Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/d74cb2-f0fc-4f2c-be01-536e1f0c4ff9/1/FLOLmMZGJVl2cedD18yr6O0PPjM.roa
File:                     FLOLmMZGJVl2cedD18yr6O0PPjM.roa (raw, json)
Hash identifier:          KKHBQd3YR9UDiMUs/Y01+musFp2fehELrpb7ttL9CrE=
Subject key identifier:   14:B3:8B:98:C6:46:25:59:76:71:E7:43:D7:CC:AB:E8:ED:0F:3E:33
Certificate issuer:       /CN=6cdc694f0c3255d5d5573f1328e53654cfb22c4d
Certificate serial:       018CC56E36B17D91F6CBF3AD90D7582030DA
Authority key identifier: 6C:DC:69:4F:0C:32:55:D5:D5:57:3F:13:28:E5:36:54:CF:B2:2C:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNxpTwwyVdXVVz8TKOU2VM-yLE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/d74cb2-f0fc-4f2c-be01-536e1f0c4ff9/1/FLOLmMZGJVl2cedD18yr6O0PPjM.roa
Signing time:             Mon 01 Jan 2024 14:29:43 +0000
ROA not before:           Mon 01 Jan 2024 14:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210045
IP address blocks:        217.28.133.0/24 maxlen: 24
                          2a12:2140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/d74cb2-f0fc-4f2c-be01-536e1f0c4ff9/1/bNxpTwwyVdXVVz8TKOU2VM-yLE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/d74cb2-f0fc-4f2c-be01-536e1f0c4ff9/1/bNxpTwwyVdXVVz8TKOU2VM-yLE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNxpTwwyVdXVVz8TKOU2VM-yLE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:36:b1:7d:91:f6:cb:f3:ad:90:d7:58:20:30:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cdc694f0c3255d5d5573f1328e53654cfb22c4d
        Validity
            Not Before: Jan  1 14:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14b38b98c64625597671e743d7ccabe8ed0f3e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:74:f4:89:5d:5a:d8:33:e4:2f:da:7f:26:a6:
                    49:89:a8:b3:ef:6d:f3:62:f8:ee:81:e5:f6:a2:28:
                    be:2f:c0:be:8a:40:43:81:2a:57:9e:ab:de:08:69:
                    40:a7:d6:d4:24:99:7a:ef:f7:f8:cf:17:eb:ff:68:
                    b6:65:a9:82:82:e8:38:dd:ed:78:90:ef:13:d8:fb:
                    e1:e8:da:80:d8:da:24:33:26:75:f9:c7:4b:28:02:
                    e3:da:e9:62:33:03:d1:b8:94:3b:2c:68:2c:83:44:
                    f9:01:54:f0:2f:3a:7f:ef:51:aa:28:04:0b:92:1f:
                    71:3b:4a:1b:4f:e8:7f:bb:a3:4d:d3:34:40:0f:bc:
                    f6:a0:6d:3a:c7:6f:35:8a:cc:52:33:0c:90:2d:b1:
                    3d:7c:fa:1a:31:72:47:af:f0:a5:a0:df:8a:46:17:
                    33:bb:17:6e:f0:89:53:fe:15:5e:e4:5d:9b:83:64:
                    a3:54:f7:87:65:d2:5e:20:49:e5:74:40:35:76:de:
                    1e:03:e5:cb:4f:ff:44:da:7a:49:cb:e0:41:bf:3e:
                    3c:d6:c0:30:b5:5c:07:79:32:b1:9c:5a:81:3a:91:
                    db:d0:ae:99:3f:1f:85:df:ca:5b:38:53:b0:7e:82:
                    50:38:2b:fc:75:bd:05:4b:e3:98:25:9e:44:52:8c:
                    f4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:B3:8B:98:C6:46:25:59:76:71:E7:43:D7:CC:AB:E8:ED:0F:3E:33
            X509v3 Authority Key Identifier:
                keyid:6C:DC:69:4F:0C:32:55:D5:D5:57:3F:13:28:E5:36:54:CF:B2:2C:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNxpTwwyVdXVVz8TKOU2VM-yLE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d74cb2-f0fc-4f2c-be01-536e1f0c4ff9/1/FLOLmMZGJVl2cedD18yr6O0PPjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d74cb2-f0fc-4f2c-be01-536e1f0c4ff9/1/bNxpTwwyVdXVVz8TKOU2VM-yLE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.133.0/24
                IPv6:
                  2a12:2140::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:1b:36:47:0e:2b:25:4d:49:5e:b1:73:5c:74:ea:68:db:99:
         c8:af:76:60:c7:4d:d3:34:d5:c0:87:54:3e:15:5b:a2:9c:6c:
         c7:84:6a:2a:70:73:e6:b5:27:57:1a:82:91:5b:f1:11:8b:59:
         41:55:43:b6:0c:13:69:51:ba:83:f2:a5:23:51:39:ea:35:38:
         80:4a:82:5f:94:ea:69:8a:80:4d:2f:ae:84:83:ef:c7:9e:80:
         8e:5a:38:78:7b:2e:bd:6b:eb:c5:7a:3b:7d:5e:04:7d:79:d5:
         cf:a0:41:c3:33:c2:2a:cd:41:86:a9:73:04:c5:cc:2d:1f:cd:
         4c:fc:da:12:f9:41:d6:ce:32:86:7e:ab:d8:8d:42:9f:34:32:
         3e:c5:3a:66:6b:27:99:0c:88:1b:ba:6a:34:50:c9:34:48:3e:
         7c:bd:6b:2c:d1:75:d1:df:00:d0:2d:b9:17:8b:15:5a:ea:49:
         cb:2f:5e:69:65:20:c0:79:52:bf:3d:85:20:31:e6:35:51:c0:
         d7:aa:76:21:19:ac:83:31:95:c2:5c:fa:6d:08:b6:0e:a2:91:
         09:c7:6a:dd:9e:40:22:89:11:da:a3:a0:ef:71:1d:a5:0f:dd:
         ae:e6:3e:be:c4:12:a9:35:66:0f:81:5a:23:5a:e2:26:48:5d:
         6c:40:71:a8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbjaxfZH2y/OtkNdYIDDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZGM2OTRmMGMzMjU1ZDVkNTU3M2YxMzI4ZTUzNjU0Y2Zi
MjJjNGQwHhcNMjQwMTAxMTQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGIzOGI5OGM2NDYyNTU5NzY3MWU3NDNkN2NjYWJlOGVkMGYzZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3T0iV1a2DPkL9p/JqZJiaiz723z
YvjugeX2oii+L8C+ikBDgSpXnqveCGlAp9bUJJl67/f4zxfr/2i2ZamCgug43e14
kO8T2Pvh6NqA2NokMyZ1+cdLKALj2uliMwPRuJQ7LGgsg0T5AVTwLzp/71GqKAQL
kh9xO0obT+h/u6NN0zRAD7z2oG06x281isxSMwyQLbE9fPoaMXJHr/CloN+KRhcz
uxdu8IlT/hVe5F2bg2SjVPeHZdJeIEnldEA1dt4eA+XLT/9E2npJy+BBvz481sAw
tVwHeTKxnFqBOpHb0K6ZPx+F38pbOFOwfoJQOCv8db0FS+OYJZ5EUoz0MQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBSzi5jGRiVZdnHnQ9fMq+jtDz4zMB8GA1UdIwQY
MBaAFGzcaU8MMlXV1Vc/EyjlNlTPsixNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk54cFR3d3lWZFhWVno4VEtPVTJWTS15TEUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9kNzRjYjItZjBmYy00ZjJjLWJlMDEt
NTM2ZTFmMGM0ZmY5LzEvRkxPTG1NWkdKVmwyY2VkRDE4eXI2TzBQUGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9kNzRjYjItZjBmYy00ZjJjLWJlMDEtNTM2ZTFmMGM0ZmY5
LzEvYk54cFR3d3lWZFhWVno4VEtPVTJWTS15TEUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2RyFMA0E
AgACMAcDBQMqEiFAMA0GCSqGSIb3DQEBCwUAA4IBAQB9GzZHDislTUlesXNcdOpo
25nIr3Zgx03TNNXAh1Q+FVuinGzHhGoqcHPmtSdXGoKRW/ERi1lBVUO2DBNpUbqD
8qUjUTnqNTiASoJflOppioBNL66Eg+/HnoCOWjh4ey69a+vFejt9XgR9edXPoEHD
M8IqzUGGqXMExcwtH81M/NoS+UHWzjKGfqvYjUKfNDI+xTpmayeZDIgbumo0UMk0
SD58vWss0XXR3wDQLbkXixVa6knLL15pZSDAeVK/PYUgMeY1UcDXqnYhGayDMZXC
XPptCLYOopEJx2rdnkAiiRHao6DvcR2lD92u5j6+xBKpNWYPgVojWuImSF1sQHGo
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:36:24 2024 by rpki-client on console-ams.rpki-client.org