Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/LZHfRehIvNu9JV8q6DX593oPAKk.roa
File:                     LZHfRehIvNu9JV8q6DX593oPAKk.roa (raw, json)
Hash identifier:          cY/tp9s2yOxd4GQXdDZjI3iid59nT/ln+y1nhWo2hzQ=
Subject key identifier:   2D:91:DF:45:E8:48:BC:DB:BD:25:5F:2A:E8:35:F9:F7:7A:0F:00:A9
Certificate issuer:       /CN=63c34455c0d4e4fc3ba2f1c46f08b475c8f6d980
Certificate serial:       018CC56E566646183A83E4E6CDC1DB209C1E
Authority key identifier: 63:C3:44:55:C0:D4:E4:FC:3B:A2:F1:C4:6F:08:B4:75:C8:F6:D9:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/LZHfRehIvNu9JV8q6DX593oPAKk.roa
Signing time:             Mon 01 Jan 2024 14:29:51 +0000
ROA not before:           Mon 01 Jan 2024 14:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24867
IP address blocks:        78.40.152.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:56:66:46:18:3a:83:e4:e6:cd:c1:db:20:9c:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63c34455c0d4e4fc3ba2f1c46f08b475c8f6d980
        Validity
            Not Before: Jan  1 14:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d91df45e848bcdbbd255f2ae835f9f77a0f00a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2c:01:26:8b:d6:1b:ad:d2:db:a6:d4:00:0d:
                    79:a1:d2:96:80:6c:7b:a6:95:53:f9:13:7d:20:32:
                    2b:da:d0:89:c9:63:44:59:42:ca:78:e8:c9:ef:bd:
                    0d:c6:5c:17:d4:52:55:83:e7:3a:d8:5e:90:82:31:
                    f1:08:fc:4b:68:04:61:17:b2:3e:9d:8d:82:f6:22:
                    15:f3:21:bc:28:69:34:e8:44:6e:e6:38:b3:42:e2:
                    f0:08:f0:cd:7c:e3:9e:f9:d2:29:d5:e1:62:06:3a:
                    bf:52:fa:6b:e7:62:0f:00:aa:70:0f:cd:24:0f:84:
                    d7:fa:5a:35:83:96:17:cb:59:b2:53:45:be:51:b2:
                    0e:87:c0:06:e2:e5:53:b4:54:08:10:58:0f:ae:38:
                    95:9f:1c:d2:8b:b9:9c:89:d9:c5:74:f5:bd:c7:f7:
                    2d:0d:f2:23:c0:6f:72:ed:6d:3e:07:1e:22:e4:21:
                    7d:fa:81:76:af:50:a6:42:c7:b4:c4:80:72:7e:d6:
                    1d:4d:44:cd:2e:85:8a:f5:70:94:21:aa:b0:62:e3:
                    d2:df:d7:88:08:ca:aa:ff:bc:09:6e:95:51:4c:9d:
                    af:5e:7d:45:a5:30:1b:c8:2d:37:93:32:0a:cc:49:
                    02:a9:ee:29:3e:77:fd:ad:29:4f:de:87:40:0e:6f:
                    ac:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:91:DF:45:E8:48:BC:DB:BD:25:5F:2A:E8:35:F9:F7:7A:0F:00:A9
            X509v3 Authority Key Identifier:
                keyid:63:C3:44:55:C0:D4:E4:FC:3B:A2:F1:C4:6F:08:B4:75:C8:F6:D9:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/LZHfRehIvNu9JV8q6DX593oPAKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/35656a-066e-49df-b709-7bfcd7e94b9e/1/Y8NEVcDU5Pw7ovHEbwi0dcj22YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         98:ff:05:22:46:0a:5e:5b:a9:2b:b1:99:14:50:73:a4:98:0c:
         9e:57:b6:36:8a:f1:71:e1:b7:4b:fe:01:c9:93:9f:74:d6:40:
         f2:a3:33:36:38:3f:bd:1c:9e:4f:ff:12:0e:a4:6d:51:06:bf:
         b4:a8:c3:cd:98:f8:da:2d:cc:d1:6c:6f:47:33:18:5a:bc:a8:
         e3:ae:12:29:87:8d:09:4c:26:90:81:4a:b7:01:b1:89:ef:96:
         3c:10:10:1f:9e:38:ef:bf:28:18:52:ef:8c:fd:8a:65:c6:9b:
         dc:50:8d:dc:46:28:0f:8c:86:4f:39:f9:8a:68:46:08:6f:0d:
         c5:fc:bf:cf:f3:95:d0:4d:51:cb:9f:d8:4a:97:6c:e4:ed:84:
         ac:d3:cb:0f:f0:5d:32:a6:97:6c:ef:97:fe:4c:62:02:5c:b9:
         52:8b:cb:67:06:9e:1d:69:6b:30:88:db:96:17:a1:12:16:18:
         b2:9b:81:1b:6f:4e:7e:db:14:5c:6c:9b:90:48:6f:25:23:a9:
         a6:d4:e6:64:6a:72:e4:7d:26:09:c9:d7:e1:f9:6b:0e:f4:ad:
         2c:bf:d2:1b:fd:8f:4f:59:2f:d6:52:2f:58:ac:08:5e:23:a0:
         7e:12:75:63:44:74:11:d6:89:c6:0c:eb:bd:a1:76:3b:90:bf:
         42:35:af:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFblZmRhg6g+TmzcHbIJweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYzM0NDU1YzBkNGU0ZmMzYmEyZjFjNDZmMDhiNDc1Yzhm
NmQ5ODAwHhcNMjQwMTAxMTQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDkxZGY0NWU4NDhiY2RiYmQyNTVmMmFlODM1ZjlmNzdhMGYwMGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCwBJovWG63S26bUAA15odKWgGx7
ppVT+RN9IDIr2tCJyWNEWULKeOjJ770NxlwX1FJVg+c62F6QgjHxCPxLaARhF7I+
nY2C9iIV8yG8KGk06ERu5jizQuLwCPDNfOOe+dIp1eFiBjq/Uvpr52IPAKpwD80k
D4TX+lo1g5YXy1myU0W+UbIOh8AG4uVTtFQIEFgPrjiVnxzSi7mcidnFdPW9x/ct
DfIjwG9y7W0+Bx4i5CF9+oF2r1CmQse0xIByftYdTUTNLoWK9XCUIaqwYuPS39eI
CMqq/7wJbpVRTJ2vXn1FpTAbyC03kzIKzEkCqe4pPnf9rSlP3odADm+sMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2R30XoSLzbvSVfKug1+fd6DwCpMB8GA1UdIwQY
MBaAFGPDRFXA1OT8O6LxxG8ItHXI9tmAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWThORVZjRFU1UHc3b3ZIRWJ3aTBkY2oyMllBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8zNTY1NmEtMDY2ZS00OWRmLWI3MDkt
N2JmY2Q3ZTk0YjllLzEvTFpIZlJlaEl2TnU5SlY4cTZEWDU5M29QQUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8zNTY1NmEtMDY2ZS00OWRmLWI3MDktN2JmY2Q3ZTk0Yjll
LzEvWThORVZjRFU1UHc3b3ZIRWJ3aTBkY2oyMllBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTiiYMA0G
CSqGSIb3DQEBCwUAA4IBAQCY/wUiRgpeW6krsZkUUHOkmAyeV7Y2ivFx4bdL/gHJ
k5901kDyozM2OD+9HJ5P/xIOpG1RBr+0qMPNmPjaLczRbG9HMxhavKjjrhIph40J
TCaQgUq3AbGJ75Y8EBAfnjjvvygYUu+M/YplxpvcUI3cRigPjIZPOfmKaEYIbw3F
/L/P85XQTVHLn9hKl2zk7YSs08sP8F0yppds75f+TGICXLlSi8tnBp4daWswiNuW
F6ESFhiym4Ebb05+2xRcbJuQSG8lI6mm1OZkanLkfSYJydfh+WsO9K0sv9Ib/Y9P
WS/WUi9YrAheI6B+EnVjRHQR1onGDOu9oXY7kL9CNa/+
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:54:23 2024 by rpki-client on console-ams.rpki-client.org