Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/Vd0LU7N3t78DCgm3MKX5BZSuGUU.roa
File:                     Vd0LU7N3t78DCgm3MKX5BZSuGUU.roa (raw, json)
Hash identifier:          FXo0j30W+yEFKii7AzIOf1NPp7tAb5VF2py+zqfciF8=
Subject key identifier:   55:DD:0B:53:B3:77:B7:BF:03:0A:09:B7:30:A5:F9:05:94:AE:19:45
Certificate issuer:       /CN=80d1c0b4ef090c44d78b7ccb0bf72f09d0831f34
Certificate serial:       018CC94ACD7BED31C3BE0C6828946118DD66
Authority key identifier: 80:D1:C0:B4:EF:09:0C:44:D7:8B:7C:CB:0B:F7:2F:09:D0:83:1F:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gNHAtO8JDETXi3zLC_cvCdCDHzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/Vd0LU7N3t78DCgm3MKX5BZSuGUU.roa
Signing time:             Tue 02 Jan 2024 08:29:31 +0000
ROA not before:           Tue 02 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25099
IP address blocks:        194.0.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/gNHAtO8JDETXi3zLC_cvCdCDHzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/gNHAtO8JDETXi3zLC_cvCdCDHzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gNHAtO8JDETXi3zLC_cvCdCDHzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:cd:7b:ed:31:c3:be:0c:68:28:94:61:18:dd:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80d1c0b4ef090c44d78b7ccb0bf72f09d0831f34
        Validity
            Not Before: Jan  2 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55dd0b53b377b7bf030a09b730a5f90594ae1945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:09:9d:a5:aa:74:21:aa:d5:fa:81:42:89:f0:
                    08:9d:6f:48:e7:39:4e:45:c3:11:cf:c0:86:67:e0:
                    58:17:cd:8e:66:ba:04:aa:ce:48:51:58:93:42:07:
                    57:32:b7:8c:24:61:73:74:a0:af:71:ab:66:36:af:
                    43:f0:b5:7d:8e:35:f7:4b:99:c5:e8:db:cb:b9:ce:
                    1a:be:ed:80:95:95:b3:61:fc:d0:34:ce:38:94:9e:
                    4c:94:28:47:84:90:4e:7d:65:b4:17:4a:e8:90:85:
                    56:b6:bf:bf:5c:dd:a1:14:e6:be:2e:e3:42:61:96:
                    47:67:7c:7b:25:af:35:b0:cf:4c:d2:c9:73:42:1a:
                    44:b4:50:7b:06:4c:a8:d0:ae:46:34:e2:d2:dd:69:
                    e2:b7:44:16:91:ec:e0:70:4e:29:88:f6:d4:1a:f7:
                    a0:1a:da:81:bc:5e:ed:8e:88:ea:c5:7a:33:59:45:
                    1b:d1:10:33:60:92:86:b6:42:c2:2f:2f:c0:a8:a7:
                    58:97:6b:1c:e0:e1:71:30:44:fd:0e:1d:4d:80:7e:
                    96:1d:44:9e:00:fc:46:b2:27:10:b0:70:b3:cd:4b:
                    5a:81:6f:59:a4:4c:e1:82:db:9a:68:f8:11:3d:24:
                    35:ea:1e:2e:1e:63:1f:aa:b7:5c:d0:fe:49:f4:c0:
                    7a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:DD:0B:53:B3:77:B7:BF:03:0A:09:B7:30:A5:F9:05:94:AE:19:45
            X509v3 Authority Key Identifier:
                keyid:80:D1:C0:B4:EF:09:0C:44:D7:8B:7C:CB:0B:F7:2F:09:D0:83:1F:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gNHAtO8JDETXi3zLC_cvCdCDHzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/Vd0LU7N3t78DCgm3MKX5BZSuGUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/de64f7-39d9-4bbd-b023-bedcbc5a0174/1/gNHAtO8JDETXi3zLC_cvCdCDHzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:27:e8:3b:76:b1:f6:f0:37:66:23:50:d4:0a:04:14:8f:58:
         a6:64:2f:42:fd:2c:c7:e6:f3:af:24:e2:5b:69:81:e0:8b:c2:
         e2:c2:1a:31:88:de:50:fb:6c:34:c0:ba:c8:2a:b3:2a:4a:8a:
         9e:81:34:ed:b5:29:9b:fe:51:91:4d:bd:1a:08:9e:af:ad:5e:
         a0:68:4e:fc:e0:9e:1d:c6:74:1f:c4:c6:f6:2b:11:6e:a0:77:
         13:15:99:31:54:38:5a:93:15:96:13:04:ae:9a:9a:5e:8a:f2:
         61:b1:c3:c9:ef:23:26:7b:85:9a:9c:25:c7:a4:17:60:7f:de:
         9a:43:ed:1f:5a:cb:88:5e:33:d3:68:e8:4e:4b:fd:33:13:ca:
         4a:37:f0:3a:58:35:75:aa:cc:fa:8f:06:16:03:04:50:99:1a:
         01:10:24:1e:16:e0:e3:c5:05:5a:86:1e:ce:76:19:07:3d:de:
         30:94:fc:69:bc:02:8b:f8:01:06:37:bd:0b:5e:5a:cd:1d:63:
         a2:12:f5:7f:26:e7:25:eb:63:ba:2d:17:32:a9:05:86:bf:45:
         b0:50:66:87:9c:da:98:f6:7a:49:3a:a3:b7:f8:45:c2:6b:97:
         a1:9b:71:c8:32:1e:c7:e1:03:a3:90:74:b9:b2:54:eb:b4:1d:
         e0:29:a9:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSs177THDvgxoKJRhGN1mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZDFjMGI0ZWYwOTBjNDRkNzhiN2NjYjBiZjcyZjA5ZDA4
MzFmMzQwHhcNMjQwMTAyMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWRkMGI1M2IzNzdiN2JmMDMwYTA5YjczMGE1ZjkwNTk0YWUxOTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQmdpap0IarV+oFCifAInW9I5zlO
RcMRz8CGZ+BYF82OZroEqs5IUViTQgdXMreMJGFzdKCvcatmNq9D8LV9jjX3S5nF
6NvLuc4avu2AlZWzYfzQNM44lJ5MlChHhJBOfWW0F0rokIVWtr+/XN2hFOa+LuNC
YZZHZ3x7Ja81sM9M0slzQhpEtFB7Bkyo0K5GNOLS3Wnit0QWkezgcE4piPbUGveg
GtqBvF7tjojqxXozWUUb0RAzYJKGtkLCLy/AqKdYl2sc4OFxMET9Dh1NgH6WHUSe
APxGsicQsHCzzUtagW9ZpEzhgtuaaPgRPSQ16h4uHmMfqrdc0P5J9MB6MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXdC1Ozd7e/AwoJtzCl+QWUrhlFMB8GA1UdIwQY
MBaAFIDRwLTvCQxE14t8ywv3LwnQgx80MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ05IQXRPOEpERVRYaTN6TENfY3ZDZENESHpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9kZTY0ZjctMzlkOS00YmJkLWIwMjMt
YmVkY2JjNWEwMTc0LzEvVmQwTFU3TjN0NzhEQ2dtM01LWDVCWlN1R1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9kZTY0ZjctMzlkOS00YmJkLWIwMjMtYmVkY2JjNWEwMTc0
LzEvZ05IQXRPOEpERVRYaTN6TENfY3ZDZENESHpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCdMA0G
CSqGSIb3DQEBCwUAA4IBAQCLJ+g7drH28DdmI1DUCgQUj1imZC9C/SzH5vOvJOJb
aYHgi8LiwhoxiN5Q+2w0wLrIKrMqSoqegTTttSmb/lGRTb0aCJ6vrV6gaE784J4d
xnQfxMb2KxFuoHcTFZkxVDhakxWWEwSumppeivJhscPJ7yMme4WanCXHpBdgf96a
Q+0fWsuIXjPTaOhOS/0zE8pKN/A6WDV1qsz6jwYWAwRQmRoBECQeFuDjxQVahh7O
dhkHPd4wlPxpvAKL+AEGN70LXlrNHWOiEvV/Jucl62O6LRcyqQWGv0WwUGaHnNqY
9npJOqO3+EXCa5ehm3HIMh7H4QOjkHS5slTrtB3gKak/
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:17:18 2024 by rpki-client on console-ams.rpki-client.org