Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/pdA9ShOyymqlaxxMo3S6JxTrs10.roa
File:                     pdA9ShOyymqlaxxMo3S6JxTrs10.roa (raw, json)
Hash identifier:          Pf7D3WV+AWuMYiE9pP+JqGLPMqduS0YXbYwutRFc/e8=
Subject key identifier:   A5:D0:3D:4A:13:B2:CA:6A:A5:6B:1C:4C:A3:74:BA:27:14:EB:B3:5D
Certificate issuer:       /CN=83e5d90301d3cf67b88fee42dd545afcf14ea561
Certificate serial:       018CC64B6CA3E062DB7A6629D855410F9C5F
Authority key identifier: 83:E5:D9:03:01:D3:CF:67:B8:8F:EE:42:DD:54:5A:FC:F1:4E:A5:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g-XZAwHTz2e4j-5C3VRa_PFOpWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/pdA9ShOyymqlaxxMo3S6JxTrs10.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.29.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/g-XZAwHTz2e4j-5C3VRa_PFOpWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/g-XZAwHTz2e4j-5C3VRa_PFOpWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g-XZAwHTz2e4j-5C3VRa_PFOpWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6c:a3:e0:62:db:7a:66:29:d8:55:41:0f:9c:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83e5d90301d3cf67b88fee42dd545afcf14ea561
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5d03d4a13b2ca6aa56b1c4ca374ba2714ebb35d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e9:0d:28:5d:f7:35:ab:e3:16:3b:66:38:0b:
                    91:a0:3f:8b:39:25:3d:fd:95:18:f6:70:29:7d:2c:
                    99:6a:4a:4a:0e:88:dd:59:78:bd:3f:ad:1b:bb:79:
                    06:f9:38:ce:77:4e:77:97:dd:0a:9a:01:16:0e:f3:
                    11:55:2c:2c:b3:b1:e0:9a:bf:0d:55:50:6b:46:da:
                    78:3a:85:40:0b:0e:33:fa:aa:18:ee:76:fc:aa:41:
                    ab:a2:48:9e:e9:82:99:bd:56:09:7d:b3:a4:0f:8e:
                    28:d0:d3:c0:b1:14:81:96:04:e8:7f:96:c2:2c:60:
                    2c:c0:10:31:6a:25:da:7d:7d:54:06:0b:76:19:30:
                    f4:20:23:81:fb:f6:b0:0a:54:1c:93:6c:54:f6:33:
                    dd:6a:6b:1a:07:a1:af:ed:17:2b:b2:47:3e:71:e0:
                    0a:15:79:73:11:6e:d7:0e:8b:c5:ea:8b:c4:d0:1a:
                    04:91:6a:61:d9:63:fc:db:9f:77:58:70:2d:a7:42:
                    14:3f:45:d9:63:81:7e:0d:c7:53:62:04:0a:a4:02:
                    8f:3c:17:50:c8:7c:68:42:f7:87:91:f2:03:59:dc:
                    78:6c:91:2b:ec:83:12:bb:1e:20:51:0f:1a:b1:90:
                    df:2b:a6:26:37:1c:d1:01:25:34:18:00:a1:a5:bf:
                    b6:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:D0:3D:4A:13:B2:CA:6A:A5:6B:1C:4C:A3:74:BA:27:14:EB:B3:5D
            X509v3 Authority Key Identifier:
                keyid:83:E5:D9:03:01:D3:CF:67:B8:8F:EE:42:DD:54:5A:FC:F1:4E:A5:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g-XZAwHTz2e4j-5C3VRa_PFOpWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/pdA9ShOyymqlaxxMo3S6JxTrs10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/g-XZAwHTz2e4j-5C3VRa_PFOpWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.29.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:da:60:0e:67:86:87:cd:1f:38:f8:3f:bd:39:40:2d:a6:77:
         43:1d:01:6a:38:15:c7:99:00:bb:d5:5c:7e:3a:d6:11:ee:f4:
         67:b8:4b:0b:3c:c2:b9:94:83:47:06:86:db:42:3a:d0:d7:dd:
         79:e5:0e:35:09:3f:d7:fe:04:c6:1e:53:ab:21:01:2e:3a:c8:
         ea:24:54:fa:41:4e:8d:00:d2:11:4c:fa:50:9e:e7:4f:fd:98:
         8b:6e:88:2b:4c:f2:20:fb:5b:7a:95:21:f8:b6:b0:68:49:d3:
         f5:6a:1a:1a:6e:b0:0e:6e:4c:be:34:4e:e1:44:a2:5a:3f:5b:
         f7:30:fa:32:43:3c:b0:4b:4f:6e:f6:fb:6d:c3:e4:a9:b4:1a:
         92:72:20:b0:bd:47:dc:c4:7b:5c:78:eb:36:72:8b:30:eb:e8:
         dd:30:bb:b0:62:17:43:a7:b5:58:1c:6e:21:95:70:1f:34:ad:
         e4:e4:a3:5d:82:87:40:05:45:10:9e:94:35:8c:74:28:4e:23:
         bc:10:fa:8d:c1:7e:0c:9c:d4:f4:c1:ae:0a:66:ad:85:01:e6:
         66:c7:88:73:77:5a:c5:4f:aa:bd:08:ea:ff:0a:c5:b3:be:bb:
         92:48:17:e3:ae:39:57:71:b8:18:f2:00:2c:2b:2a:27:e6:10:
         5a:e0:4f:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2yj4GLbemYp2FVBD5xfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZTVkOTAzMDFkM2NmNjdiODhmZWU0MmRkNTQ1YWZjZjE0
ZWE1NjEwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWQwM2Q0YTEzYjJjYTZhYTU2YjFjNGNhMzc0YmEyNzE0ZWJiMzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkekNKF33NavjFjtmOAuRoD+LOSU9
/ZUY9nApfSyZakpKDojdWXi9P60bu3kG+TjOd053l90KmgEWDvMRVSwss7Hgmr8N
VVBrRtp4OoVACw4z+qoY7nb8qkGrokie6YKZvVYJfbOkD44o0NPAsRSBlgTof5bC
LGAswBAxaiXafX1UBgt2GTD0ICOB+/awClQck2xU9jPdamsaB6Gv7Rcrskc+ceAK
FXlzEW7XDovF6ovE0BoEkWph2WP82593WHAtp0IUP0XZY4F+DcdTYgQKpAKPPBdQ
yHxoQveHkfIDWdx4bJEr7IMSux4gUQ8asZDfK6YmNxzRASU0GAChpb+2wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXQPUoTsspqpWscTKN0uicU67NdMB8GA1UdIwQY
MBaAFIPl2QMB089nuI/uQt1UWvzxTqVhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZy1YWkF3SFR6MmU0ai01QzNWUmFfUEZPcFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xNTdiYTktNWFlNy00NDYwLTg4N2It
NzgyYjgyZWJjYWFlLzEvcGRBOVNoT3l5bXFsYXh4TW8zUzZKeFRyczEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xNTdiYTktNWFlNy00NDYwLTg4N2ItNzgyYjgyZWJjYWFl
LzEvZy1YWkF3SFR6MmU0ai01QzNWUmFfUEZPcFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh02MA0G
CSqGSIb3DQEBCwUAA4IBAQAt2mAOZ4aHzR84+D+9OUAtpndDHQFqOBXHmQC71Vx+
OtYR7vRnuEsLPMK5lINHBobbQjrQ19155Q41CT/X/gTGHlOrIQEuOsjqJFT6QU6N
ANIRTPpQnudP/ZiLbogrTPIg+1t6lSH4trBoSdP1ahoabrAObky+NE7hRKJaP1v3
MPoyQzywS09u9vttw+SptBqSciCwvUfcxHtceOs2cosw6+jdMLuwYhdDp7VYHG4h
lXAfNK3k5KNdgodABUUQnpQ1jHQoTiO8EPqNwX4MnNT0wa4KZq2FAeZmx4hzd1rF
T6q9COr/CsWzvruSSBfjrjlXcbgY8gAsKyon5hBa4E9y
-----END CERTIFICATE-----
Generated at Mon Nov 25 00:07:00 2024 by rpki-client on console-fra.rpki-client.org