Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/d45193-b5fe-4e1d-8e42-ae5db6e1486d/1/7nCYmmKFxJtaTILkdKxPNNb3ic4.roa
File:                     7nCYmmKFxJtaTILkdKxPNNb3ic4.roa (raw, json)
Hash identifier:          L+4APkLO3GRvLTB0gtZkHFblE2px7YQ9xBG+6LZSCJM=
Subject key identifier:   EE:70:98:9A:62:85:C4:9B:5A:4C:82:E4:74:AC:4F:34:D6:F7:89:CE
Certificate issuer:       /CN=52386e520478e625be1d6282d216b05912f83874
Certificate serial:       018CC7273BE2D43891087584604C90B92F55
Authority key identifier: 52:38:6E:52:04:78:E6:25:BE:1D:62:82:D2:16:B0:59:12:F8:38:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjhuUgR45iW-HWKC0hawWRL4OHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/d45193-b5fe-4e1d-8e42-ae5db6e1486d/1/7nCYmmKFxJtaTILkdKxPNNb3ic4.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29479
IP address blocks:        194.126.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/d45193-b5fe-4e1d-8e42-ae5db6e1486d/1/UjhuUgR45iW-HWKC0hawWRL4OHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/d45193-b5fe-4e1d-8e42-ae5db6e1486d/1/UjhuUgR45iW-HWKC0hawWRL4OHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjhuUgR45iW-HWKC0hawWRL4OHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3b:e2:d4:38:91:08:75:84:60:4c:90:b9:2f:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52386e520478e625be1d6282d216b05912f83874
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee70989a6285c49b5a4c82e474ac4f34d6f789ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ae:b9:04:9f:6a:8c:ec:21:dd:76:4f:93:17:
                    9d:9f:0a:65:ee:ba:b8:de:7b:ce:16:a6:15:97:a8:
                    70:82:e7:6b:ca:bc:26:0f:d4:4a:61:b8:75:51:ce:
                    5b:66:06:83:e7:a7:d7:8f:13:8a:8e:3e:ee:45:7a:
                    19:b3:7b:b0:cc:19:87:24:ac:ef:12:d0:a3:ff:c8:
                    3e:ff:9d:5a:d6:88:01:44:d7:36:f2:5d:c8:e3:f4:
                    19:a1:60:04:3e:ee:d6:21:2c:b3:93:71:7c:09:09:
                    38:3d:f0:e6:06:61:8b:68:b7:6d:80:94:18:96:3f:
                    41:a2:cc:ff:97:d0:62:8b:c6:dd:a6:b5:87:2a:4c:
                    5d:47:90:94:bf:f4:6a:4b:05:04:fe:6c:4a:5e:ed:
                    d2:49:da:9b:b2:2a:ce:97:42:7f:98:d8:63:c0:30:
                    5f:66:c7:bf:9e:63:63:b6:97:0c:7c:0f:4c:13:b9:
                    51:7b:96:33:18:57:5f:ac:42:d7:aa:3f:c6:20:b6:
                    13:93:e0:78:20:23:10:77:6f:2e:70:34:c3:66:ed:
                    bd:08:9f:fc:b5:a3:64:84:d0:1f:92:55:59:d9:0d:
                    ee:e1:32:c8:bd:53:7a:93:d4:68:27:b2:f1:9d:b3:
                    49:4c:fc:32:7e:a2:87:f3:24:da:0a:b2:73:5a:39:
                    0c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:70:98:9A:62:85:C4:9B:5A:4C:82:E4:74:AC:4F:34:D6:F7:89:CE
            X509v3 Authority Key Identifier:
                keyid:52:38:6E:52:04:78:E6:25:BE:1D:62:82:D2:16:B0:59:12:F8:38:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjhuUgR45iW-HWKC0hawWRL4OHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/d45193-b5fe-4e1d-8e42-ae5db6e1486d/1/7nCYmmKFxJtaTILkdKxPNNb3ic4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/d45193-b5fe-4e1d-8e42-ae5db6e1486d/1/UjhuUgR45iW-HWKC0hawWRL4OHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:12:e5:2a:e1:7b:77:e5:87:4c:42:0c:2a:9c:c7:a6:d7:44:
         fc:d8:49:87:69:d7:ba:27:40:21:59:37:8b:5a:4d:dd:4f:47:
         29:ae:39:a3:54:bd:5e:d9:e5:1e:9a:d6:37:8f:7e:a1:f3:3a:
         9c:df:0d:06:ef:fb:94:12:f7:a2:aa:7a:0c:93:50:87:fb:80:
         39:ec:f5:4f:66:78:27:ec:8a:e8:b1:e0:8c:67:bb:28:bc:20:
         a4:76:a2:fb:f9:47:90:54:1e:74:9b:44:b6:ef:9f:7b:cd:f8:
         e8:85:fc:37:99:1d:34:ec:f1:99:5a:a9:a8:9b:68:9d:9c:d5:
         4c:97:a7:87:3a:1d:7f:35:90:bf:df:72:c0:b5:3f:d9:ab:a8:
         1b:2c:03:ab:af:93:98:9f:04:a7:93:26:8c:70:76:cd:31:c8:
         58:b0:81:89:71:f1:49:85:dc:b4:f4:7d:9b:8d:dd:71:65:f5:
         32:36:7d:df:ee:a4:c3:97:80:0e:24:55:aa:0d:4a:6b:04:da:
         17:03:51:ff:99:1d:9d:e7:4c:c1:73:4e:62:4e:b8:81:0d:29:
         1c:f6:f1:94:5c:9e:41:8a:be:dd:98:e1:e4:9f:7f:2d:34:8a:
         29:e6:fa:2a:e1:ac:f9:72:76:59:95:a2:8e:33:d3:46:9f:8b:
         05:b8:bb:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzvi1DiRCHWEYEyQuS9VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzg2ZTUyMDQ3OGU2MjViZTFkNjI4MmQyMTZiMDU5MTJm
ODM4NzQwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTcwOTg5YTYyODVjNDliNWE0YzgyZTQ3NGFjNGYzNGQ2Zjc4OWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm665BJ9qjOwh3XZPkxednwpl7rq4
3nvOFqYVl6hwgudryrwmD9RKYbh1Uc5bZgaD56fXjxOKjj7uRXoZs3uwzBmHJKzv
EtCj/8g+/51a1ogBRNc28l3I4/QZoWAEPu7WISyzk3F8CQk4PfDmBmGLaLdtgJQY
lj9Bosz/l9Bii8bdprWHKkxdR5CUv/RqSwUE/mxKXu3SSdqbsirOl0J/mNhjwDBf
Zse/nmNjtpcMfA9ME7lRe5YzGFdfrELXqj/GILYTk+B4ICMQd28ucDTDZu29CJ/8
taNkhNAfklVZ2Q3u4TLIvVN6k9RoJ7LxnbNJTPwyfqKH8yTaCrJzWjkM1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5wmJpihcSbWkyC5HSsTzTW94nOMB8GA1UdIwQY
MBaAFFI4blIEeOYlvh1igtIWsFkS+Dh0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWpodVVnUjQ1aVctSFdLQzBoYXdXUkw0T0hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9kNDUxOTMtYjVmZS00ZTFkLThlNDIt
YWU1ZGI2ZTE0ODZkLzEvN25DWW1tS0Z4SnRhVElMa2RLeFBOTmIzaWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9kNDUxOTMtYjVmZS00ZTFkLThlNDItYWU1ZGI2ZTE0ODZk
LzEvVWpodVVnUjQ1aVctSFdLQzBoYXdXUkw0T0hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn7TMA0G
CSqGSIb3DQEBCwUAA4IBAQAjEuUq4Xt35YdMQgwqnMem10T82EmHade6J0AhWTeL
Wk3dT0cprjmjVL1e2eUemtY3j36h8zqc3w0G7/uUEveiqnoMk1CH+4A57PVPZngn
7IroseCMZ7sovCCkdqL7+UeQVB50m0S27597zfjohfw3mR007PGZWqmom2idnNVM
l6eHOh1/NZC/33LAtT/Zq6gbLAOrr5OYnwSnkyaMcHbNMchYsIGJcfFJhdy09H2b
jd1xZfUyNn3f7qTDl4AOJFWqDUprBNoXA1H/mR2d50zBc05iTriBDSkc9vGUXJ5B
ir7dmOHkn38tNIop5voq4az5cnZZlaKOM9NGn4sFuLvA
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:17:24 2024 by rpki-client on console-fra.rpki-client.org