Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/xESJNgPa8y5U7oxSAVSYHTQAqkE.roa
File:                     xESJNgPa8y5U7oxSAVSYHTQAqkE.roa (raw, json)
Hash identifier:          JgGTD3ZmvOVGFrH4MdC7YjT2RfLKv54xXkMJUz3/e7Q=
Subject key identifier:   C4:44:89:36:03:DA:F3:2E:54:EE:8C:52:01:54:98:1D:34:00:AA:41
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC79526520558EE529F4DE2312251360F
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/xESJNgPa8y5U7oxSAVSYHTQAqkE.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61302
IP address blocks:        193.32.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:25:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:26:52:05:58:ee:52:9f:4d:e2:31:22:51:36:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c444893603daf32e54ee8c520154981d3400aa41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f6:47:46:8a:f2:23:e2:ff:f2:9b:0d:43:c5:
                    c5:c0:2c:a0:c2:f0:14:7b:68:ca:8e:fc:e6:7f:42:
                    8f:35:f6:ea:67:fa:3f:48:7e:ba:52:2e:d8:bb:77:
                    59:79:96:99:0a:1e:cc:16:14:ca:e1:9b:35:0d:90:
                    31:92:b2:e6:f7:b8:42:86:3d:ae:6f:9e:b0:fe:60:
                    b2:a6:90:e5:42:cf:98:34:64:c2:31:39:c6:7f:04:
                    62:73:37:eb:7a:79:8d:fc:8d:b5:42:51:c2:b8:f7:
                    82:dc:41:31:cf:ac:ec:20:92:9d:d8:f4:7a:a3:70:
                    d0:79:03:58:08:f5:85:1e:2b:8d:9b:cf:cf:14:be:
                    50:08:b8:73:e6:a0:8b:6e:69:a2:35:95:e3:17:e0:
                    90:48:d0:40:e0:ee:6a:89:bb:09:76:a2:ec:dc:45:
                    58:2f:39:a2:58:01:0d:98:db:59:36:85:08:84:99:
                    28:e4:4a:10:f5:4c:d3:33:4b:68:9b:00:21:4e:22:
                    92:09:13:94:ae:f0:14:fe:5f:57:0b:01:7f:34:7d:
                    99:5b:51:fd:19:da:d4:06:2c:7a:35:a4:7c:3c:81:
                    b9:a4:ee:10:cf:4f:b0:ea:43:b2:05:fe:77:15:75:
                    d7:96:e1:f6:da:03:d1:7b:51:67:b1:0d:e3:55:d7:
                    49:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:44:89:36:03:DA:F3:2E:54:EE:8C:52:01:54:98:1D:34:00:AA:41
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/xESJNgPa8y5U7oxSAVSYHTQAqkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:f8:51:88:60:16:9c:7f:b5:95:e9:10:b8:6f:49:f2:e9:cd:
         12:70:32:5d:84:b4:68:91:b4:e3:b5:fe:d4:e8:f6:63:22:a4:
         f9:e7:83:1b:72:a5:c4:bf:a5:3c:cf:21:30:5f:8f:75:de:a9:
         20:ff:ea:0c:ac:80:16:db:2e:dd:e8:3e:8a:ac:b1:6a:08:f5:
         bc:77:70:9b:4d:6f:99:0b:86:9b:94:40:e8:ba:d2:15:33:5f:
         a6:fa:cf:b3:e1:6e:da:57:e8:b7:c1:b2:71:0c:49:66:32:3e:
         94:ed:79:17:9b:af:fa:3d:69:17:d0:ac:b2:a3:22:d4:29:9e:
         c2:20:f5:31:af:f7:91:26:c3:b7:51:b7:d6:be:b6:4d:fd:77:
         17:2e:a8:9e:0c:b8:ca:ad:3a:3b:64:71:58:68:4f:df:9b:45:
         a9:a4:be:0c:ad:69:20:da:31:f2:1c:ed:6c:c8:a1:38:a4:a2:
         30:b6:47:11:aa:51:da:10:b3:9c:77:64:c1:78:35:fe:8c:46:
         10:b1:f4:47:18:ee:41:7b:8a:87:de:fb:98:c0:a5:1d:44:05:
         5f:56:7b:85:8a:16:19:aa:a5:4d:60:bb:44:6f:62:6c:47:28:
         45:50:e7:5b:70:dd:4a:1d:a3:8f:98:7f:91:8e:59:3c:9a:a4:
         e7:f3:fe:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSZSBVjuUp9N4jEiUTYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDQ0ODkzNjAzZGFmMzJlNTRlZThjNTIwMTU0OTgxZDM0MDBhYTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfZHRoryI+L/8psNQ8XFwCygwvAU
e2jKjvzmf0KPNfbqZ/o/SH66Ui7Yu3dZeZaZCh7MFhTK4Zs1DZAxkrLm97hChj2u
b56w/mCyppDlQs+YNGTCMTnGfwRiczfrenmN/I21QlHCuPeC3EExz6zsIJKd2PR6
o3DQeQNYCPWFHiuNm8/PFL5QCLhz5qCLbmmiNZXjF+CQSNBA4O5qibsJdqLs3EVY
LzmiWAENmNtZNoUIhJko5EoQ9UzTM0tomwAhTiKSCROUrvAU/l9XCwF/NH2ZW1H9
GdrUBix6NaR8PIG5pO4Qz0+w6kOyBf53FXXXluH22gPRe1FnsQ3jVddJ0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMREiTYD2vMuVO6MUgFUmB00AKpBMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEveEVTSk5nUGE4eTVVN294U0FWU1lIVFFBcWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSC8MA0G
CSqGSIb3DQEBCwUAA4IBAQBo+FGIYBacf7WV6RC4b0ny6c0ScDJdhLRokbTjtf7U
6PZjIqT554MbcqXEv6U8zyEwX4913qkg/+oMrIAW2y7d6D6KrLFqCPW8d3CbTW+Z
C4ablEDoutIVM1+m+s+z4W7aV+i3wbJxDElmMj6U7XkXm6/6PWkX0KyyoyLUKZ7C
IPUxr/eRJsO3UbfWvrZN/XcXLqieDLjKrTo7ZHFYaE/fm0WppL4MrWkg2jHyHO1s
yKE4pKIwtkcRqlHaELOcd2TBeDX+jEYQsfRHGO5Be4qH3vuYwKUdRAVfVnuFihYZ
qqVNYLtEb2JsRyhFUOdbcN1KHaOPmH+Rjlk8mqTn8/6Z
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:56:35 2024 by rpki-client on console-ams.rpki-client.org