Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/540e53-c4a6-4f52-811e-6afc4ec63cf0/1/rPB2Dzbcnlf95ndGFfliQobgcZE.roa
File:                     rPB2Dzbcnlf95ndGFfliQobgcZE.roa (raw, json)
Hash identifier:          Q9laqmeBYgRp4qfJAsCUK2xDhaOeYtfBrHUWDI5DtJg=
Subject key identifier:   AC:F0:76:0F:36:DC:9E:57:FD:E6:77:46:15:F9:62:42:86:E0:71:91
Certificate issuer:       /CN=e505d93497f19d2563066b409200969711f28c67
Certificate serial:       018CCA998A5B7A6C462C584B77B79073B57D
Authority key identifier: E5:05:D9:34:97:F1:9D:25:63:06:6B:40:92:00:96:97:11:F2:8C:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QXZNJfxnSVjBmtAkgCWlxHyjGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/540e53-c4a6-4f52-811e-6afc4ec63cf0/1/rPB2Dzbcnlf95ndGFfliQobgcZE.roa
Signing time:             Tue 02 Jan 2024 14:35:09 +0000
ROA not before:           Tue 02 Jan 2024 14:35:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42184
IP address blocks:        194.49.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/540e53-c4a6-4f52-811e-6afc4ec63cf0/1/5QXZNJfxnSVjBmtAkgCWlxHyjGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/540e53-c4a6-4f52-811e-6afc4ec63cf0/1/5QXZNJfxnSVjBmtAkgCWlxHyjGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5QXZNJfxnSVjBmtAkgCWlxHyjGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:8a:5b:7a:6c:46:2c:58:4b:77:b7:90:73:b5:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e505d93497f19d2563066b409200969711f28c67
        Validity
            Not Before: Jan  2 14:35:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acf0760f36dc9e57fde6774615f9624286e07191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4f:38:c0:27:ec:c7:fc:bd:d6:d0:4b:cf:03:
                    97:56:8f:fd:12:ca:44:b0:4c:a6:63:44:da:b3:38:
                    b4:ca:f8:ff:e4:50:2f:02:ee:d2:18:4a:f7:ed:91:
                    c0:ea:6c:04:e2:5e:4b:3e:26:3b:29:96:35:8e:9f:
                    5c:de:09:9e:c5:c9:fe:11:83:f4:94:66:39:7c:87:
                    f1:46:30:ae:c3:ff:bc:bf:8b:c3:46:78:9f:62:14:
                    62:d4:04:d9:63:04:54:58:15:6b:6a:0a:3c:36:14:
                    25:a2:96:1d:92:95:d6:25:9e:95:3b:32:97:29:99:
                    41:44:b1:f6:9a:cd:c8:c8:e1:77:24:d7:95:11:80:
                    49:f3:8e:d3:58:d7:40:05:a5:16:e6:f0:91:03:57:
                    87:de:99:03:62:11:cd:a3:7e:cc:dd:b9:49:ad:f8:
                    b1:b2:7a:0e:97:aa:2f:17:e8:86:75:6e:9a:a8:7f:
                    07:94:8b:1c:79:93:87:5b:70:d3:d5:bc:be:8c:cd:
                    81:74:71:fb:82:93:4d:7c:e5:b4:46:e3:9f:61:f0:
                    4a:92:4f:22:5f:bd:d8:7a:9c:f0:ee:89:84:00:9d:
                    11:bb:1f:7a:28:86:4b:25:b0:2b:c1:4d:82:ec:e6:
                    8e:8d:19:a5:0b:73:aa:1f:bd:72:64:95:74:75:62:
                    56:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F0:76:0F:36:DC:9E:57:FD:E6:77:46:15:F9:62:42:86:E0:71:91
            X509v3 Authority Key Identifier:
                keyid:E5:05:D9:34:97:F1:9D:25:63:06:6B:40:92:00:96:97:11:F2:8C:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QXZNJfxnSVjBmtAkgCWlxHyjGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/540e53-c4a6-4f52-811e-6afc4ec63cf0/1/rPB2Dzbcnlf95ndGFfliQobgcZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/540e53-c4a6-4f52-811e-6afc4ec63cf0/1/5QXZNJfxnSVjBmtAkgCWlxHyjGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:ee:20:41:a1:84:d4:d3:aa:b4:da:d1:d8:94:f5:59:34:0e:
         6c:fb:3b:be:5a:33:fe:87:a1:ca:76:5f:52:16:cc:b4:60:39:
         2d:2f:1a:83:d8:b2:36:1e:18:e1:e6:e0:11:3a:a6:e1:32:0e:
         44:d9:46:a4:60:ff:fc:a9:b9:30:8b:e3:22:68:1c:f9:3c:93:
         dc:4e:80:65:cd:fd:c6:98:7d:fb:a6:ff:c9:28:74:b4:a0:8d:
         0f:97:6b:f6:4b:67:c0:95:73:cd:29:b0:c1:eb:ba:8b:e2:95:
         c2:88:95:1d:40:95:3a:63:13:63:77:d1:7d:ff:2d:a6:9a:17:
         e4:23:79:31:f6:9b:4e:54:64:89:75:0c:14:19:e2:f6:14:a8:
         b2:44:d2:f1:06:b1:0f:2d:6c:2b:ac:20:2a:18:05:1f:22:c8:
         a1:1b:70:36:ce:28:92:5e:f0:b4:cc:83:e7:00:8d:92:f8:95:
         1e:fc:a6:a7:72:47:7c:38:4a:86:75:71:c0:c0:76:3c:77:31:
         de:01:bf:be:6d:1d:15:47:fb:73:62:50:c8:37:17:b1:5c:92:
         e8:8c:27:a8:f5:62:6f:75:5c:15:db:94:8d:b4:fc:d7:89:de:
         e4:0a:b4:e6:45:70:9c:0c:3a:85:4e:1f:0d:41:f0:b7:57:ee:
         5d:15:81:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmYpbemxGLFhLd7eQc7V9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDVkOTM0OTdmMTlkMjU2MzA2NmI0MDkyMDA5Njk3MTFm
MjhjNjcwHhcNMjQwMTAyMTQzNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2YwNzYwZjM2ZGM5ZTU3ZmRlNjc3NDYxNWY5NjI0Mjg2ZTA3MTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqk84wCfsx/y91tBLzwOXVo/9EspE
sEymY0Taszi0yvj/5FAvAu7SGEr37ZHA6mwE4l5LPiY7KZY1jp9c3gmexcn+EYP0
lGY5fIfxRjCuw/+8v4vDRnifYhRi1ATZYwRUWBVrago8NhQlopYdkpXWJZ6VOzKX
KZlBRLH2ms3IyOF3JNeVEYBJ847TWNdABaUW5vCRA1eH3pkDYhHNo37M3blJrfix
snoOl6ovF+iGdW6aqH8HlIsceZOHW3DT1by+jM2BdHH7gpNNfOW0RuOfYfBKkk8i
X73Yepzw7omEAJ0Rux96KIZLJbArwU2C7OaOjRmlC3OqH71yZJV0dWJWXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzwdg823J5X/eZ3RhX5YkKG4HGRMB8GA1UdIwQY
MBaAFOUF2TSX8Z0lYwZrQJIAlpcR8oxnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFYWk5KZnhuU1ZqQm10QWtnQ1dseEh5akdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NDBlNTMtYzRhNi00ZjUyLTgxMWUt
NmFmYzRlYzYzY2YwLzEvclBCMkR6YmNubGY5NW5kR0ZmbGlRb2JnY1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NDBlNTMtYzRhNi00ZjUyLTgxMWUtNmFmYzRlYzYzY2Yw
LzEvNVFYWk5KZnhuU1ZqQm10QWtnQ1dseEh5akdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjEWMA0G
CSqGSIb3DQEBCwUAA4IBAQCc7iBBoYTU06q02tHYlPVZNA5s+zu+WjP+h6HKdl9S
Fsy0YDktLxqD2LI2Hhjh5uAROqbhMg5E2UakYP/8qbkwi+MiaBz5PJPcToBlzf3G
mH37pv/JKHS0oI0Pl2v2S2fAlXPNKbDB67qL4pXCiJUdQJU6YxNjd9F9/y2mmhfk
I3kx9ptOVGSJdQwUGeL2FKiyRNLxBrEPLWwrrCAqGAUfIsihG3A2ziiSXvC0zIPn
AI2S+JUe/Kanckd8OEqGdXHAwHY8dzHeAb++bR0VR/tzYlDINxexXJLojCeo9WJv
dVwV25SNtPzXid7kCrTmRXCcDDqFTh8NQfC3V+5dFYG2
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:59:12 2024 by rpki-client on console-fra.rpki-client.org