Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/klTual-f2O2NXlq2Q1Ra1SiI_GE.roa
File:                     klTual-f2O2NXlq2Q1Ra1SiI_GE.roa (raw, json)
Hash identifier:          KIyqU6IduxjRIbvWRbQvBa+qXKovcl/yfqIFECsUysc=
Subject key identifier:   92:54:EE:6A:5F:9F:D8:ED:8D:5E:5A:B6:43:54:5A:D5:28:88:FC:61
Certificate issuer:       /CN=079d9053717a16a76c10ae838f5625055be0481f
Certificate serial:       018DD28F61274477F84D80942EC0FD423366
Authority key identifier: 07:9D:90:53:71:7A:16:A7:6C:10:AE:83:8F:56:25:05:5B:E0:48:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B52QU3F6FqdsEK6Dj1YlBVvgSB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/klTual-f2O2NXlq2Q1Ra1SiI_GE.roa
Signing time:             Thu 22 Feb 2024 20:43:48 +0000
ROA not before:           Thu 22 Feb 2024 20:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        178.18.194.0/24 maxlen: 24
                          185.93.250.0/24 maxlen: 24
                          185.93.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/B52QU3F6FqdsEK6Dj1YlBVvgSB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/B52QU3F6FqdsEK6Dj1YlBVvgSB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B52QU3F6FqdsEK6Dj1YlBVvgSB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d2:8f:61:27:44:77:f8:4d:80:94:2e:c0:fd:42:33:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=079d9053717a16a76c10ae838f5625055be0481f
        Validity
            Not Before: Feb 22 20:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9254ee6a5f9fd8ed8d5e5ab643545ad52888fc61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:89:68:30:58:40:87:9e:e2:71:73:bb:82:22:
                    84:a8:e0:6b:2b:46:82:1f:e9:6d:85:1d:e9:c6:0f:
                    0b:75:36:3e:6f:28:d1:79:e2:39:5e:ee:2e:60:6c:
                    6e:b8:d7:3d:ca:30:bb:e0:f6:f5:ec:20:85:57:1d:
                    1a:a6:32:88:3b:ad:98:7f:75:b2:be:94:fa:77:15:
                    58:4b:fd:4d:86:c7:19:41:65:0e:86:f6:eb:44:b7:
                    97:be:dd:3d:5e:eb:68:be:55:28:6d:3b:49:6f:81:
                    16:f0:3f:6e:71:dd:9b:04:30:72:cd:f1:bf:68:75:
                    75:73:d0:d7:f7:48:0b:86:93:a3:f6:5f:a7:3a:fc:
                    d1:1d:a2:47:0b:d4:74:a1:5e:3d:d7:06:d1:ab:d3:
                    75:20:89:43:41:51:df:73:e1:cc:46:13:84:3c:98:
                    e1:21:97:0f:4e:2c:d2:b3:0d:8b:cd:37:07:4e:ea:
                    ce:0c:c9:b9:26:35:3a:1d:fb:ad:11:8b:a7:66:17:
                    dd:de:61:de:98:74:20:e7:98:5d:00:24:80:cb:f1:
                    99:2e:ee:02:17:ca:82:ab:33:01:71:03:99:85:b1:
                    64:9f:a5:b6:cd:07:ca:b5:67:cc:91:1f:d5:27:2e:
                    b0:39:84:a1:10:e1:44:65:66:dd:4f:9a:1e:45:e1:
                    bf:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:54:EE:6A:5F:9F:D8:ED:8D:5E:5A:B6:43:54:5A:D5:28:88:FC:61
            X509v3 Authority Key Identifier:
                keyid:07:9D:90:53:71:7A:16:A7:6C:10:AE:83:8F:56:25:05:5B:E0:48:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B52QU3F6FqdsEK6Dj1YlBVvgSB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/klTual-f2O2NXlq2Q1Ra1SiI_GE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/68d16a-82e5-4f4a-8730-27d03e393fb7/1/B52QU3F6FqdsEK6Dj1YlBVvgSB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.18.194.0/24
                  185.93.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:3c:a9:1e:d2:cc:ac:5c:39:c1:83:3d:d2:47:38:d8:bf:bc:
         f7:e9:8e:3f:7a:19:e9:23:5c:60:d6:4c:e9:aa:e4:e8:66:c1:
         89:54:5c:0c:11:07:18:42:ed:f1:7f:3d:c6:b8:ed:47:58:eb:
         43:0b:96:c1:bf:e9:3c:a2:30:cb:13:dd:89:b6:0b:74:d5:cd:
         ac:6b:69:e3:59:96:73:64:24:67:cf:59:68:b2:9f:e0:31:e6:
         11:44:55:07:fa:21:27:b2:d0:02:6f:0f:3b:b2:88:b6:be:b3:
         ea:40:b9:d9:09:39:cf:33:61:58:8d:a7:0d:82:fc:25:8f:78:
         09:6c:12:6c:33:1b:76:2c:91:0c:57:61:19:d4:16:da:c1:73:
         20:39:d2:d1:8f:a1:8e:fa:48:0e:f6:29:99:a9:6a:4a:41:0b:
         27:8e:b8:cc:23:e8:e5:91:60:6d:e9:e4:0d:ee:6a:40:c1:29:
         d2:21:a9:c0:d4:09:70:31:a9:b5:c9:cb:2a:fa:8e:1b:23:9c:
         ba:7f:2b:da:d7:f4:0d:f1:a9:67:fc:b5:fc:c1:d2:58:97:16:
         fc:16:ad:9c:10:f4:47:45:16:9c:a9:fa:47:f2:91:93:a0:ab:
         fd:c1:e1:04:6f:b8:86:28:25:03:9d:ae:9a:30:e1:0b:46:cd:
         b1:cf:2f:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3Sj2EnRHf4TYCULsD9QjNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3OWQ5MDUzNzE3YTE2YTc2YzEwYWU4MzhmNTYyNTA1NWJl
MDQ4MWYwHhcNMjQwMjIyMjA0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjU0ZWU2YTVmOWZkOGVkOGQ1ZTVhYjY0MzU0NWFkNTI4ODhmYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoloMFhAh57icXO7giKEqOBrK0aC
H+lthR3pxg8LdTY+byjReeI5Xu4uYGxuuNc9yjC74Pb17CCFVx0apjKIO62Yf3Wy
vpT6dxVYS/1NhscZQWUOhvbrRLeXvt09XutovlUobTtJb4EW8D9ucd2bBDByzfG/
aHV1c9DX90gLhpOj9l+nOvzRHaJHC9R0oV491wbRq9N1IIlDQVHfc+HMRhOEPJjh
IZcPTizSsw2LzTcHTurODMm5JjU6HfutEYunZhfd3mHemHQg55hdACSAy/GZLu4C
F8qCqzMBcQOZhbFkn6W2zQfKtWfMkR/VJy6wOYShEOFEZWbdT5oeReG/qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJJU7mpfn9jtjV5atkNUWtUoiPxhMB8GA1UdIwQY
MBaAFAedkFNxehanbBCug49WJQVb4EgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjUyUVUzRjZGcWRzRUs2RGoxWWxCVnZnU0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82OGQxNmEtODJlNS00ZjRhLTg3MzAt
MjdkMDNlMzkzZmI3LzEva2xUdWFsLWYyTzJOWGxxMlExUmExU2lJX0dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82OGQxNmEtODJlNS00ZjRhLTg3MzAtMjdkMDNlMzkzZmI3
LzEvQjUyUVUzRjZGcWRzRUs2RGoxWWxCVnZnU0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAshLCAwQB
uV36MA0GCSqGSIb3DQEBCwUAA4IBAQAAPKke0sysXDnBgz3SRzjYv7z36Y4/ehnp
I1xg1kzpquToZsGJVFwMEQcYQu3xfz3GuO1HWOtDC5bBv+k8ojDLE92Jtgt01c2s
a2njWZZzZCRnz1losp/gMeYRRFUH+iEnstACbw87soi2vrPqQLnZCTnPM2FYjacN
gvwlj3gJbBJsMxt2LJEMV2EZ1BbawXMgOdLRj6GO+kgO9imZqWpKQQsnjrjMI+jl
kWBt6eQN7mpAwSnSIanA1AlwMam1ycsq+o4bI5y6fyva1/QN8aln/LX8wdJYlxb8
Fq2cEPRHRRacqfpH8pGToKv9weEEb7iGKCUDna6aMOELRs2xzy8z
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:46:47 2024 by rpki-client on console-ams.rpki-client.org