Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/VO1zymuzKaiLDcf2BL5fZUzye0U.roa
File:                     VO1zymuzKaiLDcf2BL5fZUzye0U.roa (raw, json)
Hash identifier:          68G502lZuO1SGTIvpGEetdvOvxjzi5GIy/WCQecZtcY=
Subject key identifier:   54:ED:73:CA:6B:B3:29:A8:8B:0D:C7:F6:04:BE:5F:65:4C:F2:7B:45
Certificate issuer:       /CN=c255989d579c4b5eade852f97f62e9bf2cfbde3c
Certificate serial:       018CC425236AEF56B93EC4263AC3EE44AD81
Authority key identifier: C2:55:98:9D:57:9C:4B:5E:AD:E8:52:F9:7F:62:E9:BF:2C:FB:DE:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wlWYnVecS16t6FL5f2Lpvyz73jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/VO1zymuzKaiLDcf2BL5fZUzye0U.roa
Signing time:             Mon 01 Jan 2024 08:30:17 +0000
ROA not before:           Mon 01 Jan 2024 08:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        188.95.141.0/24 maxlen: 24
                          188.95.140.0/24 maxlen: 24
                          188.95.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/wlWYnVecS16t6FL5f2Lpvyz73jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/wlWYnVecS16t6FL5f2Lpvyz73jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wlWYnVecS16t6FL5f2Lpvyz73jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:23:6a:ef:56:b9:3e:c4:26:3a:c3:ee:44:ad:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c255989d579c4b5eade852f97f62e9bf2cfbde3c
        Validity
            Not Before: Jan  1 08:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54ed73ca6bb329a88b0dc7f604be5f654cf27b45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e3:ab:de:65:b8:90:27:1c:1d:b0:55:58:fc:
                    3d:b3:54:06:b5:7b:cd:f5:b1:26:10:30:bd:c6:0e:
                    39:ae:25:d9:e7:c4:0d:a3:18:1c:63:df:25:78:23:
                    8d:ef:53:52:11:e8:08:b4:e8:aa:08:38:56:9c:14:
                    f2:66:06:42:1b:70:fc:03:a1:0b:38:28:01:3a:52:
                    74:b9:99:8f:ec:32:7c:2f:e8:3d:41:12:f4:f0:ed:
                    80:f4:55:b1:7b:8c:2e:ed:be:6e:a3:c3:dd:ed:bd:
                    c9:58:74:4b:2f:bf:97:63:d7:d3:f6:c8:2c:f1:ed:
                    12:4a:9d:6d:b1:da:e5:95:20:f8:62:66:78:04:a9:
                    c5:08:74:87:fe:5a:2d:70:c4:6b:9c:b3:a9:f8:99:
                    72:c2:97:e9:37:f2:d2:0d:68:d7:d4:de:40:fd:e5:
                    b2:38:2e:05:8e:28:9d:07:6e:87:bb:7c:a2:f3:1d:
                    ff:2a:7c:0c:35:0c:3d:84:03:ad:66:61:16:70:db:
                    56:75:71:be:d4:14:c7:66:9d:f5:d0:5b:a2:3e:47:
                    26:62:f9:17:84:da:11:71:de:ec:ad:fd:ba:d5:c7:
                    f3:38:f4:37:07:b5:08:7e:48:df:83:ca:a8:44:ea:
                    f7:66:df:ae:9e:e6:8d:f0:9b:37:b2:03:39:b9:7f:
                    44:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:ED:73:CA:6B:B3:29:A8:8B:0D:C7:F6:04:BE:5F:65:4C:F2:7B:45
            X509v3 Authority Key Identifier:
                keyid:C2:55:98:9D:57:9C:4B:5E:AD:E8:52:F9:7F:62:E9:BF:2C:FB:DE:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wlWYnVecS16t6FL5f2Lpvyz73jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/VO1zymuzKaiLDcf2BL5fZUzye0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/720394-cf71-40a3-a538-ed01ed7c129b/1/wlWYnVecS16t6FL5f2Lpvyz73jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.140.0-188.95.142.255

    Signature Algorithm: sha256WithRSAEncryption
         04:ec:16:c1:26:26:01:80:9f:59:6c:39:b8:02:42:5b:3c:df:
         b7:c1:42:05:5e:f8:9f:70:41:6a:15:68:f9:32:5a:7a:b8:83:
         14:93:6f:fd:9e:11:6a:b9:27:7d:5e:bc:4f:66:5d:a6:09:77:
         c3:02:f4:44:16:b4:11:0e:e8:16:8f:13:3e:e5:bb:ca:e4:90:
         5b:29:8f:6f:4e:b8:d3:e2:4f:f7:88:8a:ed:45:4c:8e:87:03:
         b0:58:c2:cb:06:ae:13:55:68:f8:0a:c8:d9:1c:1e:2c:fc:ac:
         f2:3a:5d:59:83:3b:d6:ec:a5:f5:ac:84:92:fc:d8:fd:19:8c:
         70:e4:2f:54:86:1d:e7:52:74:35:0c:fd:47:08:f1:b5:0f:3b:
         00:41:69:bc:c5:a1:87:3b:74:af:9a:ff:8d:89:e8:7d:77:09:
         f2:49:a6:f8:21:2d:d9:3e:85:c3:2f:53:cf:c7:3a:68:80:c4:
         54:5e:13:be:8f:51:18:de:73:7d:68:b7:3e:a7:3b:97:b2:a1:
         89:23:fd:35:c4:b0:41:94:21:fd:19:c2:b0:69:7a:81:63:76:
         a2:50:92:01:9c:08:28:bb:a3:9e:ca:99:d1:9b:ca:cb:f2:27:
         a5:4d:82:66:f3:a5:e0:ce:ab:71:ba:c5:37:b2:e1:8a:d4:cf:
         21:17:86:88
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEJSNq71a5PsQmOsPuRK2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNTU5ODlkNTc5YzRiNWVhZGU4NTJmOTdmNjJlOWJmMmNm
YmRlM2MwHhcNMjQwMTAxMDgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGVkNzNjYTZiYjMyOWE4OGIwZGM3ZjYwNGJlNWY2NTRjZjI3YjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuOr3mW4kCccHbBVWPw9s1QGtXvN
9bEmEDC9xg45riXZ58QNoxgcY98leCON71NSEegItOiqCDhWnBTyZgZCG3D8A6EL
OCgBOlJ0uZmP7DJ8L+g9QRL08O2A9FWxe4wu7b5uo8Pd7b3JWHRLL7+XY9fT9sgs
8e0SSp1tsdrllSD4YmZ4BKnFCHSH/lotcMRrnLOp+JlywpfpN/LSDWjX1N5A/eWy
OC4FjiidB26Hu3yi8x3/KnwMNQw9hAOtZmEWcNtWdXG+1BTHZp310FuiPkcmYvkX
hNoRcd7srf261cfzOPQ3B7UIfkjfg8qoROr3Zt+unuaN8Js3sgM5uX9E3QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFTtc8prsymoiw3H9gS+X2VM8ntFMB8GA1UdIwQY
MBaAFMJVmJ1XnEterehS+X9i6b8s+948MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2xXWW5WZWNTMTZ0NkZMNWYyTHB2eXo3M2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83MjAzOTQtY2Y3MS00MGEzLWE1Mzgt
ZWQwMWVkN2MxMjliLzEvVk8xenltdXpLYWlMRGNmMkJMNWZaVXp5ZTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83MjAzOTQtY2Y3MS00MGEzLWE1MzgtZWQwMWVkN2MxMjli
LzEvd2xXWW5WZWNTMTZ0NkZMNWYyTHB2eXo3M2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK8X4wD
BAC8X44wDQYJKoZIhvcNAQELBQADggEBAATsFsEmJgGAn1lsObgCQls837fBQgVe
+J9wQWoVaPkyWnq4gxSTb/2eEWq5J31evE9mXaYJd8MC9EQWtBEO6BaPEz7lu8rk
kFspj29OuNPiT/eIiu1FTI6HA7BYwssGrhNVaPgKyNkcHiz8rPI6XVmDO9bspfWs
hJL82P0ZjHDkL1SGHedSdDUM/UcI8bUPOwBBabzFoYc7dK+a/42J6H13CfJJpvgh
Ldk+hcMvU8/HOmiAxFReE76PURjec31otz6nO5eyoYkj/TXEsEGUIf0ZwrBpeoFj
dqJQkgGcCCi7o57KmdGbysvyJ6VNgmbzpeDOq3G6xTey4YrUzyEXhog=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:33:03 2024 by rpki-client on console-fra.rpki-client.org