Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/uUGkeNUXxSrHbMc5BCFPMSyfOVs.roa
File:                     uUGkeNUXxSrHbMc5BCFPMSyfOVs.roa (raw, json)
Hash identifier:          ONoJc7p1QRejrrzOSomdnxIfEta0+6vyJgJdLqRjfNQ=
Subject key identifier:   B9:41:A4:78:D5:17:C5:2A:C7:6C:C7:39:04:21:4F:31:2C:9F:39:5B
Certificate issuer:       /CN=daddd1b636fe3df1df3d811f644583312a651337
Certificate serial:       018CC5DC157522B5193E488D4BE25EC147CB
Authority key identifier: DA:DD:D1:B6:36:FE:3D:F1:DF:3D:81:1F:64:45:83:31:2A:65:13:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2t3Rtjb-PfHfPYEfZEWDMSplEzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/uUGkeNUXxSrHbMc5BCFPMSyfOVs.roa
Signing time:             Mon 01 Jan 2024 16:29:44 +0000
ROA not before:           Mon 01 Jan 2024 16:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49010
IP address blocks:        193.162.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/2t3Rtjb-PfHfPYEfZEWDMSplEzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/2t3Rtjb-PfHfPYEfZEWDMSplEzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2t3Rtjb-PfHfPYEfZEWDMSplEzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:15:75:22:b5:19:3e:48:8d:4b:e2:5e:c1:47:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daddd1b636fe3df1df3d811f644583312a651337
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b941a478d517c52ac76cc73904214f312c9f395b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:46:4c:3f:f0:6e:02:a7:33:5e:29:16:31:35:
                    16:c8:11:93:d2:bd:bb:00:13:c0:64:89:d9:60:f2:
                    87:bd:5c:e9:62:0b:c9:0c:06:a9:b0:4e:ba:0c:33:
                    8e:1d:9a:57:3b:f0:6c:4b:40:ce:f4:66:7b:e5:27:
                    88:c0:3e:95:a1:92:10:50:a9:1b:08:78:a2:7d:5b:
                    2a:6b:3c:0e:7b:1e:e7:71:fc:20:ce:02:0c:f4:1b:
                    5d:11:a2:0b:67:0c:5d:8d:0a:c3:cd:ee:78:30:e6:
                    39:fc:94:c4:f1:25:6e:c7:bc:6f:10:69:fa:62:67:
                    cc:c9:96:3f:1b:f9:f9:02:f1:8f:df:f1:6d:62:46:
                    2f:b5:fd:2b:e3:af:22:9e:14:f7:13:4a:ad:17:ef:
                    eb:10:0b:6a:e6:28:02:f8:81:31:37:ce:4b:2b:05:
                    66:d5:2c:9d:59:18:a1:a8:4a:5c:14:7c:5b:c9:d3:
                    e8:8a:22:3d:de:5f:7e:0f:1b:48:0f:3b:31:73:f8:
                    13:38:c9:f8:bc:ee:57:15:48:ff:da:94:5e:e4:68:
                    3e:79:5d:25:b6:71:eb:b9:af:bb:63:20:c2:1b:f4:
                    5c:6f:83:d2:42:92:e6:bf:b6:f5:ef:3a:df:a1:ac:
                    13:f5:99:39:73:17:61:b6:3f:68:80:d9:35:a5:4c:
                    df:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:41:A4:78:D5:17:C5:2A:C7:6C:C7:39:04:21:4F:31:2C:9F:39:5B
            X509v3 Authority Key Identifier:
                keyid:DA:DD:D1:B6:36:FE:3D:F1:DF:3D:81:1F:64:45:83:31:2A:65:13:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2t3Rtjb-PfHfPYEfZEWDMSplEzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/uUGkeNUXxSrHbMc5BCFPMSyfOVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/2t3Rtjb-PfHfPYEfZEWDMSplEzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:07:e9:ef:01:1a:2a:47:29:08:08:95:29:21:25:8e:1f:87:
         d7:9d:e6:29:8e:3a:de:18:51:f4:60:62:01:6e:3f:72:6e:7c:
         e6:57:42:0f:a6:63:5a:9d:b3:a6:b0:3d:30:48:50:af:84:5a:
         ee:3c:d0:87:e7:7a:d7:6d:b1:a1:80:f6:47:26:63:f1:76:79:
         3c:2d:97:43:eb:9b:e2:a8:35:81:d8:dc:91:b6:df:7e:6b:97:
         51:9a:2f:f2:fb:4d:11:8d:5a:51:a5:8b:0d:eb:31:33:90:45:
         93:ac:82:99:75:4a:dc:a5:36:df:c8:f7:2b:d7:95:51:77:c9:
         78:80:af:27:90:f8:04:56:49:72:fc:45:9d:3d:fd:d8:75:3b:
         81:28:dd:b5:32:3f:3d:ac:57:b8:c7:34:13:51:7f:c5:9d:18:
         f1:0d:20:14:41:59:d0:bc:3c:28:ad:a5:d3:d1:3a:6f:4a:7e:
         3a:fb:c4:b7:ee:78:10:b0:61:f5:c7:04:a1:26:47:9a:53:82:
         fa:94:27:96:f3:8e:f8:c4:df:66:2b:35:10:43:07:26:95:0b:
         49:99:fa:70:bb:c9:de:1a:e2:0b:40:4f:68:9a:44:fb:0e:a7:
         e0:5e:cd:93:9e:dd:e5:89:24:7f:ab:34:54:99:2c:40:bb:19:
         8b:76:b2:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BV1IrUZPkiNS+JewUfLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZGRkMWI2MzZmZTNkZjFkZjNkODExZjY0NDU4MzMxMmE2
NTEzMzcwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTQxYTQ3OGQ1MTdjNTJhYzc2Y2M3MzkwNDIxNGYzMTJjOWYzOTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0ZMP/BuAqczXikWMTUWyBGT0r27
ABPAZInZYPKHvVzpYgvJDAapsE66DDOOHZpXO/BsS0DO9GZ75SeIwD6VoZIQUKkb
CHiifVsqazwOex7ncfwgzgIM9BtdEaILZwxdjQrDze54MOY5/JTE8SVux7xvEGn6
YmfMyZY/G/n5AvGP3/FtYkYvtf0r468inhT3E0qtF+/rEAtq5igC+IExN85LKwVm
1SydWRihqEpcFHxbydPoiiI93l9+DxtIDzsxc/gTOMn4vO5XFUj/2pRe5Gg+eV0l
tnHrua+7YyDCG/Rcb4PSQpLmv7b17zrfoawT9Zk5cxdhtj9ogNk1pUzf3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlBpHjVF8Uqx2zHOQQhTzEsnzlbMB8GA1UdIwQY
MBaAFNrd0bY2/j3x3z2BH2RFgzEqZRM3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnQzUnRqYi1QZkhmUFlFZlpFV0RNU3BsRXpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi80NjQzZDctMzdkNy00YjNjLWExYTUt
NjMyY2U2N2MwODVhLzEvdVVHa2VOVVh4U3JIYk1jNUJDRlBNU3lmT1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi80NjQzZDctMzdkNy00YjNjLWExYTUtNjMyY2U2N2MwODVh
LzEvMnQzUnRqYi1QZkhmUFlFZlpFV0RNU3BsRXpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaJmMA0G
CSqGSIb3DQEBCwUAA4IBAQCaB+nvARoqRykICJUpISWOH4fXneYpjjreGFH0YGIB
bj9ybnzmV0IPpmNanbOmsD0wSFCvhFruPNCH53rXbbGhgPZHJmPxdnk8LZdD65vi
qDWB2NyRtt9+a5dRmi/y+00RjVpRpYsN6zEzkEWTrIKZdUrcpTbfyPcr15VRd8l4
gK8nkPgEVkly/EWdPf3YdTuBKN21Mj89rFe4xzQTUX/FnRjxDSAUQVnQvDworaXT
0TpvSn46+8S37ngQsGH1xwShJkeaU4L6lCeW8474xN9mKzUQQwcmlQtJmfpwu8ne
GuILQE9omkT7DqfgXs2Tnt3liSR/qzRUmSxAuxmLdrLw
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:12:42 2024 by rpki-client on console-fra.rpki-client.org