Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/IKaxuRclFTsd2cEXKPx6D64GkYE.roa
File:                     IKaxuRclFTsd2cEXKPx6D64GkYE.roa (raw, json)
Hash identifier:          gnMbomTkP8Ukl5LV9LyfOrBrc1Xr7EMlFnold8GNdf8=
Subject key identifier:   20:A6:B1:B9:17:25:15:3B:1D:D9:C1:17:28:FC:7A:0F:AE:06:91:81
Certificate issuer:       /CN=7a550c8065bf6033fcc6a3b03813ef9271924196
Certificate serial:       018CC56EF0EE000CC99B9147CBD2398303FD
Authority key identifier: 7A:55:0C:80:65:BF:60:33:FC:C6:A3:B0:38:13:EF:92:71:92:41:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/IKaxuRclFTsd2cEXKPx6D64GkYE.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        146.19.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f0:ee:00:0c:c9:9b:91:47:cb:d2:39:83:03:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a550c8065bf6033fcc6a3b03813ef9271924196
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20a6b1b91725153b1dd9c11728fc7a0fae069181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1a:86:d5:b1:41:23:31:bb:da:de:ce:2d:27:
                    bd:8a:4f:19:71:22:2d:13:18:59:c6:41:b3:71:11:
                    e0:5e:76:69:ee:ef:63:27:10:41:b5:1b:6c:55:d6:
                    93:f0:e5:b7:01:3a:05:92:f9:5a:20:63:e2:6d:be:
                    44:8a:ff:b6:b1:c6:be:83:a1:f3:af:a0:dc:dc:d7:
                    74:2a:18:da:13:10:92:8d:d8:58:1b:93:7d:0b:f1:
                    b1:e2:92:38:f6:6f:af:5a:72:f9:6b:05:b7:cb:66:
                    9e:55:77:63:3a:47:21:ec:51:40:f8:55:e9:8e:f3:
                    81:3b:a8:a4:fb:0c:01:d0:58:27:f8:05:11:00:9b:
                    93:42:e8:03:01:a3:34:3a:7f:37:77:af:c7:0a:f1:
                    49:a7:d9:17:78:ad:75:18:60:78:dc:47:85:d8:40:
                    b1:a2:43:4b:4f:54:b8:7f:62:d7:2c:36:85:2f:1d:
                    49:03:c8:71:05:f7:63:f8:55:bb:a4:6c:06:10:3a:
                    fd:d9:24:e0:fb:18:02:95:2f:d8:77:4e:82:23:29:
                    f1:ee:7c:32:0b:d6:56:8b:30:6a:af:63:86:c5:f5:
                    c7:30:73:15:f8:64:a8:17:f1:a6:5b:7c:6a:23:64:
                    bb:9e:e1:43:dc:b6:85:d5:e0:fe:b6:e5:82:9b:66:
                    60:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A6:B1:B9:17:25:15:3B:1D:D9:C1:17:28:FC:7A:0F:AE:06:91:81
            X509v3 Authority Key Identifier:
                keyid:7A:55:0C:80:65:BF:60:33:FC:C6:A3:B0:38:13:EF:92:71:92:41:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/IKaxuRclFTsd2cEXKPx6D64GkYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:2e:3c:2d:d8:66:30:f9:d9:93:d1:c6:da:cb:a0:99:0d:a3:
         2a:70:9f:c5:79:91:2c:2a:2e:4d:65:13:38:65:e2:6a:24:71:
         0d:e9:58:aa:14:fe:c0:41:8f:a5:f7:ad:a2:62:7e:e6:05:57:
         3b:b7:48:07:08:fc:ad:dd:99:6b:36:e5:35:05:fa:d2:6d:45:
         57:82:f7:66:75:22:02:0c:e8:0d:81:7a:08:a5:8e:77:23:34:
         83:40:ec:2d:f2:2a:42:9a:6f:26:d0:f6:11:f0:df:7e:c9:57:
         c6:81:7e:ce:d3:4f:01:6d:14:c0:5c:3a:38:74:16:41:d6:c0:
         0e:bf:ab:bb:92:63:ca:d3:ba:39:41:bd:a9:33:99:db:d7:1a:
         54:f7:47:e2:60:28:fd:17:e0:b6:d2:52:04:ef:39:27:1d:de:
         38:dc:17:1e:da:2e:92:e8:fa:04:98:dc:87:e3:e3:38:f3:83:
         34:3e:5e:e7:13:9c:71:4a:12:9b:35:2a:ff:9a:dc:84:fb:c4:
         5c:fd:23:e0:1e:b3:6b:b5:e0:c8:11:36:a2:4e:1d:19:1c:d8:
         c4:a1:4b:16:a2:64:0f:63:01:18:26:49:b9:20:9a:69:62:19:
         2e:12:a4:2a:a9:09:ad:29:98:d0:1b:7b:0c:07:3b:47:68:02:
         d8:72:b2:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvDuAAzJm5FHy9I5gwP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNTUwYzgwNjViZjYwMzNmY2M2YTNiMDM4MTNlZjkyNzE5
MjQxOTYwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGE2YjFiOTE3MjUxNTNiMWRkOWMxMTcyOGZjN2EwZmFlMDY5MTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRqG1bFBIzG72t7OLSe9ik8ZcSIt
ExhZxkGzcRHgXnZp7u9jJxBBtRtsVdaT8OW3AToFkvlaIGPibb5Eiv+2sca+g6Hz
r6Dc3Nd0KhjaExCSjdhYG5N9C/Gx4pI49m+vWnL5awW3y2aeVXdjOkch7FFA+FXp
jvOBO6ik+wwB0Fgn+AURAJuTQugDAaM0On83d6/HCvFJp9kXeK11GGB43EeF2ECx
okNLT1S4f2LXLDaFLx1JA8hxBfdj+FW7pGwGEDr92STg+xgClS/Yd06CIynx7nwy
C9ZWizBqr2OGxfXHMHMV+GSoF/GmW3xqI2S7nuFD3LaF1eD+tuWCm2Zg3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCmsbkXJRU7HdnBFyj8eg+uBpGBMB8GA1UdIwQY
MBaAFHpVDIBlv2Az/MajsDgT75JxkkGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWxVTWdHV19ZRFA4eHFPd09CUHZrbkdTUVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS81MmZiMDktNmEyNy00MzY5LWJiZGIt
ODdiZmMzN2YwZWMyLzEvSUtheHVSY2xGVHNkMmNFWEtQeDZENjRHa1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS81MmZiMDktNmEyNy00MzY5LWJiZGItODdiZmMzN2YwZWMy
LzEvZWxVTWdHV19ZRFA4eHFPd09CUHZrbkdTUVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPpMA0G
CSqGSIb3DQEBCwUAA4IBAQAnLjwt2GYw+dmT0cbay6CZDaMqcJ/FeZEsKi5NZRM4
ZeJqJHEN6ViqFP7AQY+l962iYn7mBVc7t0gHCPyt3ZlrNuU1BfrSbUVXgvdmdSIC
DOgNgXoIpY53IzSDQOwt8ipCmm8m0PYR8N9+yVfGgX7O008BbRTAXDo4dBZB1sAO
v6u7kmPK07o5Qb2pM5nb1xpU90fiYCj9F+C20lIE7zknHd443Bce2i6S6PoEmNyH
4+M484M0Pl7nE5xxShKbNSr/mtyE+8Rc/SPgHrNrteDIETaiTh0ZHNjEoUsWomQP
YwEYJkm5IJppYhkuEqQqqQmtKZjQG3sMBztHaALYcrJW
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:51:00 2024 by rpki-client on console-fra.rpki-client.org