Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/op052EwSdQJYCzo0GIgfp_oJb0c.roa
File:                     op052EwSdQJYCzo0GIgfp_oJb0c.roa (raw, json)
Hash identifier:          XFwoZxm2V1IOIT/ZJlELYiDftm+ELjQPleGHxgS1zA8=
Subject key identifier:   A2:9D:39:D8:4C:12:75:02:58:0B:3A:34:18:88:1F:A7:FA:09:6F:47
Certificate issuer:       /CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
Certificate serial:       0192D04C58A8B9B3706FF0F3A670E1F07B81
Authority key identifier: 51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/op052EwSdQJYCzo0GIgfp_oJb0c.roa
Signing time:             Sun 27 Oct 2024 23:25:17 +0000
ROA not before:           Sun 27 Oct 2024 23:25:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62443
IP address blocks:        194.39.255.0/24 maxlen: 24
                          2a13:cc80::/32 maxlen: 32
                          2a13:cc81::/32 maxlen: 32
                          2a13:cc82:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Nov 2024 21:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d0:4c:58:a8:b9:b3:70:6f:f0:f3:a6:70:e1:f0:7b:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=517a0c96842bafc9f630ba14b83ea79bd12a53b9
        Validity
            Not Before: Oct 27 23:25:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a29d39d84c127502580b3a3418881fa7fa096f47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d1:49:3a:40:62:fd:19:72:3e:79:81:23:b0:
                    05:32:e4:43:a1:38:5e:21:7a:79:37:21:23:b9:09:
                    f3:19:38:d1:90:cf:40:bf:92:dc:ff:7f:40:bf:e1:
                    bc:8f:00:d7:12:f4:9f:58:fa:76:74:98:94:23:e8:
                    40:84:8c:3f:c2:6e:a7:64:5a:82:3f:3d:17:6a:49:
                    97:6c:53:54:cb:0e:bf:ab:e0:8f:1b:9b:51:ea:1f:
                    47:6f:8c:4e:df:8e:42:24:97:2b:f1:12:d9:fa:91:
                    8b:ad:64:54:99:75:c5:74:5b:33:e5:e4:b2:14:e2:
                    2f:9b:f5:42:9b:90:bc:b8:92:50:2f:2c:e6:32:60:
                    5c:b3:ef:cd:53:ac:26:bc:4e:84:10:42:90:7d:ab:
                    51:69:79:1e:db:fa:e4:af:62:14:54:f1:f8:6e:c4:
                    97:df:60:10:d2:28:e6:c3:63:9b:ed:b4:a9:3f:d4:
                    da:43:70:99:d5:92:73:d6:61:d6:a1:bb:85:7d:05:
                    fb:1d:19:f4:44:1f:63:f2:df:5e:be:a5:2f:da:ce:
                    e1:82:95:04:ec:b3:79:3d:29:0e:be:c0:d8:f5:44:
                    9e:cb:af:de:f0:27:fe:f9:1b:fb:e1:10:1d:55:87:
                    c7:63:58:33:4a:f0:91:42:92:61:2c:b7:c1:15:14:
                    9a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:9D:39:D8:4C:12:75:02:58:0B:3A:34:18:88:1F:A7:FA:09:6F:47
            X509v3 Authority Key Identifier:
                keyid:51:7A:0C:96:84:2B:AF:C9:F6:30:BA:14:B8:3E:A7:9B:D1:2A:53:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UXoMloQrr8n2MLoUuD6nm9EqU7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/op052EwSdQJYCzo0GIgfp_oJb0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/14e492-8525-4eec-84bc-b0eb6715e0af/1/UXoMloQrr8n2MLoUuD6nm9EqU7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.255.0/24
                IPv6:
                  2a13:cc80::/31
                  2a13:cc82:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:07:91:d0:41:fc:57:58:3b:ce:6d:97:e8:12:91:9f:58:f1:
         97:e8:0a:5c:25:15:34:e7:02:60:d1:e9:12:fb:7c:fd:b0:a5:
         3c:69:9d:9f:20:1a:bd:05:67:c9:40:fb:3b:99:fd:43:28:ac:
         62:b9:66:fc:52:db:00:e7:eb:6f:b0:4d:1e:d1:2c:35:c1:33:
         33:27:e0:2a:0e:ff:d2:cd:2b:3c:0e:69:b5:72:9e:08:18:20:
         dd:55:f0:e5:1e:b7:ac:8f:8d:0e:01:af:d0:db:e2:48:a0:84:
         06:8f:de:1d:99:c1:f6:62:cc:a3:39:8b:51:0c:a7:9e:b6:74:
         50:14:a2:5d:d3:df:6a:9f:c2:62:49:58:7c:f0:e7:73:cf:e2:
         e2:25:b1:9e:d2:88:13:88:2e:6c:ea:0e:1d:6e:4e:29:59:e7:
         82:36:01:7b:cf:0b:34:9d:1d:12:64:d3:71:d5:64:b4:f1:41:
         10:06:29:d6:44:c5:95:c0:64:8f:04:dc:95:57:6c:bf:23:5e:
         9c:57:2c:32:24:84:2e:94:9b:c0:15:74:58:20:a2:ca:cd:c0:
         44:48:8f:15:b6:c6:39:96:ee:20:a5:5b:b8:1d:79:59:92:41:
         22:a2:a4:bc:4b:3d:0d:7c:ff:00:a0:72:79:90:e9:ea:25:8d:
         81:16:58:8b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZLQTFioubNwb/DzpnDh8HuBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxN2EwYzk2ODQyYmFmYzlmNjMwYmExNGI4M2VhNzliZDEy
YTUzYjkwHhcNMjQxMDI3MjMyNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjlkMzlkODRjMTI3NTAyNTgwYjNhMzQxODg4MWZhN2ZhMDk2ZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktFJOkBi/RlyPnmBI7AFMuRDoThe
IXp5NyEjuQnzGTjRkM9Av5Lc/39Av+G8jwDXEvSfWPp2dJiUI+hAhIw/wm6nZFqC
Pz0XakmXbFNUyw6/q+CPG5tR6h9Hb4xO345CJJcr8RLZ+pGLrWRUmXXFdFsz5eSy
FOIvm/VCm5C8uJJQLyzmMmBcs+/NU6wmvE6EEEKQfatRaXke2/rkr2IUVPH4bsSX
32AQ0ijmw2Ob7bSpP9TaQ3CZ1ZJz1mHWobuFfQX7HRn0RB9j8t9evqUv2s7hgpUE
7LN5PSkOvsDY9USey6/e8Cf++Rv74RAdVYfHY1gzSvCRQpJhLLfBFRSacQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKKdOdhMEnUCWAs6NBiIH6f6CW9HMB8GA1UdIwQY
MBaAFFF6DJaEK6/J9jC6FLg+p5vRKlO5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMt
YjBlYjY3MTVlMGFmLzEvb3AwNTJFd1NkUUpZQ3pvMEdJZ2ZwX29KYjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xNGU0OTItODUyNS00ZWVjLTg0YmMtYjBlYjY3MTVlMGFm
LzEvVVhvTWxvUXJyOG4yTUxvVXVENm5tOUVxVTdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAwif/MBYE
AgACMBADBQEqE8yAAwcAKhPMggEAMA0GCSqGSIb3DQEBCwUAA4IBAQBvB5HQQfxX
WDvObZfoEpGfWPGX6ApcJRU05wJg0ekS+3z9sKU8aZ2fIBq9BWfJQPs7mf1DKKxi
uWb8UtsA5+tvsE0e0Sw1wTMzJ+AqDv/SzSs8Dmm1cp4IGCDdVfDlHresj40OAa/Q
2+JIoIQGj94dmcH2YsyjOYtRDKeetnRQFKJd099qn8JiSVh88Odzz+LiJbGe0ogT
iC5s6g4dbk4pWeeCNgF7zws0nR0SZNNx1WS08UEQBinWRMWVwGSPBNyVV2y/I16c
VywyJIQulJvAFXRYIKLKzcBESI8VtsY5lu4gpVu4HXlZkkEioqS8Sz0NfP8AoHJ5
kOnqJY2BFliL
-----END CERTIFICATE-----
Generated at Thu Nov 14 02:25:18 2024 by rpki-client on console-ams.rpki-client.org