Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/A7REsbGE1NrMU-LSCZyMtKSjm8k.roa
File:                     A7REsbGE1NrMU-LSCZyMtKSjm8k.roa (raw, json)
Hash identifier:          zhPZaUdsFTS8eVrwvXcM5kTM6RctaNrzWltEyiRGpbQ=
Subject key identifier:   03:B4:44:B1:B1:84:D4:DA:CC:53:E2:D2:09:9C:8C:B4:A4:A3:9B:C9
Certificate issuer:       /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial:       018CC94CA1DAB304CEDB2B9362F745E8B90A
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/A7REsbGE1NrMU-LSCZyMtKSjm8k.roa
Signing time:             Tue 02 Jan 2024 08:31:31 +0000
ROA not before:           Tue 02 Jan 2024 08:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207185
IP address blocks:        213.162.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a1:da:b3:04:ce:db:2b:93:62:f7:45:e8:b9:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
        Validity
            Not Before: Jan  2 08:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03b444b1b184d4dacc53e2d2099c8cb4a4a39bc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8f:84:e2:db:91:45:cf:ba:94:ed:e6:77:ec:
                    04:6d:44:dd:90:4f:90:02:5b:b0:ce:b3:e2:58:ab:
                    e2:59:90:ac:43:ab:6b:d0:2f:37:0d:9c:74:34:7f:
                    83:fc:ad:57:3d:30:b7:91:bc:87:b8:a4:e5:26:66:
                    a2:b8:9c:ed:6b:b9:dc:c4:10:74:1c:12:86:89:d5:
                    9c:27:22:8b:26:36:de:fe:95:a3:c6:7e:04:e9:9f:
                    89:8b:37:22:7a:d6:fd:d2:a4:e5:0f:63:e1:8d:7c:
                    67:ba:2f:6a:c6:5d:94:89:c5:e6:69:90:ca:7c:d1:
                    3a:61:2b:49:52:f6:ce:9d:09:11:a9:79:a6:18:54:
                    0a:38:da:26:5c:44:ed:9a:2c:a0:36:ab:5d:e1:0a:
                    b1:3a:87:50:9c:d0:6d:b5:f5:ae:ae:af:f0:75:9e:
                    e8:f6:26:37:75:db:61:ce:81:f4:53:dd:02:ee:c9:
                    85:46:5b:d0:8a:fe:24:d8:5c:df:1c:93:22:6b:56:
                    d1:4b:5c:00:1c:5f:e7:0a:1d:41:15:71:df:68:70:
                    80:25:cf:be:0d:be:da:4b:51:00:6d:50:af:75:13:
                    4b:d9:bb:0c:97:dc:be:37:1b:ed:11:87:1c:1f:a0:
                    81:4f:c6:ab:26:ba:80:e9:c5:ff:e4:e3:24:01:99:
                    1e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B4:44:B1:B1:84:D4:DA:CC:53:E2:D2:09:9C:8C:B4:A4:A3:9B:C9
            X509v3 Authority Key Identifier:
                keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/A7REsbGE1NrMU-LSCZyMtKSjm8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.162.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:63:19:b6:2c:31:31:77:63:74:21:97:f4:e6:64:5b:41:77:
         63:80:e9:af:20:ec:25:4b:7c:ef:55:7d:20:bc:cb:6e:16:a8:
         2a:ad:ed:7e:c8:9e:23:1e:0d:99:d1:33:db:63:33:b4:3c:e0:
         89:ce:80:6c:be:3b:41:59:61:7e:3b:81:92:0a:61:a0:0f:dd:
         98:1b:02:0e:99:8a:ab:93:6b:42:ab:da:65:39:72:cc:93:10:
         8a:9f:22:17:8c:27:f9:e9:bc:7c:ca:d5:3f:4e:9d:60:9b:71:
         c1:e1:10:12:9f:0c:61:cf:9a:83:d7:35:f2:81:e4:5a:f5:c3:
         b9:a1:95:45:44:f0:b6:ce:73:38:ee:4d:c8:8b:07:eb:e5:b1:
         52:45:fa:fa:0d:e1:30:2f:40:5d:18:df:6d:d9:95:0b:75:da:
         ce:79:63:25:24:af:c0:c7:b8:bb:c0:1b:7a:2a:44:66:dc:3b:
         47:56:10:e3:a0:97:56:97:e5:b3:7f:14:7e:b9:fa:ad:9f:2f:
         4d:da:57:67:7b:b2:74:72:d3:46:18:83:3a:e4:8b:36:37:94:
         4b:c8:64:9a:01:58:8b:6e:dc:43:d4:c7:0b:f8:83:e9:31:92:
         e5:5c:f5:41:f0:05:d4:a9:d4:60:5f:62:c1:2b:5d:a3:f4:95:
         04:e5:be:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKHaswTO2yuTYvdF6LkKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjQwMTAyMDgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2I0NDRiMWIxODRkNGRhY2M1M2UyZDIwOTljOGNiNGE0YTM5YmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY+E4tuRRc+6lO3md+wEbUTdkE+Q
AluwzrPiWKviWZCsQ6tr0C83DZx0NH+D/K1XPTC3kbyHuKTlJmaiuJzta7ncxBB0
HBKGidWcJyKLJjbe/pWjxn4E6Z+Jizcietb90qTlD2PhjXxnui9qxl2UicXmaZDK
fNE6YStJUvbOnQkRqXmmGFQKONomXETtmiygNqtd4QqxOodQnNBttfWurq/wdZ7o
9iY3ddthzoH0U90C7smFRlvQiv4k2FzfHJMia1bRS1wAHF/nCh1BFXHfaHCAJc++
Db7aS1EAbVCvdRNL2bsMl9y+NxvtEYccH6CBT8arJrqA6cX/5OMkAZkeKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAO0RLGxhNTazFPi0gmcjLSko5vJMB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvQTdSRXNiR0UxTnJNVS1MU0NaeU10S1NqbThrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYtNmZkOTc4OTIwNWJh
LzEvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aLVMA0G
CSqGSIb3DQEBCwUAA4IBAQAKYxm2LDExd2N0IZf05mRbQXdjgOmvIOwlS3zvVX0g
vMtuFqgqre1+yJ4jHg2Z0TPbYzO0POCJzoBsvjtBWWF+O4GSCmGgD92YGwIOmYqr
k2tCq9plOXLMkxCKnyIXjCf56bx8ytU/Tp1gm3HB4RASnwxhz5qD1zXygeRa9cO5
oZVFRPC2znM47k3Iiwfr5bFSRfr6DeEwL0BdGN9t2ZULddrOeWMlJK/Ax7i7wBt6
KkRm3DtHVhDjoJdWl+WzfxR+ufqtny9N2ldne7J0ctNGGIM65Is2N5RLyGSaAViL
btxD1McL+IPpMZLlXPVB8AXUqdRgX2LBK12j9JUE5b7N
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:22:55 2024 by rpki-client on console-fra.rpki-client.org