Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/X6PrIecGYNojLHovPIsraUKNjS0.roa
File:                     X6PrIecGYNojLHovPIsraUKNjS0.roa (raw, json)
Hash identifier:          D3jBagXX1xMKbz9mnmyQLJl4dk/uK0fh36Abh9O3i0I=
Subject key identifier:   5F:A3:EB:21:E7:06:60:DA:23:2C:7A:2F:3C:8B:2B:69:42:8D:8D:2D
Certificate issuer:       /CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
Certificate serial:       018CC2DB0116B77E1048078103393B0E3DD9
Authority key identifier: FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/X6PrIecGYNojLHovPIsraUKNjS0.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        185.240.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Dec 2024 15:18:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:01:16:b7:7e:10:48:07:81:03:39:3b:0e:3d:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa2e72abf7b1728fda6aa0b0413d8854812ea361
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fa3eb21e70660da232c7a2f3c8b2b69428d8d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:97:93:48:52:fd:5c:1a:14:67:34:52:19:00:
                    ec:5f:a1:d9:27:dd:59:11:ff:19:d2:72:1a:c4:95:
                    83:6a:b8:5b:eb:7b:b5:60:9b:fa:4c:5c:76:bf:f6:
                    73:10:8c:a4:db:60:bb:bd:d8:ca:e3:4d:30:17:13:
                    8e:1c:09:b2:56:b9:bc:11:eb:2e:86:bc:85:89:03:
                    b0:77:75:38:fc:07:78:13:9e:c9:31:6e:63:41:e5:
                    da:e4:0d:54:ba:d4:d9:4e:0b:21:6b:f2:05:36:ec:
                    8a:a9:e9:f0:fe:2d:45:72:8a:45:6e:24:f5:36:1c:
                    78:30:ab:b1:6c:66:71:4b:91:c9:2d:fb:3e:8b:83:
                    f5:aa:3a:ba:c5:89:8c:e2:0f:16:4d:06:9c:90:8a:
                    0b:d1:6c:74:ba:37:b3:e3:5b:38:c5:7e:d9:16:03:
                    3d:a2:90:e1:5a:a1:48:c5:c8:cc:40:8c:d1:b6:d2:
                    15:2d:cc:17:52:b9:45:8f:8d:21:33:14:6e:be:f7:
                    01:55:6e:e7:73:ae:f2:07:32:ac:28:8b:2e:d4:c0:
                    b4:07:6a:0a:30:38:f8:da:59:5e:1c:b3:97:3d:0f:
                    9d:82:57:70:1f:f8:e3:99:75:d4:2b:64:cb:bf:92:
                    ca:01:ac:9e:7f:60:85:d0:09:88:09:54:e6:cd:71:
                    27:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A3:EB:21:E7:06:60:DA:23:2C:7A:2F:3C:8B:2B:69:42:8D:8D:2D
            X509v3 Authority Key Identifier:
                keyid:FA:2E:72:AB:F7:B1:72:8F:DA:6A:A0:B0:41:3D:88:54:81:2E:A3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-i5yq_exco_aaqCwQT2IVIEuo2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/X6PrIecGYNojLHovPIsraUKNjS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f61591-7ca8-4a9a-899f-a366da251a83/1/1-i5yq_exco_aaqCwQT2IVIEuo2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:6f:99:0e:f2:2d:21:40:77:ab:fb:fb:0b:96:87:bd:03:5d:
         cc:46:17:5b:c4:88:d5:e0:16:bc:78:f6:9f:ac:23:ee:12:bb:
         79:93:34:5a:3c:7a:ea:d9:43:d7:8c:36:46:90:0a:07:53:85:
         3f:b2:a7:25:b7:c0:ea:50:c8:ae:67:5d:b2:c3:70:2a:62:27:
         a8:6c:6f:f0:7e:dd:2a:16:71:d8:43:dc:c6:c3:d0:a1:2b:28:
         24:d4:e6:99:75:a6:9a:9f:cc:91:65:9d:b2:80:5c:68:27:43:
         3c:7d:42:ff:65:0e:9a:9f:21:50:52:7f:5b:dd:19:bd:a7:04:
         5e:53:8b:12:4a:d0:ca:55:4c:02:10:59:41:97:25:5f:75:d6:
         de:7f:9f:39:7d:1e:55:e6:60:5d:07:22:6d:0f:f8:01:c4:0d:
         23:67:56:42:d9:72:0e:a7:df:16:64:8f:24:27:7d:cc:15:1f:
         76:da:2e:4c:8e:16:2d:c7:52:ec:93:df:cb:5a:ae:b7:0a:28:
         3c:58:00:9c:77:ec:e6:f1:0c:4b:a5:19:e4:68:a3:45:af:18:
         5e:ee:e4:5e:fd:9b:fb:b5:16:05:67:69:f6:71:35:43:eb:7f:
         40:45:12:97:3d:59:4b:7a:6d:84:03:c3:db:46:10:0d:f9:27:
         62:5c:9c:5f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC2wEWt34QSAeBAzk7Dj3ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMmU3MmFiZjdiMTcyOGZkYTZhYTBiMDQxM2Q4ODU0ODEy
ZWEzNjEwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmEzZWIyMWU3MDY2MGRhMjMyYzdhMmYzYzhiMmI2OTQyOGQ4ZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5eTSFL9XBoUZzRSGQDsX6HZJ91Z
Ef8Z0nIaxJWDarhb63u1YJv6TFx2v/ZzEIyk22C7vdjK400wFxOOHAmyVrm8Eesu
hryFiQOwd3U4/Ad4E57JMW5jQeXa5A1UutTZTgsha/IFNuyKqenw/i1FcopFbiT1
Nhx4MKuxbGZxS5HJLfs+i4P1qjq6xYmM4g8WTQackIoL0Wx0ujez41s4xX7ZFgM9
opDhWqFIxcjMQIzRttIVLcwXUrlFj40hMxRuvvcBVW7nc67yBzKsKIsu1MC0B2oK
MDj42lleHLOXPQ+dgldwH/jjmXXUK2TLv5LKAayef2CF0AmICVTmzXEnnwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFF+j6yHnBmDaIyx6LzyLK2lCjY0tMB8GA1UdIwQY
MBaAFPoucqv3sXKP2mqgsEE9iFSBLqNhMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1pNXlxX2V4Y29fYWFxQ3dRVDJJVklFdW8yRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlm
LWEzNjZkYTI1MWE4My8xL1g2UHJJZWNHWU5vakxIb3ZQSXNyYVVLTmpTMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWMvZjYxNTkxLTdjYTgtNGE5YS04OTlmLWEzNjZkYTI1MWE4
My8xLzEtaTV5cV9leGNvX2FhcUN3UVQySVZJRXVvMkUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC58KEw
DQYJKoZIhvcNAQELBQADggEBADdvmQ7yLSFAd6v7+wuWh70DXcxGF1vEiNXgFrx4
9p+sI+4Su3mTNFo8eurZQ9eMNkaQCgdThT+ypyW3wOpQyK5nXbLDcCpiJ6hsb/B+
3SoWcdhD3MbD0KErKCTU5pl1ppqfzJFlnbKAXGgnQzx9Qv9lDpqfIVBSf1vdGb2n
BF5TixJK0MpVTAIQWUGXJV911t5/nzl9HlXmYF0HIm0P+AHEDSNnVkLZcg6n3xZk
jyQnfcwVH3baLkyOFi3HUuyT38tarrcKKDxYAJx37ObxDEulGeRoo0WvGF7u5F79
m/u1FgVnafZxNUPrf0BFEpc9WUt6bYQDw9tGEA35J2JcnF8=
-----END CERTIFICATE-----
Generated at Tue Dec 10 00:52:28 2024 by rpki-client on console-ams.rpki-client.org