Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/l6PESaXru3XwZnhL3QEUM6POesM.roa
File:                     l6PESaXru3XwZnhL3QEUM6POesM.roa (raw, json)
Hash identifier:          86jpAOalTeFF6dUqf5NNxmCa6QMbP1rBcLnDET395Xk=
Subject key identifier:   97:A3:C4:49:A5:EB:BB:75:F0:66:78:4B:DD:01:14:33:A3:CE:7A:C3
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018CC56DFE3842EB6D0E1D8E02DDDA1E9A40
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/l6PESaXru3XwZnhL3QEUM6POesM.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19437
IP address blocks:        146.19.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fe:38:42:eb:6d:0e:1d:8e:02:dd:da:1e:9a:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97a3c449a5ebbb75f066784bdd011433a3ce7ac3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:78:0f:3f:68:f7:6b:61:56:67:dd:d3:20:c3:
                    a8:e0:ad:d5:ff:67:ab:72:f6:68:20:bd:5f:fd:62:
                    83:06:02:04:95:c0:e1:8f:5c:6b:55:64:4f:05:e0:
                    8a:9b:63:74:b3:38:70:66:ac:7d:2f:7b:6b:a2:63:
                    a5:47:12:88:4b:44:66:f7:e3:86:a4:e2:05:28:12:
                    e5:06:f0:15:8b:09:80:1d:b4:29:b3:f2:41:e7:51:
                    33:63:69:3d:6a:5e:93:bc:db:a3:91:f6:c8:53:e5:
                    0c:86:57:80:a7:40:5d:bc:92:83:2f:0a:f3:7f:89:
                    18:83:53:cf:71:ad:a1:5d:ac:02:41:9f:03:9d:b9:
                    9a:ff:8c:97:85:81:ea:f0:67:b7:35:f0:d1:c0:6b:
                    7e:b5:4d:30:76:84:b6:4e:15:b7:f0:aa:68:08:53:
                    9d:96:da:2a:be:58:93:2e:ff:3a:7b:56:38:fc:2d:
                    22:04:dd:08:68:5e:a9:23:98:aa:86:67:03:94:15:
                    2a:64:71:fa:77:0d:68:c5:71:06:f6:30:0f:11:8e:
                    96:76:66:6b:94:97:c2:95:7a:06:94:b0:2d:3a:1a:
                    e6:9d:17:1e:8d:7f:bd:3c:e8:b4:37:3d:31:0e:3c:
                    51:5c:ef:a7:15:38:00:51:1e:1e:8f:a7:e5:27:57:
                    8a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:A3:C4:49:A5:EB:BB:75:F0:66:78:4B:DD:01:14:33:A3:CE:7A:C3
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/l6PESaXru3XwZnhL3QEUM6POesM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:c0:ce:da:d6:b2:68:c1:c4:b1:b2:b6:7d:ed:11:20:da:ec:
         5d:a7:95:92:df:db:b1:77:a1:cb:85:59:00:ef:ad:53:98:8a:
         32:00:2d:f0:0e:f9:67:11:93:04:8a:ef:29:c6:28:25:6b:21:
         e4:d0:cf:d8:26:56:3d:32:0b:55:8a:9f:2b:c5:4a:33:44:7a:
         51:1e:c0:57:18:0d:d4:43:6e:49:34:07:5f:24:d1:f0:fb:81:
         f2:36:c3:7b:b9:2f:1c:e6:d4:e5:8a:c1:af:20:bc:97:13:80:
         ed:a7:4e:2d:08:46:93:55:5d:89:13:f4:d7:9c:a1:85:d3:56:
         93:12:77:70:13:d9:2a:14:d2:76:5c:ca:e1:3e:7f:c7:65:cb:
         7f:65:13:7c:0d:d7:59:5c:3b:71:6e:23:95:24:31:1c:f7:ca:
         94:9d:86:e9:1d:28:44:8f:78:a7:74:0c:e2:09:1f:25:07:94:
         6b:7b:b9:63:be:f1:0a:f4:61:25:68:2b:9c:9a:9a:e3:ea:8c:
         04:cc:b4:5b:9c:1e:7e:eb:c3:ad:87:7e:46:c2:32:03:6f:79:
         22:c0:92:30:2f:b7:4e:9b:61:b5:2a:34:b9:1e:c4:75:df:74:
         ff:53:a4:cd:b1:17:92:ca:f5:12:fc:e8:92:fb:cb:f3:c6:86:
         0a:84:1a:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf44QuttDh2OAt3aHppAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2EzYzQ0OWE1ZWJiYjc1ZjA2Njc4NGJkZDAxMTQzM2EzY2U3YWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3gPP2j3a2FWZ93TIMOo4K3V/2er
cvZoIL1f/WKDBgIElcDhj1xrVWRPBeCKm2N0szhwZqx9L3tromOlRxKIS0Rm9+OG
pOIFKBLlBvAViwmAHbQps/JB51EzY2k9al6TvNujkfbIU+UMhleAp0BdvJKDLwrz
f4kYg1PPca2hXawCQZ8Dnbma/4yXhYHq8Ge3NfDRwGt+tU0wdoS2ThW38KpoCFOd
ltoqvliTLv86e1Y4/C0iBN0IaF6pI5iqhmcDlBUqZHH6dw1oxXEG9jAPEY6WdmZr
lJfClXoGlLAtOhrmnRcejX+9POi0Nz0xDjxRXO+nFTgAUR4ej6flJ1eKiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJejxEml67t18GZ4S90BFDOjznrDMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvbDZQRVNhWHJ1M1h3Wm5oTDNRRVVNNlBPZXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPNMA0G
CSqGSIb3DQEBCwUAA4IBAQA4wM7a1rJowcSxsrZ97REg2uxdp5WS39uxd6HLhVkA
761TmIoyAC3wDvlnEZMEiu8pxiglayHk0M/YJlY9MgtVip8rxUozRHpRHsBXGA3U
Q25JNAdfJNHw+4HyNsN7uS8c5tTlisGvILyXE4Dtp04tCEaTVV2JE/TXnKGF01aT
EndwE9kqFNJ2XMrhPn/HZct/ZRN8DddZXDtxbiOVJDEc98qUnYbpHShEj3indAzi
CR8lB5Rre7ljvvEK9GElaCucmprj6owEzLRbnB5+68Oth35GwjIDb3kiwJIwL7dO
m2G1KjS5HsR133T/U6TNsReSyvUS/OiS+8vzxoYKhBqR
-----END CERTIFICATE-----
Generated at Mon Nov 25 14:19:05 2024 by rpki-client on console-ams.rpki-client.org