Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8tZS6QGzCHrD01LVRH_9lnM4TGk.roa
File:                     8tZS6QGzCHrD01LVRH_9lnM4TGk.roa (raw, json)
Hash identifier:          A+sFxJ3Ru2xRNN3DMHHO0z7r/Mmdzyks6df0ZPYi8bE=
Subject key identifier:   F2:D6:52:E9:01:B3:08:7A:C3:D3:52:D5:44:7F:FD:96:73:38:4C:69
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01915CDA1A7A211BB4D1C50D0F2C8590B8E3
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8tZS6QGzCHrD01LVRH_9lnM4TGk.roa
Signing time:             Fri 16 Aug 2024 20:21:23 +0000
ROA not before:           Fri 16 Aug 2024 20:21:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215224
IP address blocks:        212.192.4.0/24 maxlen: 24
                          212.192.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5c:da:1a:7a:21:1b:b4:d1:c5:0d:0f:2c:85:90:b8:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 16 20:21:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2d652e901b3087ac3d352d5447ffd9673384c69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b1:c3:eb:af:c9:6e:06:c2:2e:3f:5c:76:9d:
                    e2:2d:9b:fa:0d:bc:ad:d6:ab:a4:e6:4d:6f:05:9e:
                    3a:be:54:e5:4e:f1:a4:b3:5a:b1:fa:d5:96:d5:cc:
                    12:b3:4c:6a:0d:83:76:21:a1:20:91:6e:76:5c:1f:
                    46:79:08:bd:2e:3a:bd:e7:1a:8b:cf:c0:90:16:d4:
                    32:bd:95:f7:c4:e3:19:c9:a6:ca:29:e2:7f:42:83:
                    4f:d9:4a:24:8e:a7:04:a5:b3:b6:50:fd:2d:cb:a8:
                    1f:8b:14:6d:70:ca:72:2e:ce:95:93:f5:6b:5c:1b:
                    eb:b4:89:3c:0a:f7:8e:82:b6:3e:85:dd:3e:b5:9b:
                    83:a5:73:0a:40:fd:50:25:41:ac:15:d1:20:06:c6:
                    2a:4d:50:bc:b2:31:bc:fa:e1:41:cd:0e:30:9e:83:
                    e1:d7:38:18:d1:77:d9:33:10:e5:29:c6:de:6e:f7:
                    16:ac:b4:78:7b:e6:c2:48:0f:94:79:44:ad:82:98:
                    a9:07:18:1e:b8:e5:59:47:28:8c:86:1b:7d:34:16:
                    11:83:5c:6d:c1:79:af:30:61:39:9b:c0:2d:9d:47:
                    45:0d:6e:e7:cc:80:78:39:55:a8:69:f4:ea:f1:03:
                    7e:18:d7:d8:f4:dd:4e:10:d9:5e:b6:96:2a:7a:6d:
                    60:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:D6:52:E9:01:B3:08:7A:C3:D3:52:D5:44:7F:FD:96:73:38:4C:69
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8tZS6QGzCHrD01LVRH_9lnM4TGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.4.0/24
                  212.192.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:08:f2:06:ef:e3:c4:2f:b5:01:de:08:2f:36:e1:4c:37:ea:
         34:fa:4a:06:b2:17:94:b0:76:4b:48:c6:55:d1:28:53:5c:60:
         f4:50:c6:6f:74:6a:75:8d:d5:4c:73:52:d6:68:73:9f:9d:e3:
         e1:7f:04:85:af:14:09:0f:7a:1b:b3:69:95:53:a6:33:fb:79:
         37:09:c9:24:fe:66:bf:9c:87:62:d7:8f:50:8b:40:f7:25:a5:
         fd:96:af:34:cf:54:92:ab:a2:d5:18:31:ef:a6:6c:67:5e:d6:
         b6:21:18:37:3c:34:45:7c:5f:1b:25:83:f5:e4:68:7d:fe:21:
         8c:0a:11:cd:5f:7b:72:42:48:a6:a1:78:62:22:6c:a6:9d:32:
         42:4a:a8:c4:c1:09:26:31:13:b3:08:60:4e:22:5b:f4:1b:97:
         c6:fa:61:e9:8d:5e:c7:fc:ef:3f:54:82:f3:b7:93:99:3d:a7:
         1e:49:51:e9:18:c9:73:7a:23:40:d1:57:17:4a:cf:73:97:c0:
         99:55:73:f5:58:30:9d:da:f0:1d:d8:ba:99:d8:2f:bc:b2:e3:
         a1:a2:41:ca:d2:ac:ae:d8:b9:4b:42:3e:1b:b5:45:a5:3f:02:
         d3:c2:7a:c0:bb:ff:fe:41:f9:ef:1e:9c:b9:9a:5e:56:fc:a4:
         7b:6c:95:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFc2hp6IRu00cUNDyyFkLjjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwODE2MjAyMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmQ2NTJlOTAxYjMwODdhYzNkMzUyZDU0NDdmZmQ5NjczMzg0YzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rHD66/JbgbCLj9cdp3iLZv6Dbyt
1quk5k1vBZ46vlTlTvGks1qx+tWW1cwSs0xqDYN2IaEgkW52XB9GeQi9Ljq95xqL
z8CQFtQyvZX3xOMZyabKKeJ/QoNP2UokjqcEpbO2UP0ty6gfixRtcMpyLs6Vk/Vr
XBvrtIk8CveOgrY+hd0+tZuDpXMKQP1QJUGsFdEgBsYqTVC8sjG8+uFBzQ4wnoPh
1zgY0XfZMxDlKcbebvcWrLR4e+bCSA+UeUStgpipBxgeuOVZRyiMhht9NBYRg1xt
wXmvMGE5m8AtnUdFDW7nzIB4OVWoafTq8QN+GNfY9N1OENletpYqem1gZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPLWUukBswh6w9NS1UR//ZZzOExpMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOHRaUzZRR3pDSHJEMDFMVlJIXzlsbk00VEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1MAEAwQA
1MDWMA0GCSqGSIb3DQEBCwUAA4IBAQB5CPIG7+PEL7UB3ggvNuFMN+o0+koGsheU
sHZLSMZV0ShTXGD0UMZvdGp1jdVMc1LWaHOfnePhfwSFrxQJD3obs2mVU6Yz+3k3
Cckk/ma/nIdi149Qi0D3JaX9lq80z1SSq6LVGDHvpmxnXta2IRg3PDRFfF8bJYP1
5Gh9/iGMChHNX3tyQkimoXhiImymnTJCSqjEwQkmMROzCGBOIlv0G5fG+mHpjV7H
/O8/VILzt5OZPaceSVHpGMlzeiNA0VcXSs9zl8CZVXP1WDCd2vAd2LqZ2C+8suOh
okHK0qyu2LlLQj4btUWlPwLTwnrAu//+QfnvHpy5ml5W/KR7bJUy
-----END CERTIFICATE-----
Generated at Tue Oct 15 03:48:46 2024 by rpki-client on console-ams.rpki-client.org