Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/d11b44-beeb-45e5-b6a3-82d490a33aa6/1/5KOIvhdqw5ETuBCCUERuZc3T2gU.roa
File:                     5KOIvhdqw5ETuBCCUERuZc3T2gU.roa (raw, json)
Hash identifier:          0U0w/wn1lQM87EMWkPCor/Ji14lJR44HskeG+F0e+GU=
Subject key identifier:   E4:A3:88:BE:17:6A:C3:91:13:B8:10:82:50:44:6E:65:CD:D3:DA:05
Certificate issuer:       /CN=2334daba8118cb41ab76cd421104fcc674c381b1
Certificate serial:       018DA71EFB41C26ADAF4637533E6AAD7E3C4
Authority key identifier: 23:34:DA:BA:81:18:CB:41:AB:76:CD:42:11:04:FC:C6:74:C3:81:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzTauoEYy0Grds1CEQT8xnTDgbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/d11b44-beeb-45e5-b6a3-82d490a33aa6/1/5KOIvhdqw5ETuBCCUERuZc3T2gU.roa
Signing time:             Wed 14 Feb 2024 10:17:21 +0000
ROA not before:           Wed 14 Feb 2024 10:17:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58057
IP address blocks:        185.102.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/d11b44-beeb-45e5-b6a3-82d490a33aa6/1/IzTauoEYy0Grds1CEQT8xnTDgbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/d11b44-beeb-45e5-b6a3-82d490a33aa6/1/IzTauoEYy0Grds1CEQT8xnTDgbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzTauoEYy0Grds1CEQT8xnTDgbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:1e:fb:41:c2:6a:da:f4:63:75:33:e6:aa:d7:e3:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2334daba8118cb41ab76cd421104fcc674c381b1
        Validity
            Not Before: Feb 14 10:17:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4a388be176ac39113b8108250446e65cdd3da05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:3c:2d:2e:a8:4a:a2:81:d7:73:ae:84:06:2c:
                    26:2a:db:88:b3:ae:89:37:cd:41:5d:07:e2:aa:b3:
                    f9:60:db:4a:2f:10:0c:d2:41:09:c1:d5:83:ce:0f:
                    c5:8a:f9:48:3f:c7:c1:fc:ac:a1:bc:17:c8:09:41:
                    68:1b:39:08:d4:87:68:eb:3d:d4:17:50:41:9e:5b:
                    26:c1:c1:c8:ad:e0:b2:4e:a2:e6:12:ab:16:f1:45:
                    2d:8f:0e:65:f9:d9:42:22:5f:ee:35:ac:ca:2e:4f:
                    b0:1d:64:1e:ce:ba:87:f5:08:05:60:6a:8f:42:4b:
                    a1:4a:d4:a6:2f:77:69:69:0a:f5:c7:4a:cb:a5:0d:
                    cf:88:b9:1f:0f:ec:f3:c3:86:82:ad:59:2d:b0:3a:
                    b0:49:8a:1d:04:b4:19:87:c0:05:3e:3c:d9:98:e5:
                    ea:ca:02:03:27:26:cd:38:63:55:54:b5:75:37:7a:
                    26:15:ac:70:29:18:2c:e4:94:c5:8b:5b:8e:8f:ed:
                    2c:d2:d9:4a:da:9a:ac:1c:d7:a0:0e:af:9d:05:12:
                    a0:d4:74:b0:e6:7c:f6:6a:d9:f5:f7:72:2c:4c:9b:
                    1c:14:70:8c:f2:4b:72:a8:07:1c:f1:b3:11:9f:d8:
                    88:f1:ea:b5:c8:2e:5b:da:23:a6:2f:81:ed:68:58:
                    10:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A3:88:BE:17:6A:C3:91:13:B8:10:82:50:44:6E:65:CD:D3:DA:05
            X509v3 Authority Key Identifier:
                keyid:23:34:DA:BA:81:18:CB:41:AB:76:CD:42:11:04:FC:C6:74:C3:81:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzTauoEYy0Grds1CEQT8xnTDgbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d11b44-beeb-45e5-b6a3-82d490a33aa6/1/5KOIvhdqw5ETuBCCUERuZc3T2gU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d11b44-beeb-45e5-b6a3-82d490a33aa6/1/IzTauoEYy0Grds1CEQT8xnTDgbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:3f:9f:78:ea:9d:64:01:2b:ae:0f:5e:2f:f6:d8:3a:12:3d:
         3a:41:8f:cd:f6:fd:ad:93:65:de:75:ca:87:b6:8f:d3:0d:6b:
         75:2f:1b:0b:ff:e1:cf:fe:4d:39:dd:75:0b:be:aa:3f:bc:9e:
         e7:9f:82:29:83:dc:c3:be:23:28:d3:78:28:b8:14:c5:08:0a:
         69:66:56:da:5f:37:d5:07:91:09:74:7c:1e:01:01:21:a1:c0:
         68:11:a7:03:2e:cb:01:bf:7c:17:28:e6:4c:c4:4b:84:67:19:
         1a:fc:66:19:03:45:0f:c6:7b:cd:7c:15:96:87:cf:c6:e8:5e:
         0c:00:82:4f:66:5d:2b:cd:ae:0c:0b:b0:f3:a5:1a:23:3f:f8:
         92:2f:1f:06:bc:da:41:66:2c:71:07:c6:36:99:21:25:4b:5f:
         47:32:29:d1:fb:1b:71:04:4e:c2:81:ab:36:f2:61:62:b0:cc:
         38:34:bd:3b:48:3b:07:01:13:e0:5a:a9:66:54:e1:87:f2:93:
         c0:83:6c:03:f6:1a:38:13:63:95:c7:d6:54:2c:e4:58:1d:1a:
         03:27:ec:cf:7d:05:4f:29:b6:e8:dc:5b:5c:3b:2e:89:c4:38:
         d4:55:79:5b:8f:97:46:82:b4:c6:e1:84:c5:16:c6:50:c9:26:
         aa:4c:43:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2nHvtBwmra9GN1M+aq1+PEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzRkYWJhODExOGNiNDFhYjc2Y2Q0MjExMDRmY2M2NzRj
MzgxYjEwHhcNMjQwMjE0MTAxNzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGEzODhiZTE3NmFjMzkxMTNiODEwODI1MDQ0NmU2NWNkZDNkYTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzwtLqhKooHXc66EBiwmKtuIs66J
N81BXQfiqrP5YNtKLxAM0kEJwdWDzg/FivlIP8fB/KyhvBfICUFoGzkI1Ido6z3U
F1BBnlsmwcHIreCyTqLmEqsW8UUtjw5l+dlCIl/uNazKLk+wHWQezrqH9QgFYGqP
QkuhStSmL3dpaQr1x0rLpQ3PiLkfD+zzw4aCrVktsDqwSYodBLQZh8AFPjzZmOXq
ygIDJybNOGNVVLV1N3omFaxwKRgs5JTFi1uOj+0s0tlK2pqsHNegDq+dBRKg1HSw
5nz2atn193IsTJscFHCM8ktyqAcc8bMRn9iI8eq1yC5b2iOmL4HtaFgQewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSjiL4XasORE7gQglBEbmXN09oFMB8GA1UdIwQY
MBaAFCM02rqBGMtBq3bNQhEE/MZ0w4GxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpUYXVvRVl5MEdyZHMxQ0VRVDh4blREZ2JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9kMTFiNDQtYmVlYi00NWU1LWI2YTMt
ODJkNDkwYTMzYWE2LzEvNUtPSXZoZHF3NUVUdUJDQ1VFUnVaYzNUMmdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9kMTFiNDQtYmVlYi00NWU1LWI2YTMtODJkNDkwYTMzYWE2
LzEvSXpUYXVvRVl5MEdyZHMxQ0VRVDh4blREZ2JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWZUMA0G
CSqGSIb3DQEBCwUAA4IBAQA0P5946p1kASuuD14v9tg6Ej06QY/N9v2tk2XedcqH
to/TDWt1LxsL/+HP/k053XULvqo/vJ7nn4Ipg9zDviMo03gouBTFCAppZlbaXzfV
B5EJdHweAQEhocBoEacDLssBv3wXKOZMxEuEZxka/GYZA0UPxnvNfBWWh8/G6F4M
AIJPZl0rza4MC7DzpRojP/iSLx8GvNpBZixxB8Y2mSElS19HMinR+xtxBE7Cgas2
8mFisMw4NL07SDsHARPgWqlmVOGH8pPAg2wD9ho4E2OVx9ZULORYHRoDJ+zPfQVP
Kbbo3FtcOy6JxDjUVXlbj5dGgrTG4YTFFsZQySaqTEMl
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:43:26 2024 by rpki-client on console-fra.rpki-client.org