Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/e9OaHyk8OzSS3dFcyhGFPcy_xBA.roa
File:                     e9OaHyk8OzSS3dFcyhGFPcy_xBA.roa (raw, json)
Hash identifier:          ZaKauy9v5F89c7C+ZL9kJNft2oNhZAALNq3bymByuV8=
Subject key identifier:   7B:D3:9A:1F:29:3C:3B:34:92:DD:D1:5C:CA:11:85:3D:CC:BF:C4:10
Certificate issuer:       /CN=f374f734c3695e67906a7032eb2e59fb3eb41b22
Certificate serial:       018CC56E5DC4BF9B91C97CA642187F078D96
Authority key identifier: F3:74:F7:34:C3:69:5E:67:90:6A:70:32:EB:2E:59:FB:3E:B4:1B:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/83T3NMNpXmeQanAy6y5Z-z60GyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/e9OaHyk8OzSS3dFcyhGFPcy_xBA.roa
Signing time:             Mon 01 Jan 2024 14:29:53 +0000
ROA not before:           Mon 01 Jan 2024 14:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56638
IP address blocks:        192.162.219.0/24 maxlen: 24
                          192.162.218.0/24 maxlen: 24
                          192.162.217.0/24 maxlen: 24
                          192.162.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/83T3NMNpXmeQanAy6y5Z-z60GyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/83T3NMNpXmeQanAy6y5Z-z60GyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/83T3NMNpXmeQanAy6y5Z-z60GyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5d:c4:bf:9b:91:c9:7c:a6:42:18:7f:07:8d:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f374f734c3695e67906a7032eb2e59fb3eb41b22
        Validity
            Not Before: Jan  1 14:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bd39a1f293c3b3492ddd15cca11853dccbfc410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:60:f2:9c:4e:7c:2e:50:f2:9b:d6:3f:ac:42:
                    f1:21:b9:aa:b0:98:d8:79:05:e7:6d:ed:7d:a3:bd:
                    de:0c:11:0f:0e:20:c4:1e:fd:0d:64:9a:5c:33:61:
                    48:1e:0b:fa:9b:0c:f0:f5:1c:ab:19:11:9d:57:6a:
                    97:27:31:d1:13:e5:a1:e7:cf:a9:29:15:bc:d7:0e:
                    19:7a:37:f5:cb:c1:6c:19:f5:bf:ee:06:68:06:9e:
                    07:0b:66:02:0f:bd:29:f8:60:87:50:3f:9f:9d:c6:
                    18:4a:ea:3e:b2:c9:66:a5:a0:6f:24:ce:46:13:5c:
                    d9:4c:4c:40:46:05:d3:a1:3a:fb:93:9d:d7:41:8e:
                    69:b2:f8:97:b5:63:b3:a5:c8:cc:9e:a5:59:83:b4:
                    48:50:c3:ef:9d:00:97:b4:80:2d:87:fd:9a:33:93:
                    c0:70:4f:f4:c6:22:a7:c5:d4:58:9a:3d:3a:28:31:
                    cb:25:d6:7c:f5:45:7d:9a:b0:b9:ff:0f:1e:d5:99:
                    33:bd:a3:02:06:20:36:77:25:92:d9:a0:c4:90:6a:
                    1b:61:b5:38:04:d4:9b:98:94:fa:9c:a0:52:ce:f6:
                    77:4f:a4:ca:97:ec:af:7b:39:e2:08:94:63:11:70:
                    53:76:d5:d1:d5:f2:1b:b9:80:ee:ef:e8:9c:d4:ce:
                    f7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D3:9A:1F:29:3C:3B:34:92:DD:D1:5C:CA:11:85:3D:CC:BF:C4:10
            X509v3 Authority Key Identifier:
                keyid:F3:74:F7:34:C3:69:5E:67:90:6A:70:32:EB:2E:59:FB:3E:B4:1B:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/83T3NMNpXmeQanAy6y5Z-z60GyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/e9OaHyk8OzSS3dFcyhGFPcy_xBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/83T3NMNpXmeQanAy6y5Z-z60GyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:e4:17:d1:4b:6a:f9:fd:ad:99:21:8f:39:f5:21:b5:17:1f:
         6d:59:98:e2:80:0e:ad:ac:76:f9:74:98:dd:fd:4a:c3:52:8b:
         d5:c7:07:15:b9:25:0c:e2:af:a5:1d:6b:8e:37:b8:00:7f:5d:
         f8:5b:b4:e8:34:4c:dd:9a:a8:e1:5b:b5:7a:20:f4:86:d0:75:
         3d:3b:eb:87:95:19:45:7b:db:0e:58:06:4b:fc:09:9f:47:fc:
         56:d3:9b:a6:6a:f6:e7:d3:a4:5c:2e:20:41:cb:be:11:4c:05:
         e8:59:77:dd:a3:9c:ac:d7:12:6c:2d:78:6b:ce:e2:19:41:e6:
         a2:af:da:3d:2a:b9:e4:8b:fa:a1:a3:ee:a3:1e:ac:27:85:d8:
         13:71:4c:e6:23:2b:e8:17:49:0a:74:c3:94:84:69:4b:b3:33:
         0c:94:cf:fc:ce:90:7f:9e:f5:85:13:9e:8b:49:f6:9d:03:7a:
         47:37:9b:7e:fa:06:90:1a:4a:f8:42:0f:01:f7:91:fd:92:3e:
         90:6b:05:5b:24:90:9c:ff:be:07:70:3c:39:97:61:ee:e1:be:
         86:aa:ad:47:0e:c9:87:f2:d6:bd:bf:d5:24:b8:39:f8:38:ec:
         11:cd:87:ee:96:3d:6c:87:5c:8f:4a:57:d6:6b:91:82:28:29:
         32:e0:94:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbl3Ev5uRyXymQhh/B42WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNzRmNzM0YzM2OTVlNjc5MDZhNzAzMmViMmU1OWZiM2Vi
NDFiMjIwHhcNMjQwMTAxMTQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQzOWExZjI5M2MzYjM0OTJkZGQxNWNjYTExODUzZGNjYmZjNDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGDynE58LlDym9Y/rELxIbmqsJjY
eQXnbe19o73eDBEPDiDEHv0NZJpcM2FIHgv6mwzw9RyrGRGdV2qXJzHRE+Wh58+p
KRW81w4Zejf1y8FsGfW/7gZoBp4HC2YCD70p+GCHUD+fncYYSuo+sslmpaBvJM5G
E1zZTExARgXToTr7k53XQY5psviXtWOzpcjMnqVZg7RIUMPvnQCXtIAth/2aM5PA
cE/0xiKnxdRYmj06KDHLJdZ89UV9mrC5/w8e1ZkzvaMCBiA2dyWS2aDEkGobYbU4
BNSbmJT6nKBSzvZ3T6TKl+yvezniCJRjEXBTdtXR1fIbuYDu7+ic1M73xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvTmh8pPDs0kt3RXMoRhT3Mv8QQMB8GA1UdIwQY
MBaAFPN09zTDaV5nkGpwMusuWfs+tBsiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODNUM05NTnBYbWVRYW5BeTZ5NVotejYwR3lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mNzQ5MTQtZGRhOC00ZDQ1LTk5OTIt
NGJlZjgzMjhhYWFiLzEvZTlPYUh5azhPelNTM2RGY3loR0ZQY3lfeEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mNzQ5MTQtZGRhOC00ZDQ1LTk5OTItNGJlZjgzMjhhYWFi
LzEvODNUM05NTnBYbWVRYW5BeTZ5NVotejYwR3lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwKLYMA0G
CSqGSIb3DQEBCwUAA4IBAQAd5BfRS2r5/a2ZIY859SG1Fx9tWZjigA6trHb5dJjd
/UrDUovVxwcVuSUM4q+lHWuON7gAf134W7ToNEzdmqjhW7V6IPSG0HU9O+uHlRlF
e9sOWAZL/AmfR/xW05umavbn06RcLiBBy74RTAXoWXfdo5ys1xJsLXhrzuIZQeai
r9o9Krnki/qho+6jHqwnhdgTcUzmIyvoF0kKdMOUhGlLszMMlM/8zpB/nvWFE56L
SfadA3pHN5t++gaQGkr4Qg8B95H9kj6QawVbJJCc/74HcDw5l2Hu4b6Gqq1HDsmH
8ta9v9UkuDn4OOwRzYfulj1sh1yPSlfWa5GCKCky4JTX
-----END CERTIFICATE-----
Generated at Mon Nov 25 20:29:44 2024 by rpki-client on console-fra.rpki-client.org