Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pUNNDO82i-sq_bAz5xAkFcZz7t8.roa
File:                     pUNNDO82i-sq_bAz5xAkFcZz7t8.roa (raw, json)
Hash identifier:          GK/fHMr3Osu5WFeXieHcxDJiCkDGRJnTL/zvtMrwG9I=
Subject key identifier:   A5:43:4D:0C:EF:36:8B:EB:2A:FD:B0:33:E7:10:24:15:C6:73:EE:DF
Certificate issuer:       /CN=a6785773df313b91711bf6bc5b149ecc246b9e89
Certificate serial:       018CC72692251CACBF8FC0CE1735565BF25E
Authority key identifier: A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pUNNDO82i-sq_bAz5xAkFcZz7t8.roa
Signing time:             Mon 01 Jan 2024 22:30:42 +0000
ROA not before:           Mon 01 Jan 2024 22:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203735
IP address blocks:        185.239.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:92:25:1c:ac:bf:8f:c0:ce:17:35:56:5b:f2:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6785773df313b91711bf6bc5b149ecc246b9e89
        Validity
            Not Before: Jan  1 22:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5434d0cef368beb2afdb033e7102415c673eedf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:20:0d:39:06:0c:0e:b6:70:f3:a2:bb:09:45:
                    4d:cd:0f:26:2a:93:f7:89:76:b3:5b:e3:45:9a:f2:
                    65:33:3b:d2:c7:a3:73:e5:cf:5f:38:c4:4a:25:b1:
                    fc:ce:cf:b6:04:13:25:5b:dc:c2:f9:49:08:6a:d7:
                    35:d1:81:bc:7c:e8:1e:13:40:0f:69:7c:c0:9e:6d:
                    fe:7e:4e:ce:eb:bf:6b:dd:75:2e:c1:60:fd:8e:4c:
                    52:dd:fe:5d:e9:b6:31:79:22:50:4c:b5:77:f0:2f:
                    5a:09:15:b4:a2:0f:f5:15:82:ec:f7:69:ef:8d:eb:
                    ee:7d:f6:20:b5:f5:5a:67:6a:40:45:55:42:58:94:
                    a1:a7:13:7d:1b:51:18:b0:48:a4:a6:9c:27:c9:ed:
                    c0:1c:57:ba:be:25:d7:cc:dd:75:c3:d7:b3:06:52:
                    ef:5f:18:0b:52:c7:48:c6:2c:49:3c:8b:58:60:bc:
                    36:9e:bf:36:b0:ff:28:5e:67:53:f8:e6:e0:1b:5a:
                    dc:6a:a9:c2:cf:bd:f6:87:12:9e:76:4b:dc:dd:0e:
                    8b:88:ae:93:ad:ad:fa:b1:f6:f7:c6:52:dc:da:cf:
                    52:b4:0b:b5:34:f5:ae:d9:26:da:6f:25:ba:af:97:
                    1e:3e:cf:dc:02:e1:8b:62:22:40:78:79:6b:79:a4:
                    7f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:43:4D:0C:EF:36:8B:EB:2A:FD:B0:33:E7:10:24:15:C6:73:EE:DF
            X509v3 Authority Key Identifier:
                keyid:A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pUNNDO82i-sq_bAz5xAkFcZz7t8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:65:bb:f2:17:ef:03:e4:18:9e:7c:a4:f0:90:1a:24:07:7f:
         9a:f5:37:0e:b9:24:fb:5e:df:28:1a:7b:b8:58:4d:66:09:44:
         70:e6:e6:c1:f9:fd:2a:ed:3f:07:97:94:1c:88:5c:1e:31:79:
         1f:bc:c8:5d:b6:5f:3b:8e:98:7a:93:d1:04:47:8f:18:4d:4b:
         7e:cf:53:38:2f:23:a4:b1:7e:f9:ba:19:ca:27:e3:3d:40:98:
         20:b9:f6:ee:af:4c:7f:db:43:9b:62:15:83:23:91:ed:b7:fd:
         71:c2:61:83:ce:99:63:1a:12:6d:e5:31:de:50:b2:23:4e:ee:
         8f:d0:3d:7b:b7:25:24:f2:5d:c5:a9:21:00:80:99:51:24:25:
         fc:7e:ec:5d:4c:3f:fb:ca:cb:70:10:48:ea:6a:b0:5c:51:d0:
         7a:7d:52:e2:16:9d:f4:01:9d:4b:60:c3:25:0c:95:4e:70:a4:
         cb:3c:1a:72:9b:c8:4b:c6:f4:74:ac:36:cb:a4:85:33:09:8b:
         e9:a7:93:f4:6f:c6:64:1b:36:07:d8:be:b3:3e:a1:99:70:7a:
         63:d6:89:58:cd:9a:fd:91:78:59:df:52:b4:7f:ae:78:73:90:
         64:05:13:3b:51:68:69:bf:60:35:79:ab:3e:ea:c7:76:40:ab:
         0e:9b:1f:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJpIlHKy/j8DOFzVWW/JeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Nzg1NzczZGYzMTNiOTE3MTFiZjZiYzViMTQ5ZWNjMjQ2
YjllODkwHhcNMjQwMTAxMjIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQzNGQwY2VmMzY4YmViMmFmZGIwMzNlNzEwMjQxNWM2NzNlZWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyANOQYMDrZw86K7CUVNzQ8mKpP3
iXazW+NFmvJlMzvSx6Nz5c9fOMRKJbH8zs+2BBMlW9zC+UkIatc10YG8fOgeE0AP
aXzAnm3+fk7O679r3XUuwWD9jkxS3f5d6bYxeSJQTLV38C9aCRW0og/1FYLs92nv
jevuffYgtfVaZ2pARVVCWJShpxN9G1EYsEikppwnye3AHFe6viXXzN11w9ezBlLv
XxgLUsdIxixJPItYYLw2nr82sP8oXmdT+ObgG1rcaqnCz732hxKedkvc3Q6LiK6T
ra36sfb3xlLc2s9StAu1NPWu2SbabyW6r5cePs/cAuGLYiJAeHlreaR/9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVDTQzvNovrKv2wM+cQJBXGc+7fMB8GA1UdIwQY
MBaAFKZ4V3PfMTuRcRv2vFsUnswka56JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEt
ZDc1ODY5YzBjNzFlLzEvcFVOTkRPODJpLXNxX2JBejV4QWtGY1p6N3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEtZDc1ODY5YzBjNzFl
LzEvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+zMA0G
CSqGSIb3DQEBCwUAA4IBAQDHZbvyF+8D5BiefKTwkBokB3+a9TcOuST7Xt8oGnu4
WE1mCURw5ubB+f0q7T8Hl5QciFweMXkfvMhdtl87jph6k9EER48YTUt+z1M4LyOk
sX75uhnKJ+M9QJggufbur0x/20ObYhWDI5Htt/1xwmGDzpljGhJt5THeULIjTu6P
0D17tyUk8l3FqSEAgJlRJCX8fuxdTD/7ystwEEjqarBcUdB6fVLiFp30AZ1LYMMl
DJVOcKTLPBpym8hLxvR0rDbLpIUzCYvpp5P0b8ZkGzYH2L6zPqGZcHpj1olYzZr9
kXhZ31K0f654c5BkBRM7UWhpv2A1eas+6sd2QKsOmx+n
-----END CERTIFICATE-----
Generated at Sat Nov 23 01:18:23 2024 by rpki-client on console-fra.rpki-client.org