Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/1-lkP2CF2pk-cIDS63iej-MjhUKI.roa
File:                     1-lkP2CF2pk-cIDS63iej-MjhUKI.roa (raw, json)
Hash identifier:          eN7GP2WaCNE/QTtmIsubC1PrmmAao7PWLhmVefuGVM4=
Subject key identifier:   FA:59:0F:D8:21:76:A6:4F:9C:20:34:BA:DE:27:A3:F8:C8:E1:50:A2
Certificate issuer:       /CN=e634616edbd60154fa3dac77ea90dbd7c68a132d
Certificate serial:       018CC8DEE9E31EEF5086BD9CBE4E681729C8
Authority key identifier: E6:34:61:6E:DB:D6:01:54:FA:3D:AC:77:EA:90:DB:D7:C6:8A:13:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/1-lkP2CF2pk-cIDS63iej-MjhUKI.roa
Signing time:             Tue 02 Jan 2024 06:31:41 +0000
ROA not before:           Tue 02 Jan 2024 06:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        195.245.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e9:e3:1e:ef:50:86:bd:9c:be:4e:68:17:29:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e634616edbd60154fa3dac77ea90dbd7c68a132d
        Validity
            Not Before: Jan  2 06:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa590fd82176a64f9c2034bade27a3f8c8e150a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:91:c4:c0:dd:c2:89:8e:34:6f:34:45:48:e9:
                    f0:d6:74:5a:26:44:44:85:a7:9e:0e:45:89:78:a0:
                    21:2c:ab:0a:61:34:56:cd:19:01:6c:7b:4d:96:f1:
                    f5:f1:d2:ea:bc:6e:42:6e:5c:50:16:81:29:31:7d:
                    45:70:bd:a8:41:8d:8c:eb:44:c6:22:b6:bb:59:2c:
                    3e:5b:51:cb:8e:01:57:6c:41:da:48:3f:a3:ce:bf:
                    8f:44:60:05:a9:c4:f6:1d:4d:c8:52:68:d0:db:cb:
                    66:9e:68:63:b2:f7:13:ea:d1:3a:13:e8:a4:aa:19:
                    d4:26:dc:9e:3c:c4:f5:e2:ae:ea:c1:93:36:92:c9:
                    17:45:0e:8a:c5:ba:0b:5a:33:9c:86:70:d5:c1:56:
                    f0:21:5c:e2:b9:37:85:a5:4d:21:4b:9a:9b:df:87:
                    ce:53:69:52:cf:26:c7:fa:5d:60:e0:2d:89:4e:6a:
                    12:42:7a:67:04:d2:9e:80:f4:31:27:37:57:01:9e:
                    b0:7f:d5:58:bb:c4:4b:16:89:d4:c8:b7:f7:67:ca:
                    e2:45:47:6a:9d:46:5c:f8:44:fe:4f:d7:1a:89:59:
                    55:1f:73:92:3b:c0:73:90:81:00:ad:47:d6:9e:e1:
                    f4:c9:ea:da:fd:ed:6d:0c:4b:10:4d:7f:8e:07:59:
                    e2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:59:0F:D8:21:76:A6:4F:9C:20:34:BA:DE:27:A3:F8:C8:E1:50:A2
            X509v3 Authority Key Identifier:
                keyid:E6:34:61:6E:DB:D6:01:54:FA:3D:AC:77:EA:90:DB:D7:C6:8A:13:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/1-lkP2CF2pk-cIDS63iej-MjhUKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:87:9e:d3:c4:d1:6b:b7:f6:33:b6:ad:fe:4d:ae:f5:64:68:
         eb:50:6e:d4:e9:19:45:cd:89:4d:4c:57:4d:2f:8d:c7:69:8c:
         08:08:52:7c:35:83:8a:f7:e9:1a:e8:4d:e2:32:81:6d:34:16:
         81:59:98:a8:9e:73:2d:7e:51:0b:f5:2a:fd:7d:d9:d2:d9:82:
         15:dd:ae:9d:af:2f:b1:c4:4f:8a:15:bf:41:a5:c1:a0:1d:78:
         00:39:9e:d4:e8:47:f4:23:dd:83:78:a3:1a:be:60:85:fd:f8:
         80:22:48:b1:ed:2a:03:af:5e:b0:62:c2:96:54:b8:ca:c5:1c:
         a1:95:7d:02:69:7a:9f:1a:06:45:cf:02:c7:41:4f:2c:2d:cd:
         32:f7:80:34:88:77:e8:26:f3:48:33:a6:17:2a:0a:bd:f3:c9:
         42:31:5a:06:f6:12:8d:cc:f0:f9:9e:6b:9e:92:86:65:6b:dd:
         4f:46:76:f0:9a:1f:38:db:1f:a8:4c:15:30:21:c7:9f:97:ce:
         0f:58:e4:54:f7:18:a6:c8:c8:b6:42:b5:7f:c8:4b:49:f6:5c:
         11:73:6b:d4:fa:6c:8e:c0:f2:95:08:74:86:19:50:39:34:cf:
         4f:dc:09:f9:e6:40:be:50:3f:36:84:6a:7d:29:36:6e:f8:22:
         62:51:72:e0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3unjHu9Qhr2cvk5oFynIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzQ2MTZlZGJkNjAxNTRmYTNkYWM3N2VhOTBkYmQ3YzY4
YTEzMmQwHhcNMjQwMTAyMDYzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTU5MGZkODIxNzZhNjRmOWMyMDM0YmFkZTI3YTNmOGM4ZTE1MGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupHEwN3CiY40bzRFSOnw1nRaJkRE
haeeDkWJeKAhLKsKYTRWzRkBbHtNlvH18dLqvG5CblxQFoEpMX1FcL2oQY2M60TG
Ira7WSw+W1HLjgFXbEHaSD+jzr+PRGAFqcT2HU3IUmjQ28tmnmhjsvcT6tE6E+ik
qhnUJtyePMT14q7qwZM2kskXRQ6KxboLWjOchnDVwVbwIVziuTeFpU0hS5qb34fO
U2lSzybH+l1g4C2JTmoSQnpnBNKegPQxJzdXAZ6wf9VYu8RLFonUyLf3Z8riRUdq
nUZc+ET+T9caiVlVH3OSO8BzkIEArUfWnuH0yera/e1tDEsQTX+OB1niSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpZD9ghdqZPnCA0ut4no/jI4VCiMB8GA1UdIwQY
MBaAFOY0YW7b1gFU+j2sd+qQ29fGihMtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpSaGJ0dldBVlQ2UGF4MzZwRGIxOGFLRXkwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9mMjkyNjgtMmM2YS00ZTlkLWFhMmQt
ZDk5MjMxZTQ2NDU3LzEvMS1sa1AyQ0YycGstY0lEUzYzaWVqLU1qaFVLSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDIvZjI5MjY4LTJjNmEtNGU5ZC1hYTJkLWQ5OTIzMWU0NjQ1
Ny8xLzVqUmhidHZXQVZUNlBheDM2cERiMThhS0V5MC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMP1VTAN
BgkqhkiG9w0BAQsFAAOCAQEABIee08TRa7f2M7at/k2u9WRo61Bu1OkZRc2JTUxX
TS+Nx2mMCAhSfDWDivfpGuhN4jKBbTQWgVmYqJ5zLX5RC/Uq/X3Z0tmCFd2una8v
scRPihW/QaXBoB14ADme1OhH9CPdg3ijGr5ghf34gCJIse0qA69esGLCllS4ysUc
oZV9Aml6nxoGRc8Cx0FPLC3NMveANIh36CbzSDOmFyoKvfPJQjFaBvYSjczw+Z5r
npKGZWvdT0Z28JofONsfqEwVMCHHn5fOD1jkVPcYpsjItkK1f8hLSfZcEXNr1Pps
jsDylQh0hhlQOTTPT9wJ+eZAvlA/NoRqfSk2bvgiYlFy4A==
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:43:41 2024 by rpki-client on console-fra.rpki-client.org