Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/5mjugV4Jcg7IGF3o2LmuSdpoF8A.roa
File:                     5mjugV4Jcg7IGF3o2LmuSdpoF8A.roa (raw, json)
Hash identifier:          QDxSQ1ZqwzodAHwOxb5SMiJ2TEqIUMDNRVuRBA9ElqU=
Subject key identifier:   E6:68:EE:81:5E:09:72:0E:C8:18:5D:E8:D8:B9:AE:49:DA:68:17:C0
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018CC7277CECCD1DE5D66FCA69531DBE636C
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/5mjugV4Jcg7IGF3o2LmuSdpoF8A.roa
Signing time:             Mon 01 Jan 2024 22:31:43 +0000
ROA not before:           Mon 01 Jan 2024 22:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203004
IP address blocks:        85.143.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:7c:ec:cd:1d:e5:d6:6f:ca:69:53:1d:be:63:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 22:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e668ee815e09720ec8185de8d8b9ae49da6817c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:92:07:18:54:cb:0a:ba:51:2e:cc:37:fc:f7:
                    58:8d:ca:78:8a:d6:57:35:c6:0b:41:d3:39:f2:28:
                    c2:7d:eb:7d:75:a4:13:d6:17:06:ab:9d:7e:d4:4d:
                    dc:97:7d:51:75:bd:82:f3:70:30:8a:70:24:82:fa:
                    e6:a0:5d:7d:09:38:8c:f3:e8:e7:54:b5:00:54:55:
                    03:ff:44:35:9a:6c:be:6d:a9:1d:50:75:8c:96:dd:
                    a1:81:78:aa:d8:ba:77:7c:8a:c5:ef:93:9b:e6:3a:
                    1c:ee:19:24:b8:da:b5:80:61:5b:85:dc:37:bf:71:
                    c2:c8:fe:b8:1e:7c:1c:4c:e1:79:78:34:36:14:3c:
                    11:ad:8e:1d:8d:9f:76:f6:1c:4c:e9:8d:64:8a:6e:
                    fc:ed:5e:67:58:eb:2d:7d:0f:c1:25:ac:2e:ba:09:
                    17:bd:b2:82:de:e8:62:5b:ba:9d:aa:6f:63:df:38:
                    86:6f:b6:57:c0:b7:de:be:5c:58:2a:52:83:10:dd:
                    83:29:2c:c9:0d:84:e4:fa:89:9f:8d:ad:03:ae:48:
                    f6:1c:c6:01:ef:58:1d:9b:a6:91:3b:39:67:70:8a:
                    85:3f:9b:b5:58:20:75:96:0b:3d:e6:9d:42:55:0f:
                    f0:36:0b:e3:6e:b0:83:5c:dd:95:14:b3:76:24:a7:
                    49:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:68:EE:81:5E:09:72:0E:C8:18:5D:E8:D8:B9:AE:49:DA:68:17:C0
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/5mjugV4Jcg7IGF3o2LmuSdpoF8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:70:ec:30:d4:78:be:c2:08:c8:cc:9a:a6:be:67:59:c0:89:
         c0:2a:37:43:7e:c2:20:78:24:5d:71:61:14:1d:34:ad:dd:5d:
         c5:5d:4f:79:44:0e:35:8c:f2:3c:47:82:31:37:82:ad:94:2f:
         d0:75:00:6a:a6:30:25:6a:d0:60:3e:a6:f5:d2:1f:06:54:67:
         f3:05:2b:00:0e:17:b4:d1:24:c0:45:4a:d7:c0:f3:c9:14:b9:
         c1:22:0e:5d:dc:56:44:85:b0:cd:cf:c6:46:80:e1:9f:bd:59:
         9a:22:f7:ef:e8:fa:d8:3d:f0:ad:15:fc:bc:71:2d:b4:2f:f5:
         b5:7f:80:a6:00:b3:5c:6b:00:8a:a3:10:92:ac:1c:28:85:1c:
         f5:8c:51:fb:65:77:ba:19:26:fc:7c:db:ee:06:b3:50:fe:0b:
         9f:39:c0:5c:36:48:b5:44:01:ab:94:7c:bd:2d:95:fc:4b:13:
         b5:3f:85:30:d8:f7:22:b9:f1:3e:39:fc:a7:5a:4a:f9:ce:fd:
         bf:db:c7:1e:12:ef:0f:0a:2a:80:b3:80:47:bc:ca:ac:cf:a2:
         31:09:a2:2d:f2:96:83:d1:d5:d5:7f:b8:13:e8:e9:47:a6:42:
         67:07:80:32:13:c1:18:76:d3:67:e2:82:be:8a:27:a5:3c:09:
         fc:07:7b:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3zszR3l1m/KaVMdvmNsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTAxMjIzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjY4ZWU4MTVlMDk3MjBlYzgxODVkZThkOGI5YWU0OWRhNjgxN2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJIHGFTLCrpRLsw3/PdYjcp4itZX
NcYLQdM58ijCfet9daQT1hcGq51+1E3cl31Rdb2C83AwinAkgvrmoF19CTiM8+jn
VLUAVFUD/0Q1mmy+bakdUHWMlt2hgXiq2Lp3fIrF75Ob5joc7hkkuNq1gGFbhdw3
v3HCyP64HnwcTOF5eDQ2FDwRrY4djZ929hxM6Y1kim787V5nWOstfQ/BJawuugkX
vbKC3uhiW7qdqm9j3ziGb7ZXwLfevlxYKlKDEN2DKSzJDYTk+omfja0Drkj2HMYB
71gdm6aROzlncIqFP5u1WCB1lgs95p1CVQ/wNgvjbrCDXN2VFLN2JKdJtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZo7oFeCXIOyBhd6Ni5rknaaBfAMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvNW1qdWdWNEpjZzdJR0YzbzJMbXVTZHBvRjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVY/KMA0G
CSqGSIb3DQEBCwUAA4IBAQBhcOww1Hi+wgjIzJqmvmdZwInAKjdDfsIgeCRdcWEU
HTSt3V3FXU95RA41jPI8R4IxN4KtlC/QdQBqpjAlatBgPqb10h8GVGfzBSsADhe0
0STARUrXwPPJFLnBIg5d3FZEhbDNz8ZGgOGfvVmaIvfv6PrYPfCtFfy8cS20L/W1
f4CmALNcawCKoxCSrBwohRz1jFH7ZXe6GSb8fNvuBrNQ/gufOcBcNki1RAGrlHy9
LZX8SxO1P4Uw2PciufE+OfynWkr5zv2/28ceEu8PCiqAs4BHvMqsz6IxCaIt8paD
0dXVf7gT6OlHpkJnB4AyE8EYdtNn4oK+iielPAn8B3sU
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:45:52 2024 by rpki-client on console-ams.rpki-client.org