Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/XxvfJmTkWtmlpvaOkZae8cXP4cA.roa
File:                     XxvfJmTkWtmlpvaOkZae8cXP4cA.roa (raw, json)
Hash identifier:          tEbtSxoBGzvascIxCqmb8Ve+uQX7g8UXpGVLNYyliGo=
Subject key identifier:   5F:1B:DF:26:64:E4:5A:D9:A5:A6:F6:8E:91:96:9E:F1:C5:CF:E1:C0
Certificate issuer:       /CN=97aaa555a329edd86606cc0e3e296bd478ac73de
Certificate serial:       018CC8DF9FB7E66996DA872238E92FAA2BDB
Authority key identifier: 97:AA:A5:55:A3:29:ED:D8:66:06:CC:0E:3E:29:6B:D4:78:AC:73:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l6qlVaMp7dhmBswOPilr1Hisc94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/XxvfJmTkWtmlpvaOkZae8cXP4cA.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204431
IP address blocks:        185.249.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/l6qlVaMp7dhmBswOPilr1Hisc94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/l6qlVaMp7dhmBswOPilr1Hisc94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l6qlVaMp7dhmBswOPilr1Hisc94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9f:b7:e6:69:96:da:87:22:38:e9:2f:aa:2b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97aaa555a329edd86606cc0e3e296bd478ac73de
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f1bdf2664e45ad9a5a6f68e91969ef1c5cfe1c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:89:68:a4:2c:00:5e:39:1a:a2:66:4a:f6:2d:
                    b7:c2:e3:28:59:0e:33:75:e3:2d:f5:d9:4b:1e:33:
                    8d:44:f6:7d:5e:6a:ab:59:22:d2:72:e7:88:84:ef:
                    ae:6a:c6:bd:51:99:d5:6c:c0:e7:cb:0b:fc:28:5d:
                    ed:3e:0c:2e:56:30:37:5e:71:9b:6c:54:49:29:4e:
                    7a:40:ff:f5:5c:48:7a:7a:91:8d:62:3d:22:a8:bd:
                    b9:2b:93:08:a3:7b:c7:16:fb:68:36:ba:f9:20:c0:
                    f6:7e:2c:85:18:39:47:9d:59:a8:54:c0:0f:bf:5f:
                    65:91:95:57:b5:d5:78:d3:4c:2b:66:ea:06:03:7a:
                    1e:c3:9f:bd:5a:f3:bc:77:69:41:24:88:af:73:9d:
                    ab:61:f2:10:0a:78:64:eb:c6:be:5a:70:50:55:ac:
                    12:16:a8:ff:88:41:84:19:80:4f:30:28:1e:39:e7:
                    4a:bf:f1:e8:9d:c2:76:72:eb:0a:1b:86:18:13:a0:
                    94:d8:ef:ae:95:c0:ed:e9:b2:42:dc:3f:9c:a2:d0:
                    3f:1d:8c:aa:9d:35:a4:df:32:f3:70:31:64:5d:df:
                    a3:43:ee:62:0b:99:a1:09:fa:2e:29:cf:ae:d2:eb:
                    60:52:3f:69:bc:99:ae:0b:64:93:29:e4:9a:11:95:
                    a4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1B:DF:26:64:E4:5A:D9:A5:A6:F6:8E:91:96:9E:F1:C5:CF:E1:C0
            X509v3 Authority Key Identifier:
                keyid:97:AA:A5:55:A3:29:ED:D8:66:06:CC:0E:3E:29:6B:D4:78:AC:73:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l6qlVaMp7dhmBswOPilr1Hisc94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/XxvfJmTkWtmlpvaOkZae8cXP4cA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/1195ab-ed41-452f-bc22-7fd0deae32c5/1/l6qlVaMp7dhmBswOPilr1Hisc94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:26:54:a5:0f:77:77:a9:da:57:67:f3:48:9b:10:85:5c:6e:
         27:32:6b:e4:58:95:08:4d:d6:87:c6:0c:0d:1c:13:f8:1c:4c:
         f6:e4:e9:3b:7e:be:70:78:a2:b9:b3:4f:c6:b3:ce:5f:6f:5f:
         ef:9e:a7:2b:40:bb:66:26:b2:d4:79:de:71:31:69:cc:d6:a9:
         4d:88:78:9f:9c:46:59:af:a2:5f:e3:03:86:49:6b:e4:0d:34:
         16:16:24:83:3a:09:37:a4:51:37:87:ea:a1:77:ea:3b:8c:93:
         12:8a:dd:d7:ea:4f:f1:14:f0:9b:4c:c5:10:3e:60:5f:32:0c:
         8b:54:ea:c4:e7:12:60:70:54:88:d5:01:be:39:ec:f9:bc:cf:
         ca:2c:9e:0a:a6:a4:ff:cc:da:91:f2:85:be:7a:ac:57:f3:3a:
         ec:98:4e:b4:ec:9d:10:42:fb:9b:ee:8e:71:cb:d7:2e:c8:26:
         86:a6:e9:1b:c5:70:f8:f0:ad:4b:a0:97:b2:65:47:3b:7e:dd:
         df:de:da:23:5a:56:69:ad:6d:4f:85:e4:08:fa:0a:6c:b9:6a:
         45:e6:eb:7e:18:a3:63:97:b1:87:74:2b:89:cf:dc:64:d8:e2:
         8d:17:6f:ed:a5:b7:3a:ef:19:e5:f5:87:c1:cd:09:67:85:5b:
         37:8e:00:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35+35mmW2ociOOkvqivbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YWFhNTU1YTMyOWVkZDg2NjA2Y2MwZTNlMjk2YmQ0Nzhh
YzczZGUwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFiZGYyNjY0ZTQ1YWQ5YTVhNmY2OGU5MTk2OWVmMWM1Y2ZlMWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsolopCwAXjkaomZK9i23wuMoWQ4z
deMt9dlLHjONRPZ9XmqrWSLScueIhO+uasa9UZnVbMDnywv8KF3tPgwuVjA3XnGb
bFRJKU56QP/1XEh6epGNYj0iqL25K5MIo3vHFvtoNrr5IMD2fiyFGDlHnVmoVMAP
v19lkZVXtdV400wrZuoGA3oew5+9WvO8d2lBJIivc52rYfIQCnhk68a+WnBQVawS
Fqj/iEGEGYBPMCgeOedKv/HoncJ2cusKG4YYE6CU2O+ulcDt6bJC3D+cotA/HYyq
nTWk3zLzcDFkXd+jQ+5iC5mhCfouKc+u0utgUj9pvJmuC2STKeSaEZWkfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8b3yZk5FrZpab2jpGWnvHFz+HAMB8GA1UdIwQY
MBaAFJeqpVWjKe3YZgbMDj4pa9R4rHPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDZxbFZhTXA3ZGhtQnN3T1BpbHIxSGlzYzk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xMTk1YWItZWQ0MS00NTJmLWJjMjIt
N2ZkMGRlYWUzMmM1LzEvWHh2ZkptVGtXdG1scHZhT2taYWU4Y1hQNGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xMTk1YWItZWQ0MS00NTJmLWJjMjItN2ZkMGRlYWUzMmM1
LzEvbDZxbFZhTXA3ZGhtQnN3T1BpbHIxSGlzYzk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufkQMA0G
CSqGSIb3DQEBCwUAA4IBAQBGJlSlD3d3qdpXZ/NImxCFXG4nMmvkWJUITdaHxgwN
HBP4HEz25Ok7fr5weKK5s0/Gs85fb1/vnqcrQLtmJrLUed5xMWnM1qlNiHifnEZZ
r6Jf4wOGSWvkDTQWFiSDOgk3pFE3h+qhd+o7jJMSit3X6k/xFPCbTMUQPmBfMgyL
VOrE5xJgcFSI1QG+Oez5vM/KLJ4KpqT/zNqR8oW+eqxX8zrsmE607J0QQvub7o5x
y9cuyCaGpukbxXD48K1LoJeyZUc7ft3f3tojWlZprW1PheQI+gpsuWpF5ut+GKNj
l7GHdCuJz9xk2OKNF2/tpbc67xnl9YfBzQlnhVs3jgDe
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:13:27 2024 by rpki-client on console-fra.rpki-client.org