Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/FcbxTvYJz1PHASgHz9j57Hq4png.roa
File:                     FcbxTvYJz1PHASgHz9j57Hq4png.roa (raw, json)
Hash identifier:          U2zrcjeK4ZWaUDXmXVHol9XyOnqrjTs6u9+bJB4Kmao=
Subject key identifier:   15:C6:F1:4E:F6:09:CF:53:C7:01:28:07:CF:D8:F9:EC:7A:B8:A6:78
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       019194BC207C0DF14AF23837F5ABB2C73A54
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/FcbxTvYJz1PHASgHz9j57Hq4png.roa
Signing time:             Tue 27 Aug 2024 16:47:22 +0000
ROA not before:           Tue 27 Aug 2024 16:47:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        5.255.57.0/24 maxlen: 24
                          5.255.61.0/24 maxlen: 24
                          5.255.62.0/24 maxlen: 24
                          5.255.63.0/24 maxlen: 24
                          23.252.66.0/24 maxlen: 24
                          91.92.112.0/24 maxlen: 24
                          91.92.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:94:bc:20:7c:0d:f1:4a:f2:38:37:f5:ab:b2:c7:3a:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Aug 27 16:47:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15c6f14ef609cf53c7012807cfd8f9ec7ab8a678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:20:54:19:bb:fa:02:fd:ae:4e:47:9d:ac:da:
                    3a:41:7a:94:3f:9b:9e:b8:aa:fe:b3:63:4c:44:72:
                    fc:73:2a:8e:5c:a6:db:c8:35:67:ff:90:b9:fd:0f:
                    e9:87:3e:c3:83:d9:c5:a0:ac:35:d1:35:d6:89:f9:
                    67:ac:46:aa:df:0f:3f:1a:25:b2:4e:5c:fc:44:23:
                    55:6d:00:ea:2a:41:ba:ae:7b:16:9e:bd:41:12:81:
                    65:17:4f:14:96:0e:45:11:cb:e6:5a:cb:a5:eb:0a:
                    65:aa:22:0a:14:11:2f:03:2e:75:2b:32:39:4b:c0:
                    2b:61:4e:43:91:83:84:2b:c9:14:c7:22:4c:82:ba:
                    65:23:9c:e5:fe:3f:ff:01:ef:6a:45:1b:1e:76:e3:
                    21:e3:cb:5b:ef:c7:0d:75:d3:68:8c:28:df:be:dc:
                    e6:22:31:67:80:eb:85:86:51:95:b3:6b:09:3e:48:
                    10:df:43:e5:84:e5:c8:aa:a1:2b:62:ba:7b:79:1d:
                    a8:31:52:9b:f2:0f:dc:74:c1:bd:5a:f3:e4:b5:d1:
                    82:60:5a:f5:a1:58:dd:f4:c0:58:6e:9c:64:1e:ed:
                    6a:be:fb:df:50:13:a5:0c:8c:ac:45:ea:da:42:9f:
                    d5:09:f1:42:8e:ef:32:be:98:de:1f:ca:1e:cb:9a:
                    be:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:C6:F1:4E:F6:09:CF:53:C7:01:28:07:CF:D8:F9:EC:7A:B8:A6:78
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/FcbxTvYJz1PHASgHz9j57Hq4png.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.255.57.0/24
                  5.255.61.0-5.255.63.255
                  23.252.66.0/24
                  91.92.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:e1:82:12:26:f9:a7:27:e8:d8:2b:ba:5a:69:c5:86:c3:47:
         00:54:1e:db:59:7e:3e:0d:13:20:dd:62:20:40:7f:50:fc:a5:
         b3:4d:b5:0a:18:d6:29:2f:b7:34:a8:78:ac:b5:55:bb:31:d1:
         65:0b:4b:90:17:5d:9c:70:4f:ac:60:0b:6b:fd:de:02:32:14:
         44:d7:b8:81:bf:77:29:55:08:a7:8d:9e:e3:11:6e:6e:b2:d4:
         b1:68:24:58:97:3a:81:c7:45:92:6f:7f:92:df:f5:2b:1f:c5:
         d6:91:c3:26:34:1c:80:9c:32:32:f9:2f:e6:d1:30:97:47:49:
         77:99:5f:6f:80:1d:a6:f8:1c:cf:cf:bc:e7:5e:85:3e:15:35:
         41:42:32:a0:bc:4f:8c:10:4a:6a:5a:6f:84:9e:8e:f8:79:da:
         f3:c0:ed:5c:d5:ac:74:c6:76:05:fc:ed:08:98:57:f5:5d:ac:
         d2:b1:6a:8c:24:ae:a2:6f:71:97:6c:89:f4:f6:f0:12:9b:a8:
         64:1c:53:c7:1d:52:e8:c3:2b:ff:6e:f7:ac:fe:1d:39:74:38:
         f2:58:14:1d:0d:14:cd:c6:77:fa:c7:cc:9d:d0:f3:2d:70:1c:
         70:03:de:f9:c4:9b:58:5c:2d:18:82:b5:cc:00:42:37:d8:15:
         8f:7c:f8:b3
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZGUvCB8DfFK8jg39auyxzpUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjQwODI3MTY0NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWM2ZjE0ZWY2MDljZjUzYzcwMTI4MDdjZmQ4ZjllYzdhYjhhNjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SBUGbv6Av2uTkedrNo6QXqUP5ue
uKr+s2NMRHL8cyqOXKbbyDVn/5C5/Q/phz7Dg9nFoKw10TXWiflnrEaq3w8/GiWy
Tlz8RCNVbQDqKkG6rnsWnr1BEoFlF08Ulg5FEcvmWsul6wplqiIKFBEvAy51KzI5
S8ArYU5DkYOEK8kUxyJMgrplI5zl/j//Ae9qRRseduMh48tb78cNddNojCjfvtzm
IjFngOuFhlGVs2sJPkgQ30PlhOXIqqErYrp7eR2oMVKb8g/cdMG9WvPktdGCYFr1
oVjd9MBYbpxkHu1qvvvfUBOlDIysReraQp/VCfFCju8yvpjeH8oey5q+mQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFBXG8U72Cc9TxwEoB8/Y+ex6uKZ4MB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvRmNieFR2WUp6MVBIQVNnSHo5ajU3SHE0cG5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQABf85MAwD
BAAF/z0DBAYF/wADBAAX/EIDBAFbXHAwDQYJKoZIhvcNAQELBQADggEBAKThghIm
+acn6NgrulppxYbDRwBUHttZfj4NEyDdYiBAf1D8pbNNtQoY1ikvtzSoeKy1Vbsx
0WULS5AXXZxwT6xgC2v93gIyFETXuIG/dylVCKeNnuMRbm6y1LFoJFiXOoHHRZJv
f5Lf9SsfxdaRwyY0HICcMjL5L+bRMJdHSXeZX2+AHab4HM/PvOdehT4VNUFCMqC8
T4wQSmpab4Sejvh52vPA7VzVrHTGdgX87QiYV/VdrNKxaowkrqJvcZdsifT28BKb
qGQcU8cdUujDK/9u96z+HTl0OPJYFB0NFM3Gd/rHzJ3Q8y1wHHAD3vnEm1hcLRiC
tcwAQjfYFY98+LM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:37:17 2024 by rpki-client on console-fra.rpki-client.org