Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/LXIQsw0MZjONs_Mr4zxP_e6-Y0E.roa
File:                     LXIQsw0MZjONs_Mr4zxP_e6-Y0E.roa (raw, json)
Hash identifier:          lYyvH9TBx84RYJCbkcd4FQcI9Z95zilTECmtLwf+67Q=
Subject key identifier:   2D:72:10:B3:0D:0C:66:33:8D:B3:F3:2B:E3:3C:4F:FD:EE:BE:63:41
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       01900631F0C7B9A8CC3B95F20CF2FF4395A5
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/LXIQsw0MZjONs_Mr4zxP_e6-Y0E.roa
Signing time:             Tue 11 Jun 2024 07:27:34 +0000
ROA not before:           Tue 11 Jun 2024 07:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213245
IP address blocks:        84.17.69.0/24 maxlen: 24
                          84.17.72.0/24 maxlen: 24
                          84.17.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:31:f0:c7:b9:a8:cc:3b:95:f2:0c:f2:ff:43:95:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Jun 11 07:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d7210b30d0c66338db3f32be33c4ffdeebe6341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:61:82:8c:0b:7e:96:35:dd:e5:5e:79:92:a9:
                    85:12:c9:a6:80:fc:c6:23:d7:b0:63:04:44:e2:ec:
                    6f:7f:48:c2:35:bd:19:c7:78:5c:e1:49:1a:6a:68:
                    23:68:d7:de:f8:d5:35:52:b3:41:c4:e3:a3:48:ae:
                    0c:cc:e0:af:5c:48:8c:70:24:49:8d:00:ba:a5:18:
                    a2:21:00:31:f9:67:c3:a5:c9:5b:f6:ed:56:7c:bc:
                    08:70:c8:c6:a0:a7:28:55:b6:f3:35:6a:81:bb:2b:
                    76:d0:bd:77:55:cc:e6:26:46:91:b5:94:15:ef:8e:
                    f4:6a:40:6c:91:4c:06:de:0d:4c:e3:ee:5d:bc:60:
                    b7:c7:53:b9:39:e5:65:09:9d:f3:c2:ef:c6:43:4a:
                    ba:f0:0b:54:05:74:a2:04:37:89:b0:66:de:d1:25:
                    fa:87:36:fa:ad:64:d0:89:29:d8:f1:d1:be:48:18:
                    57:59:97:76:71:c7:5b:eb:48:b4:45:99:50:d0:40:
                    6a:62:d6:ee:9b:63:7b:58:14:46:af:94:b0:a3:d4:
                    6c:16:b4:46:82:cb:22:7f:4f:88:1d:a0:16:5a:8d:
                    57:78:3f:dd:08:7d:d4:9f:d6:30:45:f7:13:ae:c8:
                    6b:92:9f:b1:b7:69:4b:e5:aa:67:b0:eb:96:8b:47:
                    3f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:72:10:B3:0D:0C:66:33:8D:B3:F3:2B:E3:3C:4F:FD:EE:BE:63:41
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/LXIQsw0MZjONs_Mr4zxP_e6-Y0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.69.0/24
                  84.17.72.0/24
                  84.17.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f6:19:8e:f0:f3:2a:91:e8:91:67:e0:fa:97:8b:a0:bb:a8:
         08:c8:e9:b5:34:14:02:fb:df:e6:3a:99:aa:1e:b1:7a:3f:c4:
         1c:ec:b5:63:22:15:87:3a:e6:af:7d:c4:99:47:93:02:b1:23:
         10:2a:ae:8c:79:b6:17:bc:cb:b7:d4:95:5e:cd:c1:f1:8c:e1:
         ae:ad:3c:3d:e7:25:e6:b2:0f:1b:84:c3:4b:7a:99:91:fb:d6:
         ed:e3:c8:6d:78:c1:5c:50:14:19:ce:0f:e1:37:13:3a:24:f8:
         2b:b0:85:cb:6f:83:d4:81:43:e8:db:69:f2:03:40:3d:a4:d7:
         d8:41:06:c6:0a:28:c4:67:84:42:c7:0c:dd:0e:80:32:55:31:
         5b:b3:c9:16:c2:cd:a0:32:e6:b6:ce:23:ba:ff:08:a9:bd:fb:
         75:1a:09:3c:75:af:63:19:55:8d:71:c4:92:6b:02:4f:61:f8:
         8d:50:02:5f:e2:b6:ab:68:7d:ff:61:ee:af:db:5e:5e:32:17:
         11:84:ff:dd:e5:7e:9b:93:40:32:3a:92:42:58:57:e1:29:35:
         81:3e:c1:b0:a6:59:29:51:dd:e4:39:da:32:3f:2e:22:6d:ec:
         f0:09:fe:98:14:3b:18:8c:92:ca:fd:ac:d9:dd:65:ef:5a:8c:
         51:2f:47:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZAGMfDHuajMO5XyDPL/Q5WlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjQwNjExMDcyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDcyMTBiMzBkMGM2NjMzOGRiM2YzMmJlMzNjNGZmZGVlYmU2MzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmGCjAt+ljXd5V55kqmFEsmmgPzG
I9ewYwRE4uxvf0jCNb0Zx3hc4UkaamgjaNfe+NU1UrNBxOOjSK4MzOCvXEiMcCRJ
jQC6pRiiIQAx+WfDpclb9u1WfLwIcMjGoKcoVbbzNWqBuyt20L13VczmJkaRtZQV
7470akBskUwG3g1M4+5dvGC3x1O5OeVlCZ3zwu/GQ0q68AtUBXSiBDeJsGbe0SX6
hzb6rWTQiSnY8dG+SBhXWZd2ccdb60i0RZlQ0EBqYtbum2N7WBRGr5Swo9RsFrRG
gssif0+IHaAWWo1XeD/dCH3Un9YwRfcTrshrkp+xt2lL5apnsOuWi0c/0wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC1yELMNDGYzjbPzK+M8T/3uvmNBMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvTFhJUXN3ME1aak9Oc19NcjR6eFBfZTYtWTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVBFFAwQA
VBFIAwQAVBFYMA0GCSqGSIb3DQEBCwUAA4IBAQAa9hmO8PMqkeiRZ+D6l4ugu6gI
yOm1NBQC+9/mOpmqHrF6P8Qc7LVjIhWHOuavfcSZR5MCsSMQKq6MebYXvMu31JVe
zcHxjOGurTw95yXmsg8bhMNLepmR+9bt48hteMFcUBQZzg/hNxM6JPgrsIXLb4PU
gUPo22nyA0A9pNfYQQbGCijEZ4RCxwzdDoAyVTFbs8kWws2gMua2ziO6/wipvft1
Ggk8da9jGVWNccSSawJPYfiNUAJf4raraH3/Ye6v215eMhcRhP/d5X6bk0AyOpJC
WFfhKTWBPsGwplkpUd3kOdoyPy4ibezwCf6YFDsYjJLK/azZ3WXvWoxRL0db
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:27:08 2024 by rpki-client on console-ams.rpki-client.org