Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/YH4CVZlgUXfDTiUaj3YI0Zqe6yM.roa
File:                     YH4CVZlgUXfDTiUaj3YI0Zqe6yM.roa (raw, json)
Hash identifier:          sj/zHGCQNZH2mdamdrqI/nt8mBBtNbVugiI1ZJB+2UQ=
Subject key identifier:   60:7E:02:55:99:60:51:77:C3:4E:25:1A:8F:76:08:D1:9A:9E:EB:23
Certificate issuer:       /CN=aca77c708af0ba1f81549c9f87089559390167a5
Certificate serial:       018CC9BC2463C45FA544E1BEFD3690EDB744
Authority key identifier: AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/YH4CVZlgUXfDTiUaj3YI0Zqe6yM.roa
Signing time:             Tue 02 Jan 2024 10:33:19 +0000
ROA not before:           Tue 02 Jan 2024 10:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24990
IP address blocks:        88.84.144.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:24:63:c4:5f:a5:44:e1:be:fd:36:90:ed:b7:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca77c708af0ba1f81549c9f87089559390167a5
        Validity
            Not Before: Jan  2 10:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=607e025599605177c34e251a8f7608d19a9eeb23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c2:71:db:b7:49:b0:1e:04:d9:1b:9f:76:c7:
                    47:3c:c6:f5:5e:9a:df:d8:fd:10:ef:ad:4d:d8:dc:
                    8b:a4:b2:f6:d2:66:bf:d0:ed:44:64:9f:0f:d6:78:
                    0b:b7:e2:5a:bc:9d:ec:b9:87:f9:f5:93:70:2b:c1:
                    e3:b0:8d:e6:b1:2d:2c:31:26:0d:25:0b:24:5b:5c:
                    cb:32:d7:b9:2d:c7:39:df:b3:50:06:43:0c:28:39:
                    14:9f:0f:5b:fd:45:de:17:77:5d:65:14:a7:34:36:
                    5e:f8:1e:36:29:13:be:70:6e:81:f4:38:4e:6f:b0:
                    00:b3:99:cc:f3:f9:5a:0b:b9:62:ec:3f:9b:22:e0:
                    b1:16:03:80:3a:31:3f:2c:80:36:e3:d2:e6:bd:65:
                    b6:20:a1:e4:2d:94:1c:e0:e4:f1:22:93:53:ec:26:
                    e3:8c:4d:e3:7d:7b:44:a9:27:4a:b4:1a:b0:37:3a:
                    af:30:8c:68:df:02:0c:b6:57:dd:fe:a8:61:48:70:
                    67:0e:6a:ef:5a:94:49:4b:47:d1:b5:06:0d:f8:bf:
                    39:65:15:aa:28:75:42:3e:85:f2:6c:4c:d9:50:80:
                    28:80:a1:92:60:5d:38:81:b7:91:73:e1:1b:47:1d:
                    37:f2:50:8f:2d:b9:26:3e:20:98:c5:ef:d0:43:4b:
                    ce:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:7E:02:55:99:60:51:77:C3:4E:25:1A:8F:76:08:D1:9A:9E:EB:23
            X509v3 Authority Key Identifier:
                keyid:AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/YH4CVZlgUXfDTiUaj3YI0Zqe6yM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         09:ce:7e:1e:fa:fe:a9:d0:e1:0d:f3:8b:fe:0b:09:20:be:63:
         92:14:f5:a6:1a:d9:65:df:d0:68:20:d6:0c:12:25:e9:f5:b8:
         2f:fe:54:8c:20:c5:77:ff:fa:83:14:a6:bd:f9:f0:fe:81:7a:
         0f:f6:e5:d2:e9:c7:77:4b:73:e3:6c:69:8d:a3:30:91:1c:33:
         99:50:12:65:37:45:09:43:08:20:d0:0e:5f:0e:a1:be:72:c6:
         b0:be:ed:8f:6c:2e:83:88:11:75:0c:1f:19:71:b9:13:48:68:
         b8:2a:41:d0:6c:42:db:e7:f2:86:0e:31:62:6e:7e:16:e3:48:
         fa:b7:bc:91:27:c2:bd:b5:7b:87:42:a1:ac:d2:2b:9a:02:bd:
         f3:1b:55:a4:7f:31:91:69:5d:29:72:fd:eb:f4:7b:d0:5e:0f:
         94:c5:b4:15:ba:ba:9c:e7:40:63:82:19:2c:8a:dd:66:41:0e:
         d4:e4:36:9b:65:e3:61:48:8b:7d:43:44:c3:7c:fa:63:f1:5c:
         d7:d0:de:14:bc:e5:24:9e:98:f9:21:01:5d:0e:70:a4:45:c5:
         fc:cd:bb:cd:7d:6b:f5:bb:54:15:dc:b8:9e:69:49:c3:81:99:
         e9:a7:2d:29:cd:04:ea:0f:a2:74:f5:05:f4:86:a4:ca:50:76:
         e3:33:c8:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCRjxF+lROG+/TaQ7bdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTc3YzcwOGFmMGJhMWY4MTU0OWM5Zjg3MDg5NTU5Mzkw
MTY3YTUwHhcNMjQwMTAyMTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDdlMDI1NTk5NjA1MTc3YzM0ZTI1MWE4Zjc2MDhkMTlhOWVlYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMJx27dJsB4E2RufdsdHPMb1Xprf
2P0Q761N2NyLpLL20ma/0O1EZJ8P1ngLt+JavJ3suYf59ZNwK8HjsI3msS0sMSYN
JQskW1zLMte5Lcc537NQBkMMKDkUnw9b/UXeF3ddZRSnNDZe+B42KRO+cG6B9DhO
b7AAs5nM8/laC7li7D+bIuCxFgOAOjE/LIA249LmvWW2IKHkLZQc4OTxIpNT7Cbj
jE3jfXtEqSdKtBqwNzqvMIxo3wIMtlfd/qhhSHBnDmrvWpRJS0fRtQYN+L85ZRWq
KHVCPoXybEzZUIAogKGSYF04gbeRc+EbRx038lCPLbkmPiCYxe/QQ0vO1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGB+AlWZYFF3w04lGo92CNGanusjMB8GA1UdIwQY
MBaAFKynfHCK8LofgVScn4cIlVk5AWelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYt
MjhiMTllM2ZkNGE2LzEvWUg0Q1ZabGdVWGZEVGlVYWozWUkwWnFlNnlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYtMjhiMTllM2ZkNGE2
LzEvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWFSQMA0G
CSqGSIb3DQEBCwUAA4IBAQAJzn4e+v6p0OEN84v+CwkgvmOSFPWmGtll39BoINYM
EiXp9bgv/lSMIMV3//qDFKa9+fD+gXoP9uXS6cd3S3PjbGmNozCRHDOZUBJlN0UJ
Qwgg0A5fDqG+csawvu2PbC6DiBF1DB8ZcbkTSGi4KkHQbELb5/KGDjFibn4W40j6
t7yRJ8K9tXuHQqGs0iuaAr3zG1WkfzGRaV0pcv3r9HvQXg+UxbQVurqc50Bjghks
it1mQQ7U5DabZeNhSIt9Q0TDfPpj8VzX0N4UvOUknpj5IQFdDnCkRcX8zbvNfWv1
u1QV3LieaUnDgZnppy0pzQTqD6J09QX0hqTKUHbjM8ho
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:25:38 2024 by rpki-client on console-fra.rpki-client.org