Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/3aa0f5-eae5-49a3-8ee9-0df7df4d5b01/1/CpLkKYBksC8zUs6zYeEVCwei3V8.roa
File:                     CpLkKYBksC8zUs6zYeEVCwei3V8.roa (raw, json)
Hash identifier:          Fb/va4I7uYZ+1AwJX0iZb5/VG6/T6uSRO9R6/17i+OQ=
Subject key identifier:   0A:92:E4:29:80:64:B0:2F:33:52:CE:B3:61:E1:15:0B:07:A2:DD:5F
Certificate issuer:       /CN=01292e03a731796e1d7b148b1dd235d144352f5d
Certificate serial:       018CC5DC1935D4AFE1626C7730C29D8A12A5
Authority key identifier: 01:29:2E:03:A7:31:79:6E:1D:7B:14:8B:1D:D2:35:D1:44:35:2F:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ASkuA6cxeW4dexSLHdI10UQ1L10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/3aa0f5-eae5-49a3-8ee9-0df7df4d5b01/1/CpLkKYBksC8zUs6zYeEVCwei3V8.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42337
IP address blocks:        195.96.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/3aa0f5-eae5-49a3-8ee9-0df7df4d5b01/1/ASkuA6cxeW4dexSLHdI10UQ1L10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/3aa0f5-eae5-49a3-8ee9-0df7df4d5b01/1/ASkuA6cxeW4dexSLHdI10UQ1L10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ASkuA6cxeW4dexSLHdI10UQ1L10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:19:35:d4:af:e1:62:6c:77:30:c2:9d:8a:12:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01292e03a731796e1d7b148b1dd235d144352f5d
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a92e4298064b02f3352ceb361e1150b07a2dd5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:cd:c4:eb:b4:3e:29:d8:28:1e:63:cb:2d:7e:
                    27:f1:fd:09:22:fd:6a:bf:1d:f1:99:c2:bb:1e:31:
                    0d:e1:68:db:4c:ab:ef:63:8b:41:b3:c7:73:ec:a8:
                    fc:4c:79:23:0e:c6:c0:1e:e4:c0:0d:c0:19:c4:91:
                    b5:4f:8f:42:26:99:02:a4:46:e8:41:50:0f:72:da:
                    10:a3:eb:18:81:99:17:84:ef:e4:cf:60:8d:6c:92:
                    50:08:01:d5:f3:70:9a:4d:06:f7:e4:04:87:2d:b0:
                    99:a1:82:fd:e8:1b:38:c9:a2:8b:90:f1:49:d4:13:
                    db:37:c0:4d:8c:6f:a9:85:a5:ec:12:9d:4b:05:a8:
                    5c:0d:1d:7c:0a:35:a9:87:45:f3:e8:3e:c4:b6:2d:
                    91:2a:63:5f:fd:68:94:de:82:41:c1:a3:fd:f4:03:
                    e6:fc:25:b2:0f:ec:09:80:eb:d2:3a:06:0d:62:31:
                    8f:6f:94:ae:4f:a8:e1:17:76:03:20:e7:1b:bf:a2:
                    be:ba:da:61:f5:d7:0f:cc:c8:ac:79:42:b3:a9:59:
                    6b:a7:dd:64:4b:73:38:7f:89:d9:25:46:e2:e8:07:
                    2b:40:e0:48:35:7f:f8:50:c4:a7:1d:b2:ed:a6:f4:
                    05:f4:45:1f:b8:81:fc:de:70:92:3e:31:7f:33:62:
                    ec:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:92:E4:29:80:64:B0:2F:33:52:CE:B3:61:E1:15:0B:07:A2:DD:5F
            X509v3 Authority Key Identifier:
                keyid:01:29:2E:03:A7:31:79:6E:1D:7B:14:8B:1D:D2:35:D1:44:35:2F:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ASkuA6cxeW4dexSLHdI10UQ1L10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/3aa0f5-eae5-49a3-8ee9-0df7df4d5b01/1/CpLkKYBksC8zUs6zYeEVCwei3V8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/3aa0f5-eae5-49a3-8ee9-0df7df4d5b01/1/ASkuA6cxeW4dexSLHdI10UQ1L10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:f2:e0:13:69:15:db:b7:52:95:af:43:a5:f7:82:fa:f8:22:
         f4:e5:f0:2e:89:96:d5:fa:46:e1:a9:10:08:02:df:44:dc:97:
         56:ae:d1:97:b4:11:2f:03:41:15:2b:93:06:c1:2a:cd:a2:3c:
         bb:19:87:c2:61:dd:a2:8e:0e:26:99:8a:56:65:08:d9:1c:56:
         d6:eb:39:d2:3f:1a:96:31:24:dc:ad:ea:06:3c:5d:2f:fa:a4:
         74:79:84:15:71:0b:cb:71:9f:2f:41:8a:d8:56:78:c2:10:40:
         06:9c:23:5a:e8:11:17:e2:6a:8b:dd:d2:17:de:9f:d8:53:9f:
         e5:0d:ad:46:3e:d3:7a:1f:84:cf:e5:9f:45:65:28:f3:be:6a:
         39:ca:ab:bb:34:e8:42:1f:db:66:3e:5c:f3:01:61:5d:a8:c8:
         c4:63:4b:ca:ba:e5:b9:3a:d7:b6:8b:5d:a1:c6:96:41:7e:e5:
         55:84:47:ac:97:be:5a:16:c4:63:5b:5f:65:8f:7d:26:85:3a:
         11:da:73:9c:94:09:af:f3:74:bd:f4:6b:49:f6:d1:8b:07:0e:
         10:5a:21:5d:6d:94:ad:3e:49:db:39:32:18:d9:7e:a3:80:87:
         bd:72:e1:8a:43:ae:48:b2:59:cf:bd:cd:7f:31:be:cd:9b:c9:
         c0:56:64:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Bk11K/hYmx3MMKdihKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMjkyZTAzYTczMTc5NmUxZDdiMTQ4YjFkZDIzNWQxNDQz
NTJmNWQwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTkyZTQyOTgwNjRiMDJmMzM1MmNlYjM2MWUxMTUwYjA3YTJkZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm83E67Q+KdgoHmPLLX4n8f0JIv1q
vx3xmcK7HjEN4WjbTKvvY4tBs8dz7Kj8THkjDsbAHuTADcAZxJG1T49CJpkCpEbo
QVAPctoQo+sYgZkXhO/kz2CNbJJQCAHV83CaTQb35ASHLbCZoYL96Bs4yaKLkPFJ
1BPbN8BNjG+phaXsEp1LBahcDR18CjWph0Xz6D7Eti2RKmNf/WiU3oJBwaP99APm
/CWyD+wJgOvSOgYNYjGPb5SuT6jhF3YDIOcbv6K+utph9dcPzMiseUKzqVlrp91k
S3M4f4nZJUbi6AcrQOBINX/4UMSnHbLtpvQF9EUfuIH83nCSPjF/M2LsiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqS5CmAZLAvM1LOs2HhFQsHot1fMB8GA1UdIwQY
MBaAFAEpLgOnMXluHXsUix3SNdFENS9dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVNrdUE2Y3hlVzRkZXhTTEhkSTEwVVExTDEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zYWEwZjUtZWFlNS00OWEzLThlZTkt
MGRmN2RmNGQ1YjAxLzEvQ3BMa0tZQmtzQzh6VXM2elllRVZDd2VpM1Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zYWEwZjUtZWFlNS00OWEzLThlZTktMGRmN2RmNGQ1YjAx
LzEvQVNrdUE2Y3hlVzRkZXhTTEhkSTEwVVExTDEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CZMA0G
CSqGSIb3DQEBCwUAA4IBAQCo8uATaRXbt1KVr0Ol94L6+CL05fAuiZbV+kbhqRAI
At9E3JdWrtGXtBEvA0EVK5MGwSrNojy7GYfCYd2ijg4mmYpWZQjZHFbW6znSPxqW
MSTcreoGPF0v+qR0eYQVcQvLcZ8vQYrYVnjCEEAGnCNa6BEX4mqL3dIX3p/YU5/l
Da1GPtN6H4TP5Z9FZSjzvmo5yqu7NOhCH9tmPlzzAWFdqMjEY0vKuuW5Ote2i12h
xpZBfuVVhEesl75aFsRjW19lj30mhToR2nOclAmv83S99GtJ9tGLBw4QWiFdbZSt
PknbOTIY2X6jgIe9cuGKQ65IslnPvc1/Mb7Nm8nAVmTP
-----END CERTIFICATE-----
Generated at Tue Nov 26 03:30:17 2024 by rpki-client on console-ams.rpki-client.org