Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/Xmkc0fzeOlEfTr64qzBWwa9fnUY.roa
File:                     Xmkc0fzeOlEfTr64qzBWwa9fnUY.roa (raw, json)
Hash identifier:          nEGTDY0VN8NWCTJfBQvmEb1I4dcE/ZDa/RGFNbZqhFA=
Subject key identifier:   5E:69:1C:D1:FC:DE:3A:51:1F:4E:BE:B8:AB:30:56:C1:AF:5F:9D:46
Certificate issuer:       /CN=ab069058b4d367612be4807372b5e593e0347766
Certificate serial:       018CC6B77F37DDFC34E5A6F2A44B8A1E9E23
Authority key identifier: AB:06:90:58:B4:D3:67:61:2B:E4:80:73:72:B5:E5:93:E0:34:77:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/Xmkc0fzeOlEfTr64qzBWwa9fnUY.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1930
IP address blocks:        192.135.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7f:37:dd:fc:34:e5:a6:f2:a4:4b:8a:1e:9e:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab069058b4d367612be4807372b5e593e0347766
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e691cd1fcde3a511f4ebeb8ab3056c1af5f9d46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:5b:e4:6c:62:3f:1b:80:95:b7:a2:ae:0e:ee:
                    6c:11:e5:7d:06:fc:f7:4d:7f:d8:f1:d8:ad:62:e5:
                    e8:d1:05:88:62:1c:91:8e:ee:2b:50:36:c9:54:79:
                    f1:66:f7:b7:e7:44:6d:27:29:56:c5:60:d7:42:ea:
                    97:eb:3a:aa:64:d6:bb:1a:99:68:65:fb:f2:35:64:
                    7a:bb:48:c8:aa:23:b7:48:c5:fa:a3:6b:91:3a:ff:
                    9e:f5:7d:38:ad:6c:ce:14:45:d8:7c:17:f2:ba:67:
                    91:15:79:eb:3b:82:d4:0e:82:f5:0f:ca:d8:ad:24:
                    19:d6:72:3d:29:47:a8:60:c8:c2:d8:aa:89:91:47:
                    7e:3f:db:c7:0e:da:90:12:88:15:ed:02:53:5a:d5:
                    77:dc:7d:a2:06:42:81:91:70:27:41:56:df:03:fa:
                    4b:a8:d2:7e:79:53:e9:b1:ae:0c:4a:2e:ae:69:98:
                    f0:ed:ea:b0:e9:61:1b:d3:f6:93:cf:38:23:f0:2d:
                    0e:3d:7a:7e:26:a2:89:57:ad:39:f1:58:36:d7:8d:
                    24:e4:db:c9:03:8e:36:7b:60:86:aa:77:d9:b9:c5:
                    22:2b:60:45:f2:30:2e:18:b0:d4:7c:33:cf:d8:bd:
                    d0:16:fb:51:be:42:ed:2f:83:2b:15:53:5f:f9:14:
                    b8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:69:1C:D1:FC:DE:3A:51:1F:4E:BE:B8:AB:30:56:C1:AF:5F:9D:46
            X509v3 Authority Key Identifier:
                keyid:AB:06:90:58:B4:D3:67:61:2B:E4:80:73:72:B5:E5:93:E0:34:77:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/Xmkc0fzeOlEfTr64qzBWwa9fnUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/87b09a-ccfa-48ea-aeb5-5667419f44e8/1/qwaQWLTTZ2Er5IBzcrXlk-A0d2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.135.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:aa:36:0e:54:92:f4:71:b6:89:6c:cd:57:89:44:41:4e:1a:
         f1:03:27:77:41:2f:57:2c:fa:9f:0d:74:f5:23:1f:d1:73:56:
         4f:1d:bb:89:e7:94:56:59:f4:78:19:01:e3:b2:58:a4:e1:4c:
         9c:48:1e:38:71:e3:82:41:ea:47:f1:ed:b1:02:d3:08:5d:bb:
         65:3f:19:e0:71:f5:aa:b5:1d:f0:d9:b6:da:7b:13:9a:e3:bf:
         11:e0:19:e6:ca:2c:c3:84:2c:2e:aa:4d:a7:1a:75:74:40:75:
         5d:84:13:70:82:3e:c4:a6:b1:ac:2c:69:35:2d:9f:61:b4:d6:
         7e:4c:9d:9f:8f:48:a9:c9:36:95:3d:c5:61:3c:2e:af:4c:9f:
         c0:f1:69:13:5a:37:04:1e:93:fd:25:d0:0d:86:19:c0:93:89:
         91:15:51:67:90:93:a2:03:d5:e8:1f:70:d8:5e:28:92:b2:be:
         93:a0:d7:7f:13:ef:62:e0:8f:eb:21:46:df:cf:a3:70:3d:2e:
         69:17:a4:0a:2a:c4:af:01:f9:fa:9b:92:bb:71:0c:6a:08:1b:
         fd:00:b6:8e:67:09:1b:c6:d2:5e:af:ce:50:49:6d:fb:d1:38:
         3a:25:4a:bd:aa:68:45:de:18:92:e7:49:d3:eb:0d:c5:0c:52:
         9b:7b:e4:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt3833fw05abypEuKHp4jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDY5MDU4YjRkMzY3NjEyYmU0ODA3MzcyYjVlNTkzZTAz
NDc3NjYwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTY5MWNkMWZjZGUzYTUxMWY0ZWJlYjhhYjMwNTZjMWFmNWY5ZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFvkbGI/G4CVt6KuDu5sEeV9Bvz3
TX/Y8ditYuXo0QWIYhyRju4rUDbJVHnxZve350RtJylWxWDXQuqX6zqqZNa7Gplo
ZfvyNWR6u0jIqiO3SMX6o2uROv+e9X04rWzOFEXYfBfyumeRFXnrO4LUDoL1D8rY
rSQZ1nI9KUeoYMjC2KqJkUd+P9vHDtqQEogV7QJTWtV33H2iBkKBkXAnQVbfA/pL
qNJ+eVPpsa4MSi6uaZjw7eqw6WEb0/aTzzgj8C0OPXp+JqKJV6058Vg2140k5NvJ
A442e2CGqnfZucUiK2BF8jAuGLDUfDPP2L3QFvtRvkLtL4MrFVNf+RS4kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5pHNH83jpRH06+uKswVsGvX51GMB8GA1UdIwQY
MBaAFKsGkFi002dhK+SAc3K15ZPgNHdmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdhUVdMVFRaMkVyNUlCemNyWGxrLUEwZDJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84N2IwOWEtY2NmYS00OGVhLWFlYjUt
NTY2NzQxOWY0NGU4LzEvWG1rYzBmemVPbEVmVHI2NHF6Qld3YTlmblVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84N2IwOWEtY2NmYS00OGVhLWFlYjUtNTY2NzQxOWY0NGU4
LzEvcXdhUVdMVFRaMkVyNUlCemNyWGxrLUEwZDJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwIfbMA0G
CSqGSIb3DQEBCwUAA4IBAQBJqjYOVJL0cbaJbM1XiURBThrxAyd3QS9XLPqfDXT1
Ix/Rc1ZPHbuJ55RWWfR4GQHjslik4UycSB44ceOCQepH8e2xAtMIXbtlPxngcfWq
tR3w2bbaexOa478R4BnmyizDhCwuqk2nGnV0QHVdhBNwgj7EprGsLGk1LZ9htNZ+
TJ2fj0ipyTaVPcVhPC6vTJ/A8WkTWjcEHpP9JdANhhnAk4mRFVFnkJOiA9XoH3DY
XiiSsr6ToNd/E+9i4I/rIUbfz6NwPS5pF6QKKsSvAfn6m5K7cQxqCBv9ALaOZwkb
xtJer85QSW370Tg6JUq9qmhF3hiS50nT6w3FDFKbe+Sn
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:04 2024 by rpki-client on console-ams.rpki-client.org