Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/pfPNXGH-UkPPnd7O_Gz0n-66VA0.roa
File:                     pfPNXGH-UkPPnd7O_Gz0n-66VA0.roa (raw, json)
Hash identifier:          AwV32FyyD1dpNXICrz5hAtdz/7YYOrwVrngDsKkIoTI=
Subject key identifier:   A5:F3:CD:5C:61:FE:52:43:CF:9D:DE:CE:FC:6C:F4:9F:EE:BA:54:0D
Certificate issuer:       /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial:       018F3E7029D5890E5DD3AFB498F190E4D95C
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/pfPNXGH-UkPPnd7O_Gz0n-66VA0.roa
Signing time:             Fri 03 May 2024 12:31:29 +0000
ROA not before:           Fri 03 May 2024 12:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12325
IP address blocks:        194.8.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3e:70:29:d5:89:0e:5d:d3:af:b4:98:f1:90:e4:d9:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
        Validity
            Not Before: May  3 12:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5f3cd5c61fe5243cf9ddecefc6cf49feeba540d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:26:89:5b:f4:cb:30:e7:5f:40:ac:26:f0:04:
                    ed:eb:e3:2d:58:fe:02:d7:65:71:bc:e1:28:f2:ce:
                    cd:75:28:01:e6:a2:02:ca:72:5a:f2:3c:c1:c5:00:
                    4f:92:47:44:29:5a:e8:eb:19:f2:a0:c9:46:e5:61:
                    e3:41:6b:7c:02:32:09:d7:0e:d8:34:11:4a:b7:c0:
                    03:be:59:7a:02:6d:2c:48:29:67:8f:0b:8c:a9:61:
                    9f:9f:bc:fa:f2:53:07:eb:9b:3f:d4:e7:18:77:09:
                    38:bf:82:f1:a5:4e:26:30:9d:b5:60:96:70:51:fb:
                    88:92:d7:9d:19:ec:4c:a7:3a:55:41:03:f1:25:b4:
                    96:20:84:85:5b:2f:77:54:fb:42:99:ea:dd:b4:00:
                    fb:8a:fe:15:93:c6:16:a5:a6:b8:08:0f:fa:7d:4c:
                    18:e5:7d:7f:91:5e:4f:2a:9f:7a:fa:e5:d2:cb:3b:
                    2b:03:45:79:5a:b4:50:40:bc:79:98:a1:11:45:4f:
                    93:90:6b:20:3e:80:c0:40:0d:36:6b:66:84:bf:0b:
                    88:c7:34:d2:f1:4a:52:48:6e:52:82:56:4f:8b:6e:
                    98:54:5c:e2:77:76:5b:f4:c6:a5:a8:75:55:2e:b0:
                    eb:a1:a5:fc:a8:c1:a2:07:9b:ce:ae:3c:75:67:19:
                    ee:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:F3:CD:5C:61:FE:52:43:CF:9D:DE:CE:FC:6C:F4:9F:EE:BA:54:0D
            X509v3 Authority Key Identifier:
                keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/pfPNXGH-UkPPnd7O_Gz0n-66VA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:55:64:52:d9:d0:e4:4b:81:03:1c:e1:c5:6d:e6:e5:74:68:
         d4:df:1e:95:b1:13:e8:d7:a3:eb:10:df:f9:02:a1:d4:ef:c9:
         f3:77:5a:46:1b:74:d2:31:73:86:8f:1a:c0:70:70:71:fe:43:
         04:d6:dd:cd:41:30:3a:af:c9:04:85:02:c0:71:d8:b5:b9:f4:
         fb:39:29:69:8f:14:3e:42:c4:a0:52:dc:4e:61:1a:82:e7:66:
         52:6a:02:f0:b0:6a:ed:26:4d:ab:3a:26:c1:7f:c2:02:b9:65:
         f3:85:df:92:5f:e4:4d:74:d7:1b:f5:28:ce:f7:0a:1b:0f:8f:
         d8:93:88:1b:48:aa:70:ec:fe:9a:18:ff:f5:72:66:0b:85:68:
         75:20:e0:8c:7a:31:b7:a5:bf:4f:18:59:67:2e:e2:76:6f:56:
         29:b8:87:db:b6:70:df:85:66:b5:e5:6d:9d:f6:a7:10:2a:37:
         33:b6:c6:ec:10:63:00:5d:b9:b4:a2:4b:85:86:f7:db:d1:73:
         44:5d:c2:26:1a:71:e9:2c:96:c3:c4:c2:87:82:ed:05:43:e1:
         55:0d:1a:0a:90:2c:24:9c:84:23:d7:b4:95:6e:0b:7f:ae:2b:
         fd:43:7f:37:f5:36:e1:a2:eb:4d:08:81:81:9b:96:07:0c:8c:
         15:09:93:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8+cCnViQ5d06+0mPGQ5NlcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjQwNTAzMTIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWYzY2Q1YzYxZmU1MjQzY2Y5ZGRlY2VmYzZjZjQ5ZmVlYmE1NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSaJW/TLMOdfQKwm8ATt6+MtWP4C
12VxvOEo8s7NdSgB5qICynJa8jzBxQBPkkdEKVro6xnyoMlG5WHjQWt8AjIJ1w7Y
NBFKt8ADvll6Am0sSClnjwuMqWGfn7z68lMH65s/1OcYdwk4v4LxpU4mMJ21YJZw
UfuIktedGexMpzpVQQPxJbSWIISFWy93VPtCmerdtAD7iv4Vk8YWpaa4CA/6fUwY
5X1/kV5PKp96+uXSyzsrA0V5WrRQQLx5mKERRU+TkGsgPoDAQA02a2aEvwuIxzTS
8UpSSG5SglZPi26YVFzid3Zb9MalqHVVLrDroaX8qMGiB5vOrjx1ZxnutQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXzzVxh/lJDz53ezvxs9J/uulQNMB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvcGZQTlhHSC1Va1BQbmQ3T19HejBuLTY2VkEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwghQMA0G
CSqGSIb3DQEBCwUAA4IBAQA8VWRS2dDkS4EDHOHFbebldGjU3x6VsRPo16PrEN/5
AqHU78nzd1pGG3TSMXOGjxrAcHBx/kME1t3NQTA6r8kEhQLAcdi1ufT7OSlpjxQ+
QsSgUtxOYRqC52ZSagLwsGrtJk2rOibBf8ICuWXzhd+SX+RNdNcb9SjO9wobD4/Y
k4gbSKpw7P6aGP/1cmYLhWh1IOCMejG3pb9PGFlnLuJ2b1YpuIfbtnDfhWa15W2d
9qcQKjcztsbsEGMAXbm0okuFhvfb0XNEXcImGnHpLJbDxMKHgu0FQ+FVDRoKkCwk
nIQj17SVbgt/riv9Q3839TbhoutNCIGBm5YHDIwVCZNt
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:13:39 2024 by rpki-client on console-ams.rpki-client.org