Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/_azgsNQrvdC-8ZUzcNnwSYb0MUE.roa
File:                     _azgsNQrvdC-8ZUzcNnwSYb0MUE.roa (raw, json)
Hash identifier:          bho03yo8fmg7rG99NWFbQrwUGb8B6YgfBq9fe/ptZvQ=
Subject key identifier:   FD:AC:E0:B0:D4:2B:BD:D0:BE:F1:95:33:70:D9:F0:49:86:F4:31:41
Certificate issuer:       /CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
Certificate serial:       01903D6604DCEBEB9D21D9F5A555D853C7BB
Authority key identifier: 2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/_azgsNQrvdC-8ZUzcNnwSYb0MUE.roa
Signing time:             Sat 22 Jun 2024 00:43:34 +0000
ROA not before:           Sat 22 Jun 2024 00:43:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216018
IP address blocks:        185.23.72.0/24 maxlen: 24
                          185.23.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3d:66:04:dc:eb:eb:9d:21:d9:f5:a5:55:d8:53:c7:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
        Validity
            Not Before: Jun 22 00:43:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdace0b0d42bbdd0bef1953370d9f04986f43141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e6:aa:e8:10:fb:e1:8a:0e:28:fa:84:4d:54:
                    46:c8:5c:67:05:dd:6b:0b:17:55:22:8c:d8:02:2b:
                    dd:d0:6a:f3:dd:55:00:70:95:6a:a3:f9:14:1b:13:
                    72:28:31:a7:3f:60:ae:8b:36:cf:fa:31:9d:5a:0b:
                    2f:74:bc:06:f4:26:c4:41:0d:65:c9:b3:6d:bb:67:
                    67:23:f8:9a:6c:3e:cb:2d:54:fd:b8:e7:51:6d:d7:
                    bb:95:7f:c3:fa:97:82:02:8b:65:5a:d9:8e:70:ab:
                    f9:89:25:73:f0:bc:5c:d8:b9:2a:4b:9f:70:6d:4e:
                    f6:69:08:72:1a:52:2d:d2:09:6a:a0:5a:b3:14:9d:
                    38:09:ab:08:56:36:17:50:cd:c6:42:ce:2a:bd:75:
                    fe:f0:71:51:d0:c7:4a:4e:d8:5b:8d:24:22:43:7a:
                    1a:50:a4:69:64:c8:7e:d1:ee:a1:ad:99:a0:c1:2e:
                    e7:ec:dc:a5:64:6a:d9:86:f5:e9:f1:60:6f:e5:4d:
                    dd:e7:ee:71:39:9a:34:cb:f4:e6:b5:ea:06:20:38:
                    5e:e1:e5:94:a2:60:c5:66:ea:c5:3b:b2:41:16:5f:
                    c8:c3:67:2b:f3:43:4a:81:32:9f:f5:64:2e:e6:f2:
                    c8:44:00:1f:cd:d7:f2:95:11:46:02:84:84:d8:a9:
                    61:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:AC:E0:B0:D4:2B:BD:D0:BE:F1:95:33:70:D9:F0:49:86:F4:31:41
            X509v3 Authority Key Identifier:
                keyid:2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/_azgsNQrvdC-8ZUzcNnwSYb0MUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.72.0/24
                  185.23.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:24:46:5e:4b:e2:df:4c:10:d7:51:0f:17:c6:ba:01:6e:31:
         cd:46:91:03:80:a0:99:c2:99:af:5e:51:9e:a9:70:b1:f1:23:
         29:aa:b1:c9:22:52:88:3c:a0:e6:97:11:bf:61:31:50:f4:38:
         ce:5c:3c:56:46:5a:b9:79:18:1a:65:72:79:d8:10:29:e2:02:
         7e:5c:fc:2f:06:e7:17:94:a3:ce:f4:b9:9e:a7:8a:37:47:d6:
         aa:a2:5d:7e:a3:e1:0b:35:06:06:7d:5d:0c:b1:d5:95:11:70:
         96:a3:80:96:b0:a0:49:8d:d6:4f:f7:3f:70:0f:f5:8c:ad:2c:
         db:78:f5:17:e0:8c:c3:35:ba:ad:31:f0:a5:8f:ac:f8:bd:d6:
         ff:92:10:ff:52:67:36:67:00:c9:24:b9:23:70:5e:64:ef:7a:
         ca:d7:76:c6:de:4a:69:43:09:41:5a:b0:8f:90:24:8b:c4:bd:
         a3:d0:a4:93:af:cd:db:43:a7:fc:86:21:fc:49:63:8d:62:7f:
         00:f6:0a:b6:ad:58:f9:d5:21:05:54:93:61:89:1a:4e:37:68:
         ff:83:d2:42:94:e3:52:83:7a:8f:04:b7:61:0b:52:01:cb:63:
         f6:7c:53:d3:b4:b9:14:b7:41:bf:6d:ed:88:f6:d0:e5:9c:91:
         18:00:5d:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZA9ZgTc6+udIdn1pVXYU8e7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMGE5MzMzZjkzY2NhNTQ0ZmRhYmUyZWE3YTY3MzhhNTRh
Zjc1OWUwHhcNMjQwNjIyMDA0MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGFjZTBiMGQ0MmJiZGQwYmVmMTk1MzM3MGQ5ZjA0OTg2ZjQzMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuaq6BD74YoOKPqETVRGyFxnBd1r
CxdVIozYAivd0Grz3VUAcJVqo/kUGxNyKDGnP2CuizbP+jGdWgsvdLwG9CbEQQ1l
ybNtu2dnI/iabD7LLVT9uOdRbde7lX/D+peCAotlWtmOcKv5iSVz8Lxc2LkqS59w
bU72aQhyGlIt0glqoFqzFJ04CasIVjYXUM3GQs4qvXX+8HFR0MdKTthbjSQiQ3oa
UKRpZMh+0e6hrZmgwS7n7NylZGrZhvXp8WBv5U3d5+5xOZo0y/TmteoGIDhe4eWU
omDFZurFO7JBFl/Iw2cr80NKgTKf9WQu5vLIRAAfzdfylRFGAoSE2KlhVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP2s4LDUK73QvvGVM3DZ8EmG9DFBMB8GA1UdIwQY
MBaAFC4KkzP5PMpUT9q+Lqemc4pUr3WeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEt
MGEwYWFlYWVlNGYxLzEvX2F6Z3NOUXJ2ZEMtOFpVemNObndTWWIwTVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEtMGEwYWFlYWVlNGYx
LzEvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRdIAwQA
uRdKMA0GCSqGSIb3DQEBCwUAA4IBAQANJEZeS+LfTBDXUQ8XxroBbjHNRpEDgKCZ
wpmvXlGeqXCx8SMpqrHJIlKIPKDmlxG/YTFQ9DjOXDxWRlq5eRgaZXJ52BAp4gJ+
XPwvBucXlKPO9Lmep4o3R9aqol1+o+ELNQYGfV0MsdWVEXCWo4CWsKBJjdZP9z9w
D/WMrSzbePUX4IzDNbqtMfClj6z4vdb/khD/Umc2ZwDJJLkjcF5k73rK13bG3kpp
QwlBWrCPkCSLxL2j0KSTr83bQ6f8hiH8SWONYn8A9gq2rVj51SEFVJNhiRpON2j/
g9JClONSg3qPBLdhC1IBy2P2fFPTtLkUt0G/be2I9tDlnJEYAF0+
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:14:12 2024 by rpki-client on console-ams.rpki-client.org