Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/YR1rlaOGWDU5y4WGFPpR4EzCOIQ.roa
File:                     YR1rlaOGWDU5y4WGFPpR4EzCOIQ.roa (raw, json)
Hash identifier:          e0LaJgV7jYGrIQgLIeM5GlVupddZM496XaA4BoUZt3E=
Subject key identifier:   61:1D:6B:95:A3:86:58:35:39:CB:85:86:14:FA:51:E0:4C:C2:38:84
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79562095B8F60BAADA26FD00719132A
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/YR1rlaOGWDU5y4WGFPpR4EzCOIQ.roa
Signing time:             Tue 02 Jan 2024 00:31:45 +0000
ROA not before:           Tue 02 Jan 2024 00:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61278
IP address blocks:        93.115.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:62:09:5b:8f:60:ba:ad:a2:6f:d0:07:19:13:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=611d6b95a386583539cb858614fa51e04cc23884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5a:e2:cb:8a:fa:ee:16:19:a8:fc:91:f9:cb:
                    58:7e:70:4d:4a:3a:bb:d6:3e:ee:68:c2:7f:b8:55:
                    f4:dc:80:4d:d6:dd:1e:8f:c7:aa:5d:69:6f:0a:c3:
                    9c:43:20:0d:8a:14:b8:9d:8a:24:d1:5f:a5:f5:5d:
                    44:da:38:c4:b2:b8:a5:71:65:bc:9f:4c:7a:2b:09:
                    8c:19:c6:27:67:da:ab:7b:83:a7:cd:59:5f:83:98:
                    06:b8:23:f0:e6:f7:d9:db:15:72:03:2a:2e:f5:31:
                    81:f7:83:94:8c:cf:8f:af:c4:d6:4a:9f:52:1b:9b:
                    ec:31:19:86:04:be:aa:f1:f8:4e:71:e1:fe:ae:04:
                    bf:b4:3e:a6:a6:03:d3:4b:3e:b8:85:1c:ae:d3:89:
                    69:78:fe:b1:a8:90:3c:6e:38:d8:27:08:3c:2f:75:
                    94:b5:d6:0a:09:af:7c:c9:2f:4a:c5:83:50:86:37:
                    c3:c3:ee:b0:2e:aa:fc:1c:2d:67:29:87:ef:1d:9d:
                    4a:cc:08:72:b0:a8:51:cd:d4:46:ea:15:63:d1:01:
                    ac:e6:7d:a7:22:f8:a4:6b:88:56:8c:6d:0b:0c:8b:
                    0f:ac:48:b7:00:6d:5d:fe:d4:df:cf:3e:cd:38:01:
                    58:06:98:db:7c:6f:4f:06:a6:ad:c3:7d:7b:71:95:
                    83:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:1D:6B:95:A3:86:58:35:39:CB:85:86:14:FA:51:E0:4C:C2:38:84
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/YR1rlaOGWDU5y4WGFPpR4EzCOIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:9d:52:a4:6f:a6:a7:43:cf:e5:5c:55:56:84:03:9a:bb:dd:
         bf:20:db:ef:f5:a0:63:db:4a:55:06:23:29:44:aa:9d:8c:4f:
         65:84:fc:77:1e:31:05:78:78:f0:21:78:4e:4f:61:69:09:cb:
         51:3b:98:51:c1:85:c6:78:9f:16:76:77:e4:6d:08:d2:3c:70:
         ef:6a:3c:fc:21:7e:e3:11:d8:73:48:8d:bc:7b:c5:8c:4a:08:
         b7:69:d0:2f:94:fb:00:a7:6c:aa:8a:ed:28:38:66:14:25:0b:
         3a:d3:ad:c4:39:9d:d4:13:ab:0c:cc:76:6a:77:e7:08:d7:e1:
         0b:c8:89:95:36:56:3e:0f:d9:cd:e8:10:82:4a:b7:53:e0:2c:
         fe:76:01:b0:1a:67:8e:63:41:bc:dc:91:1e:2b:d8:86:21:c8:
         55:c9:75:04:c5:d1:dc:91:f8:f3:ad:54:7c:de:b6:d6:50:89:
         91:7a:de:b2:2c:dc:37:3b:d6:7d:0a:27:5a:d7:2d:ac:d8:13:
         d3:88:16:6f:44:c9:14:95:1d:81:2c:5e:6c:cd:f5:b5:37:f2:
         d5:4d:08:f3:18:97:e3:3e:61:3f:ea:6a:a3:52:4e:a5:58:05:
         36:15:be:c0:e2:c5:22:f9:49:34:62:01:56:e2:0c:b9:a8:11:
         ce:a3:3d:9c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlWIJW49guq2ib9AHGRMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTFkNmI5NWEzODY1ODM1MzljYjg1ODYxNGZhNTFlMDRjYzIzODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1riy4r67hYZqPyR+ctYfnBNSjq7
1j7uaMJ/uFX03IBN1t0ej8eqXWlvCsOcQyANihS4nYok0V+l9V1E2jjEsrilcWW8
n0x6KwmMGcYnZ9qre4OnzVlfg5gGuCPw5vfZ2xVyAyou9TGB94OUjM+Pr8TWSp9S
G5vsMRmGBL6q8fhOceH+rgS/tD6mpgPTSz64hRyu04lpeP6xqJA8bjjYJwg8L3WU
tdYKCa98yS9KxYNQhjfDw+6wLqr8HC1nKYfvHZ1KzAhysKhRzdRG6hVj0QGs5n2n
Ivika4hWjG0LDIsPrEi3AG1d/tTfzz7NOAFYBpjbfG9PBqatw317cZWDPwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGEda5Wjhlg1OcuFhhT6UeBMwjiEMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1lSMXJsYU9HV0RVNXk0V0dGUHBSNEV6Q09JUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABdczQw
DQYJKoZIhvcNAQELBQADggEBALqdUqRvpqdDz+VcVVaEA5q73b8g2+/1oGPbSlUG
IylEqp2MT2WE/HceMQV4ePAheE5PYWkJy1E7mFHBhcZ4nxZ2d+RtCNI8cO9qPPwh
fuMR2HNIjbx7xYxKCLdp0C+U+wCnbKqK7Sg4ZhQlCzrTrcQ5ndQTqwzMdmp35wjX
4QvIiZU2Vj4P2c3oEIJKt1PgLP52AbAaZ45jQbzckR4r2IYhyFXJdQTF0dyR+POt
VHzettZQiZF63rIs3Dc71n0KJ1rXLazYE9OIFm9EyRSVHYEsXmzN9bU38tVNCPMY
l+M+YT/qaqNSTqVYBTYVvsDixSL5STRiAVbiDLmoEc6jPZw=
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:43:46 2024 by rpki-client on console-ams.rpki-client.org