Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/c1r0yUGUBAjz0gZ6aam7iWs7Pqk.roa
File:                     c1r0yUGUBAjz0gZ6aam7iWs7Pqk.roa (raw, json)
Hash identifier:          Pkk8wQyw+FfNufIehtC1Pf2EfwrRTRXgi4qExEbpxZw=
Subject key identifier:   73:5A:F4:C9:41:94:04:08:F3:D2:06:7A:69:A9:BB:89:6B:3B:3E:A9
Certificate issuer:       /CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
Certificate serial:       018CC64A94BC013EDBA30134D965C4150F33
Authority key identifier: 81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/c1r0yUGUBAjz0gZ6aam7iWs7Pqk.roa
Signing time:             Mon 01 Jan 2024 18:30:25 +0000
ROA not before:           Mon 01 Jan 2024 18:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212390
IP address blocks:        194.50.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:94:bc:01:3e:db:a3:01:34:d9:65:c4:15:0f:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
        Validity
            Not Before: Jan  1 18:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=735af4c941940408f3d2067a69a9bb896b3b3ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:08:ab:32:43:7c:c6:93:af:af:1a:7c:18:fe:
                    c0:a1:36:1d:f9:80:e0:70:99:0c:56:2c:e2:c8:21:
                    9a:4e:31:6d:8e:a4:9d:ea:b4:41:b8:1b:66:fc:c3:
                    82:d2:0d:0d:9a:7e:2c:86:3a:65:06:61:b2:6d:b5:
                    4a:82:64:af:c7:de:4f:60:da:a4:3b:e6:15:f8:a3:
                    82:cf:d5:92:51:ba:7e:2d:46:62:8d:f0:ae:e7:d4:
                    95:47:41:87:b8:ac:57:38:0a:d1:f8:d7:bd:06:3c:
                    95:07:65:60:72:d2:a8:5b:b1:de:2e:db:b0:42:1f:
                    da:d4:dd:15:64:8f:18:6a:1c:5a:b7:58:44:80:8d:
                    e5:fe:f4:ad:e6:44:4b:fd:b3:5f:a3:9b:70:3a:64:
                    48:d0:cb:a7:b9:c1:7d:45:7d:19:36:ba:e9:3c:7f:
                    e6:70:98:38:03:86:f6:d8:79:d5:c6:79:dd:aa:82:
                    95:80:45:ab:6b:2a:20:b9:9f:5e:41:12:32:13:c0:
                    e8:e7:ac:54:b6:6a:d1:fe:36:af:14:ca:30:64:04:
                    e9:62:df:0e:42:31:55:53:f7:68:f9:ae:a6:8c:7a:
                    34:81:38:1c:aa:d4:71:1e:d0:1a:fe:e2:4b:d6:4b:
                    88:87:00:e0:ad:65:05:91:ef:45:1b:ac:c6:84:09:
                    e8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:5A:F4:C9:41:94:04:08:F3:D2:06:7A:69:A9:BB:89:6B:3B:3E:A9
            X509v3 Authority Key Identifier:
                keyid:81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/c1r0yUGUBAjz0gZ6aam7iWs7Pqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:e3:53:aa:14:ce:04:a1:b6:18:70:75:df:7a:36:e2:24:e6:
         33:44:a4:b9:97:cc:c1:d8:dc:5d:c3:69:6d:0e:85:5e:40:e4:
         e0:89:f0:79:ce:8f:5f:ca:4a:24:b9:56:7d:db:8e:55:ad:3e:
         4d:09:ab:1d:29:a4:da:50:4c:e0:cc:68:55:04:79:b3:06:b3:
         1f:b5:de:64:e7:0e:b7:7d:75:f5:8f:d0:8d:3e:33:1b:c0:e0:
         52:7f:23:b6:62:dc:34:88:fe:eb:2c:b5:6c:cc:a1:52:01:2c:
         a5:d4:d5:2a:2d:79:2f:c5:f2:a3:61:ff:7e:35:84:85:7f:54:
         22:69:f6:30:3b:a4:90:90:fe:47:7f:0a:4d:78:cb:49:31:f1:
         8e:7d:67:33:3d:d2:4d:af:03:9e:78:2b:ce:38:cc:25:7c:25:
         99:6c:9a:a8:8e:d4:8f:81:88:05:9f:f4:36:61:c1:fa:bb:a5:
         76:24:b8:39:ae:6c:86:9c:ae:fa:f9:46:78:54:58:71:af:fe:
         0d:a5:26:46:8c:30:35:1c:59:a7:86:fa:38:0e:8d:51:a4:1f:
         46:6c:df:bc:68:11:a2:bf:9e:36:cb:cf:fb:54:e4:55:5a:a4:
         4d:11:81:2f:a2:a1:cf:3a:8b:6e:77:9a:e4:16:52:03:ca:7e:
         b0:57:03:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSpS8AT7bowE02WXEFQ8zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTdjZThiYWNiZWNlZWIxNmY2MDBiNjA3ZDFiZmQwODAz
M2IzMDIwHhcNMjQwMTAxMTgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzVhZjRjOTQxOTQwNDA4ZjNkMjA2N2E2OWE5YmI4OTZiM2IzZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugirMkN8xpOvrxp8GP7AoTYd+YDg
cJkMViziyCGaTjFtjqSd6rRBuBtm/MOC0g0Nmn4shjplBmGybbVKgmSvx95PYNqk
O+YV+KOCz9WSUbp+LUZijfCu59SVR0GHuKxXOArR+Ne9BjyVB2VgctKoW7HeLtuw
Qh/a1N0VZI8Yahxat1hEgI3l/vSt5kRL/bNfo5twOmRI0MunucF9RX0ZNrrpPH/m
cJg4A4b22HnVxnndqoKVgEWrayoguZ9eQRIyE8Do56xUtmrR/javFMowZATpYt8O
QjFVU/do+a6mjHo0gTgcqtRxHtAa/uJL1kuIhwDgrWUFke9FG6zGhAno7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNa9MlBlAQI89IGemmpu4lrOz6pMB8GA1UdIwQY
MBaAFIGnzousvs7rFvYAtgfRv9CAM7MCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzct
YjI3ZDg3MzBhMjcwLzEvYzFyMHlVR1VCQWp6MGdaNmFhbTdpV3M3UHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzctYjI3ZDg3MzBhMjcw
LzEvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjK7MA0G
CSqGSIb3DQEBCwUAA4IBAQCF41OqFM4EobYYcHXfejbiJOYzRKS5l8zB2Nxdw2lt
DoVeQOTgifB5zo9fykokuVZ9245VrT5NCasdKaTaUEzgzGhVBHmzBrMftd5k5w63
fXX1j9CNPjMbwOBSfyO2Ytw0iP7rLLVszKFSASyl1NUqLXkvxfKjYf9+NYSFf1Qi
afYwO6SQkP5HfwpNeMtJMfGOfWczPdJNrwOeeCvOOMwlfCWZbJqojtSPgYgFn/Q2
YcH6u6V2JLg5rmyGnK76+UZ4VFhxr/4NpSZGjDA1HFmnhvo4Do1RpB9GbN+8aBGi
v542y8/7VORVWqRNEYEvoqHPOotud5rkFlIDyn6wVwOg
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:13:24 2024 by rpki-client on console-ams.rpki-client.org