Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/F5tEtr3Tk6wK5qWkngnxM43BNZI.roa
File:                     F5tEtr3Tk6wK5qWkngnxM43BNZI.roa (raw, json)
Hash identifier:          s//PD9tU3cNxr5dXQWU6dbT7t/ecZNlrfjDXgsrjgJg=
Subject key identifier:   17:9B:44:B6:BD:D3:93:AC:0A:E6:A5:A4:9E:09:F1:33:8D:C1:35:92
Certificate issuer:       /CN=aba10057bcd00762eef43823c030e7e32d572241
Certificate serial:       018E94629066ACA210C19ED6083E64E80965
Authority key identifier: AB:A1:00:57:BC:D0:07:62:EE:F4:38:23:C0:30:E7:E3:2D:57:22:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/F5tEtr3Tk6wK5qWkngnxM43BNZI.roa
Signing time:             Sun 31 Mar 2024 12:01:11 +0000
ROA not before:           Sun 31 Mar 2024 12:01:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     401305
IP address blocks:        160.202.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:94:62:90:66:ac:a2:10:c1:9e:d6:08:3e:64:e8:09:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aba10057bcd00762eef43823c030e7e32d572241
        Validity
            Not Before: Mar 31 12:01:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=179b44b6bdd393ac0ae6a5a49e09f1338dc13592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c1:4b:00:0e:5c:c4:f7:df:c8:a9:14:ff:14:
                    68:de:65:ae:da:31:41:5b:c8:4d:28:cc:09:b6:c6:
                    7a:15:46:9e:99:f3:31:4c:19:7f:d4:82:a1:f9:75:
                    7c:cb:5a:59:f8:cf:84:51:6b:6e:f7:88:8f:c1:b8:
                    46:b9:e5:2c:31:bd:38:b2:5f:d3:d1:b4:48:91:58:
                    c6:61:63:17:f0:b6:e2:95:e4:cf:cd:6c:8f:fd:35:
                    a7:d5:85:80:70:6e:42:05:ba:70:4f:72:17:b3:28:
                    14:05:c6:8e:ad:98:3f:ea:0f:78:bc:53:16:64:e0:
                    c5:01:e2:7d:f2:15:2e:32:03:40:43:6b:c7:b9:63:
                    2f:25:8f:61:6a:f9:6a:a4:21:c4:fa:d2:ef:81:52:
                    f1:a8:36:31:03:9c:22:6d:a2:a8:55:0b:62:a6:64:
                    2f:99:64:db:a6:ac:93:ed:23:e8:c9:6f:89:23:6c:
                    3d:65:ea:5c:82:a8:c6:f5:a2:14:86:d5:d3:48:df:
                    04:52:c2:9c:4b:7c:14:13:29:46:cb:cc:70:5e:4c:
                    7d:c7:e7:3d:e6:e2:f9:00:7b:83:3b:ed:6a:f4:73:
                    da:2e:87:75:e7:86:ce:c9:4a:d0:f0:76:55:ea:ef:
                    3d:59:4d:51:b8:6d:f7:de:1d:9c:de:34:24:5c:95:
                    ab:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:9B:44:B6:BD:D3:93:AC:0A:E6:A5:A4:9E:09:F1:33:8D:C1:35:92
            X509v3 Authority Key Identifier:
                keyid:AB:A1:00:57:BC:D0:07:62:EE:F4:38:23:C0:30:E7:E3:2D:57:22:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/F5tEtr3Tk6wK5qWkngnxM43BNZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.202.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:09:bb:3d:1a:40:42:bc:e3:73:10:9a:69:1e:92:df:64:db:
         58:dc:0f:16:27:18:45:ea:af:de:bf:87:ba:97:07:98:cc:01:
         03:4c:ed:04:cf:d6:60:8b:6f:ad:fd:d5:07:37:19:fa:8b:ce:
         ba:a0:b5:fc:cf:1c:24:76:6f:86:2f:26:76:1d:57:57:f4:94:
         4f:fe:32:25:b8:eb:5f:9f:e8:54:f9:20:d5:05:b5:13:ee:f4:
         b4:f5:58:9e:a7:ab:e6:22:25:5e:6c:a9:74:69:b0:f3:74:80:
         a4:ce:a5:3a:9d:c0:99:c5:6c:7a:6f:51:51:56:53:e8:f0:90:
         90:5f:be:8c:52:42:89:5e:55:dc:f5:5e:7e:af:35:9a:9d:20:
         e7:6c:09:74:6f:e0:b3:4b:e9:74:bf:1e:44:c5:14:4b:ca:55:
         62:b4:db:fe:3c:cf:02:32:bf:df:99:6e:4a:78:25:95:5d:80:
         86:fd:75:ae:10:a0:63:4a:34:22:95:2b:95:39:3f:6b:57:f5:
         5e:93:4f:50:53:c5:24:62:e4:cd:ba:50:49:44:d8:22:5c:98:
         c5:0e:23:6b:c2:ff:a7:cf:f8:f8:f0:88:d2:1c:ca:19:94:3e:
         7a:36:04:49:40:70:a9:a0:fb:c2:28:6e:9f:5b:2f:55:ca:b5:
         40:69:7c:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6UYpBmrKIQwZ7WCD5k6AllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYTEwMDU3YmNkMDA3NjJlZWY0MzgyM2MwMzBlN2UzMmQ1
NzIyNDEwHhcNMjQwMzMxMTIwMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzliNDRiNmJkZDM5M2FjMGFlNmE1YTQ5ZTA5ZjEzMzhkYzEzNTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMFLAA5cxPffyKkU/xRo3mWu2jFB
W8hNKMwJtsZ6FUaemfMxTBl/1IKh+XV8y1pZ+M+EUWtu94iPwbhGueUsMb04sl/T
0bRIkVjGYWMX8LbileTPzWyP/TWn1YWAcG5CBbpwT3IXsygUBcaOrZg/6g94vFMW
ZODFAeJ98hUuMgNAQ2vHuWMvJY9havlqpCHE+tLvgVLxqDYxA5wibaKoVQtipmQv
mWTbpqyT7SPoyW+JI2w9ZepcgqjG9aIUhtXTSN8EUsKcS3wUEylGy8xwXkx9x+c9
5uL5AHuDO+1q9HPaLod154bOyUrQ8HZV6u89WU1RuG333h2c3jQkXJWrmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBebRLa905OsCualpJ4J8TONwTWSMB8GA1UdIwQY
MBaAFKuhAFe80Adi7vQ4I8Aw5+MtVyJBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTZFQVY3elFCMkx1OURnandERG40eTFYSWtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi84MDM1M2QtNGYyMi00ZDk0LWJlYWQt
ZGQyMGUyOTk0Y2QwLzEvRjV0RXRyM1RrNndLNXFXa25nbnhNNDNCTlpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi84MDM1M2QtNGYyMi00ZDk0LWJlYWQtZGQyMGUyOTk0Y2Qw
LzEvcTZFQVY3elFCMkx1OURnandERG40eTFYSWtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoMoUMA0G
CSqGSIb3DQEBCwUAA4IBAQB7Cbs9GkBCvONzEJppHpLfZNtY3A8WJxhF6q/ev4e6
lweYzAEDTO0Ez9Zgi2+t/dUHNxn6i866oLX8zxwkdm+GLyZ2HVdX9JRP/jIluOtf
n+hU+SDVBbUT7vS09Viep6vmIiVebKl0abDzdICkzqU6ncCZxWx6b1FRVlPo8JCQ
X76MUkKJXlXc9V5+rzWanSDnbAl0b+CzS+l0vx5ExRRLylVitNv+PM8CMr/fmW5K
eCWVXYCG/XWuEKBjSjQilSuVOT9rV/Vek09QU8UkYuTNulBJRNgiXJjFDiNrwv+n
z/j48IjSHMoZlD56NgRJQHCpoPvCKG6fWy9VyrVAaXwL
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:56:20 2024 by rpki-client on console-ams.rpki-client.org