Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/FX6J8mXVoazeBJsNAftZzPrhkz0.roa
File:                     FX6J8mXVoazeBJsNAftZzPrhkz0.roa (raw, json)
Hash identifier:          2s/8nycGIYScpKqZWHgIkDz56odZkdJg9lgjhRnlQF4=
Subject key identifier:   15:7E:89:F2:65:D5:A1:AC:DE:04:9B:0D:01:FB:59:CC:FA:E1:93:3D
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42573A4C701BBCB18F94E2144FBFAD5
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/FX6J8mXVoazeBJsNAftZzPrhkz0.roa
Signing time:             Mon 01 Jan 2024 08:30:37 +0000
ROA not before:           Mon 01 Jan 2024 08:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212508
IP address blocks:        178.218.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:73:a4:c7:01:bb:cb:18:f9:4e:21:44:fb:fa:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=157e89f265d5a1acde049b0d01fb59ccfae1933d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ed:5e:4c:5f:6f:91:04:85:09:2a:3b:a2:b4:
                    d9:dc:43:3e:5c:50:a7:de:02:b3:66:db:32:ea:a4:
                    41:69:90:ff:88:23:9a:1d:a5:18:b1:83:ee:5c:13:
                    79:75:2f:87:24:3d:fc:43:2b:56:94:d8:ad:29:b2:
                    fb:5b:8d:de:0e:93:f3:1c:82:7e:61:29:3b:21:90:
                    2d:12:17:d8:f9:4f:ad:ae:96:0b:49:24:3d:d5:9b:
                    81:49:a3:c2:9f:b7:dd:a4:e4:53:21:c6:ed:48:cc:
                    c4:84:9f:7a:b5:7f:0a:48:3b:e3:f3:1f:26:c5:c7:
                    bf:c3:60:41:40:65:7f:30:05:fe:27:e2:ad:e8:b7:
                    b3:92:ca:f7:8e:39:b2:a4:ca:90:0e:60:26:ef:94:
                    5e:b7:12:31:3c:36:91:f8:34:bd:75:ae:da:ba:0f:
                    6b:4a:f2:80:30:99:9c:21:2e:a7:bf:02:b1:e5:b6:
                    07:24:6c:bc:df:30:3b:a2:8f:2f:d6:cb:ab:45:46:
                    cc:95:08:13:66:a0:d8:fc:7b:19:d8:95:01:fb:7c:
                    5c:8d:0e:eb:f4:05:9f:32:74:76:f9:d8:7b:4a:3d:
                    f9:6f:4d:c6:3a:83:fd:51:2e:61:13:70:5f:ff:14:
                    6d:7a:eb:bb:23:c0:7f:f4:9d:d8:de:ec:2b:ee:df:
                    5e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:7E:89:F2:65:D5:A1:AC:DE:04:9B:0D:01:FB:59:CC:FA:E1:93:3D
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/FX6J8mXVoazeBJsNAftZzPrhkz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.218.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:15:39:2d:2c:59:ad:2c:92:c0:ab:a8:f3:53:5c:29:a7:d0:
         da:e6:b4:53:f7:ce:79:cd:0b:2c:e5:e5:94:3e:7d:42:96:36:
         62:fc:f9:93:db:ab:84:f1:a5:80:95:91:e1:c6:f2:96:47:ff:
         e2:bd:7b:d6:68:4c:51:5a:1a:f5:a2:48:54:66:e0:72:88:98:
         8b:3c:62:f3:02:a3:8c:f1:08:71:4a:af:88:b0:6b:80:3b:95:
         76:80:23:80:69:1a:8a:23:4e:30:4d:c9:61:1d:8d:ec:f5:df:
         17:b4:87:bb:93:0d:55:50:34:92:ba:d4:b5:e6:c3:30:cc:ad:
         34:e0:07:4c:e8:c8:51:83:b3:49:a0:0a:45:4b:2f:a3:81:0a:
         e9:9b:1c:96:b5:a7:95:b0:0b:f2:f3:05:41:96:d2:91:c7:c4:
         eb:12:96:70:11:4f:a2:4e:50:5f:25:a9:d2:4d:3b:8f:3c:7d:
         0a:fc:b3:a9:f8:62:52:a6:40:71:9f:1e:0c:2a:6f:ac:b4:ae:
         74:ab:01:97:77:86:b5:57:58:e5:cf:8e:4f:12:2d:23:f3:d6:
         e3:58:49:a6:32:f4:44:94:1d:f0:63:36:d0:e0:ef:6d:72:96:
         0b:90:90:fb:81:d1:52:f1:61:f3:ec:0d:a4:83:83:e9:c4:6e:
         c4:c2:b7:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJXOkxwG7yxj5TiFE+/rVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTdlODlmMjY1ZDVhMWFjZGUwNDliMGQwMWZiNTljY2ZhZTE5MzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+1eTF9vkQSFCSo7orTZ3EM+XFCn
3gKzZtsy6qRBaZD/iCOaHaUYsYPuXBN5dS+HJD38QytWlNitKbL7W43eDpPzHIJ+
YSk7IZAtEhfY+U+trpYLSSQ91ZuBSaPCn7fdpORTIcbtSMzEhJ96tX8KSDvj8x8m
xce/w2BBQGV/MAX+J+Kt6Lezksr3jjmypMqQDmAm75RetxIxPDaR+DS9da7aug9r
SvKAMJmcIS6nvwKx5bYHJGy83zA7oo8v1surRUbMlQgTZqDY/HsZ2JUB+3xcjQ7r
9AWfMnR2+dh7Sj35b03GOoP9US5hE3Bf/xRteuu7I8B/9J3Y3uwr7t9eLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBV+ifJl1aGs3gSbDQH7Wcz64ZM9MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvRlg2SjhtWFZvYXplQkpzTkFmdFp6UHJoa3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstqQMA0G
CSqGSIb3DQEBCwUAA4IBAQAPFTktLFmtLJLAq6jzU1wpp9Da5rRT9855zQss5eWU
Pn1CljZi/PmT26uE8aWAlZHhxvKWR//ivXvWaExRWhr1okhUZuByiJiLPGLzAqOM
8QhxSq+IsGuAO5V2gCOAaRqKI04wTclhHY3s9d8XtIe7kw1VUDSSutS15sMwzK00
4AdM6MhRg7NJoApFSy+jgQrpmxyWtaeVsAvy8wVBltKRx8TrEpZwEU+iTlBfJanS
TTuPPH0K/LOp+GJSpkBxnx4MKm+stK50qwGXd4a1V1jlz45PEi0j89bjWEmmMvRE
lB3wYzbQ4O9tcpYLkJD7gdFS8WHz7A2kg4PpxG7Ewrdv
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:35:10 2024 by rpki-client on console-fra.rpki-client.org