Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/1-hRCDKZAu3FQpS3yb3gPVEkJaRc.roa
File:                     1-hRCDKZAu3FQpS3yb3gPVEkJaRc.roa (raw, json)
Hash identifier:          XSd60KjXp5QYOHb08v7T3mRjK0NjJBkS+4FmssUoxO8=
Subject key identifier:   FA:14:42:0C:A6:40:BB:71:50:A5:2D:F2:6F:78:0F:54:49:09:69:17
Certificate issuer:       /CN=715b885c3b302fd50e6c22647a33dc47727fea95
Certificate serial:       018CC7943AAB3E5A8E413F255A07C893D866
Authority key identifier: 71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/1-hRCDKZAu3FQpS3yb3gPVEkJaRc.roa
Signing time:             Tue 02 Jan 2024 00:30:29 +0000
ROA not before:           Tue 02 Jan 2024 00:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        5.62.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:3a:ab:3e:5a:8e:41:3f:25:5a:07:c8:93:d8:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=715b885c3b302fd50e6c22647a33dc47727fea95
        Validity
            Not Before: Jan  2 00:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa14420ca640bb7150a52df26f780f5449096917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:46:7e:47:5a:a1:59:57:be:80:be:e6:d2:b4:
                    bb:ec:2f:a7:1f:c4:af:1c:70:6f:04:1d:61:8b:a4:
                    0f:38:50:e2:33:2a:5e:19:22:e7:54:ae:32:22:fc:
                    41:76:1e:77:78:66:2e:b3:07:48:b4:4a:9f:75:30:
                    0b:b2:2c:e7:21:4b:55:88:8b:6f:87:9d:60:6c:6c:
                    ff:16:12:63:93:72:01:9b:74:04:53:e4:7a:e2:01:
                    72:b2:f6:cf:5c:c2:7c:bf:ba:73:f7:e2:34:f5:7c:
                    6a:22:31:ce:e2:4b:fb:07:3a:af:3c:81:2b:7b:99:
                    5a:f2:1d:4e:73:2a:91:d9:2d:6e:c2:9f:19:1e:f1:
                    fe:f6:9a:ea:a7:3f:f8:92:aa:bb:15:d6:e3:fa:16:
                    c0:b1:69:68:b9:74:cb:0e:3f:53:a6:e2:41:90:8f:
                    3a:8a:f2:a0:b8:bf:51:20:05:9e:84:21:8a:12:21:
                    6f:46:d2:20:a9:59:dd:7e:81:05:c3:7d:45:04:0e:
                    a1:10:e9:08:4a:64:6c:41:85:a3:73:1f:17:27:44:
                    19:d9:d9:d9:da:8f:07:95:86:4a:2b:d4:9f:80:9f:
                    14:5d:2f:fe:33:be:08:1e:95:71:99:2a:c8:73:01:
                    8d:47:3e:7f:08:02:b3:8e:3c:6a:29:02:58:62:bf:
                    30:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:14:42:0C:A6:40:BB:71:50:A5:2D:F2:6F:78:0F:54:49:09:69:17
            X509v3 Authority Key Identifier:
                keyid:71:5B:88:5C:3B:30:2F:D5:0E:6C:22:64:7A:33:DC:47:72:7F:EA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cVuIXDswL9UObCJkejPcR3J_6pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/1-hRCDKZAu3FQpS3yb3gPVEkJaRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/f8999c-040a-424a-8896-2a92333f9df6/1/cVuIXDswL9UObCJkejPcR3J_6pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:0d:41:f7:bf:ae:b6:63:39:88:de:43:f1:b7:13:31:43:85:
         38:1f:4c:31:e8:53:29:d3:1d:da:75:25:fb:c5:2f:9b:e0:01:
         10:b7:dd:1c:b4:90:fc:19:2e:1b:ba:20:fa:ee:37:72:f0:1f:
         fa:cd:c0:ec:61:e5:1e:de:da:e6:f6:d8:c2:7d:74:a9:02:60:
         e2:b6:ac:30:63:0d:15:2e:17:3b:80:b9:81:a0:e0:82:e7:9b:
         33:6b:1c:1b:2e:49:6f:fe:09:cc:e2:9e:66:fa:f2:32:93:d6:
         42:e5:ce:a8:28:89:11:0f:42:76:15:18:c7:1d:27:15:26:50:
         5f:b3:87:73:63:19:c4:f2:39:77:39:36:4e:ef:f0:47:af:61:
         a4:1a:b9:55:a7:c8:70:db:b7:4e:ab:90:d5:2c:71:49:ed:fc:
         8f:43:27:76:0c:e9:46:e9:3b:a3:42:03:6d:5b:2b:f6:cf:df:
         73:7e:dc:de:66:c1:62:c5:97:57:c2:10:08:d1:14:5d:d9:f2:
         73:a9:6d:c5:db:55:1e:ac:9b:b1:86:76:10:e7:e9:01:80:87:
         86:a6:5d:0b:8c:e4:bb:42:f2:e1:96:5c:ed:4b:42:f2:19:fb:
         bf:2a:96:9c:cb:2b:49:1f:25:ec:2e:47:dc:90:bf:c9:9c:09:
         a3:2f:26:80
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlDqrPlqOQT8lWgfIk9hmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNWI4ODVjM2IzMDJmZDUwZTZjMjI2NDdhMzNkYzQ3NzI3
ZmVhOTUwHhcNMjQwMTAyMDAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTE0NDIwY2E2NDBiYjcxNTBhNTJkZjI2Zjc4MGY1NDQ5MDk2OTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUZ+R1qhWVe+gL7m0rS77C+nH8Sv
HHBvBB1hi6QPOFDiMypeGSLnVK4yIvxBdh53eGYuswdItEqfdTALsiznIUtViItv
h51gbGz/FhJjk3IBm3QEU+R64gFysvbPXMJ8v7pz9+I09XxqIjHO4kv7BzqvPIEr
e5la8h1OcyqR2S1uwp8ZHvH+9prqpz/4kqq7Fdbj+hbAsWlouXTLDj9TpuJBkI86
ivKguL9RIAWehCGKEiFvRtIgqVndfoEFw31FBA6hEOkISmRsQYWjcx8XJ0QZ2dnZ
2o8HlYZKK9SfgJ8UXS/+M74IHpVxmSrIcwGNRz5/CAKzjjxqKQJYYr8wEQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoUQgymQLtxUKUt8m94D1RJCWkXMB8GA1UdIwQY
MBaAFHFbiFw7MC/VDmwiZHoz3Edyf+qVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1Z1SVhEc3dMOVVPYkNKa2VqUGNSM0pfNnBVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mODk5OWMtMDQwYS00MjRhLTg4OTYt
MmE5MjMzM2Y5ZGY2LzEvMS1oUkNES1pBdTNGUXBTM3liM2dQVkVrSmFSYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjkvZjg5OTljLTA0MGEtNDI0YS04ODk2LTJhOTIzMzNmOWRm
Ni8xL2NWdUlYRHN3TDlVT2JDSmtlalBjUjNKXzZwVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAU+EzAN
BgkqhkiG9w0BAQsFAAOCAQEAXw1B97+utmM5iN5D8bcTMUOFOB9MMehTKdMd2nUl
+8Uvm+ABELfdHLSQ/BkuG7og+u43cvAf+s3A7GHlHt7a5vbYwn10qQJg4rasMGMN
FS4XO4C5gaDgguebM2scGy5Jb/4JzOKeZvryMpPWQuXOqCiJEQ9CdhUYxx0nFSZQ
X7OHc2MZxPI5dzk2Tu/wR69hpBq5VafIcNu3TquQ1SxxSe38j0MndgzpRuk7o0ID
bVsr9s/fc37c3mbBYsWXV8IQCNEUXdnyc6ltxdtVHqybsYZ2EOfpAYCHhqZdC4zk
u0Ly4ZZc7UtC8hn7vyqWnMsrSR8l7C5H3JC/yZwJoy8mgA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:56:40 2024 by rpki-client on console-ams.rpki-client.org