Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/xeQr3bO04zX9AYVQDOjyoZYZ_8E.roa
File:                     xeQr3bO04zX9AYVQDOjyoZYZ_8E.roa (raw, json)
Hash identifier:          nkYwdzzKsL/3jEDFZaz7Ig+Hwwx+i9W9EjvRBy13Yr8=
Subject key identifier:   C5:E4:2B:DD:B3:B4:E3:35:FD:01:85:50:0C:E8:F2:A1:96:19:FF:C1
Certificate issuer:       /CN=d9f200e2d38683a7cb1ce5cabbee34c068834a0b
Certificate serial:       018CC86F2A30FB234807BDB82722F51E80ED
Authority key identifier: D9:F2:00:E2:D3:86:83:A7:CB:1C:E5:CA:BB:EE:34:C0:68:83:4A:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/xeQr3bO04zX9AYVQDOjyoZYZ_8E.roa
Signing time:             Tue 02 Jan 2024 04:29:37 +0000
ROA not before:           Tue 02 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.134.240.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2a:30:fb:23:48:07:bd:b8:27:22:f5:1e:80:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9f200e2d38683a7cb1ce5cabbee34c068834a0b
        Validity
            Not Before: Jan  2 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5e42bddb3b4e335fd0185500ce8f2a19619ffc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a0:da:8f:5c:ba:5e:d1:44:00:a4:a8:46:04:
                    37:30:88:4f:5b:0a:1e:8d:ba:8b:32:1b:d1:cf:1d:
                    81:8e:d8:19:78:34:22:3d:0b:01:7f:f9:f1:a7:4f:
                    e1:86:f1:a2:54:98:b2:f3:33:2c:aa:3a:f8:37:3c:
                    c0:fc:1b:59:48:4a:9d:c1:ed:ef:7f:c2:d0:63:4b:
                    6c:8e:fb:a7:3f:c2:e8:6b:67:76:3e:41:f0:e2:f7:
                    04:f9:58:dd:f6:12:45:de:1b:a7:0c:13:6b:92:87:
                    28:ea:fe:71:3e:b4:4b:27:26:5a:51:d6:6d:04:fa:
                    da:1c:27:1f:de:7a:31:d6:2c:c9:f8:ef:15:a8:2a:
                    67:03:7b:ce:20:cb:ce:eb:db:4f:10:01:57:3f:b4:
                    23:74:d5:53:c0:e6:98:58:66:a5:b0:4d:d3:a7:01:
                    26:a5:38:9e:5e:70:26:d1:55:3f:bd:60:f1:28:7a:
                    5f:39:34:8a:12:7b:7d:1c:6d:73:9b:61:d2:e8:e9:
                    f8:2b:3b:69:00:6a:2a:88:82:77:62:20:c1:90:41:
                    5c:39:83:89:dd:aa:c8:cc:78:e6:a6:e9:a7:6b:c8:
                    35:f0:9a:4c:ab:19:3b:7c:1f:95:e2:09:08:67:cc:
                    4b:07:6a:ed:34:1e:ad:bf:d6:16:b0:6e:99:bd:74:
                    fb:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E4:2B:DD:B3:B4:E3:35:FD:01:85:50:0C:E8:F2:A1:96:19:FF:C1
            X509v3 Authority Key Identifier:
                keyid:D9:F2:00:E2:D3:86:83:A7:CB:1C:E5:CA:BB:EE:34:C0:68:83:4A:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/xeQr3bO04zX9AYVQDOjyoZYZ_8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1d:bd:c8:5b:89:16:6f:0e:6c:8c:af:06:85:aa:b6:f0:56:36:
         c0:78:3c:bd:6c:51:6c:66:a5:ce:43:92:b3:e7:ee:95:06:75:
         8b:9f:76:0b:36:6a:25:16:b5:3b:9b:af:71:ba:40:fc:16:2d:
         9b:d2:d7:f7:1a:b0:0c:50:00:8e:e2:e0:89:67:f7:9d:a6:79:
         80:ed:e9:30:96:81:df:76:f2:1c:46:8c:f3:89:0f:92:00:f7:
         b2:e6:92:6b:bb:da:88:d9:01:66:9e:1a:3e:84:00:a8:f1:ef:
         b6:1f:5e:85:92:dd:6f:17:84:c1:30:1d:15:37:61:c3:42:bd:
         1c:3f:a9:82:a6:a3:d4:a7:1f:65:b7:6f:91:ec:a0:de:94:22:
         8a:fe:e4:38:8a:f9:d4:03:ce:2e:b7:18:08:9f:3b:f1:73:14:
         0d:42:2a:62:e1:34:0c:fe:e8:5f:fb:fc:40:9c:84:b0:02:55:
         37:c5:ec:1f:85:d5:3f:a6:51:f2:78:ae:f9:24:8e:78:aa:6a:
         a5:b4:f5:ed:36:ec:b7:be:da:8a:06:e3:a7:c9:3f:ab:64:3b:
         58:02:47:6e:9b:ef:46:fc:3f:d5:54:75:51:5d:75:58:9a:17:
         c4:d5:5b:c1:e6:69:2d:0c:9e:b1:31:12:0f:c0:f8:bf:53:ac:
         2e:48:b1:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyow+yNIB724JyL1HoDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZjIwMGUyZDM4NjgzYTdjYjFjZTVjYWJiZWUzNGMwNjg4
MzRhMGIwHhcNMjQwMTAyMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWU0MmJkZGIzYjRlMzM1ZmQwMTg1NTAwY2U4ZjJhMTk2MTlmZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKDaj1y6XtFEAKSoRgQ3MIhPWwoe
jbqLMhvRzx2BjtgZeDQiPQsBf/nxp0/hhvGiVJiy8zMsqjr4NzzA/BtZSEqdwe3v
f8LQY0tsjvunP8Loa2d2PkHw4vcE+Vjd9hJF3hunDBNrkoco6v5xPrRLJyZaUdZt
BPraHCcf3nox1izJ+O8VqCpnA3vOIMvO69tPEAFXP7QjdNVTwOaYWGalsE3TpwEm
pTieXnAm0VU/vWDxKHpfOTSKEnt9HG1zm2HS6On4KztpAGoqiIJ3YiDBkEFcOYOJ
3arIzHjmpumna8g18JpMqxk7fB+V4gkIZ8xLB2rtNB6tv9YWsG6ZvXT7wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXkK92ztOM1/QGFUAzo8qGWGf/BMB8GA1UdIwQY
MBaAFNnyAOLThoOnyxzlyrvuNMBog0oLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZJQTR0T0dnNmZMSE9YS3UtNDB3R2lEU2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMDdiOTgtYzIyMi00ODM1LTgzODEt
MDljOGZlNzI0Y2Q3LzEveGVRcjNiTzA0elg5QVlWUURPanlvWllaXzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMDdiOTgtYzIyMi00ODM1LTgzODEtMDljOGZlNzI0Y2Q3
LzEvMmZJQTR0T0dnNmZMSE9YS3UtNDB3R2lEU2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwYbwMA0G
CSqGSIb3DQEBCwUAA4IBAQAdvchbiRZvDmyMrwaFqrbwVjbAeDy9bFFsZqXOQ5Kz
5+6VBnWLn3YLNmolFrU7m69xukD8Fi2b0tf3GrAMUACO4uCJZ/edpnmA7ekwloHf
dvIcRozziQ+SAPey5pJru9qI2QFmnho+hACo8e+2H16Fkt1vF4TBMB0VN2HDQr0c
P6mCpqPUpx9lt2+R7KDelCKK/uQ4ivnUA84utxgInzvxcxQNQipi4TQM/uhf+/xA
nISwAlU3xewfhdU/plHyeK75JI54qmqltPXtNuy3vtqKBuOnyT+rZDtYAkdum+9G
/D/VVHVRXXVYmhfE1VvB5mktDJ6xMRIPwPi/U6wuSLGU
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:36:44 2024 by rpki-client on console-fra.rpki-client.org