Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/672629-a0e2-476f-aead-ee380b82cfca/1/xa1DsKeb55QF9XMPhxabKTyhMaY.roa
File:                     xa1DsKeb55QF9XMPhxabKTyhMaY.roa (raw, json)
Hash identifier:          /3rYq6gxM9G/45+XN6U4SkAwgo1GS5YDOJFpxqLg6RA=
Subject key identifier:   C5:AD:43:B0:A7:9B:E7:94:05:F5:73:0F:87:16:9B:29:3C:A1:31:A6
Certificate issuer:       /CN=1c04848bfef724e26abed3c65e4e8f9508fb1796
Certificate serial:       018CC26D60C05B8C48ECED2CECAFB123FA92
Authority key identifier: 1C:04:84:8B:FE:F7:24:E2:6A:BE:D3:C6:5E:4E:8F:95:08:FB:17:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HASEi_73JOJqvtPGXk6PlQj7F5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/672629-a0e2-476f-aead-ee380b82cfca/1/xa1DsKeb55QF9XMPhxabKTyhMaY.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399989
IP address blocks:        193.135.117.0/24 maxlen: 24
                          193.135.116.0/24 maxlen: 24
                          193.135.118.0/24 maxlen: 24
                          193.135.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/672629-a0e2-476f-aead-ee380b82cfca/1/HASEi_73JOJqvtPGXk6PlQj7F5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/672629-a0e2-476f-aead-ee380b82cfca/1/HASEi_73JOJqvtPGXk6PlQj7F5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HASEi_73JOJqvtPGXk6PlQj7F5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:60:c0:5b:8c:48:ec:ed:2c:ec:af:b1:23:fa:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c04848bfef724e26abed3c65e4e8f9508fb1796
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5ad43b0a79be79405f5730f87169b293ca131a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cc:37:99:aa:0c:d0:2d:3b:56:52:d3:19:6d:
                    ed:40:7c:ef:aa:4d:75:e9:9f:55:5f:1b:6a:f6:50:
                    ac:bb:64:7f:4c:81:c0:9d:c0:0b:6f:f9:88:1e:47:
                    03:31:8c:cb:bc:ec:19:ba:76:a0:c2:67:91:4b:ab:
                    25:e1:93:1d:da:4b:c7:0f:cc:53:05:63:d2:2e:33:
                    a6:ab:a4:04:15:04:9b:a5:11:35:1b:45:e8:44:fb:
                    4c:50:42:71:17:a0:0b:5b:0b:e0:19:d1:5a:86:33:
                    7b:1e:32:ae:4b:58:7e:ae:5b:dc:3d:39:3a:3b:79:
                    fa:51:b8:70:94:54:51:9c:2b:9c:98:8d:ce:11:bd:
                    54:d7:96:e7:52:8d:53:ee:f2:23:c3:43:e8:6b:f7:
                    c7:77:07:7a:5e:a0:8b:b0:3d:b2:92:83:c2:20:2a:
                    73:92:f0:69:a7:82:ad:d8:71:25:9a:08:86:97:41:
                    0d:23:4a:73:97:13:f1:fe:c6:39:38:72:19:24:14:
                    4d:e4:78:f4:6b:ee:61:8e:53:db:65:b6:fd:23:77:
                    18:bb:82:66:ed:22:88:8d:4b:66:00:f6:f7:d7:eb:
                    78:4a:04:ca:23:6c:80:c7:db:42:64:27:95:b8:f6:
                    e0:bb:5c:eb:c5:78:fd:1f:63:0b:b6:2e:12:34:7f:
                    a6:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:AD:43:B0:A7:9B:E7:94:05:F5:73:0F:87:16:9B:29:3C:A1:31:A6
            X509v3 Authority Key Identifier:
                keyid:1C:04:84:8B:FE:F7:24:E2:6A:BE:D3:C6:5E:4E:8F:95:08:FB:17:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HASEi_73JOJqvtPGXk6PlQj7F5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/672629-a0e2-476f-aead-ee380b82cfca/1/xa1DsKeb55QF9XMPhxabKTyhMaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/672629-a0e2-476f-aead-ee380b82cfca/1/HASEi_73JOJqvtPGXk6PlQj7F5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:36:07:d2:e3:b9:1c:2c:8c:c7:ea:3e:4e:aa:cb:f8:30:54:
         6e:e9:5b:39:dc:02:73:00:6c:b0:65:14:1d:0c:22:45:d4:e8:
         d0:83:04:0e:10:77:37:31:16:de:76:70:a9:c6:03:fb:52:e3:
         65:2a:2c:bb:11:44:53:37:44:c7:5a:39:a6:bd:11:ab:38:7f:
         1e:7f:f0:6a:4b:61:5c:8e:ff:59:ee:e2:52:93:ff:df:5a:b5:
         ce:ff:da:b7:2c:6d:1a:10:05:e1:fd:fb:d5:69:ed:37:da:24:
         5f:3f:14:86:c1:6f:51:9a:db:93:b0:0a:a1:04:97:d2:ca:0d:
         85:e5:3f:87:1c:05:5b:b2:a2:c8:a1:fe:35:05:f4:48:44:d9:
         41:5a:3e:f3:f2:07:08:da:b2:18:40:50:7b:12:d2:dd:89:d0:
         e5:3d:ae:2a:75:05:f8:da:42:d3:69:89:71:cf:ab:72:4a:d9:
         4e:54:a5:92:26:60:fe:55:71:aa:c1:d8:82:0c:d9:1a:5e:7e:
         c2:fb:dd:ce:3e:23:69:eb:97:77:73:89:b0:2d:5f:11:04:84:
         a0:a1:30:31:e3:49:9b:17:8f:ee:7f:67:b1:e9:f6:21:ba:ad:
         78:31:1f:49:ee:b6:bc:ed:ac:bc:5e:8c:a3:40:a2:6e:8f:2c:
         d0:a9:21:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWDAW4xI7O0s7K+xI/qSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDQ4NDhiZmVmNzI0ZTI2YWJlZDNjNjVlNGU4Zjk1MDhm
YjE3OTYwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWFkNDNiMGE3OWJlNzk0MDVmNTczMGY4NzE2OWIyOTNjYTEzMWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8w3maoM0C07VlLTGW3tQHzvqk11
6Z9VXxtq9lCsu2R/TIHAncALb/mIHkcDMYzLvOwZunagwmeRS6sl4ZMd2kvHD8xT
BWPSLjOmq6QEFQSbpRE1G0XoRPtMUEJxF6ALWwvgGdFahjN7HjKuS1h+rlvcPTk6
O3n6UbhwlFRRnCucmI3OEb1U15bnUo1T7vIjw0Poa/fHdwd6XqCLsD2ykoPCICpz
kvBpp4Kt2HElmgiGl0ENI0pzlxPx/sY5OHIZJBRN5Hj0a+5hjlPbZbb9I3cYu4Jm
7SKIjUtmAPb31+t4SgTKI2yAx9tCZCeVuPbgu1zrxXj9H2MLti4SNH+mpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWtQ7Cnm+eUBfVzD4cWmyk8oTGmMB8GA1UdIwQY
MBaAFBwEhIv+9yTiar7Txl5Oj5UI+xeWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFTRWlfNzNKT0pxdnRQR1hrNlBsUWo3RjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny82NzI2MjktYTBlMi00NzZmLWFlYWQt
ZWUzODBiODJjZmNhLzEveGExRHNLZWI1NVFGOVhNUGh4YWJLVHloTWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny82NzI2MjktYTBlMi00NzZmLWFlYWQtZWUzODBiODJjZmNh
LzEvSEFTRWlfNzNKT0pxdnRQR1hrNlBsUWo3RjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwYd0MA0G
CSqGSIb3DQEBCwUAA4IBAQACNgfS47kcLIzH6j5Oqsv4MFRu6Vs53AJzAGywZRQd
DCJF1OjQgwQOEHc3MRbednCpxgP7UuNlKiy7EURTN0THWjmmvRGrOH8ef/BqS2Fc
jv9Z7uJSk//fWrXO/9q3LG0aEAXh/fvVae032iRfPxSGwW9RmtuTsAqhBJfSyg2F
5T+HHAVbsqLIof41BfRIRNlBWj7z8gcI2rIYQFB7EtLdidDlPa4qdQX42kLTaYlx
z6tyStlOVKWSJmD+VXGqwdiCDNkaXn7C+93OPiNp65d3c4mwLV8RBISgoTAx40mb
F4/uf2ex6fYhuq14MR9J7ra87ay8XoyjQKJujyzQqSFN
-----END CERTIFICATE-----
Generated at Fri Nov 22 05:51:34 2024 by rpki-client on console-fra.rpki-client.org