Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/358be9-192d-4ae9-b4bd-eed556af2c7f/1/_U-HnHT7POYzwUYeifj5_5TsMXc.roa
File:                     _U-HnHT7POYzwUYeifj5_5TsMXc.roa (raw, json)
Hash identifier:          otnB1Q3WqpTE2exGa0OPULqtvYVGyfqS/AtDqAUhXTo=
Subject key identifier:   FD:4F:87:9C:74:FB:3C:E6:33:C1:46:1E:89:F8:F9:FF:94:EC:31:77
Certificate issuer:       /CN=e1bdccb2450a1a053c89cc213e4ae9b864782de3
Certificate serial:       018CC4934E1DF8ED496EAE753081C4E78AAA
Authority key identifier: E1:BD:CC:B2:45:0A:1A:05:3C:89:CC:21:3E:4A:E9:B8:64:78:2D:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4b3MskUKGgU8icwhPkrpuGR4LeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/358be9-192d-4ae9-b4bd-eed556af2c7f/1/_U-HnHT7POYzwUYeifj5_5TsMXc.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209685
IP address blocks:        88.218.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/358be9-192d-4ae9-b4bd-eed556af2c7f/1/4b3MskUKGgU8icwhPkrpuGR4LeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/358be9-192d-4ae9-b4bd-eed556af2c7f/1/4b3MskUKGgU8icwhPkrpuGR4LeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4b3MskUKGgU8icwhPkrpuGR4LeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4e:1d:f8:ed:49:6e:ae:75:30:81:c4:e7:8a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1bdccb2450a1a053c89cc213e4ae9b864782de3
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd4f879c74fb3ce633c1461e89f8f9ff94ec3177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fc:ad:79:d6:a7:15:68:a0:ab:60:67:0c:c2:
                    ea:c9:e6:de:32:32:1c:85:9d:d4:c2:0a:40:d9:83:
                    2e:e8:49:10:30:6f:15:7f:e1:d5:98:44:f7:55:73:
                    63:d8:0d:ba:9e:4b:9a:80:2d:a6:02:4d:dd:ae:5f:
                    b2:f0:a0:2b:23:4d:8d:50:9f:01:6b:d8:be:66:51:
                    94:c4:04:8b:4b:2b:00:36:0f:56:ff:42:59:05:f9:
                    c0:81:b2:98:c6:b8:24:c5:66:2c:78:9e:2a:10:0b:
                    41:99:f2:40:ed:28:b5:4d:a7:8f:4b:69:46:c7:f7:
                    4a:79:73:43:49:da:86:6f:97:a7:3a:5b:d6:ae:38:
                    c4:b2:06:c2:cd:b5:bf:24:08:77:2b:ec:54:65:59:
                    81:13:fe:c3:03:33:2c:bf:fa:99:32:7d:2d:65:b0:
                    68:dc:75:d7:8d:75:44:27:33:58:89:ec:66:0b:f2:
                    f3:61:52:b8:2a:76:9f:1d:70:cb:18:84:9e:16:f2:
                    18:2d:c1:f2:8a:33:5a:34:13:df:fb:51:af:b2:55:
                    3e:fc:0c:01:49:96:83:bc:32:bf:7c:0b:d5:01:f1:
                    1f:51:e2:29:eb:a8:70:57:ab:a7:5b:a2:05:5c:e3:
                    30:ac:87:d6:f1:c2:a6:45:98:7e:01:ac:e1:bc:98:
                    5f:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:4F:87:9C:74:FB:3C:E6:33:C1:46:1E:89:F8:F9:FF:94:EC:31:77
            X509v3 Authority Key Identifier:
                keyid:E1:BD:CC:B2:45:0A:1A:05:3C:89:CC:21:3E:4A:E9:B8:64:78:2D:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b3MskUKGgU8icwhPkrpuGR4LeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/358be9-192d-4ae9-b4bd-eed556af2c7f/1/_U-HnHT7POYzwUYeifj5_5TsMXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/358be9-192d-4ae9-b4bd-eed556af2c7f/1/4b3MskUKGgU8icwhPkrpuGR4LeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:fe:b6:1b:02:6d:dc:1d:2e:50:a0:1f:fe:1a:13:bb:67:2d:
         61:b2:eb:ad:b8:81:b1:e0:1d:5c:8b:82:ac:09:98:d2:dc:24:
         4d:a8:12:e6:62:de:38:11:5c:5e:9f:15:73:51:70:c7:1a:e9:
         1a:7b:81:66:68:f5:c8:b4:06:99:2c:bb:ac:e1:78:d9:21:cb:
         c8:52:29:cd:87:d5:75:f5:78:2a:c4:a2:4f:15:68:1e:d8:db:
         69:85:53:ce:9d:fa:05:4d:37:e0:c7:1e:df:d5:86:bb:d4:fc:
         08:3a:ce:fd:d3:32:81:45:cb:f1:e0:f9:7b:32:de:8b:80:92:
         ac:fe:66:70:eb:18:7e:82:b4:24:48:b6:bf:37:b2:55:59:ac:
         42:29:09:b7:a5:24:1f:b0:92:bf:d3:0f:6c:04:3d:4b:3d:bc:
         2e:d5:75:3c:26:bb:c9:80:dc:1d:87:91:f1:a0:99:fd:94:17:
         73:0c:77:c6:e7:61:eb:49:bc:98:1b:10:f8:95:e3:bf:b5:e7:
         a6:43:cd:61:71:08:c5:18:5b:98:0e:0a:6b:e1:d6:a3:ab:94:
         92:a9:4b:8a:8c:32:22:79:b4:6b:60:f9:04:ae:ae:d3:30:90:
         51:b6:2c:86:ed:ea:10:c6:bd:1e:25:b3:b7:64:2f:b6:ae:13:
         5a:ba:8e:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk04d+O1Jbq51MIHE54qqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYmRjY2IyNDUwYTFhMDUzYzg5Y2MyMTNlNGFlOWI4NjQ3
ODJkZTMwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDRmODc5Yzc0ZmIzY2U2MzNjMTQ2MWU4OWY4ZjlmZjk0ZWMzMTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/ytedanFWigq2BnDMLqyebeMjIc
hZ3UwgpA2YMu6EkQMG8Vf+HVmET3VXNj2A26nkuagC2mAk3drl+y8KArI02NUJ8B
a9i+ZlGUxASLSysANg9W/0JZBfnAgbKYxrgkxWYseJ4qEAtBmfJA7Si1TaePS2lG
x/dKeXNDSdqGb5enOlvWrjjEsgbCzbW/JAh3K+xUZVmBE/7DAzMsv/qZMn0tZbBo
3HXXjXVEJzNYiexmC/LzYVK4KnafHXDLGISeFvIYLcHyijNaNBPf+1GvslU+/AwB
SZaDvDK/fAvVAfEfUeIp66hwV6unW6IFXOMwrIfW8cKmRZh+AazhvJhfiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1Ph5x0+zzmM8FGHon4+f+U7DF3MB8GA1UdIwQY
MBaAFOG9zLJFChoFPInMIT5K6bhkeC3jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGIzTXNrVUtHZ1U4aWN3aFBrcnB1R1I0TGVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8zNThiZTktMTkyZC00YWU5LWI0YmQt
ZWVkNTU2YWYyYzdmLzEvX1UtSG5IVDdQT1l6d1VZZWlmajVfNVRzTVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8zNThiZTktMTkyZC00YWU5LWI0YmQtZWVkNTU2YWYyYzdm
LzEvNGIzTXNrVUtHZ1U4aWN3aFBrcnB1R1I0TGVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNqMMA0G
CSqGSIb3DQEBCwUAA4IBAQCt/rYbAm3cHS5QoB/+GhO7Zy1hsuutuIGx4B1ci4Ks
CZjS3CRNqBLmYt44EVxenxVzUXDHGukae4FmaPXItAaZLLus4XjZIcvIUinNh9V1
9XgqxKJPFWge2NtphVPOnfoFTTfgxx7f1Ya71PwIOs790zKBRcvx4Pl7Mt6LgJKs
/mZw6xh+grQkSLa/N7JVWaxCKQm3pSQfsJK/0w9sBD1LPbwu1XU8JrvJgNwdh5Hx
oJn9lBdzDHfG52HrSbyYGxD4leO/teemQ81hcQjFGFuYDgpr4dajq5SSqUuKjDIi
ebRrYPkErq7TMJBRtiyG7eoQxr0eJbO3ZC+2rhNauo4k
-----END CERTIFICATE-----
Generated at Tue Nov 26 17:39:06 2024 by rpki-client on console-ams.rpki-client.org