Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/lInXuLkCOrUHlXD9UQfmT3i-_nU.roa
File:                     lInXuLkCOrUHlXD9UQfmT3i-_nU.roa (raw, json)
Hash identifier:          I6F2vqiYCBsNMCiQWnT6wUkKO0eYOm4OjLC+Oa5xHgs=
Subject key identifier:   94:89:D7:B8:B9:02:3A:B5:07:95:70:FD:51:07:E6:4F:78:BE:FE:75
Certificate issuer:       /CN=f93ac6cd2240249bba60171f086e9101cc87ca24
Certificate serial:       018CC5DC844993AE05A5D8F651C52DDFF422
Authority key identifier: F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/lInXuLkCOrUHlXD9UQfmT3i-_nU.roa
Signing time:             Mon 01 Jan 2024 16:30:12 +0000
ROA not before:           Mon 01 Jan 2024 16:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18779
IP address blocks:        176.111.223.0/24 maxlen: 24
                          147.189.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:84:49:93:ae:05:a5:d8:f6:51:c5:2d:df:f4:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f93ac6cd2240249bba60171f086e9101cc87ca24
        Validity
            Not Before: Jan  1 16:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9489d7b8b9023ab5079570fd5107e64f78befe75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6f:be:0b:8e:19:56:b6:21:b0:db:33:41:fd:
                    a4:5f:fb:cc:64:f0:cf:af:a7:a3:a4:54:c6:e4:15:
                    6e:d6:49:d0:ac:b7:05:c8:03:d3:e8:21:14:8b:05:
                    d3:0d:4a:32:5b:3d:89:57:9d:fd:4d:52:19:f8:21:
                    f4:ea:c8:80:5c:9b:e4:63:b5:63:ca:6d:8b:d3:5c:
                    be:41:f7:57:65:6b:9a:64:88:d3:9c:41:e1:c9:7c:
                    ed:eb:64:9f:c3:87:39:cd:a1:1c:66:ea:1e:e6:29:
                    35:4a:93:43:a1:f0:ab:83:f5:42:04:31:fa:22:0f:
                    2e:09:3b:e7:10:f2:c8:59:fc:49:a0:31:0b:b2:ee:
                    0b:a4:62:9f:1d:18:03:04:f7:69:1b:d9:da:b1:d1:
                    3c:ed:71:9e:00:96:70:70:9e:07:10:1e:69:b3:a1:
                    c6:41:6c:1a:8a:37:45:12:4a:1d:bb:6a:56:40:92:
                    ef:12:d2:66:a5:cf:6c:0d:93:7d:65:61:03:c5:6a:
                    b6:92:46:6f:ff:aa:82:4c:08:8e:26:9b:5c:e0:46:
                    13:91:71:90:c1:77:e9:a2:4a:9a:2f:a0:2d:f2:08:
                    36:a1:fe:10:00:5e:3d:e8:30:f6:2f:54:a0:64:3a:
                    a5:c8:96:09:97:9d:0b:a2:b8:20:00:92:17:93:5c:
                    5d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:89:D7:B8:B9:02:3A:B5:07:95:70:FD:51:07:E6:4F:78:BE:FE:75
            X509v3 Authority Key Identifier:
                keyid:F9:3A:C6:CD:22:40:24:9B:BA:60:17:1F:08:6E:91:01:CC:87:CA:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/lInXuLkCOrUHlXD9UQfmT3i-_nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b03213-5e80-4931-81ce-f752d81605fb/1/1-TrGzSJAJJu6YBcfCG6RAcyHyiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.189.130.0/24
                  176.111.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:b8:7b:59:82:fc:d6:76:61:84:d6:56:cc:eb:ff:42:13:ad:
         5c:50:42:51:dc:3b:20:7c:df:91:4e:b8:31:06:d1:01:19:d7:
         7e:f0:9c:06:24:99:cc:0f:cf:d2:6b:5d:5e:23:3a:7f:cf:ef:
         36:3d:ff:2e:af:2e:60:fd:d3:dc:3e:17:d2:3e:e7:0f:5b:0b:
         9d:e0:b2:bd:5f:1e:d1:0a:d1:be:45:0b:84:10:80:0c:e9:e7:
         d6:3c:73:df:a1:89:14:fb:34:7e:9e:68:d8:28:b6:e8:67:a8:
         e0:d3:54:73:fc:59:d8:87:b1:c8:b7:de:cf:41:aa:95:c0:c1:
         c2:40:f1:bb:23:36:22:ce:5a:ad:66:42:f8:49:63:45:2b:29:
         9e:a6:ed:17:97:0d:fa:73:bd:da:18:65:26:5f:9e:76:2c:a7:
         4a:4a:30:d2:d2:a3:da:12:d5:65:2e:8d:90:dd:bf:60:d7:6d:
         3d:62:c0:d9:0d:16:e5:58:a4:bc:78:47:d0:bf:e4:f0:f1:f8:
         2f:a4:43:48:81:47:35:b3:38:09:87:3f:ab:0c:66:3c:94:c1:
         ac:e6:50:38:6f:86:f3:09:19:87:42:46:96:29:8c:46:64:1a:
         e0:64:43:24:ea:70:33:da:6e:e5:45:7a:13:dd:d0:4d:d9:8f:
         98:81:85:65
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF3IRJk64Fpdj2UcUt3/QiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5M2FjNmNkMjI0MDI0OWJiYTYwMTcxZjA4NmU5MTAxY2M4
N2NhMjQwHhcNMjQwMTAxMTYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDg5ZDdiOGI5MDIzYWI1MDc5NTcwZmQ1MTA3ZTY0Zjc4YmVmZTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW++C44ZVrYhsNszQf2kX/vMZPDP
r6ejpFTG5BVu1knQrLcFyAPT6CEUiwXTDUoyWz2JV539TVIZ+CH06siAXJvkY7Vj
ym2L01y+QfdXZWuaZIjTnEHhyXzt62Sfw4c5zaEcZuoe5ik1SpNDofCrg/VCBDH6
Ig8uCTvnEPLIWfxJoDELsu4LpGKfHRgDBPdpG9nasdE87XGeAJZwcJ4HEB5ps6HG
QWwaijdFEkodu2pWQJLvEtJmpc9sDZN9ZWEDxWq2kkZv/6qCTAiOJptc4EYTkXGQ
wXfpokqaL6At8gg2of4QAF496DD2L1SgZDqlyJYJl50LorggAJIXk1xdxQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJSJ17i5Ajq1B5Vw/VEH5k94vv51MB8GA1UdIwQY
MBaAFPk6xs0iQCSbumAXHwhukQHMh8okMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Uckd6U0pBSkp1NllCY2ZDRzZSQWN5SHlpUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNl
LWY3NTJkODE2MDVmYi8xL2xJblh1TGtDT3JVSGxYRDlVUWZtVDNpLV9uVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTgvYjAzMjEzLTVlODAtNDkzMS04MWNlLWY3NTJkODE2MDVm
Yi8xLzEtVHJHelNKQUpKdTZZQmNmQ0c2UkFjeUh5aVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACTvYID
BACwb98wDQYJKoZIhvcNAQELBQADggEBAFK4e1mC/NZ2YYTWVszr/0ITrVxQQlHc
OyB835FOuDEG0QEZ137wnAYkmcwPz9JrXV4jOn/P7zY9/y6vLmD909w+F9I+5w9b
C53gsr1fHtEK0b5FC4QQgAzp59Y8c9+hiRT7NH6eaNgotuhnqODTVHP8WdiHsci3
3s9BqpXAwcJA8bsjNiLOWq1mQvhJY0UrKZ6m7ReXDfpzvdoYZSZfnnYsp0pKMNLS
o9oS1WUujZDdv2DXbT1iwNkNFuVYpLx4R9C/5PDx+C+kQ0iBRzWzOAmHP6sMZjyU
wazmUDhvhvMJGYdCRpYpjEZkGuBkQyTqcDPabuVFehPd0E3Zj5iBhWU=
-----END CERTIFICATE-----
Generated at Mon Nov 25 00:04:09 2024 by rpki-client on console-fra.rpki-client.org