Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/uMvd_nJcWm9w4ulVxRmUL2Mw5EU.roa
File:                     uMvd_nJcWm9w4ulVxRmUL2Mw5EU.roa (raw, json)
Hash identifier:          SAHukrlqJJQ+fehc+GUlZxb/+zlDU526yG2qdVlPYdY=
Subject key identifier:   B8:CB:DD:FE:72:5C:5A:6F:70:E2:E9:55:C5:19:94:2F:63:30:E4:45
Certificate issuer:       /CN=2f5cafd5efd2df2c9b309bbd5eed47a6918984b0
Certificate serial:       018CC493306D5541ADABA6B3CBA08143A9EC
Authority key identifier: 2F:5C:AF:D5:EF:D2:DF:2C:9B:30:9B:BD:5E:ED:47:A6:91:89:84:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yv1e_S3yybMJu9Xu1HppGJhLA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/uMvd_nJcWm9w4ulVxRmUL2Mw5EU.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20700
IP address blocks:        194.11.205.0/24 maxlen: 24
                          194.11.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/L1yv1e_S3yybMJu9Xu1HppGJhLA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/L1yv1e_S3yybMJu9Xu1HppGJhLA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yv1e_S3yybMJu9Xu1HppGJhLA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:30:6d:55:41:ad:ab:a6:b3:cb:a0:81:43:a9:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cafd5efd2df2c9b309bbd5eed47a6918984b0
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8cbddfe725c5a6f70e2e955c519942f6330e445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d6:45:1b:b9:05:21:63:1d:af:fc:c9:b4:85:
                    bb:90:3e:6b:79:3a:d9:00:9e:ea:c2:ad:51:8a:35:
                    a3:a9:c1:e1:9b:9b:5d:f2:d6:5e:9a:84:c8:d4:06:
                    a0:eb:dc:62:84:14:0c:a8:6a:f2:7e:05:d6:dd:85:
                    e2:21:da:2d:ff:f7:ef:98:05:bd:85:10:50:de:c4:
                    0b:29:ed:53:56:0a:87:ed:b4:f8:b4:42:da:2d:ce:
                    f5:f7:3d:bc:b1:5e:4d:3c:03:b1:b0:e9:b4:26:64:
                    6f:9a:f7:ff:e7:2c:c4:76:fa:3d:17:b6:d5:1c:d5:
                    5e:ca:ee:4c:a8:04:88:db:03:8c:ba:2d:c1:22:ff:
                    e2:d9:36:fa:36:89:6f:f2:38:a2:f1:a3:f8:60:64:
                    c1:c5:03:3c:3b:bc:98:ce:15:6f:af:a3:4c:87:1b:
                    c9:c9:f1:f3:c9:c1:e0:fa:e0:a0:52:2f:b1:a9:83:
                    4d:58:7b:52:7e:cc:4e:c3:4a:b0:5f:03:47:8f:7e:
                    7c:ee:a6:3a:7d:3b:23:a2:91:c9:4a:b1:3f:48:57:
                    5b:4a:e0:20:82:a7:6e:51:34:1c:76:57:36:81:c0:
                    04:39:72:49:6b:a4:a5:22:a9:d7:9a:72:39:5a:3b:
                    77:5e:ea:f4:63:de:a7:b8:cc:f1:23:db:00:7f:17:
                    5c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:CB:DD:FE:72:5C:5A:6F:70:E2:E9:55:C5:19:94:2F:63:30:E4:45
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AF:D5:EF:D2:DF:2C:9B:30:9B:BD:5E:ED:47:A6:91:89:84:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yv1e_S3yybMJu9Xu1HppGJhLA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/uMvd_nJcWm9w4ulVxRmUL2Mw5EU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/3b0ba6-fc31-4ec6-8161-ad827e3edf6c/1/L1yv1e_S3yybMJu9Xu1HppGJhLA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:75:32:bc:0c:7f:6d:a5:2b:4c:0c:e1:46:2a:9a:aa:44:30:
         f7:ab:b9:e0:6f:84:bf:f0:4e:1a:61:a0:97:17:82:bc:c9:d1:
         68:49:f4:96:64:59:0c:3b:46:18:eb:01:c5:44:a7:45:70:9c:
         87:c2:63:af:88:aa:19:ae:37:f0:82:99:57:ee:5c:91:09:4a:
         90:00:3e:d1:02:77:2f:c3:ec:ad:8f:9f:3f:c5:8c:e8:e0:af:
         3b:db:26:65:6f:c2:ac:9a:a1:ae:6f:b1:98:f4:41:32:a3:99:
         92:11:ea:a0:72:40:ab:68:19:b0:da:27:9f:17:e5:ea:50:11:
         26:bb:eb:4a:d7:2e:4f:9d:e0:79:24:f6:10:d1:f9:f8:bd:0d:
         53:23:b1:2e:9a:bb:44:e3:dc:a7:66:e5:9f:84:4e:07:e5:ec:
         d4:77:7c:fc:50:9d:ed:e1:d6:ab:e8:c1:2f:17:2c:72:45:3a:
         e2:dc:95:fd:55:24:5b:49:2b:98:c8:d0:b9:9d:10:60:ac:8b:
         c6:e2:62:87:bb:6d:51:d1:57:57:fe:96:97:ed:9f:76:25:9e:
         4c:d0:27:31:0c:55:2b:3c:cb:c1:52:50:36:bb:4a:f8:eb:d5:
         e6:39:df:7e:10:96:af:b6:f4:1c:b6:06:a1:42:06:1f:43:7b:
         92:87:17:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzBtVUGtq6azy6CBQ6nsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhZmQ1ZWZkMmRmMmM5YjMwOWJiZDVlZWQ0N2E2OTE4
OTg0YjAwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGNiZGRmZTcyNWM1YTZmNzBlMmU5NTVjNTE5OTQyZjYzMzBlNDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNZFG7kFIWMdr/zJtIW7kD5reTrZ
AJ7qwq1RijWjqcHhm5td8tZemoTI1Aag69xihBQMqGryfgXW3YXiIdot//fvmAW9
hRBQ3sQLKe1TVgqH7bT4tELaLc719z28sV5NPAOxsOm0JmRvmvf/5yzEdvo9F7bV
HNVeyu5MqASI2wOMui3BIv/i2Tb6Nolv8jii8aP4YGTBxQM8O7yYzhVvr6NMhxvJ
yfHzycHg+uCgUi+xqYNNWHtSfsxOw0qwXwNHj3587qY6fTsjopHJSrE/SFdbSuAg
gqduUTQcdlc2gcAEOXJJa6SlIqnXmnI5Wjt3Xur0Y96nuMzxI9sAfxdchwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjL3f5yXFpvcOLpVcUZlC9jMORFMB8GA1UdIwQY
MBaAFC9cr9Xv0t8smzCbvV7tR6aRiYSwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5djFlX1MzeXliTUp1OVh1MUhwcEdKaExBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8zYjBiYTYtZmMzMS00ZWM2LTgxNjEt
YWQ4MjdlM2VkZjZjLzEvdU12ZF9uSmNXbTl3NHVsVnhSbVVMMk13NUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8zYjBiYTYtZmMzMS00ZWM2LTgxNjEtYWQ4MjdlM2VkZjZj
LzEvTDF5djFlX1MzeXliTUp1OVh1MUhwcEdKaExBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwgvMMA0G
CSqGSIb3DQEBCwUAA4IBAQCpdTK8DH9tpStMDOFGKpqqRDD3q7ngb4S/8E4aYaCX
F4K8ydFoSfSWZFkMO0YY6wHFRKdFcJyHwmOviKoZrjfwgplX7lyRCUqQAD7RAncv
w+ytj58/xYzo4K872yZlb8KsmqGub7GY9EEyo5mSEeqgckCraBmw2iefF+XqUBEm
u+tK1y5PneB5JPYQ0fn4vQ1TI7EumrtE49ynZuWfhE4H5ezUd3z8UJ3t4dar6MEv
FyxyRTri3JX9VSRbSSuYyNC5nRBgrIvG4mKHu21R0VdX/paX7Z92JZ5M0CcxDFUr
PMvBUlA2u0r469XmOd9+EJavtvQctgahQgYfQ3uShxd1
-----END CERTIFICATE-----
Generated at Tue Nov 26 03:11:56 2024 by rpki-client on console-fra.rpki-client.org