Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/30d1hW24Aylm59hecsAGnA8GugU.roa
File:                     30d1hW24Aylm59hecsAGnA8GugU.roa (raw, json)
Hash identifier:          wdk8L2GtSGr8MrtztT7/u5++FvD0KrIjTBLw6MIKZAc=
Subject key identifier:   DF:47:75:85:6D:B8:03:29:66:E7:D8:5E:72:C0:06:9C:0F:06:BA:05
Certificate issuer:       /CN=204d7d8652a99fc17fff2d7decc49e556aa0eb80
Certificate serial:       01927A7C2FD4FBFE886CBC126A52531B707C
Authority key identifier: 20:4D:7D:86:52:A9:9F:C1:7F:FF:2D:7D:EC:C4:9E:55:6A:A0:EB:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IE19hlKpn8F__y197MSeVWqg64A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/30d1hW24Aylm59hecsAGnA8GugU.roa
Signing time:             Fri 11 Oct 2024 07:30:11 +0000
ROA not before:           Fri 11 Oct 2024 07:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        195.242.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/IE19hlKpn8F__y197MSeVWqg64A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/IE19hlKpn8F__y197MSeVWqg64A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IE19hlKpn8F__y197MSeVWqg64A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:7c:2f:d4:fb:fe:88:6c:bc:12:6a:52:53:1b:70:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=204d7d8652a99fc17fff2d7decc49e556aa0eb80
        Validity
            Not Before: Oct 11 07:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df4775856db8032966e7d85e72c0069c0f06ba05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:53:d8:ee:49:5e:83:ac:77:4d:80:cc:6d:fa:
                    69:26:62:db:da:49:6e:1c:51:25:98:af:ca:5c:9c:
                    25:b5:e8:8a:b4:df:cc:35:37:3f:ce:c4:2e:1d:03:
                    ad:42:9f:7c:05:b0:de:66:55:8b:87:38:09:f0:0a:
                    5e:0c:d8:6b:c7:1d:33:65:cd:b2:1b:b0:ce:c4:34:
                    0b:3a:10:e2:35:8a:ec:0b:3b:59:64:1e:a3:46:ed:
                    a9:ce:c3:b8:bb:0a:d6:65:5d:ba:aa:f0:1f:9f:44:
                    f9:37:58:94:0d:f9:7d:86:1e:05:f3:c1:7e:cc:8a:
                    a4:8d:18:6f:50:5d:b0:bd:fb:24:19:f0:7e:5b:60:
                    c6:e7:9f:2d:bd:03:43:19:a5:86:d0:bb:42:c0:67:
                    4e:83:79:ca:14:ed:c6:85:36:4f:08:da:d4:95:e3:
                    b5:9c:4a:70:8c:6b:1e:68:6c:15:91:82:63:c2:0c:
                    40:00:d0:f0:c0:92:b7:45:84:30:60:ab:b2:e6:5f:
                    c5:12:e0:82:95:d8:24:98:55:4c:41:99:5d:54:9a:
                    25:5c:46:ab:df:6a:fc:7e:94:78:f2:3b:81:23:9b:
                    b2:00:d6:c6:25:87:9f:39:d2:8e:f6:45:11:c1:78:
                    81:60:d2:1c:cc:fc:88:5d:a3:ee:49:3a:a8:86:50:
                    0e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:47:75:85:6D:B8:03:29:66:E7:D8:5E:72:C0:06:9C:0F:06:BA:05
            X509v3 Authority Key Identifier:
                keyid:20:4D:7D:86:52:A9:9F:C1:7F:FF:2D:7D:EC:C4:9E:55:6A:A0:EB:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IE19hlKpn8F__y197MSeVWqg64A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/30d1hW24Aylm59hecsAGnA8GugU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ac0694-1e22-436d-82c9-17ce620e74f1/1/IE19hlKpn8F__y197MSeVWqg64A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.242.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:ff:16:44:88:30:4b:20:60:ca:87:00:a5:b0:5a:95:43:29:
         c7:84:df:21:80:3b:b3:ba:05:89:fc:3e:bd:ff:d1:51:25:76:
         17:18:ea:e9:0b:d8:98:9a:cd:df:d3:f5:73:44:d7:7f:0e:32:
         2e:59:eb:fb:45:b1:59:1c:47:6e:aa:b4:c9:5e:ac:b9:7d:6e:
         81:3f:69:b6:6f:f4:82:06:24:89:25:69:00:60:d3:f7:b1:af:
         a0:5f:d8:de:cb:84:e3:c4:4d:32:9e:97:9d:be:0c:0c:45:b4:
         11:0b:18:a9:92:ce:2b:ec:0e:2c:d4:3a:e2:4b:c6:27:ff:3e:
         83:9d:70:4a:79:1a:eb:c2:72:bb:07:34:da:5c:cd:91:c9:a9:
         17:25:9a:27:23:f8:66:18:53:5a:34:60:87:53:40:f9:b8:56:
         f0:e4:94:79:50:a3:e3:16:cf:7c:05:c1:a9:bc:80:f2:ea:04:
         fb:49:08:80:94:d5:59:2a:a1:fb:03:b9:80:5b:7a:c2:94:94:
         59:17:90:ca:28:aa:82:c9:51:76:5a:ff:b5:3b:ec:d8:c8:c2:
         00:8f:3c:bd:89:45:12:4e:f6:6d:0f:fc:d4:76:72:40:d7:02:
         25:62:b6:43:af:35:f2:49:48:6f:85:ad:24:5c:65:5b:57:f2:
         bc:7e:89:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ6fC/U+/6IbLwSalJTG3B8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNGQ3ZDg2NTJhOTlmYzE3ZmZmMmQ3ZGVjYzQ5ZTU1NmFh
MGViODAwHhcNMjQxMDExMDczMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjQ3NzU4NTZkYjgwMzI5NjZlN2Q4NWU3MmMwMDY5YzBmMDZiYTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFPY7kleg6x3TYDMbfppJmLb2klu
HFElmK/KXJwlteiKtN/MNTc/zsQuHQOtQp98BbDeZlWLhzgJ8ApeDNhrxx0zZc2y
G7DOxDQLOhDiNYrsCztZZB6jRu2pzsO4uwrWZV26qvAfn0T5N1iUDfl9hh4F88F+
zIqkjRhvUF2wvfskGfB+W2DG558tvQNDGaWG0LtCwGdOg3nKFO3GhTZPCNrUleO1
nEpwjGseaGwVkYJjwgxAANDwwJK3RYQwYKuy5l/FEuCCldgkmFVMQZldVJolXEar
32r8fpR48juBI5uyANbGJYefOdKO9kURwXiBYNIczPyIXaPuSTqohlAOoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9HdYVtuAMpZufYXnLABpwPBroFMB8GA1UdIwQY
MBaAFCBNfYZSqZ/Bf/8tfezEnlVqoOuAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUUxOWhsS3BuOEZfX3kxOTdNU2VWV3FnNjRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hYzA2OTQtMWUyMi00MzZkLTgyYzkt
MTdjZTYyMGU3NGYxLzEvMzBkMWhXMjRBeWxtNTloZWNzQUduQThHdWdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hYzA2OTQtMWUyMi00MzZkLTgyYzktMTdjZTYyMGU3NGYx
LzEvSUUxOWhsS3BuOEZfX3kxOTdNU2VWV3FnNjRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/KqMA0G
CSqGSIb3DQEBCwUAA4IBAQCO/xZEiDBLIGDKhwClsFqVQynHhN8hgDuzugWJ/D69
/9FRJXYXGOrpC9iYms3f0/VzRNd/DjIuWev7RbFZHEduqrTJXqy5fW6BP2m2b/SC
BiSJJWkAYNP3sa+gX9jey4TjxE0ynpedvgwMRbQRCxipks4r7A4s1DriS8Yn/z6D
nXBKeRrrwnK7BzTaXM2RyakXJZonI/hmGFNaNGCHU0D5uFbw5JR5UKPjFs98BcGp
vIDy6gT7SQiAlNVZKqH7A7mAW3rClJRZF5DKKKqCyVF2Wv+1O+zYyMIAjzy9iUUS
TvZtD/zUdnJA1wIlYrZDrzXySUhvha0kXGVbV/K8fon5
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:11:47 2024 by rpki-client on console-ams.rpki-client.org