Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/tR2-pI5qxRIRfqhufTAWMo0ULps.roa
File:                     tR2-pI5qxRIRfqhufTAWMo0ULps.roa (raw, json)
Hash identifier:          G7o50mtcFdfaAOMstkje9EVlufm402yPCt/FfLmHhVA=
Subject key identifier:   B5:1D:BE:A4:8E:6A:C5:12:11:7E:A8:6E:7D:30:16:32:8D:14:2E:9B
Certificate issuer:       /CN=7a8bae923305a71c526a6fcf57c29d6c16a4269e
Certificate serial:       018D8DFE6382D5B145F7CCE64949421927A7
Authority key identifier: 7A:8B:AE:92:33:05:A7:1C:52:6A:6F:CF:57:C2:9D:6C:16:A4:26:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eouukjMFpxxSam_PV8KdbBakJp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/tR2-pI5qxRIRfqhufTAWMo0ULps.roa
Signing time:             Fri 09 Feb 2024 13:11:15 +0000
ROA not before:           Fri 09 Feb 2024 13:11:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34907
IP address blocks:        193.3.162.0/24 maxlen: 24
                          195.245.200.0/24 maxlen: 24
                          2001:67c:178c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/eouukjMFpxxSam_PV8KdbBakJp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/eouukjMFpxxSam_PV8KdbBakJp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eouukjMFpxxSam_PV8KdbBakJp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 06:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8d:fe:63:82:d5:b1:45:f7:cc:e6:49:49:42:19:27:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a8bae923305a71c526a6fcf57c29d6c16a4269e
        Validity
            Not Before: Feb  9 13:11:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b51dbea48e6ac512117ea86e7d3016328d142e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9b:f4:11:e1:8e:7f:83:06:73:b0:3b:af:0e:
                    ec:c5:7f:51:97:ec:92:1e:c7:c3:f2:23:2e:dd:d6:
                    c5:f5:a3:1c:45:ec:63:7a:a0:ab:93:65:94:88:41:
                    a4:2e:0e:b5:76:7d:77:ec:65:62:ea:e2:7e:5e:11:
                    ca:8a:66:a5:e7:01:7d:d6:cd:51:ac:53:cb:48:35:
                    c7:58:7b:a1:74:44:b8:12:d4:76:d0:86:0d:a2:e1:
                    8b:c8:17:9b:8b:7a:36:5f:57:d1:49:03:da:3a:01:
                    69:64:eb:58:d2:b8:2c:a2:16:46:50:f3:e4:47:bd:
                    9d:03:54:93:de:68:26:46:3f:78:a8:d6:f9:9e:4b:
                    c2:0b:0f:83:89:9b:e1:78:bf:7a:2b:f5:f4:bc:78:
                    3f:93:2d:8f:b5:8b:4f:99:3f:2e:d2:69:64:0d:48:
                    d2:e0:f4:69:77:35:4d:2f:a5:4a:c7:af:67:0c:21:
                    fa:26:5c:aa:79:fe:c7:7b:86:2f:4e:89:ae:40:b3:
                    df:64:11:f8:79:08:c7:b0:15:1a:ee:79:27:97:c0:
                    75:fd:4d:fa:8a:04:dd:c5:87:49:e7:1d:e0:33:b9:
                    3d:83:4e:a5:4b:be:7f:47:c6:78:cc:39:5a:b8:ec:
                    44:7f:92:2a:99:3d:d2:da:c9:58:b6:75:72:d9:d2:
                    a0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:1D:BE:A4:8E:6A:C5:12:11:7E:A8:6E:7D:30:16:32:8D:14:2E:9B
            X509v3 Authority Key Identifier:
                keyid:7A:8B:AE:92:33:05:A7:1C:52:6A:6F:CF:57:C2:9D:6C:16:A4:26:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eouukjMFpxxSam_PV8KdbBakJp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/tR2-pI5qxRIRfqhufTAWMo0ULps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2a1e5c-1010-4098-94c9-de0c570ba850/1/eouukjMFpxxSam_PV8KdbBakJp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.162.0/24
                  195.245.200.0/24
                IPv6:
                  2001:67c:178c::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:f0:ce:25:89:90:e0:51:d3:62:b7:f4:b6:bf:c1:7c:dd:4a:
         f8:ed:23:0b:d4:03:62:5a:c8:a9:31:d9:17:1a:07:4f:83:a3:
         18:c4:2a:ef:dc:8d:97:bd:9d:4b:78:f7:bc:3b:a4:9f:9b:47:
         6a:26:57:be:95:3e:75:af:fb:f8:da:2c:e2:f2:dd:d1:cd:ad:
         f8:7d:6b:16:f0:0f:38:f8:a3:ed:10:80:21:9e:e5:26:ef:fa:
         80:cc:02:39:ae:6c:4c:45:20:c4:b1:27:36:20:e6:26:8f:b7:
         64:8a:98:5e:25:ae:1d:dc:3e:87:18:e2:1a:41:70:cf:ed:e6:
         f9:a1:56:da:11:5c:ea:ee:d8:57:6d:aa:54:2d:a6:01:5f:60:
         5d:9f:27:0f:ab:41:02:32:56:ee:d1:89:ad:e4:19:0e:88:a6:
         d3:f7:6f:28:c9:73:97:11:36:4f:38:7c:99:ff:b8:b5:7f:24:
         3d:11:4d:b7:93:61:43:88:3b:fe:12:3b:d1:f3:69:c5:d5:38:
         64:48:35:cd:9c:da:2c:f2:e7:97:5b:45:b9:c9:12:46:80:5d:
         db:d1:bc:c9:34:0b:63:d4:e4:20:af:1f:08:a0:7c:21:f9:bc:
         80:06:38:a4:d9:27:f7:8a:80:57:59:ae:4f:88:9d:55:ad:65:
         9a:52:23:2b
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY2N/mOC1bFF98zmSUlCGSenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhOGJhZTkyMzMwNWE3MWM1MjZhNmZjZjU3YzI5ZDZjMTZh
NDI2OWUwHhcNMjQwMjA5MTMxMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTFkYmVhNDhlNmFjNTEyMTE3ZWE4NmU3ZDMwMTYzMjhkMTQyZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5v0EeGOf4MGc7A7rw7sxX9Rl+yS
HsfD8iMu3dbF9aMcRexjeqCrk2WUiEGkLg61dn137GVi6uJ+XhHKimal5wF91s1R
rFPLSDXHWHuhdES4EtR20IYNouGLyBebi3o2X1fRSQPaOgFpZOtY0rgsohZGUPPk
R72dA1ST3mgmRj94qNb5nkvCCw+DiZvheL96K/X0vHg/ky2PtYtPmT8u0mlkDUjS
4PRpdzVNL6VKx69nDCH6Jlyqef7He4YvTomuQLPfZBH4eQjHsBUa7nknl8B1/U36
igTdxYdJ5x3gM7k9g06lS75/R8Z4zDlauOxEf5IqmT3S2slYtnVy2dKg8QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLUdvqSOasUSEX6obn0wFjKNFC6bMB8GA1UdIwQY
MBaAFHqLrpIzBaccUmpvz1fCnWwWpCaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZW91dWtqTUZweHhTYW1fUFY4S2RiQmFrSnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yYTFlNWMtMTAxMC00MDk4LTk0Yzkt
ZGUwYzU3MGJhODUwLzEvdFIyLXBJNXF4UklSZnFodWZUQVdNbzBVTHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yYTFlNWMtMTAxMC00MDk4LTk0YzktZGUwYzU3MGJhODUw
LzEvZW91dWtqTUZweHhTYW1fUFY4S2RiQmFrSnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwQOiAwQA
w/XIMA8EAgACMAkDBwAgAQZ8F4wwDQYJKoZIhvcNAQELBQADggEBAJvwziWJkOBR
02K39La/wXzdSvjtIwvUA2JayKkx2RcaB0+DoxjEKu/cjZe9nUt497w7pJ+bR2om
V76VPnWv+/jaLOLy3dHNrfh9axbwDzj4o+0QgCGe5Sbv+oDMAjmubExFIMSxJzYg
5iaPt2SKmF4lrh3cPocY4hpBcM/t5vmhVtoRXOru2FdtqlQtpgFfYF2fJw+rQQIy
Vu7Ria3kGQ6IptP3byjJc5cRNk84fJn/uLV/JD0RTbeTYUOIO/4SO9HzacXVOGRI
Nc2c2izy55dbRbnJEkaAXdvRvMk0C2PU5CCvHwigfCH5vIAGOKTZJ/eKgFdZrk+I
nVWtZZpSIys=
-----END CERTIFICATE-----
Generated at Mon Jun 17 15:18:30 2024 by rpki-client on console-ams.rpki-client.org