Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/3cbb9c-5006-46be-b4c3-ff8f5545eba2/1/pz9l9AAtrG4dZzEHx79kfvYxZ7o.roa
File:                     pz9l9AAtrG4dZzEHx79kfvYxZ7o.roa (raw, json)
Hash identifier:          xF+N40qpwkCtIJp//AEgr81bu0FY5a4kMwVzjbJbjDw=
Subject key identifier:   A7:3F:65:F4:00:2D:AC:6E:1D:67:31:07:C7:BF:64:7E:F6:31:67:BA
Certificate issuer:       /CN=1e01986e6551bb3a015ac64ed6747c234b2a79e0
Certificate serial:       018CC56E62941BF1A626B921366954276B2D
Authority key identifier: 1E:01:98:6E:65:51:BB:3A:01:5A:C6:4E:D6:74:7C:23:4B:2A:79:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HgGYbmVRuzoBWsZO1nR8I0sqeeA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/3cbb9c-5006-46be-b4c3-ff8f5545eba2/1/pz9l9AAtrG4dZzEHx79kfvYxZ7o.roa
Signing time:             Mon 01 Jan 2024 14:29:54 +0000
ROA not before:           Mon 01 Jan 2024 14:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31454
IP address blocks:        194.102.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/3cbb9c-5006-46be-b4c3-ff8f5545eba2/1/HgGYbmVRuzoBWsZO1nR8I0sqeeA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/3cbb9c-5006-46be-b4c3-ff8f5545eba2/1/HgGYbmVRuzoBWsZO1nR8I0sqeeA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HgGYbmVRuzoBWsZO1nR8I0sqeeA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:62:94:1b:f1:a6:26:b9:21:36:69:54:27:6b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e01986e6551bb3a015ac64ed6747c234b2a79e0
        Validity
            Not Before: Jan  1 14:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a73f65f4002dac6e1d673107c7bf647ef63167ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:53:54:fe:b0:0b:19:0b:f2:45:37:5a:f2:3d:
                    f6:15:11:99:3c:a5:0c:0f:aa:02:f8:28:e3:ef:e9:
                    28:b3:ef:31:f0:20:48:bd:b1:d4:a4:86:8c:3d:95:
                    2b:a2:12:99:61:92:48:e1:33:42:33:08:18:b7:80:
                    51:f7:12:29:21:9e:da:e4:da:b2:ca:fb:84:21:55:
                    4b:69:23:7d:01:67:90:01:e4:e1:7e:ee:78:a8:9b:
                    5a:ca:95:53:81:e0:9a:b2:a8:1d:fc:e1:97:21:0b:
                    4c:2a:22:f2:5f:25:39:83:e3:19:52:b2:bc:b0:3a:
                    55:d2:b7:4b:3e:d9:f7:f4:50:b0:a9:92:2d:90:ac:
                    4f:36:25:10:28:6c:8b:dd:82:91:89:6d:3b:cb:bc:
                    8e:13:75:64:11:4d:ad:d2:54:ac:1d:e8:0a:57:ac:
                    cd:d1:5e:47:20:c8:b4:bf:a7:ea:d1:af:b6:01:72:
                    f5:e2:16:3e:6c:8a:81:e7:12:3e:1e:42:f1:c6:1e:
                    2f:ee:53:d5:09:56:71:cf:f8:fe:dc:24:32:f9:21:
                    aa:5a:2e:b1:d9:1c:46:df:06:4e:56:4f:0e:af:8e:
                    11:5a:00:ea:f7:7d:85:b4:46:c7:1c:c2:a8:73:3a:
                    d6:71:5b:20:3a:8b:19:d8:23:a4:63:b9:5f:6d:40:
                    fb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:3F:65:F4:00:2D:AC:6E:1D:67:31:07:C7:BF:64:7E:F6:31:67:BA
            X509v3 Authority Key Identifier:
                keyid:1E:01:98:6E:65:51:BB:3A:01:5A:C6:4E:D6:74:7C:23:4B:2A:79:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HgGYbmVRuzoBWsZO1nR8I0sqeeA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/3cbb9c-5006-46be-b4c3-ff8f5545eba2/1/pz9l9AAtrG4dZzEHx79kfvYxZ7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/3cbb9c-5006-46be-b4c3-ff8f5545eba2/1/HgGYbmVRuzoBWsZO1nR8I0sqeeA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:24:78:75:13:96:95:93:05:04:57:aa:7d:a1:a6:89:c9:25:
         c0:74:c6:f2:db:a6:ae:08:9a:07:05:fd:76:dc:89:5d:68:2a:
         74:a3:c7:9e:42:46:ab:28:f9:56:3f:b2:05:4b:27:20:2f:ac:
         3f:ac:2e:eb:61:24:75:e7:0f:47:84:61:2f:52:be:52:05:65:
         49:a0:82:5a:cb:10:25:08:45:19:3c:17:7a:79:ac:d3:92:f2:
         85:6f:17:32:66:ef:ba:37:b7:27:c4:95:0c:2f:e6:41:c2:23:
         8b:db:e7:c4:9d:53:47:29:06:57:df:5b:ed:b6:eb:fb:cc:9e:
         0d:e4:12:6e:24:52:27:7d:99:04:16:dd:54:1a:08:8d:7c:e0:
         51:83:a8:00:9e:14:00:3c:fb:41:e5:0b:1e:f9:d0:a2:13:41:
         64:ab:c6:10:72:41:a7:8c:c1:92:63:57:0e:fe:f1:7a:3f:61:
         e3:79:6c:80:bb:26:2c:a4:6b:e5:c4:f3:58:32:a7:9c:b5:8b:
         c3:04:06:c8:31:f6:f3:99:67:c3:75:96:d9:19:b5:a1:a9:89:
         d0:9d:82:59:5a:ce:d7:3a:14:35:c7:bb:d1:85:c8:1a:6c:4d:
         d3:ae:eb:76:9a:9a:5b:19:92:c4:fd:a7:95:3e:f0:a8:a5:0a:
         7a:ac:54:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmKUG/GmJrkhNmlUJ2stMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMDE5ODZlNjU1MWJiM2EwMTVhYzY0ZWQ2NzQ3YzIzNGIy
YTc5ZTAwHhcNMjQwMTAxMTQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzNmNjVmNDAwMmRhYzZlMWQ2NzMxMDdjN2JmNjQ3ZWY2MzE2N2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1NU/rALGQvyRTda8j32FRGZPKUM
D6oC+Cjj7+kos+8x8CBIvbHUpIaMPZUrohKZYZJI4TNCMwgYt4BR9xIpIZ7a5Nqy
yvuEIVVLaSN9AWeQAeThfu54qJtaypVTgeCasqgd/OGXIQtMKiLyXyU5g+MZUrK8
sDpV0rdLPtn39FCwqZItkKxPNiUQKGyL3YKRiW07y7yOE3VkEU2t0lSsHegKV6zN
0V5HIMi0v6fq0a+2AXL14hY+bIqB5xI+HkLxxh4v7lPVCVZxz/j+3CQy+SGqWi6x
2RxG3wZOVk8Or44RWgDq932FtEbHHMKoczrWcVsgOosZ2COkY7lfbUD7VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKc/ZfQALaxuHWcxB8e/ZH72MWe6MB8GA1UdIwQY
MBaAFB4BmG5lUbs6AVrGTtZ0fCNLKnngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGdHWWJtVlJ1em9CV3NaTzFuUjhJMHNxZWVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8zY2JiOWMtNTAwNi00NmJlLWI0YzMt
ZmY4ZjU1NDVlYmEyLzEvcHo5bDlBQXRyRzRkWnpFSHg3OWtmdll4WjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8zY2JiOWMtNTAwNi00NmJlLWI0YzMtZmY4ZjU1NDVlYmEy
LzEvSGdHWWJtVlJ1em9CV3NaTzFuUjhJMHNxZWVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmZWMA0G
CSqGSIb3DQEBCwUAA4IBAQCqJHh1E5aVkwUEV6p9oaaJySXAdMby26auCJoHBf12
3IldaCp0o8eeQkarKPlWP7IFSycgL6w/rC7rYSR15w9HhGEvUr5SBWVJoIJayxAl
CEUZPBd6eazTkvKFbxcyZu+6N7cnxJUML+ZBwiOL2+fEnVNHKQZX31vttuv7zJ4N
5BJuJFInfZkEFt1UGgiNfOBRg6gAnhQAPPtB5Qse+dCiE0Fkq8YQckGnjMGSY1cO
/vF6P2HjeWyAuyYspGvlxPNYMqectYvDBAbIMfbzmWfDdZbZGbWhqYnQnYJZWs7X
OhQ1x7vRhcgabE3Trut2mppbGZLE/aeVPvCopQp6rFSU
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:24:50 2024 by rpki-client on console-fra.rpki-client.org