Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/IbBo2cG4vqe_oQpnxSU5jKLpz_8.roa
File:                     IbBo2cG4vqe_oQpnxSU5jKLpz_8.roa (raw, json)
Hash identifier:          Q3pye2M7VMfN/yX6Nvq9tDWl88ur4vbDM78zIUYYq9w=
Subject key identifier:   21:B0:68:D9:C1:B8:BE:A7:BF:A1:0A:67:C5:25:39:8C:A2:E9:CF:FF
Certificate issuer:       /CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
Certificate serial:       019247A59C374E2FF0C5FFE92CBB7A9AAD8C
Authority key identifier: FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/IbBo2cG4vqe_oQpnxSU5jKLpz_8.roa
Signing time:             Tue 01 Oct 2024 10:34:48 +0000
ROA not before:           Tue 01 Oct 2024 10:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211864
IP address blocks:        81.173.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:47:a5:9c:37:4e:2f:f0:c5:ff:e9:2c:bb:7a:9a:ad:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
        Validity
            Not Before: Oct  1 10:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21b068d9c1b8bea7bfa10a67c525398ca2e9cfff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b6:cc:15:fe:9b:36:19:50:e7:63:30:8e:b5:
                    ff:af:4c:7f:f9:8f:db:a8:d1:9b:a2:f4:6f:b0:3c:
                    2f:9c:dc:b6:88:38:1c:86:8b:93:da:5c:f9:c3:af:
                    bd:98:dc:e9:4a:a4:e6:e4:c3:18:55:29:b1:06:dd:
                    ec:fa:ae:68:40:05:43:5d:1f:e6:e0:89:fa:55:40:
                    86:03:72:54:34:59:30:c1:f0:ab:41:37:9e:9e:71:
                    9a:0e:01:4b:9e:98:64:b3:25:3b:ac:84:e2:7f:74:
                    36:4a:bf:d0:41:88:cf:bd:b3:ef:9e:90:a7:6b:f9:
                    51:33:c0:00:06:d1:c6:e2:4d:32:6a:36:a6:19:22:
                    92:58:2f:b2:c5:c6:10:b4:b3:89:4b:a6:9d:88:01:
                    c5:85:54:18:1f:2e:f5:e6:df:17:2b:51:a8:bc:f4:
                    e5:0b:3c:39:b0:d3:25:e5:76:21:9c:f8:54:7d:1b:
                    40:a3:9a:b8:1b:65:26:e5:eb:a1:5b:98:38:09:c5:
                    bf:35:00:18:98:50:71:ea:15:9f:e7:00:c0:83:40:
                    2b:36:8a:f0:67:59:13:6d:53:9e:e0:e8:a5:02:f8:
                    21:69:a0:fd:3a:7b:0a:e6:cb:55:3a:0e:d4:fd:46:
                    2a:6a:22:9c:3c:b9:3b:aa:23:71:f1:08:6a:8b:5a:
                    7e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:B0:68:D9:C1:B8:BE:A7:BF:A1:0A:67:C5:25:39:8C:A2:E9:CF:FF
            X509v3 Authority Key Identifier:
                keyid:FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/IbBo2cG4vqe_oQpnxSU5jKLpz_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.173.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:e5:a9:4e:51:dd:f0:63:e5:45:cf:a0:62:25:0e:a3:3d:e8:
         75:34:f5:55:a7:77:52:e2:83:62:30:b8:89:fb:5e:1b:f6:ae:
         56:3a:2f:ab:ff:7a:dd:8b:9c:77:71:a4:c1:4a:35:b3:a5:45:
         63:56:b0:48:7e:8f:42:07:a9:10:2b:6a:31:e5:38:fa:72:17:
         72:90:6f:21:9b:20:fd:ed:c3:6f:b3:2b:c0:a2:03:0a:05:d5:
         76:e5:a0:80:0b:8e:6c:46:9e:27:0d:de:6e:84:e7:68:b0:05:
         16:db:c0:7a:6e:2c:a0:62:1e:62:cd:93:76:0d:b9:5e:a9:59:
         f4:97:6b:b2:44:c9:d1:f7:77:6f:cd:ac:b8:47:4c:1c:0f:b6:
         b6:96:b4:f0:f0:72:1b:f2:4b:8f:4f:ab:8a:17:4b:bd:13:33:
         3d:1c:88:18:fc:b7:15:9d:b4:9b:28:50:5d:70:bf:ba:b9:82:
         1f:2d:e9:ae:2e:05:d1:91:7d:50:af:bb:4f:c5:81:ba:2a:96:
         d0:f2:a7:b8:05:48:25:ac:8e:6b:f9:e0:37:3a:6c:4c:f8:03:
         29:ba:2e:6c:6b:b9:0d:41:19:e8:cb:2e:70:92:ce:35:9e:0f:
         3c:a6:d1:7e:02:47:c5:a0:56:17:99:71:57:4a:21:1a:cf:1c:
         54:22:0e:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJHpZw3Ti/wxf/pLLt6mq2MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkM2ExZTg0NjViZmM0ZGY3MDA4OTQzNzJkMGI5ODA4ZThi
NjI5ZWEwHhcNMjQxMDAxMTAzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWIwNjhkOWMxYjhiZWE3YmZhMTBhNjdjNTI1Mzk4Y2EyZTljZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrbMFf6bNhlQ52MwjrX/r0x/+Y/b
qNGbovRvsDwvnNy2iDgchouT2lz5w6+9mNzpSqTm5MMYVSmxBt3s+q5oQAVDXR/m
4In6VUCGA3JUNFkwwfCrQTeennGaDgFLnphksyU7rITif3Q2Sr/QQYjPvbPvnpCn
a/lRM8AABtHG4k0yajamGSKSWC+yxcYQtLOJS6adiAHFhVQYHy715t8XK1GovPTl
Czw5sNMl5XYhnPhUfRtAo5q4G2Um5euhW5g4CcW/NQAYmFBx6hWf5wDAg0ArNorw
Z1kTbVOe4OilAvghaaD9OnsK5stVOg7U/UYqaiKcPLk7qiNx8Qhqi1p+rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGwaNnBuL6nv6EKZ8UlOYyi6c//MB8GA1UdIwQY
MBaAFP06HoRlv8TfcAiUNy0LmAjotinqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYt
OTU1NWQzMGY2ZjhmLzEvSWJCbzJjRzR2cWVfb1FwbnhTVTVqS0xwel84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYtOTU1NWQzMGY2Zjhm
LzEvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUa1QMA0G
CSqGSIb3DQEBCwUAA4IBAQCi5alOUd3wY+VFz6BiJQ6jPeh1NPVVp3dS4oNiMLiJ
+14b9q5WOi+r/3rdi5x3caTBSjWzpUVjVrBIfo9CB6kQK2ox5Tj6chdykG8hmyD9
7cNvsyvAogMKBdV25aCAC45sRp4nDd5uhOdosAUW28B6biygYh5izZN2DbleqVn0
l2uyRMnR93dvzay4R0wcD7a2lrTw8HIb8kuPT6uKF0u9EzM9HIgY/LcVnbSbKFBd
cL+6uYIfLemuLgXRkX1Qr7tPxYG6KpbQ8qe4BUglrI5r+eA3OmxM+AMpui5sa7kN
QRnoyy5wks41ng88ptF+AkfFoFYXmXFXSiEazxxUIg6+
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:10:13 2024 by rpki-client on console-ams.rpki-client.org