Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/625ed5-7e74-4427-9bdf-dd1d249017aa/1/FYfrpMiW8uI7BWTKJBs0KbwURcA.roa
File:                     FYfrpMiW8uI7BWTKJBs0KbwURcA.roa (raw, json)
Hash identifier:          IS8wRbsA4ojx8lK2BxumlNW0rD6kEtSaYYyyXMD8/ck=
Subject key identifier:   15:87:EB:A4:C8:96:F2:E2:3B:05:64:CA:24:1B:34:29:BC:14:45:C0
Certificate issuer:       /CN=59acb4022765898be4f06050cd3a2f9291d83367
Certificate serial:       018CC8013204E97E2E93C444DCDF5BE61C54
Authority key identifier: 59:AC:B4:02:27:65:89:8B:E4:F0:60:50:CD:3A:2F:92:91:D8:33:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Way0AidliYvk8GBQzTovkpHYM2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/625ed5-7e74-4427-9bdf-dd1d249017aa/1/FYfrpMiW8uI7BWTKJBs0KbwURcA.roa
Signing time:             Tue 02 Jan 2024 02:29:30 +0000
ROA not before:           Tue 02 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6798
IP address blocks:        193.105.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/625ed5-7e74-4427-9bdf-dd1d249017aa/1/Way0AidliYvk8GBQzTovkpHYM2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/625ed5-7e74-4427-9bdf-dd1d249017aa/1/Way0AidliYvk8GBQzTovkpHYM2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Way0AidliYvk8GBQzTovkpHYM2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:32:04:e9:7e:2e:93:c4:44:dc:df:5b:e6:1c:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59acb4022765898be4f06050cd3a2f9291d83367
        Validity
            Not Before: Jan  2 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1587eba4c896f2e23b0564ca241b3429bc1445c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:69:c0:31:ed:b0:33:a6:96:fe:ec:8c:14:bf:
                    b5:3b:ed:05:02:f3:39:59:eb:f1:ba:29:2c:c0:d5:
                    cf:98:ae:c5:31:30:23:86:32:b5:28:d9:4c:e5:1b:
                    8a:10:3e:66:80:3c:de:f7:46:65:41:df:4d:10:78:
                    ce:38:bd:2a:3f:84:62:e6:ac:0c:25:57:c1:df:dc:
                    ab:f5:64:7a:22:be:24:28:27:6a:c7:7a:6f:6a:f4:
                    c0:bc:03:53:b4:ab:81:97:96:62:a7:0b:d5:08:21:
                    2d:42:d4:3d:0a:5a:92:51:1c:8f:55:ac:c7:da:02:
                    4c:df:d8:eb:60:f1:f9:97:b5:aa:94:78:97:80:ca:
                    3e:5b:a0:32:74:f6:54:0e:a8:cd:b6:d2:32:38:89:
                    70:c5:3a:3c:ab:9a:78:f3:10:fd:c0:f0:92:40:4f:
                    a5:4f:3c:15:60:5e:2c:58:6b:72:c1:e1:bb:3c:02:
                    ce:0b:65:33:24:58:3e:28:ae:2e:bd:7e:86:03:7c:
                    04:d1:19:d8:a6:df:50:01:b7:0d:69:2e:0c:e1:11:
                    e7:61:f4:00:46:b3:ec:ac:06:54:bc:d9:23:49:25:
                    b2:3a:b3:d8:43:89:2b:f9:a6:38:21:9c:39:02:b9:
                    39:46:49:0f:20:24:72:cf:ae:f9:a4:40:4f:66:e7:
                    2e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:87:EB:A4:C8:96:F2:E2:3B:05:64:CA:24:1B:34:29:BC:14:45:C0
            X509v3 Authority Key Identifier:
                keyid:59:AC:B4:02:27:65:89:8B:E4:F0:60:50:CD:3A:2F:92:91:D8:33:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Way0AidliYvk8GBQzTovkpHYM2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/625ed5-7e74-4427-9bdf-dd1d249017aa/1/FYfrpMiW8uI7BWTKJBs0KbwURcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/625ed5-7e74-4427-9bdf-dd1d249017aa/1/Way0AidliYvk8GBQzTovkpHYM2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:70:f7:b8:49:40:fc:5a:d4:ed:10:1a:c3:b6:8a:6f:d3:fd:
         35:f5:1d:c4:2d:40:42:f6:4a:53:2d:e6:93:b7:ac:81:b6:c8:
         00:4b:cb:6c:60:5a:f8:26:01:fb:db:c1:26:1e:1c:38:6d:48:
         da:02:97:cc:b6:bb:46:23:8e:ad:8a:37:5e:20:8e:66:1f:fa:
         6a:e3:cd:07:13:59:34:c0:4e:41:52:0f:e9:9c:8a:d1:d2:81:
         2a:d8:dc:d2:fa:06:49:03:38:53:43:42:56:c0:54:2d:69:86:
         82:f4:3d:50:da:90:2b:3e:26:29:5c:76:aa:71:03:f8:b8:b5:
         b0:6a:ed:5d:fe:3a:b8:f0:69:d8:c9:bf:c1:7e:96:9f:bb:50:
         e6:37:36:74:a9:d0:03:31:40:07:bb:62:c9:bc:70:f6:dc:1e:
         a8:55:9b:9e:a6:55:94:58:83:8c:c4:30:ee:06:d4:84:f8:ba:
         7e:e1:a7:0e:0c:2f:be:cf:f9:62:f3:9e:9d:cd:1a:8f:6f:6d:
         64:56:e9:b2:bf:16:35:07:ea:61:fa:51:16:6e:1c:74:f9:f7:
         16:c5:0c:d7:64:1e:83:5c:14:21:89:e0:ea:5d:3a:97:72:c6:
         87:7c:05:01:04:50:30:86:32:24:e2:a4:e3:aa:be:45:17:fa:
         b6:e3:a2:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATIE6X4uk8RE3N9b5hxUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YWNiNDAyMjc2NTg5OGJlNGYwNjA1MGNkM2EyZjkyOTFk
ODMzNjcwHhcNMjQwMTAyMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTg3ZWJhNGM4OTZmMmUyM2IwNTY0Y2EyNDFiMzQyOWJjMTQ0NWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmnAMe2wM6aW/uyMFL+1O+0FAvM5
WevxuikswNXPmK7FMTAjhjK1KNlM5RuKED5mgDze90ZlQd9NEHjOOL0qP4Ri5qwM
JVfB39yr9WR6Ir4kKCdqx3pvavTAvANTtKuBl5ZipwvVCCEtQtQ9ClqSURyPVazH
2gJM39jrYPH5l7WqlHiXgMo+W6AydPZUDqjNttIyOIlwxTo8q5p48xD9wPCSQE+l
TzwVYF4sWGtyweG7PALOC2UzJFg+KK4uvX6GA3wE0RnYpt9QAbcNaS4M4RHnYfQA
RrPsrAZUvNkjSSWyOrPYQ4kr+aY4IZw5Ark5RkkPICRyz675pEBPZucu2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWH66TIlvLiOwVkyiQbNCm8FEXAMB8GA1UdIwQY
MBaAFFmstAInZYmL5PBgUM06L5KR2DNnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2F5MEFpZGxpWXZrOEdCUXpUb3ZrcEhZTTJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC82MjVlZDUtN2U3NC00NDI3LTliZGYt
ZGQxZDI0OTAxN2FhLzEvRllmcnBNaVc4dUk3QldUS0pCczBLYndVUmNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC82MjVlZDUtN2U3NC00NDI3LTliZGYtZGQxZDI0OTAxN2Fh
LzEvV2F5MEFpZGxpWXZrOEdCUXpUb3ZrcEhZTTJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWmZMA0G
CSqGSIb3DQEBCwUAA4IBAQA6cPe4SUD8WtTtEBrDtopv0/019R3ELUBC9kpTLeaT
t6yBtsgAS8tsYFr4JgH728EmHhw4bUjaApfMtrtGI46tijdeII5mH/pq480HE1k0
wE5BUg/pnIrR0oEq2NzS+gZJAzhTQ0JWwFQtaYaC9D1Q2pArPiYpXHaqcQP4uLWw
au1d/jq48GnYyb/Bfpafu1DmNzZ0qdADMUAHu2LJvHD23B6oVZueplWUWIOMxDDu
BtSE+Lp+4acODC++z/li856dzRqPb21kVumyvxY1B+ph+lEWbhx0+fcWxQzXZB6D
XBQhieDqXTqXcsaHfAUBBFAwhjIk4qTjqr5FF/q246Lr
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:12:55 2024 by rpki-client on console-ams.rpki-client.org