Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/PfNtGBYMWktms-iewPo-B2YDCek.roa
File:                     PfNtGBYMWktms-iewPo-B2YDCek.roa (raw, json)
Hash identifier:          kM0buE1RpMaoMtH40JhVg2d0QOttaLXsigXDQ708YE8=
Subject key identifier:   3D:F3:6D:18:16:0C:5A:4B:66:B3:E8:9E:C0:FA:3E:07:66:03:09:E9
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801DFDFB596163D38463E627FD07ACD
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/PfNtGBYMWktms-iewPo-B2YDCek.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208328
IP address blocks:        194.36.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:df:df:b5:96:16:3d:38:46:3e:62:7f:d0:7a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3df36d18160c5a4b66b3e89ec0fa3e07660309e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:a4:9f:58:5a:f3:61:91:f1:bf:5c:e4:f5:54:
                    9f:2e:3f:e0:b2:84:20:39:29:13:5c:be:2e:e4:23:
                    54:1a:c1:83:51:dd:20:0b:53:8d:56:08:22:84:99:
                    7b:20:15:0f:cc:ad:41:4d:63:6a:84:72:1c:7e:92:
                    7d:33:2f:77:40:57:d2:8a:8f:9b:b3:2d:9d:db:04:
                    15:f1:5c:c0:5a:b5:d6:4e:29:19:ff:4d:5a:d6:f5:
                    69:9e:a7:04:59:6a:9d:da:00:27:d4:7a:ba:85:d2:
                    d3:65:e6:8d:c0:66:25:49:02:62:ae:7b:fa:7e:26:
                    aa:dd:88:e2:0d:aa:9f:4a:54:ea:3b:e1:57:7c:94:
                    57:d9:27:4d:b9:40:ed:b2:eb:78:62:b7:07:a8:1e:
                    ae:44:dd:15:ee:9c:b0:a5:02:ba:a8:a7:52:b4:25:
                    cb:dd:68:a7:eb:97:4f:9c:9c:7f:fb:01:a8:19:81:
                    d4:4c:55:1a:4a:08:4a:3c:dc:97:eb:71:73:9d:0c:
                    69:91:7d:ea:4f:15:95:56:d8:a6:de:ab:7b:ce:ef:
                    f7:1d:4c:39:cf:8d:b9:cb:97:e4:28:d3:5d:99:49:
                    79:7b:b3:04:fa:d1:70:04:d2:6f:28:5f:cf:62:c2:
                    c5:de:c6:2f:22:44:22:74:16:51:56:a8:00:ba:fd:
                    74:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F3:6D:18:16:0C:5A:4B:66:B3:E8:9E:C0:FA:3E:07:66:03:09:E9
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/PfNtGBYMWktms-iewPo-B2YDCek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:ea:08:42:c4:3e:94:cf:ac:44:60:2e:ce:6c:af:8f:55:c9:
         d4:84:f6:39:f9:f0:fc:18:18:f4:3b:cb:c3:eb:5c:0b:ff:2b:
         85:b6:7f:6b:c2:c7:6e:2d:22:d4:ad:ad:73:0b:6d:b5:07:94:
         d4:d8:91:61:93:ba:22:a7:6a:67:4e:99:df:14:45:bb:ee:1a:
         f0:cb:5a:07:e3:c1:8b:0b:4f:97:b8:f9:29:54:7c:05:a8:9d:
         53:6a:92:7d:5b:81:96:44:83:e0:25:7f:8f:fb:1a:07:75:55:
         79:ba:19:16:0e:0c:a1:b9:6f:10:7c:9f:3a:1d:97:a1:5f:a2:
         3a:58:ea:29:71:a4:c1:ba:1e:36:30:e2:3f:48:16:46:f0:b4:
         2b:d2:30:4f:94:78:9c:3c:e9:38:da:c2:d7:32:03:bb:13:6a:
         8c:d9:db:b2:f2:4b:d1:ea:37:e8:71:26:5d:a4:b1:50:99:7a:
         ea:a1:6c:48:84:a4:ae:39:d4:3c:2a:83:43:48:bb:5b:76:d5:
         8a:4c:96:23:4b:a3:62:4d:65:0c:23:c1:da:63:b2:fb:9c:de:
         2d:1e:48:a4:2d:98:36:ff:1a:41:bf:e4:b9:be:7b:ae:a0:5d:
         5e:68:6f:03:03:b6:49:c3:0d:04:8c:50:de:e0:79:96:63:c0:
         2d:79:0d:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAd/ftZYWPThGPmJ/0HrNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGYzNmQxODE2MGM1YTRiNjZiM2U4OWVjMGZhM2UwNzY2MDMwOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKSfWFrzYZHxv1zk9VSfLj/gsoQg
OSkTXL4u5CNUGsGDUd0gC1ONVggihJl7IBUPzK1BTWNqhHIcfpJ9My93QFfSio+b
sy2d2wQV8VzAWrXWTikZ/01a1vVpnqcEWWqd2gAn1Hq6hdLTZeaNwGYlSQJirnv6
fiaq3YjiDaqfSlTqO+FXfJRX2SdNuUDtsut4YrcHqB6uRN0V7pywpQK6qKdStCXL
3Win65dPnJx/+wGoGYHUTFUaSghKPNyX63FznQxpkX3qTxWVVtim3qt7zu/3HUw5
z425y5fkKNNdmUl5e7ME+tFwBNJvKF/PYsLF3sYvIkQidBZRVqgAuv10NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3zbRgWDFpLZrPonsD6PgdmAwnpMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvUGZOdEdCWU1Xa3Rtcy1pZXdQby1CMllEQ2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiQaMA0G
CSqGSIb3DQEBCwUAA4IBAQCM6ghCxD6Uz6xEYC7ObK+PVcnUhPY5+fD8GBj0O8vD
61wL/yuFtn9rwsduLSLUra1zC221B5TU2JFhk7oip2pnTpnfFEW77hrwy1oH48GL
C0+XuPkpVHwFqJ1TapJ9W4GWRIPgJX+P+xoHdVV5uhkWDgyhuW8QfJ86HZehX6I6
WOopcaTBuh42MOI/SBZG8LQr0jBPlHicPOk42sLXMgO7E2qM2duy8kvR6jfocSZd
pLFQmXrqoWxIhKSuOdQ8KoNDSLtbdtWKTJYjS6NiTWUMI8HaY7L7nN4tHkikLZg2
/xpBv+S5vnuuoF1eaG8DA7ZJww0EjFDe4HmWY8AteQ0V
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:29:03 2024 by rpki-client on console-fra.rpki-client.org