Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/Rwu8oloHYa4NrHuTo2soo_x8WBw.roa
File:                     Rwu8oloHYa4NrHuTo2soo_x8WBw.roa (raw, json)
Hash identifier:          LAWpAWvB/jBgPcNXv68j/dLEYZ/T4sIzr/Ih2Sqtrrk=
Subject key identifier:   47:0B:BC:A2:5A:07:61:AE:0D:AC:7B:93:A3:6B:28:A3:FC:7C:58:1C
Certificate issuer:       /CN=cd626bbb7b69eec9f6790b03705545b892fa2e8a
Certificate serial:       018CC64B486D4D3FD6FAFB518DB3DF3AEC25
Authority key identifier: CD:62:6B:BB:7B:69:EE:C9:F6:79:0B:03:70:55:45:B8:92:FA:2E:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWJru3tp7sn2eQsDcFVFuJL6Loo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/Rwu8oloHYa4NrHuTo2soo_x8WBw.roa
Signing time:             Mon 01 Jan 2024 18:31:11 +0000
ROA not before:           Mon 01 Jan 2024 18:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        217.196.142.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/zWJru3tp7sn2eQsDcFVFuJL6Loo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/zWJru3tp7sn2eQsDcFVFuJL6Loo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zWJru3tp7sn2eQsDcFVFuJL6Loo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:48:6d:4d:3f:d6:fa:fb:51:8d:b3:df:3a:ec:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd626bbb7b69eec9f6790b03705545b892fa2e8a
        Validity
            Not Before: Jan  1 18:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=470bbca25a0761ae0dac7b93a36b28a3fc7c581c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d0:69:ce:6e:b4:ac:97:a2:ad:d3:95:0b:8e:
                    99:59:17:b8:6c:7d:f3:c6:d1:23:30:15:5e:8a:67:
                    58:5c:1c:01:21:eb:dd:1f:ae:5c:3d:15:48:6c:04:
                    ab:23:69:b8:c1:d5:d9:33:30:e6:f5:e0:f8:99:00:
                    34:8d:f9:80:de:77:18:59:d6:10:43:49:ff:47:a8:
                    8b:41:24:9f:68:c9:b3:5a:62:4f:3a:84:40:9b:3c:
                    f6:d8:e4:d4:6a:28:7a:da:71:fa:56:57:6a:ab:a8:
                    e8:a2:5c:50:3e:a2:ab:56:b1:cd:53:4d:0b:93:05:
                    19:66:5b:30:39:6d:75:12:c7:3d:80:9b:d6:f6:b3:
                    7a:39:2b:c5:40:da:72:59:fc:5f:55:f4:18:fb:1e:
                    cb:36:d3:a0:ca:1c:5b:9a:43:56:18:c1:e2:92:c7:
                    fb:02:64:19:21:bd:0c:4c:8f:e9:da:02:af:53:37:
                    70:d9:28:f9:46:33:8c:83:60:b2:51:b5:9e:eb:f8:
                    7b:26:59:25:57:a2:4d:b3:e0:cc:76:e6:e3:d2:14:
                    f0:c4:07:d9:83:c1:6d:bd:ba:f4:51:cd:5a:50:26:
                    f8:f3:92:38:e2:20:7b:35:5f:b4:04:14:66:d7:82:
                    c2:ca:70:4e:fb:24:e9:d8:10:b5:90:3a:e7:2e:c6:
                    68:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:0B:BC:A2:5A:07:61:AE:0D:AC:7B:93:A3:6B:28:A3:FC:7C:58:1C
            X509v3 Authority Key Identifier:
                keyid:CD:62:6B:BB:7B:69:EE:C9:F6:79:0B:03:70:55:45:B8:92:FA:2E:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWJru3tp7sn2eQsDcFVFuJL6Loo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/Rwu8oloHYa4NrHuTo2soo_x8WBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/zWJru3tp7sn2eQsDcFVFuJL6Loo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.196.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:35:52:ea:fc:1b:9e:d1:fb:ed:b9:99:28:5f:2c:06:38:e5:
         1e:16:3c:c7:03:0d:1f:d0:8f:06:ae:e2:34:35:90:5a:ff:60:
         8a:94:d2:2e:c1:89:c4:94:06:29:1e:dc:2c:7a:01:b4:84:ad:
         1b:ae:6e:10:28:d5:24:7a:e7:56:49:73:a0:9a:cb:34:49:94:
         7d:5c:06:d6:3c:65:6b:5b:48:58:cd:e5:af:9c:b5:e7:3d:a4:
         77:18:4e:b9:a8:ab:e4:cc:23:f7:0e:fc:b9:63:1e:50:30:99:
         c0:65:19:02:50:f4:cf:6f:20:17:6c:60:9c:33:3b:3b:c4:0f:
         9a:cf:ca:c7:04:57:66:9f:ea:bd:07:24:eb:78:e1:d9:30:3f:
         e4:99:d8:f8:7b:d5:65:9e:4c:f7:ac:1c:d2:a3:f2:03:b4:d8:
         86:c5:53:bf:98:78:ba:ec:36:4d:4f:f0:a7:04:e3:9b:0a:54:
         c2:98:58:30:98:e2:9f:ec:7c:7f:7c:41:86:16:49:97:e3:1f:
         bf:f2:5d:0d:8b:86:12:01:f2:6d:e8:94:cc:9f:f1:35:bd:5e:
         8a:7a:36:5c:af:14:8f:c4:9a:bc:99:6a:8f:89:08:11:5e:d2:
         01:1d:f3:e1:66:5e:42:91:3f:bf:0d:b7:a9:76:4c:4e:96:0b:
         63:03:18:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0htTT/W+vtRjbPfOuwlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjI2YmJiN2I2OWVlYzlmNjc5MGIwMzcwNTU0NWI4OTJm
YTJlOGEwHhcNMjQwMTAxMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzBiYmNhMjVhMDc2MWFlMGRhYzdiOTNhMzZiMjhhM2ZjN2M1ODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNBpzm60rJeirdOVC46ZWRe4bH3z
xtEjMBVeimdYXBwBIevdH65cPRVIbASrI2m4wdXZMzDm9eD4mQA0jfmA3ncYWdYQ
Q0n/R6iLQSSfaMmzWmJPOoRAmzz22OTUaih62nH6Vldqq6joolxQPqKrVrHNU00L
kwUZZlswOW11Esc9gJvW9rN6OSvFQNpyWfxfVfQY+x7LNtOgyhxbmkNWGMHiksf7
AmQZIb0MTI/p2gKvUzdw2Sj5RjOMg2CyUbWe6/h7JlklV6JNs+DMdubj0hTwxAfZ
g8Ftvbr0Uc1aUCb485I44iB7NV+0BBRm14LCynBO+yTp2BC1kDrnLsZoGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcLvKJaB2GuDax7k6NrKKP8fFgcMB8GA1UdIwQY
MBaAFM1ia7t7ae7J9nkLA3BVRbiS+i6KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldKcnUzdHA3c24yZVFzRGNGVkZ1Skw2TG9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yYjM3ZGYtOGZmZS00MWU1LWFjMDct
YzBmODlhZDM2YmNhLzEvUnd1OG9sb0hZYTROckh1VG8yc29vX3g4V0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yYjM3ZGYtOGZmZS00MWU1LWFjMDctYzBmODlhZDM2YmNh
LzEveldKcnUzdHA3c24yZVFzRGNGVkZ1Skw2TG9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2cSOMA0G
CSqGSIb3DQEBCwUAA4IBAQB/NVLq/Bue0fvtuZkoXywGOOUeFjzHAw0f0I8GruI0
NZBa/2CKlNIuwYnElAYpHtwsegG0hK0brm4QKNUkeudWSXOgmss0SZR9XAbWPGVr
W0hYzeWvnLXnPaR3GE65qKvkzCP3Dvy5Yx5QMJnAZRkCUPTPbyAXbGCcMzs7xA+a
z8rHBFdmn+q9ByTreOHZMD/kmdj4e9Vlnkz3rBzSo/IDtNiGxVO/mHi67DZNT/Cn
BOObClTCmFgwmOKf7Hx/fEGGFkmX4x+/8l0Ni4YSAfJt6JTMn/E1vV6KejZcrxSP
xJq8mWqPiQgRXtIBHfPhZl5CkT+/DbepdkxOlgtjAxh0
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:01:13 2024 by rpki-client on console-ams.rpki-client.org