Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/e892a1-cb5d-41d2-9078-a3900ff45451/1/78rjR4AovzRajhuMtFS3rTcoRsk.roa
File:                     78rjR4AovzRajhuMtFS3rTcoRsk.roa (raw, json)
Hash identifier:          gL0XsLgaO/kr+D/96Ecpp8oDBmvuuZ2UQuIoEIFmw80=
Subject key identifier:   EF:CA:E3:47:80:28:BF:34:5A:8E:1B:8C:B4:54:B7:AD:37:28:46:C9
Certificate issuer:       /CN=fc4b8573ca0ebb478e008f70afa08ae58b7869a5
Certificate serial:       018CC801145D855699FA04CDE18B64F8D5B4
Authority key identifier: FC:4B:85:73:CA:0E:BB:47:8E:00:8F:70:AF:A0:8A:E5:8B:78:69:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_EuFc8oOu0eOAI9wr6CK5Yt4aaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/e892a1-cb5d-41d2-9078-a3900ff45451/1/78rjR4AovzRajhuMtFS3rTcoRsk.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12329
IP address blocks:        194.156.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/e892a1-cb5d-41d2-9078-a3900ff45451/1/_EuFc8oOu0eOAI9wr6CK5Yt4aaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/e892a1-cb5d-41d2-9078-a3900ff45451/1/_EuFc8oOu0eOAI9wr6CK5Yt4aaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_EuFc8oOu0eOAI9wr6CK5Yt4aaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:14:5d:85:56:99:fa:04:cd:e1:8b:64:f8:d5:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4b8573ca0ebb478e008f70afa08ae58b7869a5
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efcae3478028bf345a8e1b8cb454b7ad372846c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:1f:33:89:52:c5:10:9e:b6:ee:1b:3f:c3:91:
                    db:22:c3:1e:1e:25:b3:10:41:15:1e:41:ab:70:c2:
                    5c:61:e8:2f:24:01:9d:9c:15:9f:ee:b5:46:0b:59:
                    7b:44:d7:b0:0b:de:43:3f:8e:ff:17:c9:81:c0:2a:
                    26:1b:ba:7d:a1:c0:ce:10:6f:77:98:9b:16:f9:ff:
                    e2:ca:61:e8:85:a8:2a:bf:36:d8:c1:f9:5b:3a:f2:
                    65:06:af:49:1f:6e:0f:c3:63:8f:25:46:ff:21:b6:
                    04:57:cd:13:96:3a:e3:7b:ea:f3:b3:e2:54:d6:d7:
                    6f:f8:34:40:2d:73:1d:dc:18:70:f2:a3:c5:3b:46:
                    66:ac:72:f7:42:c2:ee:ee:bf:4f:ad:a4:4e:bc:07:
                    53:1d:5e:54:de:3d:62:26:9b:3b:e1:e8:d7:83:20:
                    70:12:fa:52:e6:f3:9d:3c:7b:c8:ee:51:7f:93:0d:
                    b5:24:88:15:57:e6:d3:4c:bc:e6:c4:e6:ff:86:0f:
                    de:5d:d9:29:2e:6c:48:e9:2d:ce:36:a8:74:80:46:
                    b5:91:48:24:ed:38:cc:ee:3e:43:21:12:10:5d:08:
                    73:72:ee:2e:95:cd:ed:bf:85:c8:05:f4:18:c3:42:
                    67:4d:b0:0d:51:6c:9a:ce:f9:ce:a3:89:91:3b:ba:
                    d9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:CA:E3:47:80:28:BF:34:5A:8E:1B:8C:B4:54:B7:AD:37:28:46:C9
            X509v3 Authority Key Identifier:
                keyid:FC:4B:85:73:CA:0E:BB:47:8E:00:8F:70:AF:A0:8A:E5:8B:78:69:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_EuFc8oOu0eOAI9wr6CK5Yt4aaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/e892a1-cb5d-41d2-9078-a3900ff45451/1/78rjR4AovzRajhuMtFS3rTcoRsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/e892a1-cb5d-41d2-9078-a3900ff45451/1/_EuFc8oOu0eOAI9wr6CK5Yt4aaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:c1:25:13:e1:b3:dd:7b:6c:b6:4c:ab:be:db:9c:03:c4:d2:
         c7:55:2c:6f:6e:a6:6a:70:48:88:57:46:e8:11:61:ee:c2:f0:
         32:f2:dd:8c:c7:d3:e5:03:0f:97:16:20:6c:c9:7b:24:55:07:
         72:ce:7c:a6:6b:51:14:2a:1e:dc:90:22:c2:88:ef:b5:65:85:
         b5:92:ed:6c:6d:8e:0c:ad:3d:8f:7c:fd:6c:57:74:e0:d9:ce:
         76:d5:d9:51:a8:78:e5:14:44:6a:09:b0:34:db:a9:38:1f:ce:
         7e:39:c6:3e:b3:65:36:99:f7:61:11:fe:19:01:a3:4e:1b:21:
         b6:df:65:c5:0b:11:72:b5:2b:ba:5f:7f:41:73:26:0b:12:16:
         0a:3d:68:d3:a7:7f:5c:df:13:1c:9e:2d:50:95:e9:8f:ed:9f:
         48:99:0c:3f:c7:30:15:d4:7f:bd:f6:df:22:0a:6e:7f:8f:7a:
         cd:65:f8:1b:b7:27:50:76:40:4b:6b:27:27:5e:1b:c6:78:30:
         ac:06:b0:c1:16:68:5e:73:2f:24:11:fe:7c:21:4e:40:77:1a:
         74:af:64:06:62:c8:fd:43:cf:16:77:4b:50:74:11:0a:5b:c8:
         ec:76:b8:67:8a:0e:bd:45:ec:7a:12:23:c3:f6:d9:32:14:c2:
         84:29:17:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARRdhVaZ+gTN4Ytk+NW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGI4NTczY2EwZWJiNDc4ZTAwOGY3MGFmYTA4YWU1OGI3
ODY5YTUwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmNhZTM0NzgwMjhiZjM0NWE4ZTFiOGNiNDU0YjdhZDM3Mjg0NmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgR8ziVLFEJ627hs/w5HbIsMeHiWz
EEEVHkGrcMJcYegvJAGdnBWf7rVGC1l7RNewC95DP47/F8mBwComG7p9ocDOEG93
mJsW+f/iymHohagqvzbYwflbOvJlBq9JH24Pw2OPJUb/IbYEV80Tljrje+rzs+JU
1tdv+DRALXMd3Bhw8qPFO0ZmrHL3QsLu7r9PraROvAdTHV5U3j1iJps74ejXgyBw
EvpS5vOdPHvI7lF/kw21JIgVV+bTTLzmxOb/hg/eXdkpLmxI6S3ONqh0gEa1kUgk
7TjM7j5DIRIQXQhzcu4ulc3tv4XIBfQYw0JnTbANUWyazvnOo4mRO7rZOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/K40eAKL80Wo4bjLRUt603KEbJMB8GA1UdIwQY
MBaAFPxLhXPKDrtHjgCPcK+giuWLeGmlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0V1RmM4b091MGVPQUk5d3I2Q0s1WXQ0YWFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9lODkyYTEtY2I1ZC00MWQyLTkwNzgt
YTM5MDBmZjQ1NDUxLzEvNzhyalI0QW92elJhamh1TXRGUzNyVGNvUnNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9lODkyYTEtY2I1ZC00MWQyLTkwNzgtYTM5MDBmZjQ1NDUx
LzEvX0V1RmM4b091MGVPQUk5d3I2Q0s1WXQ0YWFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpxWMA0G
CSqGSIb3DQEBCwUAA4IBAQCxwSUT4bPde2y2TKu+25wDxNLHVSxvbqZqcEiIV0bo
EWHuwvAy8t2Mx9PlAw+XFiBsyXskVQdyznyma1EUKh7ckCLCiO+1ZYW1ku1sbY4M
rT2PfP1sV3Tg2c521dlRqHjlFERqCbA026k4H85+OcY+s2U2mfdhEf4ZAaNOGyG2
32XFCxFytSu6X39BcyYLEhYKPWjTp39c3xMcni1QlemP7Z9ImQw/xzAV1H+99t8i
Cm5/j3rNZfgbtydQdkBLaycnXhvGeDCsBrDBFmhecy8kEf58IU5Adxp0r2QGYsj9
Q88Wd0tQdBEKW8jsdrhnig69Rex6EiPD9tkyFMKEKRdS
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:25:09 2024 by rpki-client on console-fra.rpki-client.org