Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/fle5ZRwVJ0SoawuoeABNXKLWxRI.roa
File:                     fle5ZRwVJ0SoawuoeABNXKLWxRI.roa (raw, json)
Hash identifier:          orX7+PLVT4FHp3cStsaO1P68EP6VGUi16LY3gsFjag8=
Subject key identifier:   7E:57:B9:65:1C:15:27:44:A8:6B:0B:A8:78:00:4D:5C:A2:D6:C5:12
Certificate issuer:       /CN=427ce5719caa681adbd493a8d9a38a675d6bd639
Certificate serial:       018CC8DF7328D5E878C8FE829A69BEECFFDF
Authority key identifier: 42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/fle5ZRwVJ0SoawuoeABNXKLWxRI.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        176.52.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:73:28:d5:e8:78:c8:fe:82:9a:69:be:ec:ff:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427ce5719caa681adbd493a8d9a38a675d6bd639
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e57b9651c152744a86b0ba878004d5ca2d6c512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:53:ed:6c:b1:bf:b5:1b:46:8b:0f:82:ed:f6:
                    45:bf:e3:76:0e:fc:c4:1e:3c:a0:a3:d1:fe:9b:31:
                    e9:59:24:2e:a2:a6:a0:db:4d:13:70:dc:1f:5b:7c:
                    67:f4:28:5a:fd:05:b2:7d:a2:fe:e0:9e:dd:ba:08:
                    5a:82:c7:2b:8d:e8:75:16:cb:a5:a4:66:73:e6:69:
                    b9:43:d7:e9:4e:d2:9e:5b:04:80:45:c9:1c:5b:b2:
                    4a:9d:78:a4:f7:0f:75:44:7a:38:89:17:71:fe:20:
                    94:45:c8:7d:3a:cd:04:c1:35:68:47:d3:fa:1d:e5:
                    0d:6b:9b:cc:ab:03:40:11:75:5f:58:57:8a:ff:a7:
                    69:3d:7d:fa:34:47:38:a3:45:99:46:eb:e1:45:bd:
                    17:8a:70:ae:48:cf:5f:4f:f4:ab:c0:79:d9:30:fa:
                    9f:18:68:c2:da:38:18:42:5a:5c:99:be:85:e7:08:
                    f6:cd:f9:17:af:a3:5e:0a:0e:c8:63:09:dc:2a:02:
                    42:61:e9:a2:0c:40:d0:a3:0a:35:13:1b:af:79:81:
                    8b:3b:1e:ca:45:2a:9f:3c:18:08:1a:73:b4:97:af:
                    0e:67:2d:c7:63:09:ca:ad:85:69:d9:c0:23:75:e0:
                    f7:ca:2a:57:90:03:ed:2d:23:63:5a:92:0d:67:1f:
                    93:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:57:B9:65:1C:15:27:44:A8:6B:0B:A8:78:00:4D:5C:A2:D6:C5:12
            X509v3 Authority Key Identifier:
                keyid:42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/fle5ZRwVJ0SoawuoeABNXKLWxRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.52.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:43:d3:82:91:0c:ea:39:c8:d3:50:50:64:4e:85:c8:ee:98:
         e0:e0:e2:07:46:e4:2d:61:6f:d5:b6:15:1e:e3:c8:ed:c8:18:
         9f:06:9d:bb:9d:2c:83:04:0a:66:c4:8d:1c:50:2b:cc:d1:0f:
         08:3b:a0:ad:6f:2b:92:d9:64:e2:57:ca:75:c9:3d:b7:34:7c:
         79:d3:fd:ec:3d:4c:cb:f1:23:cf:65:b4:d1:eb:d4:98:e4:df:
         ce:6d:29:72:a6:43:61:5e:c3:07:bc:e8:7f:11:d8:89:74:fd:
         72:f0:aa:b7:32:12:27:16:b8:f2:4a:21:26:da:87:43:fe:7f:
         c4:47:fc:c7:80:4c:6d:85:71:38:ad:96:73:7a:96:24:3a:5c:
         6e:b4:97:e5:3b:30:6a:8c:93:dc:b7:5a:54:9d:7d:74:31:f7:
         ae:39:4a:5f:13:8c:cc:13:fa:04:f5:95:6c:a3:34:b8:82:ba:
         a5:de:10:b6:8d:98:eb:db:7a:c0:02:7e:ca:0e:84:a2:1a:ce:
         be:d7:5d:18:2c:d2:3f:8a:8e:81:0b:db:c1:dd:77:b1:9a:0d:
         bb:a4:89:68:05:f2:e9:5f:5b:7e:f2:e4:73:88:bd:0d:8e:83:
         8b:ee:9d:76:50:62:6e:87:96:fd:3b:46:9e:e8:57:7b:ce:e7:
         40:64:ac:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33Mo1eh4yP6Cmmm+7P/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2NlNTcxOWNhYTY4MWFkYmQ0OTNhOGQ5YTM4YTY3NWQ2
YmQ2MzkwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTU3Yjk2NTFjMTUyNzQ0YTg2YjBiYTg3ODAwNGQ1Y2EyZDZjNTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFPtbLG/tRtGiw+C7fZFv+N2DvzE
Hjygo9H+mzHpWSQuoqag200TcNwfW3xn9Cha/QWyfaL+4J7dughagscrjeh1Fsul
pGZz5mm5Q9fpTtKeWwSARckcW7JKnXik9w91RHo4iRdx/iCURch9Os0EwTVoR9P6
HeUNa5vMqwNAEXVfWFeK/6dpPX36NEc4o0WZRuvhRb0XinCuSM9fT/SrwHnZMPqf
GGjC2jgYQlpcmb6F5wj2zfkXr6NeCg7IYwncKgJCYemiDEDQowo1ExuveYGLOx7K
RSqfPBgIGnO0l68OZy3HYwnKrYVp2cAjdeD3yipXkAPtLSNjWpINZx+TAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5XuWUcFSdEqGsLqHgATVyi1sUSMB8GA1UdIwQY
MBaAFEJ85XGcqmga29STqNmjimdda9Y5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTkt
MDkxYzJkMzAzZmU4LzEvZmxlNVpSd1ZKMFNvYXd1b2VBQk5YS0xXeFJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTktMDkxYzJkMzAzZmU4
LzEvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDS7MA0G
CSqGSIb3DQEBCwUAA4IBAQCMQ9OCkQzqOcjTUFBkToXI7pjg4OIHRuQtYW/VthUe
48jtyBifBp27nSyDBApmxI0cUCvM0Q8IO6CtbyuS2WTiV8p1yT23NHx50/3sPUzL
8SPPZbTR69SY5N/ObSlypkNhXsMHvOh/EdiJdP1y8Kq3MhInFrjySiEm2odD/n/E
R/zHgExthXE4rZZzepYkOlxutJflOzBqjJPct1pUnX10MfeuOUpfE4zME/oE9ZVs
ozS4grql3hC2jZjr23rAAn7KDoSiGs6+110YLNI/io6BC9vB3Xexmg27pIloBfLp
X1t+8uRziL0NjoOL7p12UGJuh5b9O0ae6Fd7zudAZKxo
-----END CERTIFICATE-----
Generated at Sun Nov 24 22:43:53 2024 by rpki-client on console-fra.rpki-client.org