Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f40486-2cd9-475b-bbe1-16cd8f4fb4b9/1/5wdvmJZUJ70-ULoipZFrVlHA8eM.roa
File:                     5wdvmJZUJ70-ULoipZFrVlHA8eM.roa (raw, json)
Hash identifier:          xnSvprVeruf7A+5x22FCIXRMJ4IFVzsU/2EaFJJgJjA=
Subject key identifier:   E7:07:6F:98:96:54:27:BD:3E:50:BA:22:A5:91:6B:56:51:C0:F1:E3
Certificate issuer:       /CN=f8f19e224c73f83c4fdd196d06608aeb3a881804
Certificate serial:       018CC4254D067F5427C369F3AF78E1362C13
Authority key identifier: F8:F1:9E:22:4C:73:F8:3C:4F:DD:19:6D:06:60:8A:EB:3A:88:18:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-PGeIkxz-DxP3RltBmCK6zqIGAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f40486-2cd9-475b-bbe1-16cd8f4fb4b9/1/5wdvmJZUJ70-ULoipZFrVlHA8eM.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197427
IP address blocks:        195.150.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f40486-2cd9-475b-bbe1-16cd8f4fb4b9/1/1-PGeIkxz-DxP3RltBmCK6zqIGAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f40486-2cd9-475b-bbe1-16cd8f4fb4b9/1/1-PGeIkxz-DxP3RltBmCK6zqIGAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-PGeIkxz-DxP3RltBmCK6zqIGAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4d:06:7f:54:27:c3:69:f3:af:78:e1:36:2c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8f19e224c73f83c4fdd196d06608aeb3a881804
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7076f98965427bd3e50ba22a5916b5651c0f1e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:29:08:96:e1:8b:3e:9d:8a:bd:b7:a6:55:7a:
                    65:26:a9:c2:25:7e:fd:c2:ff:f2:7e:66:96:03:22:
                    58:dc:b2:82:a2:1f:68:d9:2d:d7:b2:84:2c:6c:ef:
                    1c:aa:59:1a:e5:60:c0:bb:bd:6c:45:c5:ae:84:33:
                    53:fb:33:a2:68:3d:b9:f5:5e:65:a4:fc:e2:a6:d4:
                    1f:0c:fb:2d:8d:9c:71:c2:64:d8:66:67:79:66:79:
                    b8:63:42:e1:35:90:44:17:50:38:da:d3:1d:56:79:
                    66:1d:0c:3a:64:e3:30:91:02:59:9a:de:87:87:10:
                    b5:50:05:d3:66:10:8b:1c:cc:ab:45:cf:28:e9:c1:
                    a5:4a:11:c4:24:c9:51:04:5a:9e:f1:00:40:04:e2:
                    5a:a6:b9:48:ca:b2:6e:09:ab:3b:db:fe:1f:a5:70:
                    e5:9b:79:7b:07:d7:04:63:62:ae:4d:5f:fd:1c:43:
                    67:ca:46:a5:39:9d:e3:c8:5f:e3:e2:e3:fb:6d:7d:
                    13:d4:6b:dc:b2:95:9b:69:bb:44:77:fb:c5:53:2b:
                    d2:31:2f:24:1f:ad:78:fb:2b:de:25:96:c6:5d:5b:
                    df:e8:2d:13:db:70:76:6f:de:ec:90:36:04:60:83:
                    8c:c6:f0:44:84:60:6d:d7:6c:38:6a:dc:d7:d0:eb:
                    c1:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:07:6F:98:96:54:27:BD:3E:50:BA:22:A5:91:6B:56:51:C0:F1:E3
            X509v3 Authority Key Identifier:
                keyid:F8:F1:9E:22:4C:73:F8:3C:4F:DD:19:6D:06:60:8A:EB:3A:88:18:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-PGeIkxz-DxP3RltBmCK6zqIGAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f40486-2cd9-475b-bbe1-16cd8f4fb4b9/1/5wdvmJZUJ70-ULoipZFrVlHA8eM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f40486-2cd9-475b-bbe1-16cd8f4fb4b9/1/1-PGeIkxz-DxP3RltBmCK6zqIGAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.150.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:7d:31:04:19:98:19:16:db:54:20:2e:72:a5:91:b6:71:b7:
         31:1c:2d:5c:0d:02:b2:e0:8f:76:9b:d7:cd:00:1d:33:cb:cd:
         f4:63:b9:3f:a2:0b:3f:03:ca:11:b4:79:34:c0:5d:ff:b9:85:
         4d:61:93:d2:57:64:18:3e:b6:9b:5f:04:79:4d:5f:98:b9:fe:
         c8:0c:7c:37:8e:d9:73:2e:f2:f0:4c:1b:89:30:51:e5:1c:bd:
         df:f6:9f:37:aa:2b:6d:23:55:31:7a:50:1e:5b:37:08:20:86:
         c6:a7:5b:fb:59:16:1a:ee:81:23:6c:9f:f4:16:ac:85:e7:96:
         f4:2b:bb:01:c5:51:49:b5:0e:52:e3:b2:7f:c6:8e:a0:60:dc:
         67:73:19:2e:bb:7a:db:dd:dd:7d:46:7e:4c:09:b9:0d:73:d1:
         57:1d:9d:44:9d:87:59:17:22:44:95:da:77:b3:5d:e5:ac:3b:
         57:cc:fc:75:ad:f0:6d:33:e3:7d:b9:40:21:44:b3:75:ee:0d:
         5a:60:a5:68:39:03:b6:4e:42:07:2c:f6:c8:8f:63:64:c9:c7:
         a8:23:7f:39:f8:5f:ad:ea:1b:fb:46:f3:a2:0e:8e:91:f3:8c:
         85:ee:71:af:01:88:e6:48:89:8a:ee:b0:cc:96:e1:55:5c:c0:
         8f:b8:8e:b0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJU0Gf1Qnw2nzr3jhNiwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZjE5ZTIyNGM3M2Y4M2M0ZmRkMTk2ZDA2NjA4YWViM2E4
ODE4MDQwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzA3NmY5ODk2NTQyN2JkM2U1MGJhMjJhNTkxNmI1NjUxYzBmMWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwykIluGLPp2KvbemVXplJqnCJX79
wv/yfmaWAyJY3LKCoh9o2S3XsoQsbO8cqlka5WDAu71sRcWuhDNT+zOiaD259V5l
pPziptQfDPstjZxxwmTYZmd5Znm4Y0LhNZBEF1A42tMdVnlmHQw6ZOMwkQJZmt6H
hxC1UAXTZhCLHMyrRc8o6cGlShHEJMlRBFqe8QBABOJaprlIyrJuCas72/4fpXDl
m3l7B9cEY2KuTV/9HENnykalOZ3jyF/j4uP7bX0T1GvcspWbabtEd/vFUyvSMS8k
H614+yveJZbGXVvf6C0T23B2b97skDYEYIOMxvBEhGBt12w4atzX0OvBAwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOcHb5iWVCe9PlC6IqWRa1ZRwPHjMB8GA1UdIwQY
MBaAFPjxniJMc/g8T90ZbQZgius6iBgEMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1QR2VJa3h6LUR4UDNSbHRCbUNLNnpxSUdBUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzcvZjQwNDg2LTJjZDktNDc1Yi1iYmUx
LTE2Y2Q4ZjRmYjRiOS8xLzV3ZHZtSlpVSjcwLVVMb2lwWkZyVmxIQThlTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzcvZjQwNDg2LTJjZDktNDc1Yi1iYmUxLTE2Y2Q4ZjRmYjRi
OS8xLzEtUEdlSWt4ei1EeFAzUmx0Qm1DSzZ6cUlHQVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDlgkw
DQYJKoZIhvcNAQELBQADggEBAIB9MQQZmBkW21QgLnKlkbZxtzEcLVwNArLgj3ab
180AHTPLzfRjuT+iCz8DyhG0eTTAXf+5hU1hk9JXZBg+tptfBHlNX5i5/sgMfDeO
2XMu8vBMG4kwUeUcvd/2nzeqK20jVTF6UB5bNwgghsanW/tZFhrugSNsn/QWrIXn
lvQruwHFUUm1DlLjsn/GjqBg3GdzGS67etvd3X1GfkwJuQ1z0VcdnUSdh1kXIkSV
2nezXeWsO1fM/HWt8G0z4325QCFEs3XuDVpgpWg5A7ZOQgcs9siPY2TJx6gjfzn4
X63qG/tG86IOjpHzjIXuca8BiOZIiYrusMyW4VVcwI+4jrA=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:01:12 2024 by rpki-client on console-fra.rpki-client.org