Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/LK7-5t1sWdOUZnQ_T4Sey86CR2I.roa
File:                     LK7-5t1sWdOUZnQ_T4Sey86CR2I.roa (raw, json)
Hash identifier:          3LKXZZyLnKszoy1UCYNVmICVUbBBPobCz/rC+ckBN9c=
Subject key identifier:   2C:AE:FE:E6:DD:6C:59:D3:94:66:74:3F:4F:84:9E:CB:CE:82:47:62
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       018CC94E5D57330DA26FA23BFDA23FB01531
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/LK7-5t1sWdOUZnQ_T4Sey86CR2I.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43241
IP address blocks:        194.107.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5d:57:33:0d:a2:6f:a2:3b:fd:a2:3f:b0:15:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2caefee6dd6c59d39466743f4f849ecbce824762
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:76:14:82:25:22:0e:ce:01:11:1b:61:75:a0:
                    83:4e:74:5a:d0:34:39:69:33:76:88:99:39:f1:44:
                    63:7a:ed:45:be:19:db:93:45:4b:3e:77:22:9d:5c:
                    be:00:76:82:ad:06:40:e9:06:88:44:8e:f3:7a:60:
                    61:3d:58:d8:4a:11:f8:f6:96:64:21:6a:2f:51:6b:
                    da:c0:4a:70:dc:f1:7b:e3:d9:3f:f0:fa:c4:da:68:
                    fc:42:c5:7a:a7:91:81:47:50:8b:75:73:2b:78:db:
                    ce:de:ee:0f:13:32:51:9e:f1:dc:66:d2:18:a6:81:
                    b9:7b:1a:91:f5:4d:a7:42:d3:8e:f3:d4:74:ec:a7:
                    72:3d:35:8d:f7:88:4d:45:bf:e5:e4:24:7d:ed:a5:
                    65:2e:f2:72:1b:f7:da:30:02:ce:b0:57:43:40:e2:
                    65:1b:ff:0b:50:75:bb:c3:12:f2:a6:f3:c5:43:fb:
                    db:70:a5:d3:fb:2f:18:3a:52:3e:92:33:76:a2:14:
                    1b:b4:fd:e3:fe:5e:48:2c:8f:aa:15:12:76:43:58:
                    c6:d9:96:59:97:27:12:bc:b3:a9:ab:2e:af:15:57:
                    d4:62:d9:da:3f:c9:38:3d:2f:93:ab:d4:b4:79:3b:
                    af:70:76:de:ff:a5:2d:27:b5:66:65:62:fd:d6:92:
                    22:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AE:FE:E6:DD:6C:59:D3:94:66:74:3F:4F:84:9E:CB:CE:82:47:62
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/LK7-5t1sWdOUZnQ_T4Sey86CR2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:b3:6b:34:c2:31:5c:f2:f0:b7:98:97:c3:3a:1e:e0:e7:32:
         22:2a:0a:cd:00:6d:9e:89:82:16:31:ae:9a:46:e5:26:6c:f4:
         e6:bd:ad:ae:30:57:f2:08:ab:6f:d2:13:3c:74:59:5c:94:b8:
         5d:94:29:26:1b:07:e6:9b:e5:ad:7f:03:f9:9d:37:ba:45:44:
         9a:f0:41:9b:d9:33:ca:11:7f:e9:37:0f:88:05:9c:68:c5:91:
         c8:1d:71:bb:ac:b6:b5:ff:4b:bd:ba:b3:ec:06:cf:1f:10:70:
         16:27:0f:84:89:05:43:94:45:fe:0a:f6:c6:8f:4b:9d:7d:8e:
         15:59:b0:b8:ce:ee:9b:a4:23:2b:41:c6:0d:a5:9f:38:a4:39:
         39:eb:61:32:92:76:d4:78:8d:dc:94:60:dc:5c:21:9c:55:6b:
         96:d2:63:dd:92:b2:09:df:dc:f9:ef:fe:2c:21:ab:7e:0c:15:
         f5:7c:19:c5:3f:1c:22:98:d4:29:26:7d:ce:64:ef:80:1a:52:
         74:0c:d0:c3:19:ea:a0:eb:84:6c:9f:7d:73:12:95:0a:75:7f:
         e9:f2:75:2a:0c:d1:f7:ea:be:16:a0:1e:10:58:3b:1a:42:ee:
         d7:bb:42:29:a8:27:5f:00:43:55:fb:5e:9d:25:23:a1:17:72:
         7a:69:d0:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTl1XMw2ib6I7/aI/sBUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2FlZmVlNmRkNmM1OWQzOTQ2Njc0M2Y0Zjg0OWVjYmNlODI0NzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHYUgiUiDs4BERthdaCDTnRa0DQ5
aTN2iJk58URjeu1Fvhnbk0VLPncinVy+AHaCrQZA6QaIRI7zemBhPVjYShH49pZk
IWovUWvawEpw3PF749k/8PrE2mj8QsV6p5GBR1CLdXMreNvO3u4PEzJRnvHcZtIY
poG5exqR9U2nQtOO89R07KdyPTWN94hNRb/l5CR97aVlLvJyG/faMALOsFdDQOJl
G/8LUHW7wxLypvPFQ/vbcKXT+y8YOlI+kjN2ohQbtP3j/l5ILI+qFRJ2Q1jG2ZZZ
lycSvLOpqy6vFVfUYtnaP8k4PS+Tq9S0eTuvcHbe/6UtJ7VmZWL91pIiUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyu/ubdbFnTlGZ0P0+EnsvOgkdiMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvTEs3LTV0MXNXZE9VWm5RX1Q0U2V5ODZDUjJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmuAMA0G
CSqGSIb3DQEBCwUAA4IBAQB+s2s0wjFc8vC3mJfDOh7g5zIiKgrNAG2eiYIWMa6a
RuUmbPTmva2uMFfyCKtv0hM8dFlclLhdlCkmGwfmm+WtfwP5nTe6RUSa8EGb2TPK
EX/pNw+IBZxoxZHIHXG7rLa1/0u9urPsBs8fEHAWJw+EiQVDlEX+CvbGj0udfY4V
WbC4zu6bpCMrQcYNpZ84pDk562EyknbUeI3clGDcXCGcVWuW0mPdkrIJ39z57/4s
Iat+DBX1fBnFPxwimNQpJn3OZO+AGlJ0DNDDGeqg64Rsn31zEpUKdX/p8nUqDNH3
6r4WoB4QWDsaQu7Xu0IpqCdfAENV+16dJSOhF3J6adBi
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:45:07 2024 by rpki-client on console-fra.rpki-client.org