Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/5e7a31-ee63-4120-952c-cd2f8c94f974/1/DsXVODTXGF8ZPiP_W53hk59Cmik.roa
File:                     DsXVODTXGF8ZPiP_W53hk59Cmik.roa (raw, json)
Hash identifier:          2q+hYokRAnNy14v83eElhU1YEnMdUrBY46TyVNpBvUM=
Subject key identifier:   0E:C5:D5:38:34:D7:18:5F:19:3E:23:FF:5B:9D:E1:93:9F:42:9A:29
Certificate issuer:       /CN=777c49d3f627335190e3c2ec3654e154cfd45398
Certificate serial:       018CC3B7218EA98DF215683B49C40D839E5F
Authority key identifier: 77:7C:49:D3:F6:27:33:51:90:E3:C2:EC:36:54:E1:54:CF:D4:53:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d3xJ0_YnM1GQ48LsNlThVM_UU5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/5e7a31-ee63-4120-952c-cd2f8c94f974/1/DsXVODTXGF8ZPiP_W53hk59Cmik.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.246.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/5e7a31-ee63-4120-952c-cd2f8c94f974/1/d3xJ0_YnM1GQ48LsNlThVM_UU5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/5e7a31-ee63-4120-952c-cd2f8c94f974/1/d3xJ0_YnM1GQ48LsNlThVM_UU5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d3xJ0_YnM1GQ48LsNlThVM_UU5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:21:8e:a9:8d:f2:15:68:3b:49:c4:0d:83:9e:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=777c49d3f627335190e3c2ec3654e154cfd45398
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ec5d53834d7185f193e23ff5b9de1939f429a29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:92:07:26:d5:8d:df:30:b5:26:d6:bc:83:99:
                    5d:40:26:c9:27:ec:ef:e6:52:1c:50:27:e5:78:b2:
                    aa:77:77:21:fb:82:85:a5:a4:ae:c9:8d:c9:fe:1c:
                    03:86:f6:65:fc:38:c5:fb:ab:89:7d:f9:90:30:31:
                    5f:9c:bd:80:58:0c:29:20:24:c2:77:10:57:0b:0f:
                    08:0d:bb:f7:21:b7:7c:83:c4:4f:62:8b:78:17:e5:
                    96:a1:da:40:30:ac:a6:d4:f2:af:17:cd:a5:38:af:
                    0a:70:93:43:d0:e0:ce:06:87:19:be:15:b7:73:b1:
                    d1:4b:11:6b:05:2f:dd:9c:48:fd:85:17:92:0b:23:
                    85:c3:69:2a:35:51:8c:48:7f:d3:fc:08:a6:48:cd:
                    30:03:62:39:a2:4b:77:9d:2a:3a:3e:53:63:0d:e5:
                    b1:e6:37:8d:37:a6:b5:53:cf:7b:57:46:65:c6:fa:
                    d3:80:53:7f:79:bf:bf:af:8a:78:a4:98:e9:1b:3f:
                    bd:2f:fa:37:65:09:24:c6:8f:23:1e:e8:bb:a3:df:
                    b2:3b:c0:75:6d:a7:ce:ee:1c:b2:c9:e1:3f:ec:12:
                    56:89:ac:39:39:85:5c:68:8e:8d:2a:34:dd:a5:b9:
                    29:51:87:1e:16:41:d0:db:b3:45:14:86:8f:37:03:
                    c5:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:C5:D5:38:34:D7:18:5F:19:3E:23:FF:5B:9D:E1:93:9F:42:9A:29
            X509v3 Authority Key Identifier:
                keyid:77:7C:49:D3:F6:27:33:51:90:E3:C2:EC:36:54:E1:54:CF:D4:53:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3xJ0_YnM1GQ48LsNlThVM_UU5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/5e7a31-ee63-4120-952c-cd2f8c94f974/1/DsXVODTXGF8ZPiP_W53hk59Cmik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/5e7a31-ee63-4120-952c-cd2f8c94f974/1/d3xJ0_YnM1GQ48LsNlThVM_UU5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.246.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:0b:a7:e2:18:a0:22:f9:31:9b:6d:26:81:da:5d:2a:9b:93:
         59:52:99:35:85:f9:69:d3:37:f9:51:09:60:0f:e6:7f:8a:92:
         1e:55:0b:a0:cc:ff:88:f4:7f:53:96:0a:f0:b7:d1:67:78:4a:
         31:ad:68:e3:4b:bb:43:8c:2a:06:3f:37:0d:69:0b:ef:24:46:
         32:c0:74:11:b6:6c:f1:a1:bf:f2:36:72:cf:5b:e7:79:0b:5d:
         df:49:eb:d7:85:bc:f1:b9:fc:39:5d:60:a8:f1:21:80:7f:8e:
         0c:6f:a9:0d:71:fc:50:e2:d2:5a:e6:a0:69:2a:b9:e3:dc:cc:
         61:c1:f3:88:fd:52:2e:47:49:e1:f8:42:29:58:87:0b:7e:ca:
         4e:a6:ce:98:6b:4b:7e:c4:fe:23:0a:ef:40:9e:66:9a:d1:ca:
         e2:3c:17:72:25:31:0c:93:48:4f:23:34:0c:dc:d1:dd:fa:a9:
         2b:d7:3b:30:d4:b0:f6:2b:61:46:c7:c5:1f:c6:79:96:13:33:
         33:e6:3b:f1:4f:8a:35:56:c4:44:55:92:20:1b:61:96:7b:4c:
         0b:99:31:93:72:82:47:b6:cd:a2:d6:19:df:1d:0e:a9:fa:9b:
         5d:24:6b:17:d7:68:d2:ee:9d:a9:f8:34:70:70:53:9f:31:a4:
         34:73:af:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyGOqY3yFWg7ScQNg55fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3N2M0OWQzZjYyNzMzNTE5MGUzYzJlYzM2NTRlMTU0Y2Zk
NDUzOTgwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWM1ZDUzODM0ZDcxODVmMTkzZTIzZmY1YjlkZTE5MzlmNDI5YTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JIHJtWN3zC1Jta8g5ldQCbJJ+zv
5lIcUCfleLKqd3ch+4KFpaSuyY3J/hwDhvZl/DjF+6uJffmQMDFfnL2AWAwpICTC
dxBXCw8IDbv3Ibd8g8RPYot4F+WWodpAMKym1PKvF82lOK8KcJND0ODOBocZvhW3
c7HRSxFrBS/dnEj9hReSCyOFw2kqNVGMSH/T/AimSM0wA2I5okt3nSo6PlNjDeWx
5jeNN6a1U897V0ZlxvrTgFN/eb+/r4p4pJjpGz+9L/o3ZQkkxo8jHui7o9+yO8B1
bafO7hyyyeE/7BJWiaw5OYVcaI6NKjTdpbkpUYceFkHQ27NFFIaPNwPFAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7F1Tg01xhfGT4j/1ud4ZOfQpopMB8GA1UdIwQY
MBaAFHd8SdP2JzNRkOPC7DZU4VTP1FOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDN4SjBfWW5NMUdRNDhMc05sVGhWTV9VVTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny81ZTdhMzEtZWU2My00MTIwLTk1MmMt
Y2QyZjhjOTRmOTc0LzEvRHNYVk9EVFhHRjhaUGlQX1c1M2hrNTlDbWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny81ZTdhMzEtZWU2My00MTIwLTk1MmMtY2QyZjhjOTRmOTc0
LzEvZDN4SjBfWW5NMUdRNDhMc05sVGhWTV9VVTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfZ6MA0G
CSqGSIb3DQEBCwUAA4IBAQArC6fiGKAi+TGbbSaB2l0qm5NZUpk1hflp0zf5UQlg
D+Z/ipIeVQugzP+I9H9Tlgrwt9FneEoxrWjjS7tDjCoGPzcNaQvvJEYywHQRtmzx
ob/yNnLPW+d5C13fSevXhbzxufw5XWCo8SGAf44Mb6kNcfxQ4tJa5qBpKrnj3Mxh
wfOI/VIuR0nh+EIpWIcLfspOps6Ya0t+xP4jCu9Anmaa0criPBdyJTEMk0hPIzQM
3NHd+qkr1zsw1LD2K2FGx8UfxnmWEzMz5jvxT4o1VsREVZIgG2GWe0wLmTGTcoJH
ts2i1hnfHQ6p+ptdJGsX12jS7p2p+DRwcFOfMaQ0c6/J
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:42:49 2024 by rpki-client on console-ams.rpki-client.org