Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/kixzd4MjW3vV9KJmBAogbLXP9C4.roa
File:                     kixzd4MjW3vV9KJmBAogbLXP9C4.roa (raw, json)
Hash identifier:          AmlmzUyKeHH9zKc8hBCrFYPd75+8JreIR1T7EP4+GBI=
Subject key identifier:   92:2C:73:77:83:23:5B:7B:D5:F4:A2:66:04:0A:20:6C:B5:CF:F4:2E
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F96C7D36D3178B82B6A8ACA1C9894
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/kixzd4MjW3vV9KJmBAogbLXP9C4.roa
Signing time:             Tue 02 Jan 2024 04:30:05 +0000
ROA not before:           Tue 02 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204380
IP address blocks:        78.28.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:96:c7:d3:6d:31:78:b8:2b:6a:8a:ca:1c:98:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=922c737783235b7bd5f4a266040a206cb5cff42e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:4a:f7:47:7f:c9:4e:db:51:9b:b9:fa:6a:6a:
                    8e:67:f3:ce:b0:b6:0e:3e:74:cc:4b:d8:01:0a:b8:
                    a4:0e:d2:bc:d2:e8:14:01:f7:6a:f2:9e:dc:c6:df:
                    8f:bb:bb:2e:07:56:aa:eb:7f:7e:28:95:99:c2:c5:
                    a2:95:62:57:6c:4a:70:7c:92:c9:46:22:fc:4c:f7:
                    bb:cd:2d:a6:5d:8c:b4:b3:9b:ad:be:42:93:41:85:
                    d0:70:c3:44:5b:13:f6:e9:1d:48:75:de:8f:4f:f2:
                    c9:3e:69:ef:f0:48:0b:7b:22:10:d2:83:95:37:af:
                    f0:b9:07:52:8f:b5:1c:90:a9:bd:df:f0:49:0b:a5:
                    bd:df:0d:5d:f3:14:b9:7c:a8:cf:f9:34:fd:f4:6f:
                    c3:6b:a1:81:af:f8:93:e5:43:44:e5:cf:cf:fd:36:
                    a7:ba:25:70:fd:c0:ca:ee:93:25:e9:d7:32:2e:88:
                    a3:d0:6d:35:50:98:c3:95:bb:5e:66:46:67:85:af:
                    45:49:c7:5e:27:f5:65:50:2c:0f:c3:a0:e9:d2:f2:
                    30:df:9b:37:75:dc:fb:12:32:13:d3:53:fa:db:24:
                    2c:39:70:6b:19:34:3d:c2:18:0a:70:59:d1:eb:46:
                    f9:33:70:98:55:79:8e:ab:5c:4d:c2:04:28:27:10:
                    e9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:2C:73:77:83:23:5B:7B:D5:F4:A2:66:04:0A:20:6C:B5:CF:F4:2E
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/kixzd4MjW3vV9KJmBAogbLXP9C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.28.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:e3:aa:ae:00:8f:a8:c9:00:69:a8:58:6d:10:ee:d1:3b:97:
         d4:90:8f:1b:48:6c:ad:ca:ad:34:93:3b:f2:f0:a1:38:13:55:
         17:d8:8d:0e:d9:d5:02:7c:05:be:c6:70:6a:e4:d9:eb:96:b3:
         1a:1f:04:32:78:7c:d5:51:c2:13:f5:52:5c:a6:55:f5:a8:fb:
         bd:d7:da:f5:10:60:f7:13:e2:d3:c1:39:97:40:33:e9:38:eb:
         97:7f:95:a9:a8:05:d0:13:de:d3:b4:58:a3:af:2a:c6:0f:fe:
         63:5f:f2:12:df:12:57:73:dd:19:1e:2f:d0:13:7e:a7:58:76:
         de:65:c1:12:4c:55:58:de:23:75:60:62:08:fe:cc:25:70:8e:
         61:c7:0a:ed:60:02:02:87:f2:ba:fd:34:29:69:51:10:00:8f:
         4a:89:ca:7f:2c:23:ea:8a:97:1b:27:8e:ff:c3:5e:72:3a:ff:
         be:3c:8b:f2:d4:53:4c:e6:c6:a3:dd:9b:47:24:53:4f:4d:0f:
         82:db:8a:b1:3e:0b:4f:ad:90:4a:f9:58:dd:cf:62:cd:17:76:
         87:b3:72:f5:a7:77:f3:63:dd:2f:07:99:57:24:42:aa:13:66:
         67:3d:20:38:9f:65:0d:58:fc:80:61:39:88:51:3d:4e:dd:4a:
         a1:8e:b6:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5bH020xeLgraorKHJiUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjJjNzM3NzgzMjM1YjdiZDVmNGEyNjYwNDBhMjA2Y2I1Y2ZmNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUr3R3/JTttRm7n6amqOZ/POsLYO
PnTMS9gBCrikDtK80ugUAfdq8p7cxt+Pu7suB1aq639+KJWZwsWilWJXbEpwfJLJ
RiL8TPe7zS2mXYy0s5utvkKTQYXQcMNEWxP26R1Idd6PT/LJPmnv8EgLeyIQ0oOV
N6/wuQdSj7UckKm93/BJC6W93w1d8xS5fKjP+TT99G/Da6GBr/iT5UNE5c/P/Tan
uiVw/cDK7pMl6dcyLoij0G01UJjDlbteZkZnha9FScdeJ/VlUCwPw6Dp0vIw35s3
ddz7EjIT01P62yQsOXBrGTQ9whgKcFnR60b5M3CYVXmOq1xNwgQoJxDpWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIsc3eDI1t71fSiZgQKIGy1z/QuMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEva2l4emQ0TWpXM3ZWOUtKbUJBb2diTFhQOUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThzhMA0G
CSqGSIb3DQEBCwUAA4IBAQAW46quAI+oyQBpqFhtEO7RO5fUkI8bSGytyq00kzvy
8KE4E1UX2I0O2dUCfAW+xnBq5NnrlrMaHwQyeHzVUcIT9VJcplX1qPu919r1EGD3
E+LTwTmXQDPpOOuXf5WpqAXQE97TtFijryrGD/5jX/IS3xJXc90ZHi/QE36nWHbe
ZcESTFVY3iN1YGII/swlcI5hxwrtYAICh/K6/TQpaVEQAI9Kicp/LCPqipcbJ47/
w15yOv++PIvy1FNM5saj3ZtHJFNPTQ+C24qxPgtPrZBK+Vjdz2LNF3aHs3L1p3fz
Y90vB5lXJEKqE2ZnPSA4n2UNWPyAYTmIUT1O3UqhjrYJ
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:24:50 2024 by rpki-client on console-ams.rpki-client.org