Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/E65he3IgrLzpkJhwWqeCTAD7zxc.roa
File:                     E65he3IgrLzpkJhwWqeCTAD7zxc.roa (raw, json)
Hash identifier:          AUEBHbwqboQM9yYdwCZ8B0LNdP57xw7w7x1R4eRsGmE=
Subject key identifier:   13:AE:61:7B:72:20:AC:BC:E9:90:98:70:5A:A7:82:4C:00:FB:CF:17
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DA1A290E3D340C045BF44CACEBFCACAB8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/E65he3IgrLzpkJhwWqeCTAD7zxc.roa
Signing time:             Tue 13 Feb 2024 08:43:22 +0000
ROA not before:           Tue 13 Feb 2024 08:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208046
IP address blocks:        94.154.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a1:a2:90:e3:d3:40:c0:45:bf:44:ca:ce:bf:ca:ca:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 13 08:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13ae617b7220acbce99098705aa7824c00fbcf17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d8:17:91:4a:8c:b6:11:6c:9a:c2:72:2e:72:
                    02:af:44:be:5a:72:3f:4d:11:2f:2c:2d:04:2d:32:
                    2c:b3:50:25:66:d7:c7:89:28:80:6d:17:45:24:51:
                    64:e0:76:b6:de:f1:cb:af:45:e0:53:4c:ea:91:95:
                    d6:ac:80:0f:8e:1b:9e:9c:88:a0:cf:02:12:8d:18:
                    f8:d6:24:01:af:4e:af:6b:fd:0f:f3:1f:32:10:c6:
                    c4:25:01:6f:06:61:20:ba:28:84:87:19:ce:e4:4c:
                    93:af:15:c8:67:31:0c:b3:7b:8d:40:cf:16:2c:59:
                    69:52:58:ab:90:03:d8:38:5c:fa:f7:b1:e2:43:86:
                    cd:0d:65:fc:33:38:c4:ea:4a:6b:f5:9a:45:7a:23:
                    6f:6b:25:fb:0f:9e:97:93:e5:2b:49:69:2d:c1:7b:
                    91:c5:86:61:ae:82:35:c3:71:7f:e2:c6:4d:c0:e1:
                    0f:35:0d:67:e6:da:63:4d:1c:6b:0d:41:18:7d:61:
                    d1:56:ed:f4:87:ad:51:a2:24:7d:4d:c7:0d:44:cd:
                    0d:1a:11:b4:4d:7d:fb:76:3b:82:cb:c8:20:52:e0:
                    d6:4e:cf:c5:d6:e9:e2:f2:3f:de:28:ff:10:14:19:
                    ed:59:a1:90:6a:f2:5f:5f:1d:04:77:81:a7:f7:aa:
                    18:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:AE:61:7B:72:20:AC:BC:E9:90:98:70:5A:A7:82:4C:00:FB:CF:17
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/E65he3IgrLzpkJhwWqeCTAD7zxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:e8:09:a9:ba:6c:da:c1:bb:80:5c:5d:ca:0c:88:90:ed:e2:
         d1:a4:cf:fb:01:17:79:13:70:21:7d:5f:a4:25:e2:eb:0e:b6:
         9d:03:85:55:18:04:02:c3:ba:45:a6:6e:b4:80:c5:27:55:b6:
         f8:4e:90:87:8e:4b:1a:e7:49:ac:75:99:d6:03:2a:ce:d3:8a:
         28:72:f2:82:6c:66:e0:df:b1:aa:28:bf:9f:3c:10:16:0c:e1:
         7d:1f:32:b4:f8:fd:ba:ce:a2:ae:f0:81:07:5d:4a:00:1b:4a:
         dd:f4:a8:01:a1:95:35:22:1d:c4:8e:4a:b1:b5:ac:e1:5a:84:
         0f:76:44:28:00:b6:d8:17:a5:c9:7b:85:ba:3e:b6:0b:8e:df:
         65:c6:62:39:41:ad:66:30:d5:9b:57:a2:15:a9:35:a1:60:67:
         b5:d0:28:60:af:29:d6:c0:21:7e:99:48:3f:1a:7f:49:fb:27:
         34:b8:aa:3d:79:d4:dd:27:4a:b8:04:81:5a:70:94:fa:46:f1:
         7b:60:68:d4:91:14:a5:ab:b5:7e:6b:24:2c:2b:75:c7:2a:b3:
         a7:36:6a:28:fe:aa:1a:a6:bd:b1:b1:eb:86:0c:64:12:dc:e9:
         ed:5c:da:62:da:30:73:35:b8:e9:f6:e3:1a:f4:73:8e:1c:b3:
         f4:3e:e3:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2hopDj00DARb9Eys6/ysq4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjEzMDg0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2FlNjE3YjcyMjBhY2JjZTk5MDk4NzA1YWE3ODI0YzAwZmJjZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdgXkUqMthFsmsJyLnICr0S+WnI/
TREvLC0ELTIss1AlZtfHiSiAbRdFJFFk4Ha23vHLr0XgU0zqkZXWrIAPjhuenIig
zwISjRj41iQBr06va/0P8x8yEMbEJQFvBmEguiiEhxnO5EyTrxXIZzEMs3uNQM8W
LFlpUlirkAPYOFz697HiQ4bNDWX8MzjE6kpr9ZpFeiNvayX7D56Xk+UrSWktwXuR
xYZhroI1w3F/4sZNwOEPNQ1n5tpjTRxrDUEYfWHRVu30h61RoiR9TccNRM0NGhG0
TX37djuCy8ggUuDWTs/F1uni8j/eKP8QFBntWaGQavJfXx0Ed4Gn96oY5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBOuYXtyIKy86ZCYcFqngkwA+88XMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRTY1aGUzSWdyTHpwa0pod1dxZUNUQUQ3enhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpqsMA0G
CSqGSIb3DQEBCwUAA4IBAQBs6AmpumzawbuAXF3KDIiQ7eLRpM/7ARd5E3AhfV+k
JeLrDradA4VVGAQCw7pFpm60gMUnVbb4TpCHjksa50msdZnWAyrO04oocvKCbGbg
37GqKL+fPBAWDOF9HzK0+P26zqKu8IEHXUoAG0rd9KgBoZU1Ih3EjkqxtazhWoQP
dkQoALbYF6XJe4W6PrYLjt9lxmI5Qa1mMNWbV6IVqTWhYGe10ChgrynWwCF+mUg/
Gn9J+yc0uKo9edTdJ0q4BIFacJT6RvF7YGjUkRSlq7V+ayQsK3XHKrOnNmoo/qoa
pr2xseuGDGQS3OntXNpi2jBzNbjp9uMa9HOOHLP0PuNX
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:15:15 2024 by rpki-client on console-ams.rpki-client.org