Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/_4IkagEyyAA1mV5VxooFA1ZB30k.roa
File:                     _4IkagEyyAA1mV5VxooFA1ZB30k.roa (raw, json)
Hash identifier:          MplmkeCWiEyfCVpwgmun1YzXyDuVx0Gj5QIe3JZ24iU=
Subject key identifier:   FF:82:24:6A:01:32:C8:00:35:99:5E:55:C6:8A:05:03:56:41:DF:49
Certificate issuer:       /CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
Certificate serial:       018CC801AAF092A007C5C457D1BF211ECEFD
Authority key identifier: 59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/_4IkagEyyAA1mV5VxooFA1ZB30k.roa
Signing time:             Tue 02 Jan 2024 02:30:01 +0000
ROA not before:           Tue 02 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201874
IP address blocks:        194.104.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:aa:f0:92:a0:07:c5:c4:57:d1:bf:21:1e:ce:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5949b31ebb6e4cbbd0cc770cc6f4d50f78f0eb7b
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff82246a0132c80035995e55c68a05035641df49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:8a:44:13:f0:e6:41:aa:1a:5d:bd:11:f4:1a:
                    76:70:9a:80:b7:ee:78:91:ad:33:62:75:27:8f:35:
                    68:29:ec:bb:64:8e:23:86:d6:90:a9:55:30:28:3e:
                    28:af:72:0a:60:ed:50:d3:1f:ad:31:7d:c7:8a:dd:
                    51:f5:ba:3d:cb:bd:30:14:1c:a2:60:12:f0:0c:e5:
                    64:4a:47:05:f6:ba:85:d7:ce:e8:c2:ae:d7:93:c2:
                    70:22:d1:89:ce:de:ce:5a:88:8e:9f:c0:61:a2:af:
                    62:de:67:46:32:52:33:99:05:03:41:27:6b:20:ef:
                    91:e3:78:2d:f8:f9:68:c1:61:8e:6c:2e:bd:4c:55:
                    17:94:47:08:15:66:5d:53:8b:d8:5b:96:b6:53:9e:
                    82:2f:d8:07:4f:ea:af:53:ab:0b:c8:64:16:aa:ea:
                    18:73:5a:19:ad:25:77:20:52:76:d6:71:f6:b1:98:
                    e8:7c:dd:fc:a6:ab:b2:21:0c:a7:6a:76:7d:9a:37:
                    49:bc:d4:02:2e:c7:2e:cf:a2:86:d9:69:94:a9:4c:
                    ca:a4:62:87:b2:ec:44:57:86:6d:0e:7a:d2:10:57:
                    5a:2a:93:8d:d7:ea:f4:0f:52:87:18:c3:2c:2b:52:
                    f6:9e:50:3b:3c:f0:8a:ab:62:2f:91:d5:83:d8:53:
                    ee:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:82:24:6A:01:32:C8:00:35:99:5E:55:C6:8A:05:03:56:41:DF:49
            X509v3 Authority Key Identifier:
                keyid:59:49:B3:1E:BB:6E:4C:BB:D0:CC:77:0C:C6:F4:D5:0F:78:F0:EB:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WUmzHrtuTLvQzHcMxvTVD3jw63s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/_4IkagEyyAA1mV5VxooFA1ZB30k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/de5add-ac68-4fb1-8419-3180ae4274f3/1/WUmzHrtuTLvQzHcMxvTVD3jw63s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:28:b6:11:b8:06:c8:22:1d:34:48:89:8c:49:16:4d:42:94:
         26:1b:31:90:92:3f:81:56:7b:34:eb:82:6a:46:0c:ec:25:31:
         93:d9:c6:1b:9c:08:c7:5c:c2:7e:a8:1b:b7:e9:48:12:d8:75:
         c9:58:39:32:c4:7c:17:8c:a7:8e:04:c9:c8:2e:8f:55:67:11:
         95:80:b1:d2:4b:75:2c:40:9c:64:24:52:2d:4a:53:74:ff:af:
         73:bd:8e:d7:c4:b5:db:a2:f1:81:91:6b:17:95:16:24:19:e9:
         26:43:f0:4f:ac:6f:5c:89:db:a8:60:41:4b:c6:f8:21:9f:12:
         e9:bc:bf:1f:8d:12:20:7a:a7:7e:90:03:5a:36:12:43:77:fd:
         14:d4:0b:b3:09:61:6b:98:92:36:56:16:75:7c:5e:ac:a5:a5:
         5e:95:f2:1f:8e:c5:5c:d8:2b:84:24:78:6f:18:7b:56:cb:7a:
         bf:1c:26:60:e3:1c:37:5f:cb:ee:17:53:6d:1b:d6:1b:6a:89:
         3f:8d:fa:ef:78:f0:be:98:b1:70:73:93:93:80:75:10:3c:76:
         71:19:0d:de:77:96:7d:31:4d:4e:05:e5:14:81:b4:df:80:ad:
         c8:66:1b:81:16:0c:d0:4a:45:c3:36:5f:5f:ce:17:5e:ec:dc:
         af:fc:20:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAarwkqAHxcRX0b8hHs79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NDliMzFlYmI2ZTRjYmJkMGNjNzcwY2M2ZjRkNTBmNzhm
MGViN2IwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjgyMjQ2YTAxMzJjODAwMzU5OTVlNTVjNjhhMDUwMzU2NDFkZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYpEE/DmQaoaXb0R9Bp2cJqAt+54
ka0zYnUnjzVoKey7ZI4jhtaQqVUwKD4or3IKYO1Q0x+tMX3Hit1R9bo9y70wFByi
YBLwDOVkSkcF9rqF187owq7Xk8JwItGJzt7OWoiOn8Bhoq9i3mdGMlIzmQUDQSdr
IO+R43gt+PlowWGObC69TFUXlEcIFWZdU4vYW5a2U56CL9gHT+qvU6sLyGQWquoY
c1oZrSV3IFJ21nH2sZjofN38pquyIQynanZ9mjdJvNQCLscuz6KG2WmUqUzKpGKH
suxEV4ZtDnrSEFdaKpON1+r0D1KHGMMsK1L2nlA7PPCKq2IvkdWD2FPu7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+CJGoBMsgANZleVcaKBQNWQd9JMB8GA1UdIwQY
MBaAFFlJsx67bky70Mx3DMb01Q948Ot7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTkt
MzE4MGFlNDI3NGYzLzEvXzRJa2FnRXl5QUExbVY1Vnhvb0ZBMVpCMzBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kZTVhZGQtYWM2OC00ZmIxLTg0MTktMzE4MGFlNDI3NGYz
LzEvV1VtekhydHVUTHZRekhjTXh2VFZEM2p3NjNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmi/MA0G
CSqGSIb3DQEBCwUAA4IBAQBpKLYRuAbIIh00SImMSRZNQpQmGzGQkj+BVns064Jq
RgzsJTGT2cYbnAjHXMJ+qBu36UgS2HXJWDkyxHwXjKeOBMnILo9VZxGVgLHSS3Us
QJxkJFItSlN0/69zvY7XxLXbovGBkWsXlRYkGekmQ/BPrG9ciduoYEFLxvghnxLp
vL8fjRIgeqd+kANaNhJDd/0U1AuzCWFrmJI2VhZ1fF6spaVelfIfjsVc2CuEJHhv
GHtWy3q/HCZg4xw3X8vuF1NtG9Ybaok/jfrvePC+mLFwc5OTgHUQPHZxGQ3ed5Z9
MU1OBeUUgbTfgK3IZhuBFgzQSkXDNl9fzhde7Nyv/CC2
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:27:42 2024 by rpki-client on console-ams.rpki-client.org