Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/_cznE2cHjVEMd58Ny-dpf1JBSJ8.roa
File:                     _cznE2cHjVEMd58Ny-dpf1JBSJ8.roa (raw, json)
Hash identifier:          uy/xKwdb2yDBiNpHBhwHCINkN0YUypyotgQWaFuzbSA=
Subject key identifier:   FD:CC:E7:13:67:07:8D:51:0C:77:9F:0D:CB:E7:69:7F:52:41:48:9F
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E50BA113C7A142B0EEC22B39696F
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/_cznE2cHjVEMd58Ny-dpf1JBSJ8.roa
Signing time:             Mon 01 Jan 2024 10:30:10 +0000
ROA not before:           Mon 01 Jan 2024 10:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        46.209.162.0/24 maxlen: 24
                          5.160.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e5:0b:a1:13:c7:a1:42:b0:ee:c2:2b:39:69:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdcce71367078d510c779f0dcbe7697f5241489f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:60:87:6a:8a:dd:01:0b:c4:5d:7d:c9:e1:8e:
                    db:47:ba:5b:ac:1b:d9:f8:c3:2d:8f:3a:1b:1b:50:
                    4c:7c:2d:47:a2:b7:84:bd:ea:ce:28:c1:b4:3d:51:
                    17:ec:0a:83:66:d7:c8:6a:85:e4:42:f8:c4:a3:27:
                    5d:5c:0f:b8:2c:ba:7b:a8:3f:39:3a:20:20:c1:c2:
                    c0:bb:47:f0:20:d8:79:51:de:a3:95:07:34:5b:3c:
                    4f:44:93:d7:e1:e2:90:69:82:9d:52:04:58:aa:51:
                    5b:36:dd:60:3d:a7:ce:4e:d1:7d:37:28:70:e9:02:
                    81:01:21:84:ef:fc:20:cd:bf:2c:fb:a8:75:72:02:
                    c2:f3:d3:75:69:ea:3f:ea:73:8e:b3:d4:63:69:ff:
                    7a:b5:b0:48:c4:91:ab:bd:36:a3:0a:91:6c:e1:ab:
                    da:02:25:50:80:40:6a:7b:4e:19:38:6e:25:e6:0b:
                    99:84:70:74:c5:39:0c:f7:81:2e:af:10:d2:d5:13:
                    b2:b7:d5:71:aa:9f:d8:ed:fc:12:52:03:cf:04:40:
                    2b:0f:d6:eb:8f:b9:20:0f:be:ef:36:98:67:00:61:
                    a2:7b:16:e1:62:11:ec:3a:fa:6e:dc:ed:1c:60:9b:
                    84:59:03:91:48:2f:8d:7a:89:7c:d8:7c:73:d7:bf:
                    c5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:CC:E7:13:67:07:8D:51:0C:77:9F:0D:CB:E7:69:7F:52:41:48:9F
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/_cznE2cHjVEMd58Ny-dpf1JBSJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.152.0/24
                  46.209.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ad:ad:b8:80:93:a9:a6:5c:fd:dc:40:b2:ee:3c:15:89:e2:
         f0:25:fa:c6:19:6e:e9:03:f6:26:84:db:25:62:e2:22:35:35:
         c5:21:0b:15:09:91:58:32:82:b1:b0:dd:e0:7b:08:a9:bf:45:
         91:97:10:c9:10:b1:b6:1a:6c:69:27:3c:f0:dc:b5:67:c4:3e:
         d3:f4:4a:df:d9:26:bd:ba:ab:60:90:4e:ef:c3:46:09:18:b3:
         e2:85:22:45:5e:72:d9:2b:2d:13:b3:d7:76:09:0b:9d:b9:8b:
         aa:68:56:56:d1:47:62:5f:47:ea:9c:43:44:e5:76:45:90:36:
         e1:79:24:e0:a1:e1:58:c1:5b:40:b0:8f:bc:e1:05:05:8a:c3:
         77:e3:13:57:df:54:57:9a:22:2a:d5:37:7a:c5:1e:9d:96:2e:
         61:0a:ef:1f:b0:ad:28:23:95:0a:32:d6:5c:2d:e3:2a:de:d8:
         e6:04:fc:c2:6c:a2:b6:be:09:ea:78:f1:35:c8:7b:9b:82:12:
         09:b7:28:37:cb:1e:c5:c6:ae:e7:66:94:2b:7d:78:cf:6c:be:
         e8:ac:7f:6d:cb:d2:e2:4f:24:84:36:18:ea:89:01:a9:7c:59:
         ce:9b:17:05:93:b3:4f:1c:b8:bd:2a:09:df:2a:ee:4c:58:96:
         99:86:44:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkuULoRPHoUKw7sIrOWlvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGNjZTcxMzY3MDc4ZDUxMGM3NzlmMGRjYmU3Njk3ZjUyNDE0ODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2CHaordAQvEXX3J4Y7bR7pbrBvZ
+MMtjzobG1BMfC1HoreEverOKMG0PVEX7AqDZtfIaoXkQvjEoyddXA+4LLp7qD85
OiAgwcLAu0fwINh5Ud6jlQc0WzxPRJPX4eKQaYKdUgRYqlFbNt1gPafOTtF9Nyhw
6QKBASGE7/wgzb8s+6h1cgLC89N1aeo/6nOOs9Rjaf96tbBIxJGrvTajCpFs4ava
AiVQgEBqe04ZOG4l5guZhHB0xTkM94EurxDS1ROyt9Vxqp/Y7fwSUgPPBEArD9br
j7kgD77vNphnAGGiexbhYhHsOvpu3O0cYJuEWQORSC+Neol82Hxz17/FMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP3M5xNnB41RDHefDcvnaX9SQUifMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvX2N6bkUyY0hqVkVNZDU4TnktZHBmMUpCU0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABaCYAwQA
LtGiMA0GCSqGSIb3DQEBCwUAA4IBAQA9ra24gJOpplz93ECy7jwVieLwJfrGGW7p
A/YmhNslYuIiNTXFIQsVCZFYMoKxsN3gewipv0WRlxDJELG2GmxpJzzw3LVnxD7T
9Erf2Sa9uqtgkE7vw0YJGLPihSJFXnLZKy0Ts9d2CQuduYuqaFZW0UdiX0fqnENE
5XZFkDbheSTgoeFYwVtAsI+84QUFisN34xNX31RXmiIq1Td6xR6dli5hCu8fsK0o
I5UKMtZcLeMq3tjmBPzCbKK2vgnqePE1yHubghIJtyg3yx7Fxq7nZpQrfXjPbL7o
rH9ty9LiTySENhjqiQGpfFnOmxcFk7NPHLi9KgnfKu5MWJaZhkR1
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:02:25 2024 by rpki-client on console-ams.rpki-client.org