Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/bWRsholUkD1mpT6VxYYpFArLyzE.roa
File:                     bWRsholUkD1mpT6VxYYpFArLyzE.roa (raw, json)
Hash identifier:          KWCFh3Uk0SB9cNzgVjzYNCOd5miIpLMdIPsuW8pAn4U=
Subject key identifier:   6D:64:6C:86:89:54:90:3D:66:A5:3E:95:C5:86:29:14:0A:CB:CB:31
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB68F474D6B3BBAAC798431C329F3F
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/bWRsholUkD1mpT6VxYYpFArLyzE.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205194
IP address blocks:        192.162.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:68:f4:74:d6:b3:bb:aa:c7:98:43:1c:32:9f:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d646c868954903d66a53e95c58629140acbcb31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:36:df:31:5a:8f:e1:a4:91:87:a7:4e:bb:02:
                    55:4c:43:76:b8:2f:a6:74:1b:d8:a4:46:f8:4b:a2:
                    0b:22:b3:5e:ae:59:33:d4:0b:be:c4:4d:74:c8:5c:
                    04:f9:0f:67:b6:5f:0e:55:1c:87:2b:98:c5:17:b8:
                    a1:16:11:e4:0d:ae:6b:2e:a5:3b:d5:9d:ac:28:9c:
                    95:67:e8:63:dc:2b:fb:e2:11:72:81:98:b4:86:1a:
                    34:e2:b2:18:4b:78:a6:61:7e:d0:58:3f:ce:83:8b:
                    f5:b7:b7:b8:17:0d:29:7d:af:03:45:28:e5:ed:70:
                    a9:88:ff:25:ef:fb:69:92:2f:3e:cf:fe:e6:9e:0d:
                    60:fc:c0:fc:f0:55:d4:b7:ae:aa:ad:34:ca:0d:71:
                    24:d1:8b:43:ed:fd:3b:82:26:89:9e:cf:00:92:04:
                    da:09:12:b2:cc:a3:16:cc:5e:4f:f3:da:3c:e3:d3:
                    92:2e:be:dc:2d:9b:fd:b2:29:ff:48:ec:cc:1b:79:
                    b3:94:9a:9e:eb:16:bf:c8:f6:13:f8:c1:85:2b:12:
                    5e:51:df:96:86:1c:ed:32:0d:1d:27:c8:ff:6c:f1:
                    54:1a:24:18:15:c7:17:a7:e6:0b:25:2a:08:b5:a7:
                    f3:59:4b:83:b5:f4:34:8c:55:16:b0:8e:42:31:ec:
                    a1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:64:6C:86:89:54:90:3D:66:A5:3E:95:C5:86:29:14:0A:CB:CB:31
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/bWRsholUkD1mpT6VxYYpFArLyzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:5a:58:fc:af:e5:14:55:de:04:63:39:be:c6:5c:08:b9:f4:
         02:88:0e:1f:e1:e6:44:cd:3e:a5:f7:7c:1c:74:31:dc:7d:b2:
         7a:25:b7:50:c8:1e:c2:96:8b:94:95:d7:b2:5b:73:42:70:a7:
         da:7f:69:53:b3:8f:60:85:2b:40:98:42:ac:c6:f4:8f:90:82:
         e1:e8:00:52:36:f3:43:2a:0e:c8:cc:32:c0:f4:9b:a6:52:e4:
         bb:e7:b3:34:aa:ef:d1:fb:2c:56:34:cc:b5:2c:91:34:6b:eb:
         16:85:75:7d:9e:f3:36:7d:06:44:1e:55:42:e5:9e:d1:a2:de:
         4f:18:82:f5:f7:81:c3:b1:47:5a:42:97:b1:75:7a:7a:62:af:
         ad:78:ef:be:78:5d:ce:f6:25:69:18:ac:90:75:93:a7:dd:75:
         fb:77:42:48:e1:cc:2a:41:0a:7a:a9:22:00:af:91:bb:c9:b0:
         b0:2a:04:d2:ca:4e:fc:48:2d:24:33:5a:3a:c4:2a:98:e1:8e:
         55:01:b9:f9:d3:76:f9:bc:03:fb:02:06:fa:d7:ee:88:5d:45:
         42:9e:e7:93:a5:94:b8:0a:39:5f:9c:77:6c:86:76:8d:68:f7:
         08:af:0f:83:d1:5f:e8:c5:e8:05:c5:e3:7f:e6:52:1e:41:a3:
         e8:bd:70:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22j0dNazu6rHmEMcMp8/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDY0NmM4Njg5NTQ5MDNkNjZhNTNlOTVjNTg2MjkxNDBhY2JjYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTbfMVqP4aSRh6dOuwJVTEN2uC+m
dBvYpEb4S6ILIrNerlkz1Au+xE10yFwE+Q9ntl8OVRyHK5jFF7ihFhHkDa5rLqU7
1Z2sKJyVZ+hj3Cv74hFygZi0hho04rIYS3imYX7QWD/Og4v1t7e4Fw0pfa8DRSjl
7XCpiP8l7/tpki8+z/7mng1g/MD88FXUt66qrTTKDXEk0YtD7f07giaJns8AkgTa
CRKyzKMWzF5P89o849OSLr7cLZv9sin/SOzMG3mzlJqe6xa/yPYT+MGFKxJeUd+W
hhztMg0dJ8j/bPFUGiQYFccXp+YLJSoItafzWUuDtfQ0jFUWsI5CMeyhVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1kbIaJVJA9ZqU+lcWGKRQKy8sxMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvYldSc2hvbFVrRDFtcFQ2VnhZWXBGQXJMeXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKJBMA0G
CSqGSIb3DQEBCwUAA4IBAQBNWlj8r+UUVd4EYzm+xlwIufQCiA4f4eZEzT6l93wc
dDHcfbJ6JbdQyB7ClouUldeyW3NCcKfaf2lTs49ghStAmEKsxvSPkILh6ABSNvND
Kg7IzDLA9JumUuS757M0qu/R+yxWNMy1LJE0a+sWhXV9nvM2fQZEHlVC5Z7Rot5P
GIL194HDsUdaQpexdXp6Yq+teO++eF3O9iVpGKyQdZOn3XX7d0JI4cwqQQp6qSIA
r5G7ybCwKgTSyk78SC0kM1o6xCqY4Y5VAbn503b5vAP7Agb61+6IXUVCnueTpZS4
CjlfnHdshnaNaPcIrw+D0V/oxegFxeN/5lIeQaPovXCz
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:04:00 2024 by rpki-client on console-fra.rpki-client.org