Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/940d84-a6ba-4219-ae11-7427f541b3df/1/FgL-KOXBLD6aOYzcIdmMq2z0K8o.roa
File:                     FgL-KOXBLD6aOYzcIdmMq2z0K8o.roa (raw, json)
Hash identifier:          pew/7t1Fwmit4cZe74ofh61E0oGoIHH6+Iiv7xgFJa8=
Subject key identifier:   16:02:FE:28:E5:C1:2C:3E:9A:39:8C:DC:21:D9:8C:AB:6C:F4:2B:CA
Certificate issuer:       /CN=11836ccc1935aeb97d67cb46bdd0c6107f8610e4
Certificate serial:       018CC727370FAE8E076C50E349DDB8D5B501
Authority key identifier: 11:83:6C:CC:19:35:AE:B9:7D:67:CB:46:BD:D0:C6:10:7F:86:10:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EYNszBk1rrl9Z8tGvdDGEH-GEOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/940d84-a6ba-4219-ae11-7427f541b3df/1/FgL-KOXBLD6aOYzcIdmMq2z0K8o.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13127
IP address blocks:        193.176.208.0/24 maxlen: 24
                          194.53.33.0/24 maxlen: 24
                          194.53.36.0/24 maxlen: 24
                          194.53.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/940d84-a6ba-4219-ae11-7427f541b3df/1/EYNszBk1rrl9Z8tGvdDGEH-GEOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/940d84-a6ba-4219-ae11-7427f541b3df/1/EYNszBk1rrl9Z8tGvdDGEH-GEOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EYNszBk1rrl9Z8tGvdDGEH-GEOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:37:0f:ae:8e:07:6c:50:e3:49:dd:b8:d5:b5:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11836ccc1935aeb97d67cb46bdd0c6107f8610e4
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1602fe28e5c12c3e9a398cdc21d98cab6cf42bca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:24:b6:0e:55:3d:bc:08:25:ea:6f:5e:09:e4:
                    39:66:e8:87:e7:99:b2:91:dc:f4:e2:87:bf:ff:7e:
                    80:f6:34:27:af:a9:e2:d4:ab:d6:76:9d:d9:57:a7:
                    78:16:0d:b6:91:f2:73:86:ff:60:d8:97:bc:a7:04:
                    11:91:4e:21:4c:05:ac:e6:4c:29:aa:19:a6:5a:24:
                    2c:22:71:ad:de:d3:b6:3a:39:7d:e5:68:da:0a:46:
                    ea:39:5e:00:e5:b2:a4:ad:1c:c4:04:42:3f:7c:df:
                    36:88:1a:49:a8:9a:5d:7f:d7:a7:3b:1f:40:46:02:
                    f4:43:20:27:5f:c3:6b:81:2d:29:de:59:f2:1e:39:
                    7a:80:a2:3e:68:98:dd:4d:f4:9b:65:54:be:a9:6a:
                    92:8f:e4:17:15:84:55:10:8c:cf:78:d3:d6:e7:6a:
                    c1:53:4c:f4:3e:6a:dc:a9:9e:80:8c:4d:75:3a:58:
                    03:aa:15:cc:cc:5d:3d:eb:9f:34:51:5e:a9:5d:45:
                    81:cb:ac:72:79:3b:dd:4a:84:61:1f:64:af:36:31:
                    87:a8:1a:f4:31:77:8a:8e:d2:ae:0b:60:43:73:78:
                    64:5e:8f:60:e0:6f:96:27:21:26:47:46:f9:c9:ef:
                    3d:6a:bf:11:82:fe:49:a7:15:56:4c:60:be:ad:b1:
                    ba:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:02:FE:28:E5:C1:2C:3E:9A:39:8C:DC:21:D9:8C:AB:6C:F4:2B:CA
            X509v3 Authority Key Identifier:
                keyid:11:83:6C:CC:19:35:AE:B9:7D:67:CB:46:BD:D0:C6:10:7F:86:10:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EYNszBk1rrl9Z8tGvdDGEH-GEOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/940d84-a6ba-4219-ae11-7427f541b3df/1/FgL-KOXBLD6aOYzcIdmMq2z0K8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/940d84-a6ba-4219-ae11-7427f541b3df/1/EYNszBk1rrl9Z8tGvdDGEH-GEOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.208.0/24
                  194.53.33.0/24
                  194.53.35.0-194.53.36.255

    Signature Algorithm: sha256WithRSAEncryption
         68:7e:14:90:39:c3:f3:19:dc:39:ba:f0:d4:d5:49:bd:16:c7:
         2b:b2:32:e6:5e:ec:a3:85:47:21:48:48:06:79:24:52:26:2f:
         0e:bc:4b:a6:46:83:1b:98:9b:71:10:9b:c2:1e:29:b1:e0:57:
         1f:63:17:22:1b:11:be:05:86:bb:c5:23:eb:87:38:d1:d5:59:
         c5:c7:d3:58:e8:39:0b:d8:17:83:b0:e8:c1:6e:4d:81:ef:f8:
         b1:b1:38:09:ca:1d:e2:0b:1e:49:05:02:8d:4a:f8:ef:54:91:
         66:8a:e6:dd:f4:f1:91:0a:3b:2f:b4:ee:3b:88:f6:b6:74:4e:
         15:86:1f:da:3d:70:43:e0:07:10:4f:ef:69:df:73:d4:6f:06:
         06:a0:3f:84:44:8f:84:3e:95:e6:44:8d:c0:80:57:eb:20:b4:
         3e:09:24:8e:a8:89:90:fc:bf:02:f2:10:3f:1e:fd:d1:8a:5f:
         27:77:6c:73:e7:ac:0b:ce:d9:43:30:ed:f6:cd:12:75:eb:42:
         d2:c7:3e:aa:b1:44:ee:cc:e9:97:d0:c7:13:83:df:e8:b5:b3:
         2e:f0:b7:9f:9b:0b:6e:b7:c2:53:1d:79:b8:91:89:17:13:d2:
         11:e3:2e:72:15:b4:79:20:c8:39:8d:df:aa:1a:d7:2d:96:42:
         9f:e0:4b:e8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzHJzcPro4HbFDjSd241bUBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExODM2Y2NjMTkzNWFlYjk3ZDY3Y2I0NmJkZDBjNjEwN2Y4
NjEwZTQwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjAyZmUyOGU1YzEyYzNlOWEzOThjZGMyMWQ5OGNhYjZjZjQyYmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCS2DlU9vAgl6m9eCeQ5ZuiH55my
kdz04oe//36A9jQnr6ni1KvWdp3ZV6d4Fg22kfJzhv9g2Je8pwQRkU4hTAWs5kwp
qhmmWiQsInGt3tO2Ojl95WjaCkbqOV4A5bKkrRzEBEI/fN82iBpJqJpdf9enOx9A
RgL0QyAnX8NrgS0p3lnyHjl6gKI+aJjdTfSbZVS+qWqSj+QXFYRVEIzPeNPW52rB
U0z0PmrcqZ6AjE11OlgDqhXMzF096580UV6pXUWBy6xyeTvdSoRhH2SvNjGHqBr0
MXeKjtKuC2BDc3hkXo9g4G+WJyEmR0b5ye89ar8Rgv5JpxVWTGC+rbG6owIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFBYC/ijlwSw+mjmM3CHZjKts9CvKMB8GA1UdIwQY
MBaAFBGDbMwZNa65fWfLRr3QxhB/hhDkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVlOc3pCazFycmw5Wjh0R3ZkREdFSC1HRU9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy85NDBkODQtYTZiYS00MjE5LWFlMTEt
NzQyN2Y1NDFiM2RmLzEvRmdMLUtPWEJMRDZhT1l6Y0lkbU1xMnowSzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy85NDBkODQtYTZiYS00MjE5LWFlMTEtNzQyN2Y1NDFiM2Rm
LzEvRVlOc3pCazFycmw5Wjh0R3ZkREdFSC1HRU9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAwbDQAwQA
wjUhMAwDBADCNSMDBADCNSQwDQYJKoZIhvcNAQELBQADggEBAGh+FJA5w/MZ3Dm6
8NTVSb0WxyuyMuZe7KOFRyFISAZ5JFImLw68S6ZGgxuYm3EQm8IeKbHgVx9jFyIb
Eb4FhrvFI+uHONHVWcXH01joOQvYF4Ow6MFuTYHv+LGxOAnKHeILHkkFAo1K+O9U
kWaK5t308ZEKOy+07juI9rZ0ThWGH9o9cEPgBxBP72nfc9RvBgagP4REj4Q+leZE
jcCAV+sgtD4JJI6oiZD8vwLyED8e/dGKXyd3bHPnrAvO2UMw7fbNEnXrQtLHPqqx
RO7M6ZfQxxOD3+i1sy7wt5+bC263wlMdebiRiRcT0hHjLnIVtHkgyDmN36oa1y2W
Qp/gS+g=
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:19:32 2024 by rpki-client on console-ams.rpki-client.org