Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Plg8pa7dV4Te-11JqTm4RM0W55Q.roa
File:                     Plg8pa7dV4Te-11JqTm4RM0W55Q.roa (raw, json)
Hash identifier:          FoIRUhjvpjfaOki0PDtkQX6vTLHEsnSExc3+cVALlmA=
Subject key identifier:   3E:58:3C:A5:AE:DD:57:84:DE:FB:5D:49:A9:39:B8:44:CD:16:E7:94
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EA74E385DF630701D347D24E7E1FEE001
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Plg8pa7dV4Te-11JqTm4RM0W55Q.roa
Signing time:             Thu 04 Apr 2024 04:11:45 +0000
ROA not before:           Thu 04 Apr 2024 04:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8629
IP address blocks:        84.253.96.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a7:4e:38:5d:f6:30:70:1d:34:7d:24:e7:e1:fe:e0:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr  4 04:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e583ca5aedd5784defb5d49a939b844cd16e794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:37:69:e4:58:29:3e:fc:b8:0c:eb:c6:c0:d6:
                    4c:44:c3:cc:cb:2c:2b:ba:29:ec:fb:85:31:65:e0:
                    ac:9c:6c:bc:33:7a:69:5d:7b:07:f6:4c:9c:c9:3e:
                    91:54:b8:a2:e7:e0:d7:63:43:71:a7:c5:7c:31:e8:
                    26:d3:69:5e:82:03:d6:d9:fc:06:28:af:eb:e7:40:
                    14:8a:95:fd:15:f0:9e:6a:ed:bc:be:54:b3:08:09:
                    d3:55:ae:60:38:ba:5e:1c:98:ae:fa:75:3b:ab:d8:
                    c7:ef:8e:7d:4b:4a:3a:cd:8a:e0:c1:bd:51:bc:a2:
                    45:8f:d9:ee:e3:10:bc:29:65:8c:28:0e:4d:8b:de:
                    38:68:4e:f1:eb:d5:90:b9:35:fe:fc:c8:79:80:4c:
                    a1:9b:c2:c8:66:bc:03:9f:c4:16:b8:d7:69:f1:25:
                    d7:08:e2:80:a2:14:0b:59:16:57:bf:34:e1:5d:c6:
                    3f:0a:fc:8e:25:69:2c:8f:9f:60:f6:1f:b4:d1:44:
                    00:f2:ea:c3:aa:06:f6:9e:3e:75:ad:2d:8b:9a:fb:
                    ab:06:ff:48:e2:8b:64:be:ba:7b:8f:64:9c:bb:01:
                    65:ed:da:80:f9:92:47:5a:7a:10:8e:de:4a:f0:f8:
                    2e:da:03:74:c8:30:ea:82:f9:13:74:bf:e9:13:fb:
                    36:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:58:3C:A5:AE:DD:57:84:DE:FB:5D:49:A9:39:B8:44:CD:16:E7:94
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/Plg8pa7dV4Te-11JqTm4RM0W55Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.253.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         46:ff:de:a8:4b:3c:a0:97:13:1d:15:dc:80:52:e7:09:13:7a:
         7f:b8:f0:64:4e:e6:96:80:7e:20:01:ee:f3:50:be:75:25:0f:
         2f:db:1e:ea:d6:79:8e:18:6f:24:e5:8a:da:8e:ba:fe:50:9e:
         86:ee:11:44:72:28:28:9c:0e:30:bd:8c:6c:ae:3a:e7:88:e4:
         fb:a0:62:25:56:b9:40:98:03:b4:4a:76:62:c2:5e:7a:d9:ef:
         d8:dc:04:00:4c:63:0a:77:04:64:ac:ef:c5:09:e9:9b:d6:b7:
         62:4d:85:a2:61:2b:b6:67:c6:ff:4c:d3:1f:c2:b4:c0:f4:8e:
         5d:c8:b3:b8:bb:23:92:ea:98:75:f5:1b:6a:06:38:74:b8:29:
         2d:6f:5c:3d:70:7a:c2:78:a9:78:bc:15:18:a3:b6:86:49:b8:
         30:84:17:a1:4e:30:00:1e:17:b9:b7:fd:34:78:f4:cc:79:0b:
         54:24:e0:c5:8f:87:f4:50:4b:d4:02:29:f1:6c:e3:ad:87:53:
         1b:1d:1e:0d:ce:3c:5d:1b:ff:a2:9f:cd:2d:af:e5:f0:75:2f:
         dc:23:67:ad:81:a0:76:97:35:67:e8:c7:93:88:12:c5:0c:3c:
         39:f5:7a:d5:dc:1f:17:b0:b0:f1:31:db:59:87:3c:c8:ac:ea:
         cb:ff:b4:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6nTjhd9jBwHTR9JOfh/uABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDA0MDQxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTU4M2NhNWFlZGQ1Nzg0ZGVmYjVkNDlhOTM5Yjg0NGNkMTZlNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTdp5FgpPvy4DOvGwNZMRMPMyywr
uins+4UxZeCsnGy8M3ppXXsH9kycyT6RVLii5+DXY0Nxp8V8Megm02leggPW2fwG
KK/r50AUipX9FfCeau28vlSzCAnTVa5gOLpeHJiu+nU7q9jH7459S0o6zYrgwb1R
vKJFj9nu4xC8KWWMKA5Ni944aE7x69WQuTX+/Mh5gEyhm8LIZrwDn8QWuNdp8SXX
COKAohQLWRZXvzThXcY/CvyOJWksj59g9h+00UQA8urDqgb2nj51rS2LmvurBv9I
4otkvrp7j2ScuwFl7dqA+ZJHWnoQjt5K8Pgu2gN0yDDqgvkTdL/pE/s2MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5YPKWu3VeE3vtdSak5uETNFueUMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvUGxnOHBhN2RWNFRlLTExSnFUbTRSTTBXNTVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFVP1gMA0G
CSqGSIb3DQEBCwUAA4IBAQBG/96oSzyglxMdFdyAUucJE3p/uPBkTuaWgH4gAe7z
UL51JQ8v2x7q1nmOGG8k5Yrajrr+UJ6G7hFEcigonA4wvYxsrjrniOT7oGIlVrlA
mAO0SnZiwl562e/Y3AQATGMKdwRkrO/FCemb1rdiTYWiYSu2Z8b/TNMfwrTA9I5d
yLO4uyOS6ph19RtqBjh0uCktb1w9cHrCeKl4vBUYo7aGSbgwhBehTjAAHhe5t/00
ePTMeQtUJODFj4f0UEvUAinxbOOth1MbHR4NzjxdG/+in80tr+XwdS/cI2etgaB2
lzVn6MeTiBLFDDw59XrV3B8XsLDxMdtZhzzIrOrL/7R+
-----END CERTIFICATE-----
Generated at Sat Nov 23 07:36:25 2024 by rpki-client on console-fra.rpki-client.org