Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/MNCWiUq6gQAUKfN3IvQ6nOBMyiE.roa
File:                     MNCWiUq6gQAUKfN3IvQ6nOBMyiE.roa (raw, json)
Hash identifier:          A0DqSPoi4H5dtGuhoT/6f3xcXqCZX/odJ1Ky2xFpZOw=
Subject key identifier:   30:D0:96:89:4A:BA:81:00:14:29:F3:77:22:F4:3A:9C:E0:4C:CA:21
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       0191C6CAC301E0D07CFE144DE0929CC5A185
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/MNCWiUq6gQAUKfN3IvQ6nOBMyiE.roa
Signing time:             Fri 06 Sep 2024 10:04:22 +0000
ROA not before:           Fri 06 Sep 2024 10:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51248
IP address blocks:        5.180.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c6:ca:c3:01:e0:d0:7c:fe:14:4d:e0:92:9c:c5:a1:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Sep  6 10:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30d096894aba81001429f37722f43a9ce04cca21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:58:e2:06:ec:00:50:13:fb:fc:d0:22:db:b0:
                    82:ef:ad:85:94:8c:eb:4a:7e:c6:4d:3c:5d:c4:65:
                    f6:3a:3d:e0:6e:1a:47:97:5d:3c:5e:28:c7:b8:81:
                    bd:5e:d6:96:5f:df:e6:74:4a:1b:69:14:bd:44:b7:
                    4b:98:37:be:64:32:c1:9b:4e:3e:26:fb:40:c5:c4:
                    ec:0e:d9:16:0e:af:96:98:50:06:5b:f6:50:fa:e5:
                    07:ff:20:fb:5a:8b:1b:6b:74:dd:6c:ed:d0:30:67:
                    14:9d:24:ae:87:e8:ca:2c:4a:bc:17:f3:1f:60:47:
                    82:80:ef:f1:87:9a:f8:4b:ae:0b:44:0d:cd:4e:ec:
                    e6:13:a7:07:46:78:46:8b:f3:2c:ab:d2:84:2b:f7:
                    4e:d9:cd:4a:bf:e0:fc:03:ce:81:b9:20:5d:72:1a:
                    2f:07:e4:05:af:05:83:75:31:ea:6e:ba:3f:4a:fc:
                    cc:4a:15:0b:cf:d2:23:34:08:b3:b0:8d:aa:34:1e:
                    d6:c7:95:b7:0f:e9:ab:db:cd:58:83:c8:d3:09:a2:
                    0d:05:66:8b:fb:c1:4d:70:a3:d2:5e:a3:cd:27:ea:
                    de:6a:00:15:b2:d9:1e:79:e3:2e:60:2e:19:f5:de:
                    29:95:1d:92:5d:22:61:26:9c:28:21:88:ad:43:e8:
                    35:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:D0:96:89:4A:BA:81:00:14:29:F3:77:22:F4:3A:9C:E0:4C:CA:21
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/MNCWiUq6gQAUKfN3IvQ6nOBMyiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:2b:2f:22:ef:29:66:c0:12:f3:74:9f:73:82:33:bb:2a:28:
         1f:43:cb:31:c9:a7:e6:d0:54:bf:50:1a:aa:67:a4:3f:a8:6c:
         f4:00:44:e7:79:93:12:6a:26:bf:2f:eb:c7:d0:2f:2a:5a:96:
         8d:61:d5:98:fd:c0:27:ee:0d:95:31:f1:d2:1f:51:00:18:ce:
         cc:d3:bf:18:0a:60:ba:cc:64:be:8f:72:52:88:7b:de:89:01:
         e3:ac:99:41:d0:b4:98:7e:e4:7e:c9:5e:a2:88:ce:82:a4:10:
         2f:2c:93:58:f4:15:53:7e:7c:36:2d:cb:00:63:25:a4:f6:0d:
         86:07:02:94:49:b3:9b:94:bf:11:d4:e0:01:e4:3f:08:c7:bb:
         38:ca:c2:46:7e:ac:b5:8d:bf:b2:bc:ac:a3:c5:3b:24:c1:ac:
         7a:a5:ed:59:78:69:83:05:04:2c:59:5f:ae:4e:a9:ce:20:d5:
         b7:16:08:1b:20:fb:dd:0d:65:cd:38:a0:87:a0:0b:ac:91:58:
         62:f2:ba:48:a9:63:63:bc:25:d2:47:80:34:9f:9d:31:a1:d2:
         7e:96:71:57:a0:52:11:c3:a1:69:07:f2:1f:76:df:48:f4:45:
         2b:b0:70:d4:0b:4d:02:57:13:24:55:57:ce:31:06:f8:19:64:
         aa:14:10:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHGysMB4NB8/hRN4JKcxaGFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjQwOTA2MTAwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGQwOTY4OTRhYmE4MTAwMTQyOWYzNzcyMmY0M2E5Y2UwNGNjYTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVjiBuwAUBP7/NAi27CC762FlIzr
Sn7GTTxdxGX2Oj3gbhpHl108XijHuIG9XtaWX9/mdEobaRS9RLdLmDe+ZDLBm04+
JvtAxcTsDtkWDq+WmFAGW/ZQ+uUH/yD7Wosba3TdbO3QMGcUnSSuh+jKLEq8F/Mf
YEeCgO/xh5r4S64LRA3NTuzmE6cHRnhGi/Msq9KEK/dO2c1Kv+D8A86BuSBdchov
B+QFrwWDdTHqbro/SvzMShULz9IjNAizsI2qNB7Wx5W3D+mr281Yg8jTCaINBWaL
+8FNcKPSXqPNJ+reagAVstkeeeMuYC4Z9d4plR2SXSJhJpwoIYitQ+g1IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDQlolKuoEAFCnzdyL0OpzgTMohMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvTU5DV2lVcTZnUUFVS2ZOM0l2UTZuT0JNeWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbRhMA0G
CSqGSIb3DQEBCwUAA4IBAQCIKy8i7ylmwBLzdJ9zgjO7KigfQ8sxyafm0FS/UBqq
Z6Q/qGz0AETneZMSaia/L+vH0C8qWpaNYdWY/cAn7g2VMfHSH1EAGM7M078YCmC6
zGS+j3JSiHveiQHjrJlB0LSYfuR+yV6iiM6CpBAvLJNY9BVTfnw2LcsAYyWk9g2G
BwKUSbOblL8R1OAB5D8Ix7s4ysJGfqy1jb+yvKyjxTskwax6pe1ZeGmDBQQsWV+u
TqnOINW3FggbIPvdDWXNOKCHoAuskVhi8rpIqWNjvCXSR4A0n50xodJ+lnFXoFIR
w6FpB/Ifdt9I9EUrsHDUC00CVxMkVVfOMQb4GWSqFBAM
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:24:48 2024 by rpki-client on console-ams.rpki-client.org