Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/XPlQEBKPlrAUVyCtDPCRVfP7rLU.roa
File:                     XPlQEBKPlrAUVyCtDPCRVfP7rLU.roa (raw, json)
Hash identifier:          TV+6JsgLNUtz6NjpYJuN8806pmKEtFAYFP1qLJF1iDU=
Subject key identifier:   5C:F9:50:10:12:8F:96:B0:14:57:20:AD:0C:F0:91:55:F3:FB:AC:B5
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018CC56E05D35357E971D49F8EE365D53A84
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/XPlQEBKPlrAUVyCtDPCRVfP7rLU.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400040
IP address blocks:        193.37.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:05:d3:53:57:e9:71:d4:9f:8e:e3:65:d5:3a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cf95010128f96b0145720ad0cf09155f3fbacb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:07:b9:1b:18:4a:3d:85:e9:3f:88:a3:ee:e0:
                    57:6d:51:41:ed:dd:c7:a5:52:54:99:fd:fa:60:ec:
                    55:46:a2:56:db:3f:27:06:62:a6:01:28:e2:b7:bb:
                    d3:be:0d:f1:d6:f2:e8:6a:85:88:0a:48:90:72:8f:
                    7e:91:57:c2:7c:29:e6:ac:74:38:af:69:74:ed:51:
                    76:33:60:3e:54:c7:cf:16:09:8a:0c:81:1d:4c:6b:
                    32:43:c6:ca:95:db:ec:a3:b8:f0:8e:30:99:7d:87:
                    34:ae:b9:ae:27:99:32:9c:41:b6:98:1e:6b:c8:ca:
                    2d:bb:38:d0:d2:50:a1:9d:9b:d6:2b:be:0c:1a:63:
                    78:70:da:dc:f9:03:5e:a9:a5:51:45:2d:c2:17:fc:
                    61:f4:1e:aa:c1:b6:7e:7c:5f:33:84:00:e3:9f:f3:
                    d3:67:4d:20:b3:c8:f3:b1:80:ff:7b:db:ed:7a:04:
                    71:e2:cd:0f:73:d7:19:b0:4d:01:7b:69:65:26:12:
                    f8:92:42:f6:f7:63:3d:1d:4e:38:7c:4a:5f:57:d4:
                    44:5b:3a:1d:9e:52:ec:64:72:a6:78:22:7c:8d:6f:
                    f6:e2:f2:2a:1a:49:45:f0:c8:9b:7e:7f:63:e9:7d:
                    95:98:f8:e3:26:06:25:64:88:fb:f6:8a:c9:4d:12:
                    e5:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:F9:50:10:12:8F:96:B0:14:57:20:AD:0C:F0:91:55:F3:FB:AC:B5
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/XPlQEBKPlrAUVyCtDPCRVfP7rLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:bb:3f:c1:7d:35:e1:92:2c:b8:4e:ac:bd:b1:1b:8a:2e:38:
         23:6e:1a:99:74:17:88:92:5f:b5:94:7b:13:08:c1:30:d7:c9:
         1b:93:8d:a6:80:f3:c3:5c:42:29:7f:0c:0f:dd:83:c9:23:64:
         80:83:1f:2c:07:b1:9b:fa:67:1b:fe:8e:44:61:80:5e:a4:2e:
         ab:6e:ee:4f:b9:6c:07:0d:c4:d2:9e:a0:1a:a2:40:99:73:6a:
         2d:64:71:17:d9:62:95:b6:ef:9c:65:1e:fd:d0:5b:f6:33:fe:
         bf:49:f7:f8:42:ce:26:14:d5:b1:7b:97:71:0c:9b:d1:08:7e:
         f8:04:00:87:a2:8b:96:3c:a4:eb:b6:71:81:35:92:5d:57:92:
         ee:d1:c9:94:67:5a:5e:66:39:d3:2f:d8:23:f8:fd:27:db:55:
         57:79:78:c6:19:e6:13:03:ff:47:71:a8:18:5d:2a:e4:07:9e:
         da:b1:5e:62:c6:dc:4c:ac:fe:d2:f3:f7:3b:e9:a1:45:7d:a0:
         56:f5:6f:6b:83:b6:ea:8a:dc:8f:fd:8c:0b:79:55:a0:9e:db:
         b1:d8:49:3f:f0:24:24:ec:0e:a7:a9:72:56:a2:62:8a:f4:fa:
         d9:ff:18:01:56:35:a1:e6:05:59:0b:44:83:12:e7:06:a5:36:
         b1:c6:28:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgXTU1fpcdSfjuNl1TqEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Y5NTAxMDEyOGY5NmIwMTQ1NzIwYWQwY2YwOTE1NWYzZmJhY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQe5GxhKPYXpP4ij7uBXbVFB7d3H
pVJUmf36YOxVRqJW2z8nBmKmASjit7vTvg3x1vLoaoWICkiQco9+kVfCfCnmrHQ4
r2l07VF2M2A+VMfPFgmKDIEdTGsyQ8bKldvso7jwjjCZfYc0rrmuJ5kynEG2mB5r
yMotuzjQ0lChnZvWK74MGmN4cNrc+QNeqaVRRS3CF/xh9B6qwbZ+fF8zhADjn/PT
Z00gs8jzsYD/e9vtegRx4s0Pc9cZsE0Be2llJhL4kkL292M9HU44fEpfV9REWzod
nlLsZHKmeCJ8jW/24vIqGklF8Mibfn9j6X2VmPjjJgYlZIj79orJTRLlEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFz5UBASj5awFFcgrQzwkVXz+6y1MB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvWFBsUUVCS1BsckFVVnlDdERQQ1JWZlA3ckxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSXGMA0G
CSqGSIb3DQEBCwUAA4IBAQA4uz/BfTXhkiy4Tqy9sRuKLjgjbhqZdBeIkl+1lHsT
CMEw18kbk42mgPPDXEIpfwwP3YPJI2SAgx8sB7Gb+mcb/o5EYYBepC6rbu5PuWwH
DcTSnqAaokCZc2otZHEX2WKVtu+cZR790Fv2M/6/Sff4Qs4mFNWxe5dxDJvRCH74
BACHoouWPKTrtnGBNZJdV5Lu0cmUZ1peZjnTL9gj+P0n21VXeXjGGeYTA/9HcagY
XSrkB57asV5ixtxMrP7S8/c76aFFfaBW9W9rg7bqityP/YwLeVWgntux2Ek/8CQk
7A6nqXJWomKK9PrZ/xgBVjWh5gVZC0SDEucGpTaxxigX
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:49:28 2024 by rpki-client on console-fra.rpki-client.org