Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/ZLx4wVt1WtBpJ8WKTGIIRVEwqeQ.roa
File:                     ZLx4wVt1WtBpJ8WKTGIIRVEwqeQ.roa (raw, json)
Hash identifier:          htxgzkTGNnAvlGwg9CHlbhDoegcFnV8BDnIAcsgDhUg=
Subject key identifier:   64:BC:78:C1:5B:75:5A:D0:69:27:C5:8A:4C:62:08:45:51:30:A9:E4
Certificate issuer:       /CN=cc215f58159ec576a2022776ea64f61c5bb00194
Certificate serial:       018CC56EF45177AA533C0619681DF442289D
Authority key identifier: CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/ZLx4wVt1WtBpJ8WKTGIIRVEwqeQ.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25554
IP address blocks:        212.122.164.0/24 maxlen: 24
                          212.122.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f4:51:77:aa:53:3c:06:19:68:1d:f4:42:28:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc215f58159ec576a2022776ea64f61c5bb00194
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64bc78c15b755ad06927c58a4c6208455130a9e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3b:9c:32:0f:1e:f6:71:b0:4e:38:7c:84:de:
                    bc:04:f8:86:2a:c7:80:d0:23:0d:24:fc:83:69:09:
                    fe:5f:a8:d2:c4:b7:fd:a7:0e:1e:c6:cd:83:63:86:
                    56:71:bb:52:f8:ac:c9:20:16:98:df:37:c3:73:78:
                    f5:86:e4:10:63:49:3c:9f:d6:5a:71:f4:63:7b:b7:
                    58:77:08:e7:a9:ab:22:ba:93:76:84:57:05:b8:93:
                    6e:54:dd:91:dd:9b:7e:1e:12:29:41:72:1c:e5:1f:
                    9a:1a:c7:c1:1b:5c:b9:95:4d:9a:c3:2d:2d:d0:cb:
                    96:08:af:e1:1c:2a:0b:da:7b:19:22:33:c8:06:d6:
                    42:b7:4b:b9:6f:64:37:5e:3d:d4:31:a5:0c:49:4f:
                    97:2a:c7:41:d3:e0:34:02:66:90:53:28:6d:98:2f:
                    79:f8:18:13:4e:10:9c:01:93:3e:69:80:92:cb:fa:
                    a2:bc:f2:b6:28:cf:c8:2e:9b:d8:69:72:c3:76:99:
                    1b:99:74:e9:0a:0b:ce:3b:53:50:73:2e:9c:dd:66:
                    36:d8:cd:c8:1d:3d:21:8d:81:f2:eb:5e:d1:08:b9:
                    09:e9:26:8b:43:1d:76:8b:47:8d:3f:7d:d8:27:2e:
                    2d:b6:21:09:86:41:de:6f:98:02:bb:bf:e9:81:08:
                    b3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:BC:78:C1:5B:75:5A:D0:69:27:C5:8A:4C:62:08:45:51:30:A9:E4
            X509v3 Authority Key Identifier:
                keyid:CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/ZLx4wVt1WtBpJ8WKTGIIRVEwqeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.122.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:e0:d2:b5:47:74:26:1d:a8:fc:68:00:d1:49:4a:41:d7:fe:
         d2:f4:df:73:c3:5d:8d:4c:df:2f:f2:af:51:fd:36:1c:83:15:
         3d:d0:c2:f8:ea:69:a4:6d:0c:03:bd:ef:88:70:0d:e2:33:9f:
         ef:77:cc:c1:32:db:91:89:d6:09:c7:73:3a:df:26:7b:52:42:
         b1:00:82:2e:81:b3:bb:18:63:6f:bc:99:24:c7:c9:9d:56:89:
         f1:14:20:05:66:2a:56:71:db:32:ec:24:eb:22:99:0c:b9:7b:
         8f:c9:dc:c1:b9:c4:c8:53:92:07:54:d4:6e:3b:6b:a9:36:bd:
         6b:bf:7d:5b:0d:d1:12:e0:b5:95:cf:bf:31:c7:bc:c8:a1:83:
         f9:2b:0d:14:6c:49:4d:91:c5:b2:0a:fd:51:21:3d:10:26:78:
         ad:50:60:ed:be:f3:1f:22:d1:37:0a:cb:ce:1f:22:18:1a:e1:
         c6:5b:d2:42:09:f8:a5:91:e9:9e:b1:3e:50:32:a8:ee:47:dc:
         1b:c6:1b:5f:3c:fa:99:14:7c:66:8b:6c:88:9f:ce:1c:56:7b:
         cc:7a:ee:cd:b8:98:a0:a3:89:38:17:8f:cb:cc:e2:c6:55:86:
         c7:ef:05:44:20:e0:24:6e:27:46:15:23:77:cb:80:47:75:4b:
         6e:09:29:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvRRd6pTPAYZaB30QiidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMjE1ZjU4MTU5ZWM1NzZhMjAyMjc3NmVhNjRmNjFjNWJi
MDAxOTQwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGJjNzhjMTViNzU1YWQwNjkyN2M1OGE0YzYyMDg0NTUxMzBhOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozucMg8e9nGwTjh8hN68BPiGKseA
0CMNJPyDaQn+X6jSxLf9pw4exs2DY4ZWcbtS+KzJIBaY3zfDc3j1huQQY0k8n9Za
cfRje7dYdwjnqasiupN2hFcFuJNuVN2R3Zt+HhIpQXIc5R+aGsfBG1y5lU2awy0t
0MuWCK/hHCoL2nsZIjPIBtZCt0u5b2Q3Xj3UMaUMSU+XKsdB0+A0AmaQUyhtmC95
+BgTThCcAZM+aYCSy/qivPK2KM/ILpvYaXLDdpkbmXTpCgvOO1NQcy6c3WY22M3I
HT0hjYHy617RCLkJ6SaLQx12i0eNP33YJy4ttiEJhkHeb5gCu7/pgQizyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGS8eMFbdVrQaSfFikxiCEVRMKnkMB8GA1UdIwQY
MBaAFMwhX1gVnsV2ogIndupk9hxbsAGUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAt
ODQzZWVlZTBhMjYwLzEvWkx4NHdWdDFXdEJwSjhXS1RHSUlSVkV3cWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAtODQzZWVlZTBhMjYw
LzEvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HqkMA0G
CSqGSIb3DQEBCwUAA4IBAQCs4NK1R3QmHaj8aADRSUpB1/7S9N9zw12NTN8v8q9R
/TYcgxU90ML46mmkbQwDve+IcA3iM5/vd8zBMtuRidYJx3M63yZ7UkKxAIIugbO7
GGNvvJkkx8mdVonxFCAFZipWcdsy7CTrIpkMuXuPydzBucTIU5IHVNRuO2upNr1r
v31bDdES4LWVz78xx7zIoYP5Kw0UbElNkcWyCv1RIT0QJnitUGDtvvMfItE3CsvO
HyIYGuHGW9JCCfilkemesT5QMqjuR9wbxhtfPPqZFHxmi2yIn84cVnvMeu7NuJig
o4k4F4/LzOLGVYbH7wVEIOAkbidGFSN3y4BHdUtuCSne
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:38:50 2024 by rpki-client on console-fra.rpki-client.org