Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/4kCJv_yP6W1pc11rTza9_OFmh3Y.roa
File:                     4kCJv_yP6W1pc11rTza9_OFmh3Y.roa (raw, json)
Hash identifier:          tubiL/9o3q/ung2y+axRSBDr82C3o82q/ZXn9cvrhC4=
Subject key identifier:   E2:40:89:BF:FC:8F:E9:6D:69:73:5D:6B:4F:36:BD:FC:E1:66:87:76
Certificate issuer:       /CN=11f2e35b3c559b6d843667cad5dac674e01b96c3
Certificate serial:       018CC2DAFF1C709DCBD425F6A1A935BE5DC8
Authority key identifier: 11:F2:E3:5B:3C:55:9B:6D:84:36:67:CA:D5:DA:C6:74:E0:1B:96:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EfLjWzxVm22ENmfK1drGdOAblsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/4kCJv_yP6W1pc11rTza9_OFmh3Y.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209438
IP address blocks:        62.68.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/EfLjWzxVm22ENmfK1drGdOAblsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/EfLjWzxVm22ENmfK1drGdOAblsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EfLjWzxVm22ENmfK1drGdOAblsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ff:1c:70:9d:cb:d4:25:f6:a1:a9:35:be:5d:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11f2e35b3c559b6d843667cad5dac674e01b96c3
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e24089bffc8fe96d69735d6b4f36bdfce1668776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3d:14:81:59:3d:6e:cb:13:25:93:24:cb:27:
                    8c:48:fb:56:1e:ee:a8:eb:1c:6a:85:16:94:c3:b4:
                    18:f3:40:e3:5e:b4:52:6e:b8:ee:ec:22:06:2f:49:
                    c3:26:1c:03:14:30:40:c4:32:4c:12:54:08:5c:06:
                    60:b3:41:c8:16:db:d4:e5:af:67:b4:28:16:fd:5a:
                    92:1e:94:f3:d5:8e:4f:11:22:7f:e0:e6:5b:84:8d:
                    8c:c5:c2:c3:ad:43:6c:b4:7c:16:25:30:58:51:d1:
                    2f:f6:5b:57:01:9f:81:fe:fe:28:38:7d:7c:f8:5c:
                    8b:a0:37:2a:de:5d:6b:7c:09:9d:83:f4:05:79:6b:
                    39:20:42:d4:ec:52:d6:c7:2d:c6:27:8e:15:4e:6b:
                    04:6c:1f:d0:ba:6e:8e:38:3b:64:f4:25:71:93:a5:
                    b3:3f:37:be:14:17:51:f7:f8:cd:0e:72:2c:9c:11:
                    82:35:4d:2a:b1:2e:e4:b6:d6:8a:b3:61:30:81:65:
                    07:2a:b2:bf:c4:79:b0:b1:cf:d3:ed:2c:97:7b:99:
                    ef:1b:20:ab:71:bb:2c:35:aa:82:e4:a1:e1:bd:1c:
                    df:7e:4a:25:40:a9:ed:b6:5a:10:b5:c3:0d:ad:c0:
                    3c:ab:4a:19:b1:b4:03:23:ca:28:b0:db:fe:fc:9b:
                    33:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:40:89:BF:FC:8F:E9:6D:69:73:5D:6B:4F:36:BD:FC:E1:66:87:76
            X509v3 Authority Key Identifier:
                keyid:11:F2:E3:5B:3C:55:9B:6D:84:36:67:CA:D5:DA:C6:74:E0:1B:96:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EfLjWzxVm22ENmfK1drGdOAblsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/4kCJv_yP6W1pc11rTza9_OFmh3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/99d68e-27c3-4b2d-95f5-250a9e6708d0/1/EfLjWzxVm22ENmfK1drGdOAblsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.68.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:d5:86:24:55:a0:a7:df:8d:9e:87:54:b4:95:88:59:3e:df:
         ca:d4:cb:39:fe:5a:85:13:11:6f:46:1a:fb:3f:5e:45:59:e0:
         3d:81:17:41:93:3b:25:7d:3f:bc:a4:e4:b3:51:82:a1:d4:b0:
         78:2e:66:23:67:e6:0e:e0:31:b3:26:50:cd:cb:cc:d4:fa:34:
         73:00:ce:ab:0d:54:21:42:f2:5d:8e:92:99:94:7c:74:1b:05:
         2a:9b:14:96:28:57:c6:b2:c9:d3:f9:35:18:0c:a5:49:63:03:
         4c:e1:b8:62:67:17:cf:ca:a9:56:2d:9b:26:af:cb:33:d2:f5:
         2d:b9:5b:92:02:ea:39:14:67:c8:fc:4f:00:ae:b5:06:50:d8:
         85:d0:9c:33:b6:c3:c8:71:41:41:1a:60:91:92:bf:2c:07:8a:
         56:4a:ac:a4:71:4f:18:cf:bd:45:39:52:41:e7:c2:b8:fa:be:
         96:ea:df:d7:d4:b4:03:4e:56:03:9f:8f:72:a4:94:fa:dc:49:
         46:52:73:a1:90:3c:7d:3c:08:91:6c:1b:d8:5f:f0:60:08:40:
         34:87:ce:c0:33:74:b5:14:90:19:a5:8f:1d:ba:af:08:da:94:
         7a:de:d7:6c:7c:6c:2b:fb:51:0b:87:47:a5:64:42:09:97:07:
         40:ae:b0:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2v8ccJ3L1CX2oak1vl3IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZjJlMzViM2M1NTliNmQ4NDM2NjdjYWQ1ZGFjNjc0ZTAx
Yjk2YzMwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjQwODliZmZjOGZlOTZkNjk3MzVkNmI0ZjM2YmRmY2UxNjY4Nzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmj0UgVk9bssTJZMkyyeMSPtWHu6o
6xxqhRaUw7QY80DjXrRSbrju7CIGL0nDJhwDFDBAxDJMElQIXAZgs0HIFtvU5a9n
tCgW/VqSHpTz1Y5PESJ/4OZbhI2MxcLDrUNstHwWJTBYUdEv9ltXAZ+B/v4oOH18
+FyLoDcq3l1rfAmdg/QFeWs5IELU7FLWxy3GJ44VTmsEbB/Qum6OODtk9CVxk6Wz
Pze+FBdR9/jNDnIsnBGCNU0qsS7kttaKs2EwgWUHKrK/xHmwsc/T7SyXe5nvGyCr
cbssNaqC5KHhvRzffkolQKnttloQtcMNrcA8q0oZsbQDI8oosNv+/JszrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJAib/8j+ltaXNda082vfzhZod2MB8GA1UdIwQY
MBaAFBHy41s8VZtthDZnytXaxnTgG5bDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWZMald6eFZtMjJFTm1mSzFkckdkT0FibHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi85OWQ2OGUtMjdjMy00YjJkLTk1ZjUt
MjUwYTllNjcwOGQwLzEvNGtDSnZfeVA2VzFwYzExclR6YTlfT0ZtaDNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi85OWQ2OGUtMjdjMy00YjJkLTk1ZjUtMjUwYTllNjcwOGQw
LzEvRWZMald6eFZtMjJFTm1mSzFkckdkT0FibHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkRYMA0G
CSqGSIb3DQEBCwUAA4IBAQBL1YYkVaCn342eh1S0lYhZPt/K1Ms5/lqFExFvRhr7
P15FWeA9gRdBkzslfT+8pOSzUYKh1LB4LmYjZ+YO4DGzJlDNy8zU+jRzAM6rDVQh
QvJdjpKZlHx0GwUqmxSWKFfGssnT+TUYDKVJYwNM4bhiZxfPyqlWLZsmr8sz0vUt
uVuSAuo5FGfI/E8ArrUGUNiF0JwztsPIcUFBGmCRkr8sB4pWSqykcU8Yz71FOVJB
58K4+r6W6t/X1LQDTlYDn49ypJT63ElGUnOhkDx9PAiRbBvYX/BgCEA0h87AM3S1
FJAZpY8duq8I2pR63tdsfGwr+1ELh0elZEIJlwdArrA5
-----END CERTIFICATE-----
Generated at Tue Nov 26 22:37:14 2024 by rpki-client on console-ams.rpki-client.org