Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/XOfpYlMNP-A4VtuLZkm1D3_jIAE.roa
File:                     XOfpYlMNP-A4VtuLZkm1D3_jIAE.roa (raw, json)
Hash identifier:          P9GMDa18vpj6HisktGvqaXvbJ1CWykttrX7qRD8A5iQ=
Subject key identifier:   5C:E7:E9:62:53:0D:3F:E0:38:56:DB:8B:66:49:B5:0F:7F:E3:20:01
Certificate issuer:       /CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
Certificate serial:       018CC6B8FEF7A3B63825DFC6823211EA8F0B
Authority key identifier: 9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/XOfpYlMNP-A4VtuLZkm1D3_jIAE.roa
Signing time:             Mon 01 Jan 2024 20:31:01 +0000
ROA not before:           Mon 01 Jan 2024 20:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24989
IP address blocks:        194.8.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fe:f7:a3:b6:38:25:df:c6:82:32:11:ea:8f:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
        Validity
            Not Before: Jan  1 20:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ce7e962530d3fe03856db8b6649b50f7fe32001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a5:61:d4:1f:1f:06:1e:3d:1e:f6:e9:99:69:
                    28:c0:54:f2:6a:51:eb:9b:70:b0:9c:e5:4f:56:14:
                    39:a0:2e:65:c2:cb:ec:34:20:66:68:b6:4a:d0:87:
                    c8:ed:31:40:b0:cc:55:08:5b:4b:c1:25:3d:8f:44:
                    f1:03:d3:fb:11:db:9b:b7:49:7d:2e:83:a8:b8:8a:
                    97:55:81:23:b7:df:32:f7:6c:5b:d3:fc:69:52:7b:
                    1e:4d:1c:80:0e:07:78:41:c5:c7:12:0a:f9:d5:03:
                    67:38:68:a0:c5:90:3a:11:87:ea:fa:e4:17:35:d9:
                    47:43:72:e4:a6:4b:c8:08:81:25:57:44:5c:d5:af:
                    f8:58:50:b1:60:1b:08:06:3e:24:27:de:7c:92:a4:
                    89:d0:5c:d9:36:aa:73:27:f2:7a:dd:71:20:d0:b5:
                    95:a9:64:3d:00:f6:c5:f7:4f:0b:6c:21:39:dc:e2:
                    bb:e9:9a:2c:bd:1e:2b:00:02:87:45:53:14:6a:b3:
                    32:d5:98:39:74:5f:89:2b:09:18:51:ae:e5:d2:4a:
                    57:b2:f8:bf:d8:31:7b:f9:b1:9e:c1:15:69:b3:19:
                    05:65:f9:b9:72:f8:e1:b9:d8:a1:86:90:68:cd:c7:
                    82:7f:48:42:26:7a:a2:5b:53:58:96:1c:f7:31:12:
                    96:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:E7:E9:62:53:0D:3F:E0:38:56:DB:8B:66:49:B5:0F:7F:E3:20:01
            X509v3 Authority Key Identifier:
                keyid:9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/XOfpYlMNP-A4VtuLZkm1D3_jIAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:ef:8b:6a:be:28:71:6d:1a:1f:64:1c:05:de:57:01:5b:12:
         18:46:03:ce:19:fa:99:e1:7a:6c:a9:4f:87:f9:c5:91:3b:85:
         13:f2:28:dd:86:ea:d3:1a:4c:78:08:60:4e:41:72:13:6c:81:
         8e:45:c1:28:a2:9e:36:20:95:52:5d:b6:f4:52:dc:37:55:2a:
         e6:7a:9f:c4:29:b8:08:84:f3:e2:16:30:a8:42:7c:4e:7c:35:
         6b:4f:58:ed:7e:bc:90:4f:46:23:72:f3:a2:1d:ad:10:df:04:
         40:11:34:ca:c1:30:73:d6:55:00:af:25:1f:45:c0:a3:06:4e:
         08:1b:59:0d:ed:e4:73:9b:92:e1:79:0e:8c:68:5a:1c:26:29:
         d6:38:92:69:d1:73:91:14:88:9e:cd:7d:04:eb:0d:17:59:e6:
         db:fd:e1:a9:87:19:6f:27:86:40:e3:8b:f3:92:c0:4a:c5:3f:
         55:09:74:bf:f8:a0:77:e2:53:92:f2:34:1f:7c:90:66:32:d2:
         af:55:91:1c:7a:ae:f9:c6:1e:fd:e3:80:8c:ec:66:80:ed:b8:
         5c:85:8a:ef:56:9a:c2:74:8b:56:9e:d6:97:cf:a7:4f:fb:af:
         84:f1:0e:b8:9a:52:c2:c2:da:52:f0:0e:70:e0:87:e9:a3:f8:
         90:61:d0:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuP73o7Y4Jd/GgjIR6o8LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWRlNDkwZmY4NzRlOTY4OWNlY2Y3MjZjYmI0ZTJmNTFm
NmM3MzEwHhcNMjQwMTAxMjAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2U3ZTk2MjUzMGQzZmUwMzg1NmRiOGI2NjQ5YjUwZjdmZTMyMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKVh1B8fBh49HvbpmWkowFTyalHr
m3CwnOVPVhQ5oC5lwsvsNCBmaLZK0IfI7TFAsMxVCFtLwSU9j0TxA9P7Edubt0l9
LoOouIqXVYEjt98y92xb0/xpUnseTRyADgd4QcXHEgr51QNnOGigxZA6EYfq+uQX
NdlHQ3LkpkvICIElV0Rc1a/4WFCxYBsIBj4kJ958kqSJ0FzZNqpzJ/J63XEg0LWV
qWQ9APbF908LbCE53OK76ZosvR4rAAKHRVMUarMy1Zg5dF+JKwkYUa7l0kpXsvi/
2DF7+bGewRVpsxkFZfm5cvjhudihhpBozceCf0hCJnqiW1NYlhz3MRKWNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzn6WJTDT/gOFbbi2ZJtQ9/4yABMB8GA1UdIwQY
MBaAFJ1d5JD/h06Wic7Pcmy7Ti9R9scxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUt
Y2VjMzNiYTFiZGY1LzEvWE9mcFlsTU5QLUE0VnR1TFprbTFEM19qSUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUtY2VjMzNiYTFiZGY1
LzEvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgh7MA0G
CSqGSIb3DQEBCwUAA4IBAQBD74tqvihxbRofZBwF3lcBWxIYRgPOGfqZ4XpsqU+H
+cWRO4UT8ijdhurTGkx4CGBOQXITbIGORcEoop42IJVSXbb0Utw3VSrmep/EKbgI
hPPiFjCoQnxOfDVrT1jtfryQT0YjcvOiHa0Q3wRAETTKwTBz1lUAryUfRcCjBk4I
G1kN7eRzm5LheQ6MaFocJinWOJJp0XORFIiezX0E6w0XWebb/eGphxlvJ4ZA44vz
ksBKxT9VCXS/+KB34lOS8jQffJBmMtKvVZEceq75xh7944CM7GaA7bhchYrvVprC
dItWntaXz6dP+6+E8Q64mlLCwtpS8A5w4Ifpo/iQYdDz
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:22:57 2024 by rpki-client on console-fra.rpki-client.org