Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/a8efdf-5cee-494b-be48-a371f2889138/1/IiLauL0ZABJIfJsW0ysDF1yPkSk.roa
File:                     IiLauL0ZABJIfJsW0ysDF1yPkSk.roa (raw, json)
Hash identifier:          2dSS9LHJRv79sSaSs3OG0Q18ftFux3F7aHcbWrtUM24=
Subject key identifier:   22:22:DA:B8:BD:19:00:12:48:7C:9B:16:D3:2B:03:17:5C:8F:91:29
Certificate issuer:       /CN=34919204b7ac47424baabfb291bd3fc8fa9e05f6
Certificate serial:       018CC50083DEC969CB96838ACEFCA757BE85
Authority key identifier: 34:91:92:04:B7:AC:47:42:4B:AA:BF:B2:91:BD:3F:C8:FA:9E:05:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJGSBLesR0JLqr-ykb0_yPqeBfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/a8efdf-5cee-494b-be48-a371f2889138/1/IiLauL0ZABJIfJsW0ysDF1yPkSk.roa
Signing time:             Mon 01 Jan 2024 12:29:54 +0000
ROA not before:           Mon 01 Jan 2024 12:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        194.49.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/a8efdf-5cee-494b-be48-a371f2889138/1/NJGSBLesR0JLqr-ykb0_yPqeBfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/a8efdf-5cee-494b-be48-a371f2889138/1/NJGSBLesR0JLqr-ykb0_yPqeBfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJGSBLesR0JLqr-ykb0_yPqeBfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Nov 2024 14:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:83:de:c9:69:cb:96:83:8a:ce:fc:a7:57:be:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34919204b7ac47424baabfb291bd3fc8fa9e05f6
        Validity
            Not Before: Jan  1 12:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2222dab8bd190012487c9b16d32b03175c8f9129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3c:54:23:65:8f:9a:cb:71:d7:cb:07:26:d2:
                    7a:9e:28:4e:90:a2:f3:5f:a6:5e:18:f8:c1:03:45:
                    19:2c:48:17:55:c2:b0:13:e3:5a:93:60:8a:da:29:
                    fe:f7:98:02:c1:27:a5:38:db:54:5e:2b:89:01:48:
                    64:4f:58:1f:5a:95:f9:32:3d:73:f5:80:af:ad:ef:
                    16:d8:7e:07:69:cb:65:8b:e1:8e:1b:10:9b:da:65:
                    88:b8:09:70:d4:a0:2c:bc:5f:1e:fe:ef:cf:c6:22:
                    e9:49:ef:74:05:04:05:f3:07:cb:7d:d8:92:cb:fe:
                    37:8a:20:d8:dd:6b:3a:d7:49:ae:b7:c4:6c:dd:63:
                    d1:e7:20:a5:18:95:57:62:92:b8:1e:fe:4c:ac:0f:
                    22:5e:c7:75:f2:a5:9f:06:b8:92:5c:60:ac:40:03:
                    78:51:cb:fb:07:3c:38:c6:2b:a6:af:bf:7f:8d:ab:
                    d1:a3:e7:21:54:bf:64:b1:40:eb:ab:2b:dd:1c:ec:
                    e1:96:3d:57:8b:2d:6d:39:15:63:df:be:8d:b1:e3:
                    6c:57:08:79:bf:f5:39:94:78:ca:5a:25:5d:2c:e4:
                    3e:c1:f0:bb:49:df:9e:a8:95:df:17:5e:79:90:47:
                    cd:e5:9c:b6:14:bd:53:f5:29:ff:57:1e:48:70:10:
                    2b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:22:DA:B8:BD:19:00:12:48:7C:9B:16:D3:2B:03:17:5C:8F:91:29
            X509v3 Authority Key Identifier:
                keyid:34:91:92:04:B7:AC:47:42:4B:AA:BF:B2:91:BD:3F:C8:FA:9E:05:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJGSBLesR0JLqr-ykb0_yPqeBfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a8efdf-5cee-494b-be48-a371f2889138/1/IiLauL0ZABJIfJsW0ysDF1yPkSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a8efdf-5cee-494b-be48-a371f2889138/1/NJGSBLesR0JLqr-ykb0_yPqeBfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:ff:93:6d:1e:85:56:3c:ae:7a:63:f6:6b:82:5c:49:16:b1:
         c2:b3:3f:ff:1b:42:a9:68:4a:f9:15:7d:dc:cc:02:8c:03:7b:
         b8:7d:33:28:58:9e:21:a1:2b:83:1b:a8:25:1c:23:fb:b1:f0:
         96:ce:6f:98:a5:5e:57:72:c4:ac:3c:a0:08:50:f9:4f:da:3d:
         40:00:bc:51:26:2c:c5:92:02:1d:25:03:cb:f1:94:24:a0:01:
         51:b7:b9:cc:5a:36:fd:c5:af:98:e2:b6:45:8e:18:c6:8e:17:
         38:b2:35:e5:be:40:b2:fb:e1:d8:75:3a:2c:e6:1e:f5:1c:ec:
         69:10:c0:ce:52:ba:de:46:00:c7:f2:3a:c7:52:fe:32:e5:c0:
         64:9b:74:57:f0:e3:a5:d2:ed:42:4e:ba:33:ea:f9:8d:be:89:
         b0:e1:7c:38:70:d5:9c:c0:79:a2:96:1b:a7:48:fd:44:a7:4e:
         54:e4:52:d2:16:d0:ec:08:44:dc:4c:e2:90:dc:54:d7:91:47:
         53:18:3c:06:b6:d9:b9:3a:08:f2:2f:5b:49:a1:a9:ee:af:e0:
         b8:a3:b7:ac:f6:40:60:7b:cd:ac:78:d5:11:37:c0:84:8b:cb:
         9e:34:a3:2c:00:fd:49:4f:c7:4f:b3:62:b9:9f:9a:a6:08:00:
         c6:1b:c2:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAIPeyWnLloOKzvynV76FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OTE5MjA0YjdhYzQ3NDI0YmFhYmZiMjkxYmQzZmM4ZmE5
ZTA1ZjYwHhcNMjQwMTAxMTIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjIyZGFiOGJkMTkwMDEyNDg3YzliMTZkMzJiMDMxNzVjOGY5MTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjxUI2WPmstx18sHJtJ6nihOkKLz
X6ZeGPjBA0UZLEgXVcKwE+Nak2CK2in+95gCwSelONtUXiuJAUhkT1gfWpX5Mj1z
9YCvre8W2H4Hactli+GOGxCb2mWIuAlw1KAsvF8e/u/PxiLpSe90BQQF8wfLfdiS
y/43iiDY3Ws610mut8Rs3WPR5yClGJVXYpK4Hv5MrA8iXsd18qWfBriSXGCsQAN4
Ucv7Bzw4xiumr79/javRo+chVL9ksUDrqyvdHOzhlj1Xiy1tORVj376NseNsVwh5
v/U5lHjKWiVdLOQ+wfC7Sd+eqJXfF155kEfN5Zy2FL1T9Sn/Vx5IcBArwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIi2ri9GQASSHybFtMrAxdcj5EpMB8GA1UdIwQY
MBaAFDSRkgS3rEdCS6q/spG9P8j6ngX2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkpHU0JMZXNSMEpMcXIteWtiMF95UHFlQmZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9hOGVmZGYtNWNlZS00OTRiLWJlNDgt
YTM3MWYyODg5MTM4LzEvSWlMYXVMMFpBQkpJZkpzVzB5c0RGMXlQa1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9hOGVmZGYtNWNlZS00OTRiLWJlNDgtYTM3MWYyODg5MTM4
LzEvTkpHU0JMZXNSMEpMcXIteWtiMF95UHFlQmZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjE9MA0G
CSqGSIb3DQEBCwUAA4IBAQDD/5NtHoVWPK56Y/ZrglxJFrHCsz//G0KpaEr5FX3c
zAKMA3u4fTMoWJ4hoSuDG6glHCP7sfCWzm+YpV5XcsSsPKAIUPlP2j1AALxRJizF
kgIdJQPL8ZQkoAFRt7nMWjb9xa+Y4rZFjhjGjhc4sjXlvkCy++HYdTos5h71HOxp
EMDOUrreRgDH8jrHUv4y5cBkm3RX8OOl0u1CTroz6vmNvomw4Xw4cNWcwHmilhun
SP1Ep05U5FLSFtDsCETcTOKQ3FTXkUdTGDwGttm5OgjyL1tJoanur+C4o7es9kBg
e82seNURN8CEi8ueNKMsAP1JT8dPs2K5n5qmCADGG8Kz
-----END CERTIFICATE-----
Generated at Sun Nov 10 19:34:15 2024 by rpki-client on console-fra.rpki-client.org