Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/0f169c-6da7-4350-8d3c-4ca44802b563/1/VoFNE13yydiEt4xsZvIlv4k4W7E.roa
File:                     VoFNE13yydiEt4xsZvIlv4k4W7E.roa (raw, json)
Hash identifier:          f289WsJo098/OYEhqFW2juzSrd1otWfkECx7AhnQH4A=
Subject key identifier:   56:81:4D:13:5D:F2:C9:D8:84:B7:8C:6C:66:F2:25:BF:89:38:5B:B1
Certificate issuer:       /CN=cad79c126b82f77cc63b5a6b6cd8bdae6e0f5a3c
Certificate serial:       018CC2DAF96AA6C40DF78DDD6A1F11C47320
Authority key identifier: CA:D7:9C:12:6B:82:F7:7C:C6:3B:5A:6B:6C:D8:BD:AE:6E:0F:5A:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ytecEmuC93zGO1prbNi9rm4PWjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/0f169c-6da7-4350-8d3c-4ca44802b563/1/VoFNE13yydiEt4xsZvIlv4k4W7E.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        193.43.117.0/24 maxlen: 24
                          193.43.18.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/0f169c-6da7-4350-8d3c-4ca44802b563/1/ytecEmuC93zGO1prbNi9rm4PWjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/0f169c-6da7-4350-8d3c-4ca44802b563/1/ytecEmuC93zGO1prbNi9rm4PWjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ytecEmuC93zGO1prbNi9rm4PWjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f9:6a:a6:c4:0d:f7:8d:dd:6a:1f:11:c4:73:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cad79c126b82f77cc63b5a6b6cd8bdae6e0f5a3c
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56814d135df2c9d884b78c6c66f225bf89385bb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:32:72:b2:b6:a0:d1:cb:15:ce:da:81:9e:fc:
                    46:60:d7:4a:03:d3:09:9d:ac:f1:0b:e4:55:1d:f5:
                    31:c4:a2:f0:8c:41:b1:2b:c3:d6:85:1d:a4:b9:17:
                    3b:e5:07:34:95:82:dd:a9:8b:4a:bb:68:7f:59:05:
                    fc:a9:4e:d8:b6:16:5e:bb:55:ba:ae:aa:60:ce:be:
                    1e:94:7e:f3:2c:de:a1:60:b4:ca:d1:62:17:21:32:
                    41:c3:81:ea:a8:5d:66:ea:92:f4:d9:c8:28:f0:58:
                    99:64:6a:00:13:e5:01:2f:49:de:c9:56:5a:a8:03:
                    d8:d8:4e:d5:95:aa:04:1b:fd:20:ae:4b:a4:e2:c1:
                    61:ba:fa:1f:1d:37:a3:2b:5f:cb:cc:d5:73:0e:e9:
                    e7:3f:8a:f0:b5:99:c5:40:b9:34:9a:46:38:f7:1c:
                    04:95:50:d8:57:71:94:b6:07:e9:63:9a:c0:62:34:
                    72:7c:21:16:91:54:ee:7e:0c:82:e4:31:b5:57:24:
                    f0:63:6f:d3:02:da:87:09:ab:d5:a1:97:71:b0:70:
                    16:2c:15:d8:b6:96:9c:a1:71:30:99:85:d3:f4:95:
                    e2:4e:82:6a:fb:0b:ae:43:81:c4:b9:8a:0c:40:9c:
                    98:de:33:8a:24:a8:88:a5:ff:b6:30:e9:d2:06:6a:
                    58:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:81:4D:13:5D:F2:C9:D8:84:B7:8C:6C:66:F2:25:BF:89:38:5B:B1
            X509v3 Authority Key Identifier:
                keyid:CA:D7:9C:12:6B:82:F7:7C:C6:3B:5A:6B:6C:D8:BD:AE:6E:0F:5A:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ytecEmuC93zGO1prbNi9rm4PWjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0f169c-6da7-4350-8d3c-4ca44802b563/1/VoFNE13yydiEt4xsZvIlv4k4W7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0f169c-6da7-4350-8d3c-4ca44802b563/1/ytecEmuC93zGO1prbNi9rm4PWjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.18.0/23
                  193.43.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:ed:4e:8d:af:f2:d1:09:6e:da:73:f9:22:97:72:6b:9a:e6:
         a6:0d:34:cd:e7:07:7c:5a:fa:6f:fe:fd:52:98:49:85:02:23:
         41:54:83:10:95:0c:0d:2d:41:8f:a5:84:b9:8a:0e:28:bf:df:
         7f:32:e1:42:96:dc:12:bd:60:61:46:c4:f9:45:c1:ac:d2:93:
         12:bc:26:68:53:12:75:f0:df:df:d9:a8:a9:22:56:89:42:d2:
         b3:f0:9c:a6:e2:30:b8:87:20:a6:eb:1e:50:e0:71:6d:16:36:
         88:ab:d3:be:22:ed:75:39:99:81:7c:e8:42:4f:18:56:e6:06:
         28:1c:02:c5:d5:80:67:a7:10:eb:06:f9:c7:3f:8f:74:9a:03:
         03:15:39:1c:a9:62:90:49:c6:50:d5:39:d5:e7:ef:9a:3c:38:
         5d:18:6b:76:9e:8b:3b:35:2e:52:1c:2c:78:7d:71:67:84:5b:
         0a:b1:03:a3:da:75:31:8b:4d:b7:07:7b:30:b2:01:36:0e:f7:
         d4:18:75:29:f4:bd:a5:5c:0a:95:d1:61:24:90:15:27:85:ec:
         e4:b0:20:37:07:d8:e9:93:16:91:5a:53:92:f5:21:a3:57:02:
         00:b3:ad:b3:22:35:35:94:28:7d:50:1e:5c:e5:e6:d2:d4:ea:
         0e:55:6f:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2vlqpsQN943dah8RxHMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZDc5YzEyNmI4MmY3N2NjNjNiNWE2YjZjZDhiZGFlNmUw
ZjVhM2MwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjgxNGQxMzVkZjJjOWQ4ODRiNzhjNmM2NmYyMjViZjg5Mzg1YmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzJysrag0csVztqBnvxGYNdKA9MJ
nazxC+RVHfUxxKLwjEGxK8PWhR2kuRc75Qc0lYLdqYtKu2h/WQX8qU7YthZeu1W6
rqpgzr4elH7zLN6hYLTK0WIXITJBw4HqqF1m6pL02cgo8FiZZGoAE+UBL0neyVZa
qAPY2E7VlaoEG/0grkuk4sFhuvofHTejK1/LzNVzDunnP4rwtZnFQLk0mkY49xwE
lVDYV3GUtgfpY5rAYjRyfCEWkVTufgyC5DG1VyTwY2/TAtqHCavVoZdxsHAWLBXY
tpacoXEwmYXT9JXiToJq+wuuQ4HEuYoMQJyY3jOKJKiIpf+2MOnSBmpY2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFaBTRNd8snYhLeMbGbyJb+JOFuxMB8GA1UdIwQY
MBaAFMrXnBJrgvd8xjtaa2zYva5uD1o8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXRlY0VtdUM5M3pHTzFwcmJOaTlybTRQV2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8wZjE2OWMtNmRhNy00MzUwLThkM2Mt
NGNhNDQ4MDJiNTYzLzEvVm9GTkUxM3l5ZGlFdDR4c1p2SWx2NGs0VzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8wZjE2OWMtNmRhNy00MzUwLThkM2MtNGNhNDQ4MDJiNTYz
LzEveXRlY0VtdUM5M3pHTzFwcmJOaTlybTRQV2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwSsSAwQA
wSt1MA0GCSqGSIb3DQEBCwUAA4IBAQCU7U6Nr/LRCW7ac/kil3JrmuamDTTN5wd8
Wvpv/v1SmEmFAiNBVIMQlQwNLUGPpYS5ig4ov99/MuFCltwSvWBhRsT5RcGs0pMS
vCZoUxJ18N/f2aipIlaJQtKz8Jym4jC4hyCm6x5Q4HFtFjaIq9O+Iu11OZmBfOhC
TxhW5gYoHALF1YBnpxDrBvnHP490mgMDFTkcqWKQScZQ1TnV5++aPDhdGGt2nos7
NS5SHCx4fXFnhFsKsQOj2nUxi023B3swsgE2DvfUGHUp9L2lXAqV0WEkkBUnhezk
sCA3B9jpkxaRWlOS9SGjVwIAs62zIjU1lCh9UB5c5ebS1OoOVW/d
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:30:00 2024 by rpki-client on console-fra.rpki-client.org