NUE28lki5Lp2mQo9phLIketxgebsj+Nyar/uWiqY0N8h/fOQQZ3fpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDexKOzFhCXoamY5cBk0Qc3vpVtMB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvY043RW83TVdFSmVocVpqbHdHVFJCemUtbFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtPnMA0G
CSqGSIb3DQEBCwUAA4IBAQA9IvPfCRQQZ3v8rTwX17K0idL7x2dHOd42LTocZJfg
ko+YK6UQ7WdXCIHSa4YYujnf668cEwD2J526oiZrqAi5AdJqChvgEUc5Yqvj9nGL
4bHW523FQuWnRD81uulzkfg+Vl5jZNsw1i/VPY6CrcE7UHpDSN1w9jMIJDMU4WPZ
JD5StwjhKjzp3lj/tj5IRDMJ/0F9PMn/9JVE7efRRXGp0Ca6Qn69OwR/HkhDgtdB
lhh2uCkBlsjt6uy6iuKaDM/KRELt+U65GPncM6DTiQ2gLdfms2XXA/FR9QbPyFzS
/kkAgAVUoYwgCDAsSUfsCynDUsRrOGhNYess618/hDZZ
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:40:42 2024 by rpki-client on console-ams.rpki-client.org