Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/dec12c-5f18-48ab-b006-422bb43753be/1/RYEVkQnVUgPKqp9zGL9ZakMPofU.roa
File:                     RYEVkQnVUgPKqp9zGL9ZakMPofU.roa (raw, json)
Hash identifier:          Z6POEGWltFEcurWjAEpx2t97/Sx9Zvsed4Cz//yBeHk=
Subject key identifier:   45:81:15:91:09:D5:52:03:CA:AA:9F:73:18:BF:59:6A:43:0F:A1:F5
Certificate issuer:       /CN=d90155c51ff2394da784a384aa717c76e3032c24
Certificate serial:       018CC8012A1B17DE0A66C59B4BD0361B72D4
Authority key identifier: D9:01:55:C5:1F:F2:39:4D:A7:84:A3:84:AA:71:7C:76:E3:03:2C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2QFVxR_yOU2nhKOEqnF8duMDLCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/dec12c-5f18-48ab-b006-422bb43753be/1/RYEVkQnVUgPKqp9zGL9ZakMPofU.roa
Signing time:             Tue 02 Jan 2024 02:29:28 +0000
ROA not before:           Tue 02 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210967
IP address blocks:        213.217.30.0/24 maxlen: 24
                          2a11:1b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/dec12c-5f18-48ab-b006-422bb43753be/1/2QFVxR_yOU2nhKOEqnF8duMDLCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/dec12c-5f18-48ab-b006-422bb43753be/1/2QFVxR_yOU2nhKOEqnF8duMDLCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2QFVxR_yOU2nhKOEqnF8duMDLCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2a:1b:17:de:0a:66:c5:9b:4b:d0:36:1b:72:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d90155c51ff2394da784a384aa717c76e3032c24
        Validity
            Not Before: Jan  2 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4581159109d55203caaa9f7318bf596a430fa1f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bc:1f:c0:8f:c5:8b:78:c0:bf:2f:47:06:fa:
                    71:a1:da:28:9c:0e:3d:02:e1:78:50:91:13:e0:4c:
                    bd:9c:98:53:ad:d6:ec:d6:4d:85:09:bc:fb:4e:7a:
                    52:f2:5b:99:1b:e2:af:7f:12:84:ec:3f:49:6b:6b:
                    30:26:a9:5b:7d:17:1f:a2:43:70:52:f3:a4:8b:39:
                    bd:92:8f:0f:57:6e:ef:2c:c1:d1:36:ad:fc:e2:0b:
                    bd:b4:62:85:f2:e3:37:d7:df:f7:bc:2a:1f:3c:67:
                    bc:91:1c:a5:ae:c0:a0:b6:4c:c4:48:7a:91:c9:c6:
                    51:13:e8:72:2c:4b:ab:47:59:2c:56:26:a4:eb:6a:
                    db:74:c4:5f:ca:13:65:98:89:ed:7e:07:60:bd:4e:
                    ae:b5:3e:bb:23:0f:22:62:3e:8f:ee:bf:08:65:04:
                    41:0c:08:96:78:c0:43:99:72:6c:60:13:9f:ed:57:
                    e1:95:51:17:a1:6c:57:be:a1:6e:58:dc:db:d4:aa:
                    dc:4f:99:56:37:bd:ac:84:77:f0:79:6e:63:ce:eb:
                    2e:70:59:33:1c:28:c7:3d:e4:5d:34:5f:2f:99:73:
                    4d:22:35:3d:f9:20:e0:49:12:4d:ab:20:7c:a4:5b:
                    a5:7b:9d:21:c0:e4:c6:04:16:80:ce:cb:a8:33:3c:
                    a8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:81:15:91:09:D5:52:03:CA:AA:9F:73:18:BF:59:6A:43:0F:A1:F5
            X509v3 Authority Key Identifier:
                keyid:D9:01:55:C5:1F:F2:39:4D:A7:84:A3:84:AA:71:7C:76:E3:03:2C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2QFVxR_yOU2nhKOEqnF8duMDLCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/dec12c-5f18-48ab-b006-422bb43753be/1/RYEVkQnVUgPKqp9zGL9ZakMPofU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/dec12c-5f18-48ab-b006-422bb43753be/1/2QFVxR_yOU2nhKOEqnF8duMDLCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.217.30.0/24
                IPv6:
                  2a11:1b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:2d:7b:ad:3d:d3:d7:3d:c7:75:e1:7e:f8:1d:76:e7:5b:0b:
         d0:d6:c4:55:71:d6:77:eb:aa:ea:87:a3:12:1b:13:15:bd:e7:
         31:cc:b8:20:98:10:41:eb:07:04:ed:bd:e5:18:0e:4f:73:08:
         69:40:7d:06:3e:6d:32:e9:5a:c6:c2:60:cd:4a:01:d1:8d:b7:
         b5:db:9d:fa:cc:d3:82:8a:75:50:19:a3:51:54:cc:10:da:88:
         7b:73:ba:00:00:52:2d:c9:0a:49:73:56:72:45:53:f6:0f:fd:
         87:eb:45:1f:07:4f:8f:9d:a0:f5:cf:9b:c1:d0:0a:cf:cb:30:
         65:55:d8:8f:35:b1:12:4d:45:1a:31:32:72:62:18:db:14:81:
         71:0d:02:c5:f0:d3:e7:ac:13:ea:e3:55:4f:a9:be:2b:a3:df:
         fb:45:58:3a:6c:94:60:00:7d:0b:9f:9b:d6:6d:a7:25:f1:17:
         8c:66:e5:11:73:c9:7a:0c:f2:0b:e9:88:e2:6c:56:01:1f:c0:
         da:8b:16:65:b7:5a:72:ea:ad:a8:a4:7a:ac:fa:0a:91:99:7f:
         4e:07:78:3d:04:6b:d3:f1:57:74:6e:98:7b:0c:1e:2a:45:67:
         51:75:a4:1d:84:d5:77:06:c0:93:40:8b:e7:47:90:bd:2e:aa:
         f3:96:b1:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIASobF94KZsWbS9A2G3LUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MDE1NWM1MWZmMjM5NGRhNzg0YTM4NGFhNzE3Yzc2ZTMw
MzJjMjQwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTgxMTU5MTA5ZDU1MjAzY2FhYTlmNzMxOGJmNTk2YTQzMGZhMWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLwfwI/Fi3jAvy9HBvpxodoonA49
AuF4UJET4Ey9nJhTrdbs1k2FCbz7TnpS8luZG+KvfxKE7D9Ja2swJqlbfRcfokNw
UvOkizm9ko8PV27vLMHRNq384gu9tGKF8uM319/3vCofPGe8kRylrsCgtkzESHqR
ycZRE+hyLEurR1ksViak62rbdMRfyhNlmIntfgdgvU6utT67Iw8iYj6P7r8IZQRB
DAiWeMBDmXJsYBOf7VfhlVEXoWxXvqFuWNzb1KrcT5lWN72shHfweW5jzusucFkz
HCjHPeRdNF8vmXNNIjU9+SDgSRJNqyB8pFule50hwOTGBBaAzsuoMzyo/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEWBFZEJ1VIDyqqfcxi/WWpDD6H1MB8GA1UdIwQY
MBaAFNkBVcUf8jlNp4SjhKpxfHbjAywkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlFGVnhSX3lPVTJuaEtPRXFuRjhkdU1ETENRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9kZWMxMmMtNWYxOC00OGFiLWIwMDYt
NDIyYmI0Mzc1M2JlLzEvUllFVmtRblZVZ1BLcXA5ekdMOVpha01Qb2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9kZWMxMmMtNWYxOC00OGFiLWIwMDYtNDIyYmI0Mzc1M2Jl
LzEvMlFGVnhSX3lPVTJuaEtPRXFuRjhkdU1ETENRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1dkeMA0E
AgACMAcDBQMqERsAMA0GCSqGSIb3DQEBCwUAA4IBAQBSLXutPdPXPcd14X74HXbn
WwvQ1sRVcdZ366rqh6MSGxMVvecxzLggmBBB6wcE7b3lGA5PcwhpQH0GPm0y6VrG
wmDNSgHRjbe12536zNOCinVQGaNRVMwQ2oh7c7oAAFItyQpJc1ZyRVP2D/2H60Uf
B0+PnaD1z5vB0ArPyzBlVdiPNbESTUUaMTJyYhjbFIFxDQLF8NPnrBPq41VPqb4r
o9/7RVg6bJRgAH0Ln5vWbacl8ReMZuURc8l6DPIL6YjibFYBH8DaixZlt1py6q2o
pHqs+gqRmX9OB3g9BGvT8Vd0bph7DB4qRWdRdaQdhNV3BsCTQIvnR5C9LqrzlrHM
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:36:39 2024 by rpki-client on console-fra.rpki-client.org