Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/JtWmXiaWPpbjh6tVCs7_WaQVSCQ.roa
File:                     JtWmXiaWPpbjh6tVCs7_WaQVSCQ.roa (raw, json)
Hash identifier:          EiQgPPMrSXFWCbf3TqOawKfdBaCTcjPnFY661j0dkRs=
Subject key identifier:   26:D5:A6:5E:26:96:3E:96:E3:87:AB:55:0A:CE:FF:59:A4:15:48:24
Certificate issuer:       /CN=2fe5b7ccb403d30a44857d47c58cf1346546d283
Certificate serial:       018CC3B700F8AF3A8F94C49F86BF8D0BC0E1
Authority key identifier: 2F:E5:B7:CC:B4:03:D3:0A:44:85:7D:47:C5:8C:F1:34:65:46:D2:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L-W3zLQD0wpEhX1HxYzxNGVG0oM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/JtWmXiaWPpbjh6tVCs7_WaQVSCQ.roa
Signing time:             Mon 01 Jan 2024 06:29:59 +0000
ROA not before:           Mon 01 Jan 2024 06:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        159.253.82.0/24 maxlen: 24
                          159.253.81.0/24 maxlen: 24
                          159.253.84.0/24 maxlen: 24
                          159.253.80.0/24 maxlen: 24
                          159.253.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/L-W3zLQD0wpEhX1HxYzxNGVG0oM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/L-W3zLQD0wpEhX1HxYzxNGVG0oM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L-W3zLQD0wpEhX1HxYzxNGVG0oM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:00:f8:af:3a:8f:94:c4:9f:86:bf:8d:0b:c0:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fe5b7ccb403d30a44857d47c58cf1346546d283
        Validity
            Not Before: Jan  1 06:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26d5a65e26963e96e387ab550aceff59a4154824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:35:5c:90:69:4a:7a:6e:b6:0f:35:bf:2e:ad:
                    fd:f6:e5:81:66:94:75:28:4a:94:56:52:de:ec:ce:
                    69:fd:68:c9:65:d9:1e:19:99:5d:dd:13:e6:f4:55:
                    4f:37:30:11:93:a1:9e:d9:b1:e8:9f:b2:42:37:f5:
                    18:de:8f:42:47:84:a9:1a:63:75:6d:f0:b0:a3:bf:
                    16:89:02:cf:a5:80:10:48:25:78:0d:ad:54:e1:4d:
                    ca:15:2e:32:e9:38:4c:03:46:fb:12:e1:44:e7:cc:
                    0e:47:69:77:e2:a5:9b:2a:6d:00:0c:f7:d8:fc:7d:
                    14:ee:1c:14:9f:5d:4d:da:74:fa:3f:ed:bd:b0:a3:
                    5f:2e:44:b3:73:65:6c:d1:13:df:5f:7e:f6:f8:6e:
                    c2:10:c5:9b:c2:c0:00:67:6a:65:00:da:10:49:22:
                    4e:e9:f4:05:5b:f6:ff:a0:73:bb:65:00:d8:34:95:
                    86:81:60:93:ff:f3:67:c8:a3:62:81:7a:8f:5c:1b:
                    89:65:07:ee:e9:98:8c:e6:50:69:a0:90:fd:50:c7:
                    30:15:37:3e:ed:77:ea:5d:44:35:de:8d:00:b5:fd:
                    27:2d:af:c0:bc:b9:34:92:3e:56:6e:2f:28:64:c7:
                    10:69:21:b2:5f:cf:e6:00:77:cc:a5:f8:bc:e9:72:
                    57:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D5:A6:5E:26:96:3E:96:E3:87:AB:55:0A:CE:FF:59:A4:15:48:24
            X509v3 Authority Key Identifier:
                keyid:2F:E5:B7:CC:B4:03:D3:0A:44:85:7D:47:C5:8C:F1:34:65:46:D2:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L-W3zLQD0wpEhX1HxYzxNGVG0oM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/JtWmXiaWPpbjh6tVCs7_WaQVSCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/L-W3zLQD0wpEhX1HxYzxNGVG0oM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.80.0-159.253.84.255

    Signature Algorithm: sha256WithRSAEncryption
         4c:13:65:d8:b9:c0:ee:5e:7a:3c:0f:ec:8b:10:c2:cb:f0:ca:
         a0:f8:f1:30:07:dc:1a:03:64:2f:fe:91:42:66:8b:3d:9d:fb:
         bf:ef:53:13:2e:91:db:f5:ee:c2:46:85:e6:b1:67:6c:8f:3b:
         30:c1:47:2e:70:6e:74:28:eb:0e:cf:76:5c:6e:e3:d3:3f:5b:
         05:32:1c:19:cf:7a:de:a6:1f:dd:b7:07:ad:02:bb:ec:f0:e0:
         75:b0:f1:b4:4e:1d:ff:b2:70:d2:27:2c:4b:3a:32:f4:ae:84:
         dd:6a:e3:23:89:88:ed:4e:30:d2:f2:71:19:6d:ac:2e:de:6e:
         24:6d:f7:08:72:c9:d2:45:98:63:55:88:30:cc:50:75:40:07:
         d4:ab:40:91:ec:17:44:38:79:ef:17:f8:d7:14:cd:97:4b:a7:
         d5:ae:39:07:c7:df:b0:12:f3:e9:ce:8d:71:16:51:56:b0:74:
         8b:14:69:da:07:5a:61:11:c7:e9:9f:b2:81:04:3b:62:dc:de:
         d2:dc:4c:de:94:f7:35:f7:e8:6b:79:00:8b:a3:93:52:e6:a6:
         0b:d2:69:a3:43:d1:12:1f:34:1e:81:09:d6:1b:c5:24:39:b4:
         dd:87:b8:8d:1a:76:14:47:7e:aa:d9:7e:1d:15:d7:24:d9:1a:
         9e:f6:1c:23
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDtwD4rzqPlMSfhr+NC8DhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZTViN2NjYjQwM2QzMGE0NDg1N2Q0N2M1OGNmMTM0NjU0
NmQyODMwHhcNMjQwMTAxMDYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQ1YTY1ZTI2OTYzZTk2ZTM4N2FiNTUwYWNlZmY1OWE0MTU0ODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTVckGlKem62DzW/Lq399uWBZpR1
KEqUVlLe7M5p/WjJZdkeGZld3RPm9FVPNzARk6Ge2bHon7JCN/UY3o9CR4SpGmN1
bfCwo78WiQLPpYAQSCV4Da1U4U3KFS4y6ThMA0b7EuFE58wOR2l34qWbKm0ADPfY
/H0U7hwUn11N2nT6P+29sKNfLkSzc2Vs0RPfX372+G7CEMWbwsAAZ2plANoQSSJO
6fQFW/b/oHO7ZQDYNJWGgWCT//NnyKNigXqPXBuJZQfu6ZiM5lBpoJD9UMcwFTc+
7XfqXUQ13o0Atf0nLa/AvLk0kj5Wbi8oZMcQaSGyX8/mAHfMpfi86XJXewIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCbVpl4mlj6W44erVQrO/1mkFUgkMB8GA1UdIwQY
MBaAFC/lt8y0A9MKRIV9R8WM8TRlRtKDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTC1XM3pMUUQwd3BFaFgxSHhZenhOR1ZHMG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi85MWNkZmQtMmM3Mi00MjM2LWE0YzIt
MmI4ZjczNDZmMzUwLzEvSnRXbVhpYVdQcGJqaDZ0VkNzN19XYVFWU0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi85MWNkZmQtMmM3Mi00MjM2LWE0YzItMmI4ZjczNDZmMzUw
LzEvTC1XM3pMUUQwd3BFaFgxSHhZenhOR1ZHMG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBASf/VAD
BACf/VQwDQYJKoZIhvcNAQELBQADggEBAEwTZdi5wO5eejwP7IsQwsvwyqD48TAH
3BoDZC/+kUJmiz2d+7/vUxMukdv17sJGheaxZ2yPOzDBRy5wbnQo6w7Pdlxu49M/
WwUyHBnPet6mH923B60Cu+zw4HWw8bROHf+ycNInLEs6MvSuhN1q4yOJiO1OMNLy
cRltrC7ebiRt9whyydJFmGNViDDMUHVAB9SrQJHsF0Q4ee8X+NcUzZdLp9WuOQfH
37AS8+nOjXEWUVawdIsUadoHWmERx+mfsoEEO2Lc3tLcTN6U9zX36Gt5AIujk1Lm
pgvSaaND0RIfNB6BCdYbxSQ5tN2HuI0adhRHfqrZfh0V1yTZGp72HCM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:02:26 2024 by rpki-client on console-ams.rpki-client.org