Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/230ac7-ec0c-44de-85a8-b2b7962c2d81/1/cFjXXVCdAT3uP0esUxBPEEs4ZJA.roa
File:                     cFjXXVCdAT3uP0esUxBPEEs4ZJA.roa (raw, json)
Hash identifier:          BzUhhPNkSF+Xs9s2bbNUvXD6SNif74sUN1zjbcL/oWU=
Subject key identifier:   70:58:D7:5D:50:9D:01:3D:EE:3F:47:AC:53:10:4F:10:4B:38:64:90
Certificate issuer:       /CN=2f78e0066bb27c5f52e7025d61190daa90b97348
Certificate serial:       018E76A84D17D971B2A1F4053C02FD988F04
Authority key identifier: 2F:78:E0:06:6B:B2:7C:5F:52:E7:02:5D:61:19:0D:AA:90:B9:73:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L3jgBmuyfF9S5wJdYRkNqpC5c0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/230ac7-ec0c-44de-85a8-b2b7962c2d81/1/cFjXXVCdAT3uP0esUxBPEEs4ZJA.roa
Signing time:             Mon 25 Mar 2024 17:28:44 +0000
ROA not before:           Mon 25 Mar 2024 17:28:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15083
IP address blocks:        93.95.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/230ac7-ec0c-44de-85a8-b2b7962c2d81/1/L3jgBmuyfF9S5wJdYRkNqpC5c0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/230ac7-ec0c-44de-85a8-b2b7962c2d81/1/L3jgBmuyfF9S5wJdYRkNqpC5c0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L3jgBmuyfF9S5wJdYRkNqpC5c0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:a8:4d:17:d9:71:b2:a1:f4:05:3c:02:fd:98:8f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f78e0066bb27c5f52e7025d61190daa90b97348
        Validity
            Not Before: Mar 25 17:28:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7058d75d509d013dee3f47ac53104f104b386490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c9:5a:67:dc:5d:6d:48:f2:b9:ae:e3:1f:ed:
                    0b:52:24:b1:5e:f0:fa:1b:a8:33:0c:82:2c:fe:7c:
                    40:a6:e6:01:b1:0a:de:08:87:8b:9b:b9:03:25:5f:
                    22:32:63:89:c4:fe:7a:ed:a8:ff:f8:2e:ec:3b:c8:
                    87:3f:44:68:3a:95:88:0b:73:bc:ae:f4:82:b2:4e:
                    68:f6:a7:3a:2a:1b:38:ca:2a:12:8f:13:75:38:24:
                    a8:8b:88:7b:c0:03:b5:2a:c0:13:b8:b1:2f:a4:3c:
                    44:53:4d:a1:91:ac:b0:f7:9f:25:37:c9:86:8b:14:
                    78:7d:4a:45:7c:a7:cb:9f:38:75:a2:54:09:52:4a:
                    7e:ef:a6:97:67:3f:c1:e7:69:a4:e0:18:a3:87:25:
                    65:51:bb:c0:3e:80:0e:de:2b:49:dd:9a:13:a3:a7:
                    ea:95:70:30:c3:75:58:d3:95:9b:87:09:84:32:50:
                    e4:3c:30:8a:18:a8:ab:a7:5c:5c:02:8d:ec:96:89:
                    0d:a9:04:cd:73:5e:a5:2d:8b:a0:52:5d:7b:f2:94:
                    79:7c:25:82:86:20:74:8c:d9:03:fe:63:95:bc:fa:
                    b9:a7:a5:80:08:3f:04:a2:e3:11:a6:08:94:c1:30:
                    33:04:a2:b3:40:33:e4:46:96:00:f9:75:9e:b8:19:
                    4f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:58:D7:5D:50:9D:01:3D:EE:3F:47:AC:53:10:4F:10:4B:38:64:90
            X509v3 Authority Key Identifier:
                keyid:2F:78:E0:06:6B:B2:7C:5F:52:E7:02:5D:61:19:0D:AA:90:B9:73:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L3jgBmuyfF9S5wJdYRkNqpC5c0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/230ac7-ec0c-44de-85a8-b2b7962c2d81/1/cFjXXVCdAT3uP0esUxBPEEs4ZJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/230ac7-ec0c-44de-85a8-b2b7962c2d81/1/L3jgBmuyfF9S5wJdYRkNqpC5c0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:e9:e6:86:dd:51:da:7b:8d:c2:83:b6:e7:dc:97:50:a8:d8:
         a9:d3:92:ca:f7:39:05:70:c2:f2:d4:6e:05:97:85:1c:89:15:
         b0:46:3c:86:be:fb:83:e4:fa:5d:91:61:73:9f:41:31:e2:19:
         c5:7a:de:ea:49:03:d0:5d:fe:bd:5b:93:79:9f:07:6c:6f:d1:
         82:16:6c:5f:da:ed:5e:69:b7:e5:0d:2b:20:69:89:e1:90:40:
         5f:53:b1:05:6d:1f:b0:37:d0:00:c3:5a:b4:7c:66:89:0a:77:
         35:80:bc:76:5c:4a:1e:9c:1a:ca:85:16:68:b7:36:d6:e4:dd:
         5a:9e:a8:83:11:56:fe:c4:32:92:ab:58:3f:2c:55:73:10:ed:
         73:2b:0b:12:7d:22:3f:13:1c:a3:9c:04:24:54:08:c8:eb:f0:
         a2:bd:cf:1c:52:1f:cd:a3:e5:bc:c8:15:c9:67:2c:26:1f:ea:
         c7:55:14:9f:b8:19:8d:74:4f:ef:18:34:71:7a:a6:59:e8:94:
         89:fd:fe:05:50:f8:96:37:c7:fe:a2:a5:1c:17:f1:0f:4d:9a:
         1f:7d:01:fc:03:21:29:01:dd:db:fa:6e:50:7b:d1:4f:db:b1:
         99:58:9e:5b:ca:87:61:a0:6c:ce:c1:f7:3b:56:af:a1:dd:c9:
         1a:d5:70:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY52qE0X2XGyofQFPAL9mI8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNzhlMDA2NmJiMjdjNWY1MmU3MDI1ZDYxMTkwZGFhOTBi
OTczNDgwHhcNMjQwMzI1MTcyODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDU4ZDc1ZDUwOWQwMTNkZWUzZjQ3YWM1MzEwNGYxMDRiMzg2NDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8laZ9xdbUjyua7jH+0LUiSxXvD6
G6gzDIIs/nxApuYBsQreCIeLm7kDJV8iMmOJxP567aj/+C7sO8iHP0RoOpWIC3O8
rvSCsk5o9qc6Khs4yioSjxN1OCSoi4h7wAO1KsATuLEvpDxEU02hkayw958lN8mG
ixR4fUpFfKfLnzh1olQJUkp+76aXZz/B52mk4BijhyVlUbvAPoAO3itJ3ZoTo6fq
lXAww3VY05WbhwmEMlDkPDCKGKirp1xcAo3slokNqQTNc16lLYugUl178pR5fCWC
hiB0jNkD/mOVvPq5p6WACD8EouMRpgiUwTAzBKKzQDPkRpYA+XWeuBlPZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBY111QnQE97j9HrFMQTxBLOGSQMB8GA1UdIwQY
MBaAFC944AZrsnxfUucCXWEZDaqQuXNIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDNqZ0JtdXlmRjlTNXdKZFlSa05xcEM1YzBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMzBhYzctZWMwYy00NGRlLTg1YTgt
YjJiNzk2MmMyZDgxLzEvY0ZqWFhWQ2RBVDN1UDBlc1V4QlBFRXM0WkpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMzBhYzctZWMwYy00NGRlLTg1YTgtYjJiNzk2MmMyZDgx
LzEvTDNqZ0JtdXlmRjlTNXdKZFlSa05xcEM1YzBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV8YMA0G
CSqGSIb3DQEBCwUAA4IBAQB26eaG3VHae43Cg7bn3JdQqNip05LK9zkFcMLy1G4F
l4UciRWwRjyGvvuD5PpdkWFzn0Ex4hnFet7qSQPQXf69W5N5nwdsb9GCFmxf2u1e
abflDSsgaYnhkEBfU7EFbR+wN9AAw1q0fGaJCnc1gLx2XEoenBrKhRZotzbW5N1a
nqiDEVb+xDKSq1g/LFVzEO1zKwsSfSI/ExyjnAQkVAjI6/Civc8cUh/No+W8yBXJ
ZywmH+rHVRSfuBmNdE/vGDRxeqZZ6JSJ/f4FUPiWN8f+oqUcF/EPTZoffQH8AyEp
Ad3b+m5Qe9FP27GZWJ5byodhoGzOwfc7Vq+h3cka1XBt
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:31:18 2024 by rpki-client on console-ams.rpki-client.org