Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/CUK8u63-Rds64vmeOOzjGYiej68.roa
File:                     CUK8u63-Rds64vmeOOzjGYiej68.roa (raw, json)
Hash identifier:          V+b3Xo/NnquDvWjHASe43TS0SLYfUD5eoXyZFVBw3Q8=
Subject key identifier:   09:42:BC:BB:AD:FE:45:DB:3A:E2:F9:9E:38:EC:E3:19:88:9E:8F:AF
Certificate issuer:       /CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
Certificate serial:       018CC94E48D3B52EA1CF55FECFFAE4FCDB31
Authority key identifier: 52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/CUK8u63-Rds64vmeOOzjGYiej68.roa
Signing time:             Tue 02 Jan 2024 08:33:20 +0000
ROA not before:           Tue 02 Jan 2024 08:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        185.143.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:48:d3:b5:2e:a1:cf:55:fe:cf:fa:e4:fc:db:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
        Validity
            Not Before: Jan  2 08:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0942bcbbadfe45db3ae2f99e38ece319889e8faf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:37:13:da:0a:25:91:0e:22:80:19:ac:9e:3e:
                    d0:64:83:cc:69:1c:56:5f:26:37:77:5e:26:7a:9b:
                    b7:e2:95:3c:ed:54:55:f4:4f:2f:b9:9b:85:e4:92:
                    a2:54:5c:1a:78:3f:1a:bd:99:1f:ea:4c:2a:ea:ec:
                    fe:95:12:d2:22:9f:72:91:6d:c4:b3:69:e8:a4:25:
                    0e:40:9f:27:61:69:ea:36:ce:af:c5:a9:d7:7e:2c:
                    c7:f2:d7:e4:b9:70:34:a4:58:d6:14:41:6a:bd:a6:
                    3f:90:61:6c:ca:de:17:10:68:d4:71:e4:f3:2e:e4:
                    e2:f9:b2:4e:20:df:db:30:e3:92:4e:40:11:ec:1a:
                    a4:d9:d0:8c:8e:20:c5:9f:c2:8b:a0:fb:3e:62:e2:
                    8c:29:45:ca:cb:2c:54:3c:57:02:e6:44:72:ba:52:
                    60:f3:4a:9d:83:4e:1c:40:1f:1a:d4:a2:b8:01:73:
                    fa:1a:0f:0a:df:62:58:7c:ab:b2:07:4d:1e:f9:54:
                    c4:21:92:f1:13:7c:73:2d:63:f3:ab:f6:d6:b2:4a:
                    1a:07:8f:eb:11:6c:f4:9d:69:a1:e2:12:cc:fc:2b:
                    5b:4b:6a:e2:6e:f5:bb:e8:73:10:7d:69:b5:b1:53:
                    63:20:df:d0:e3:96:c1:e2:b0:ed:9f:ad:67:2b:cd:
                    c6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:42:BC:BB:AD:FE:45:DB:3A:E2:F9:9E:38:EC:E3:19:88:9E:8F:AF
            X509v3 Authority Key Identifier:
                keyid:52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/CUK8u63-Rds64vmeOOzjGYiej68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:94:31:29:f8:ba:c3:25:d5:43:eb:19:f8:45:85:f0:69:33:
         1e:4e:19:70:09:33:f2:de:47:31:9f:0e:19:aa:76:13:d9:bc:
         72:51:f5:df:29:ab:e8:c1:69:e4:9b:6c:02:76:d9:ec:1e:ef:
         36:fc:6a:9a:9c:67:c4:9b:2b:4d:02:a8:a2:2b:dc:21:1b:ae:
         0c:3b:4a:2b:63:38:4c:ae:25:54:66:b2:da:dd:8e:65:9f:63:
         79:b0:79:a9:d9:ca:3a:47:f7:f5:9b:13:74:c3:76:91:df:25:
         8f:35:dd:17:40:9a:fd:e0:20:97:32:45:48:0b:78:04:fb:e1:
         ff:f5:22:62:52:78:57:73:fd:aa:8f:83:4a:13:47:ae:86:1e:
         53:ad:45:e1:8c:ca:ca:1d:2f:1a:2c:c6:3a:13:db:0b:90:dc:
         8a:54:cc:e7:4f:de:7a:f4:57:20:fa:3d:06:b5:e2:b2:c8:69:
         fb:e7:3a:1b:28:c4:4a:bf:7b:53:65:36:a9:c6:c5:d0:ef:bc:
         74:5b:73:1f:21:68:e2:8c:7b:f7:f7:83:e3:68:48:9b:55:6b:
         79:45:71:cf:6c:01:fa:ee:6b:5a:81:6a:8c:db:0a:79:fb:af:
         c7:5a:1b:0c:12:11:d6:80:2d:1a:b3:05:29:37:2e:cf:66:95:
         ea:f6:76:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkjTtS6hz1X+z/rk/NsxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTE2NWRjM2FhZmJlMmM2MmUyNjVmZjEwNDMyN2EzZTY3
NWY4OWYwHhcNMjQwMTAyMDgzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTQyYmNiYmFkZmU0NWRiM2FlMmY5OWUzOGVjZTMxOTg4OWU4ZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjcT2golkQ4igBmsnj7QZIPMaRxW
XyY3d14mepu34pU87VRV9E8vuZuF5JKiVFwaeD8avZkf6kwq6uz+lRLSIp9ykW3E
s2nopCUOQJ8nYWnqNs6vxanXfizH8tfkuXA0pFjWFEFqvaY/kGFsyt4XEGjUceTz
LuTi+bJOIN/bMOOSTkAR7Bqk2dCMjiDFn8KLoPs+YuKMKUXKyyxUPFcC5kRyulJg
80qdg04cQB8a1KK4AXP6Gg8K32JYfKuyB00e+VTEIZLxE3xzLWPzq/bWskoaB4/r
EWz0nWmh4hLM/CtbS2ribvW76HMQfWm1sVNjIN/Q45bB4rDtn61nK83GjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlCvLut/kXbOuL5njjs4xmIno+vMB8GA1UdIwQY
MBaAFFKhZdw6r74sYuJl/xBDJ6PmdfifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTIt
ZTI5OGI0MWI2YzgxLzEvQ1VLOHU2My1SZHM2NHZtZU9PempHWWllajY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTItZTI5OGI0MWI2Yzgx
LzEvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY/fMA0G
CSqGSIb3DQEBCwUAA4IBAQBklDEp+LrDJdVD6xn4RYXwaTMeThlwCTPy3kcxnw4Z
qnYT2bxyUfXfKavowWnkm2wCdtnsHu82/GqanGfEmytNAqiiK9whG64MO0orYzhM
riVUZrLa3Y5ln2N5sHmp2co6R/f1mxN0w3aR3yWPNd0XQJr94CCXMkVIC3gE++H/
9SJiUnhXc/2qj4NKE0euhh5TrUXhjMrKHS8aLMY6E9sLkNyKVMznT9569Fcg+j0G
teKyyGn75zobKMRKv3tTZTapxsXQ77x0W3MfIWjijHv394PjaEibVWt5RXHPbAH6
7mtagWqM2wp5+6/HWhsMEhHWgC0aswUpNy7PZpXq9nb7
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:57:03 2024 by rpki-client on console-fra.rpki-client.org