Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/1gqUxqgUn2J2yUfphn8_eh_c78I.roa
File:                     1gqUxqgUn2J2yUfphn8_eh_c78I.roa (raw, json)
Hash identifier:          Wg24wxLdJ2LIWsBpTs+5MRjvTYj1eCfiPR3apwTJab0=
Subject key identifier:   D6:0A:94:C6:A8:14:9F:62:76:C9:47:E9:86:7F:3F:7A:1F:DC:EF:C2
Certificate issuer:       /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial:       018CC49358D039BFD118B70E1EB4372F6CD6
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/1gqUxqgUn2J2yUfphn8_eh_c78I.roa
Signing time:             Mon 01 Jan 2024 10:30:40 +0000
ROA not before:           Mon 01 Jan 2024 10:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62315
IP address blocks:        193.32.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:58:d0:39:bf:d1:18:b7:0e:1e:b4:37:2f:6c:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
        Validity
            Not Before: Jan  1 10:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d60a94c6a8149f6276c947e9867f3f7a1fdcefc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:99:f0:00:ad:7f:71:d0:d0:83:d8:58:55:eb:
                    20:be:8c:20:8f:61:83:08:03:5d:ea:41:b0:fb:aa:
                    39:f7:66:b4:49:25:74:a6:bc:a1:3c:2e:eb:c3:90:
                    d1:86:f1:ec:ab:e5:14:38:d9:1d:1b:83:ab:d3:15:
                    74:89:71:23:fe:b0:e0:85:5e:bb:78:bc:87:6f:62:
                    c4:18:29:b1:f5:f8:68:b1:2c:3b:49:5e:33:fa:f8:
                    1a:c7:45:40:06:c8:23:94:32:c6:8a:2f:0a:15:7f:
                    ce:83:d6:fc:9d:4b:a3:d9:35:c0:23:7b:50:ef:2e:
                    d4:53:7a:5b:47:84:03:1b:ad:75:03:77:db:ac:4d:
                    97:e1:6e:62:3b:b5:6f:ef:ec:3a:4e:4d:c2:2d:91:
                    f8:bf:48:e5:9e:68:5e:49:e9:03:78:b8:d5:cc:b9:
                    91:8e:db:f1:ed:38:5a:45:00:dd:62:2a:d3:0d:c4:
                    ad:82:ad:3c:1f:5f:6c:ed:12:0b:d0:7e:25:8b:92:
                    c9:b8:4f:27:3f:e0:a5:08:2d:df:e1:e3:62:0a:89:
                    87:82:32:fa:16:4b:59:4b:bf:e9:f3:d6:31:b1:ef:
                    f7:2a:56:87:8f:8d:b1:5d:62:18:77:c0:1e:03:e0:
                    e1:4e:9a:e3:89:70:ee:aa:19:c7:98:1e:b7:2e:48:
                    72:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:0A:94:C6:A8:14:9F:62:76:C9:47:E9:86:7F:3F:7A:1F:DC:EF:C2
            X509v3 Authority Key Identifier:
                keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/1gqUxqgUn2J2yUfphn8_eh_c78I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:19:94:27:92:74:5f:1a:d5:37:ed:4c:11:38:f0:c1:f1:c0:
         61:ba:e8:78:43:fc:f4:84:38:33:ea:0b:3c:3b:32:03:b0:5a:
         a4:21:e9:cf:26:11:44:dc:17:2d:2b:01:aa:a5:e5:1a:4a:f0:
         89:7a:64:c2:aa:9d:f9:36:9f:26:16:63:71:b0:6f:c1:1a:e6:
         57:44:27:d6:37:19:4c:bf:21:9a:72:28:1a:bf:22:26:36:ce:
         24:00:ee:e9:ff:a9:02:06:6c:92:54:50:cf:96:d1:89:b7:f5:
         78:cb:35:41:4d:4b:0e:3c:6d:52:28:da:b6:da:29:cf:b4:bf:
         1a:8b:a2:ef:fe:ea:e0:75:93:95:1e:64:f9:dd:dc:c1:16:c3:
         fd:a2:61:f7:b6:02:8c:5c:a9:8e:9e:f9:78:83:28:3b:d2:17:
         ad:01:b5:a9:c7:cc:a9:01:53:c1:20:e8:9c:93:f7:fa:54:94:
         c2:2c:33:b7:e0:fc:0c:56:36:85:1e:5e:6a:26:17:bd:00:01:
         65:07:1f:c9:cb:c8:a7:c4:75:8c:f4:f0:51:43:ae:82:a8:4f:
         c9:79:c4:31:e3:e3:52:5a:b1:d6:8c:f4:36:3b:f5:1e:9c:2c:
         8c:9e:fd:32:4d:47:eb:8c:31:84:2d:53:70:5c:e6:d7:3b:ec:
         5a:85:65:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1jQOb/RGLcOHrQ3L2zWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzIwYWUxZGFjY2EzMTgxNWIyNzQ3MDI5MjdjMWE1YTlk
YmM3YjMwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjBhOTRjNmE4MTQ5ZjYyNzZjOTQ3ZTk4NjdmM2Y3YTFmZGNlZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pnwAK1/cdDQg9hYVesgvowgj2GD
CANd6kGw+6o592a0SSV0pryhPC7rw5DRhvHsq+UUONkdG4Or0xV0iXEj/rDghV67
eLyHb2LEGCmx9fhosSw7SV4z+vgax0VABsgjlDLGii8KFX/Og9b8nUuj2TXAI3tQ
7y7UU3pbR4QDG611A3fbrE2X4W5iO7Vv7+w6Tk3CLZH4v0jlnmheSekDeLjVzLmR
jtvx7ThaRQDdYirTDcStgq08H19s7RIL0H4li5LJuE8nP+ClCC3f4eNiComHgjL6
FktZS7/p89Yxse/3KlaHj42xXWIYd8AeA+DhTprjiXDuqhnHmB63LkhyQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYKlMaoFJ9idslH6YZ/P3of3O/CMB8GA1UdIwQY
MBaAFLDCCuHazKMYFbJ0cCknwaWp28ezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYt
NTQ4NDQwMmNlYjdhLzEvMWdxVXhxZ1VuMkoyeVVmcGhuOF9laF9jNzhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYtNTQ4NDQwMmNlYjdh
LzEvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSAKMA0G
CSqGSIb3DQEBCwUAA4IBAQCZGZQnknRfGtU37UwROPDB8cBhuuh4Q/z0hDgz6gs8
OzIDsFqkIenPJhFE3BctKwGqpeUaSvCJemTCqp35Np8mFmNxsG/BGuZXRCfWNxlM
vyGacigavyImNs4kAO7p/6kCBmySVFDPltGJt/V4yzVBTUsOPG1SKNq22inPtL8a
i6Lv/urgdZOVHmT53dzBFsP9omH3tgKMXKmOnvl4gyg70hetAbWpx8ypAVPBIOic
k/f6VJTCLDO34PwMVjaFHl5qJhe9AAFlBx/Jy8inxHWM9PBRQ66CqE/JecQx4+NS
WrHWjPQ2O/UenCyMnv0yTUfrjDGELVNwXObXO+xahWWY
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:24:17 2024 by rpki-client on console-fra.rpki-client.org