Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/c5V3NTlTDC4h35jA2zQrEH93Tt4.roa
File:                     c5V3NTlTDC4h35jA2zQrEH93Tt4.roa (raw, json)
Hash identifier:          DueOwiqFYf/zRMEUqDukyqoINV1Bb6MMFgijeRdlzlg=
Subject key identifier:   73:95:77:35:39:53:0C:2E:21:DF:98:C0:DB:34:2B:10:7F:77:4E:DE
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018F06BAAF0F70106F1DC0AE92A1A4184BF7
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/c5V3NTlTDC4h35jA2zQrEH93Tt4.roa
Signing time:             Mon 22 Apr 2024 16:54:08 +0000
ROA not before:           Mon 22 Apr 2024 16:54:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12804
IP address blocks:        217.19.0.0/24 maxlen: 24
                          217.19.3.0/24 maxlen: 24
                          217.19.5.0/24 maxlen: 24
                          217.19.8.0/24 maxlen: 24
                          217.19.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:ba:af:0f:70:10:6f:1d:c0:ae:92:a1:a4:18:4b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Apr 22 16:54:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7395773539530c2e21df98c0db342b107f774ede
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:33:ad:79:e4:36:2b:3c:1f:9a:b0:64:56:90:
                    75:af:d8:4d:3b:01:8c:52:6c:bb:13:d1:d0:42:b0:
                    dd:1a:a0:69:87:b1:3c:a2:b1:4d:c1:7b:b8:eb:e4:
                    e3:4b:47:92:68:f6:20:05:46:bf:29:a0:ab:27:02:
                    3e:b5:e2:23:82:71:a1:47:c4:65:4c:df:51:37:22:
                    a2:0e:50:9e:4e:93:15:ba:7e:ff:51:c4:93:71:21:
                    fc:c1:dd:38:7b:d2:a2:3a:8f:ee:ed:30:2b:12:fe:
                    2f:e9:38:9f:af:e8:07:33:17:93:d1:e6:dd:9c:8d:
                    67:be:28:69:e6:65:d7:6b:81:fa:45:f7:85:ea:12:
                    a5:fe:ce:5e:ca:23:70:8b:38:fe:63:c3:74:fb:ff:
                    65:ff:a3:97:fe:3f:b9:0f:55:a2:ed:c5:77:8a:29:
                    65:c7:69:c4:8a:9b:b5:08:e3:52:17:21:12:f7:bb:
                    6b:7e:ca:be:02:d9:ef:0f:19:b2:d6:e5:f2:e6:cd:
                    86:c4:c8:06:93:25:f8:53:1c:d8:52:d6:7e:40:e5:
                    18:ea:2e:8e:c6:3f:e4:b5:1a:9b:8e:b0:68:a7:5b:
                    7c:b7:1e:fa:19:47:1a:34:59:14:98:4b:41:cc:06:
                    c1:0f:05:e4:f2:29:bb:28:37:63:11:a9:3c:c2:11:
                    07:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:95:77:35:39:53:0C:2E:21:DF:98:C0:DB:34:2B:10:7F:77:4E:DE
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/c5V3NTlTDC4h35jA2zQrEH93Tt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.19.0.0/24
                  217.19.3.0/24
                  217.19.5.0/24
                  217.19.8.0/24
                  217.19.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:06:dd:42:74:f9:a9:ed:22:15:f8:9e:27:cc:5f:74:11:99:
         80:5a:80:54:9b:f3:8e:67:04:37:b0:90:25:8f:82:e4:e8:09:
         80:6a:7c:98:a4:e5:3e:55:ef:e2:a0:be:d0:43:7a:2b:b8:8d:
         e3:32:09:0d:63:58:0b:22:bd:90:ac:b2:33:ac:78:7b:7e:95:
         dd:61:42:93:a8:05:28:5f:f2:d6:79:a5:81:44:12:38:b1:17:
         8d:24:33:f1:ea:80:07:de:b4:c5:50:42:4d:46:9e:3b:b2:e5:
         bd:fa:e0:79:74:ff:d3:cf:23:1f:6a:df:db:d9:bd:2e:e2:21:
         d1:f5:71:2a:18:14:1d:9e:99:c1:64:9d:89:76:0a:48:01:3d:
         e0:8f:b5:a7:fc:45:2a:77:14:fc:5a:f1:28:5b:e5:15:09:e9:
         7e:cd:61:a0:d9:1d:ef:92:ec:d2:d8:c1:d8:5c:f8:17:1a:04:
         7e:24:f8:df:fc:b0:c7:65:89:01:97:39:ee:a9:6f:a7:5d:f0:
         d0:24:db:8f:83:1d:ca:c7:89:b5:05:16:0e:83:1e:4e:a5:52:
         b2:d2:f4:0d:38:a0:ef:fb:a5:2f:3e:ef:e0:42:b3:4a:de:c0:
         bc:3a:93:e0:92:b7:ec:ce:04:79:84:bb:c3:3d:b9:57:b2:c4:
         da:0a:14:ea
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY8Guq8PcBBvHcCukqGkGEv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwNDIyMTY1NDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzk1NzczNTM5NTMwYzJlMjFkZjk4YzBkYjM0MmIxMDdmNzc0ZWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTOteeQ2KzwfmrBkVpB1r9hNOwGM
Umy7E9HQQrDdGqBph7E8orFNwXu46+TjS0eSaPYgBUa/KaCrJwI+teIjgnGhR8Rl
TN9RNyKiDlCeTpMVun7/UcSTcSH8wd04e9KiOo/u7TArEv4v6Tifr+gHMxeT0ebd
nI1nvihp5mXXa4H6RfeF6hKl/s5eyiNwizj+Y8N0+/9l/6OX/j+5D1Wi7cV3iill
x2nEipu1CONSFyES97trfsq+AtnvDxmy1uXy5s2GxMgGkyX4UxzYUtZ+QOUY6i6O
xj/ktRqbjrBop1t8tx76GUcaNFkUmEtBzAbBDwXk8im7KDdjEak8whEHWQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFHOVdzU5UwwuId+YwNs0KxB/d07eMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2M1VjNOVGxUREM0aDM1akEyelFyRUg5M1R0NC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNwYIKwYBBQUHAQcBAf8EKDAmMCQEAgABMB4DBADZEwAD
BADZEwMDBADZEwUDBADZEwgDBADZEwswDQYJKoZIhvcNAQELBQADggEBAEsG3UJ0
+antIhX4nifMX3QRmYBagFSb845nBDewkCWPguToCYBqfJik5T5V7+KgvtBDeiu4
jeMyCQ1jWAsivZCssjOseHt+ld1hQpOoBShf8tZ5pYFEEjixF40kM/HqgAfetMVQ
Qk1Gnjuy5b364Hl0/9PPIx9q39vZvS7iIdH1cSoYFB2emcFknYl2CkgBPeCPtaf8
RSp3FPxa8Shb5RUJ6X7NYaDZHe+S7NLYwdhc+BcaBH4k+N/8sMdliQGXOe6pb6dd
8NAk24+DHcrHibUFFg6DHk6lUrLS9A04oO/7pS8+7+BCs0rewLw6k+CSt+zOBHmE
u8M9uVeyxNoKFOo=
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:40:06 2024 by rpki-client on console-ams.rpki-client.org