Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/_EABetoPFMOgrgKr14gIX6C3KKM.roa
File:                     _EABetoPFMOgrgKr14gIX6C3KKM.roa (raw, json)
Hash identifier:          wWT/QFQ6RtdRqZy2ax/zDp4APBxcPILnBMNYEgmKFw4=
Subject key identifier:   FC:40:01:7A:DA:0F:14:C3:A0:AE:02:AB:D7:88:08:5F:A0:B7:28:A3
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB69233F01B45B01EB9E47813D3CEC
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/_EABetoPFMOgrgKr14gIX6C3KKM.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210538
IP address blocks:        87.248.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:69:23:3f:01:b4:5b:01:eb:9e:47:81:3d:3c:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc40017ada0f14c3a0ae02abd788085fa0b728a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:94:ff:33:01:34:87:d7:d6:e9:e1:14:12:36:
                    d5:5c:73:6f:d0:77:4f:79:6e:be:e7:d6:f0:7d:2e:
                    83:cc:6b:9c:71:38:55:d4:5a:81:81:35:4b:81:33:
                    7c:51:15:aa:58:cf:56:1f:99:3a:65:63:23:9f:17:
                    2e:7e:af:99:62:eb:ec:46:86:67:50:d2:4e:a0:0b:
                    42:a0:a9:c5:82:87:b1:e7:56:97:25:fc:8c:61:f0:
                    c4:b8:e6:e0:47:de:b6:5b:6c:35:b6:f3:e8:d2:49:
                    ce:fc:cf:c7:48:c0:51:29:b1:1f:e5:3d:cc:7c:97:
                    95:9f:95:8c:29:f8:e0:1e:2a:bd:e9:49:f1:fa:57:
                    d7:4d:9c:74:91:74:98:c9:98:8a:7f:7e:e9:59:b6:
                    9d:c8:6e:ef:c1:f0:fe:3f:56:ba:7b:18:e5:e8:74:
                    c6:d2:c3:94:30:e5:4c:34:87:50:f0:12:81:de:3a:
                    21:85:4f:22:79:51:dd:84:ab:aa:a4:5c:7f:2a:da:
                    b5:5f:ea:eb:d3:e7:99:25:fc:47:67:ff:4f:95:12:
                    17:d2:de:4a:8a:52:c2:7f:40:fd:60:2b:1d:92:0d:
                    a0:78:c1:5f:19:49:2b:75:e0:dd:31:37:1f:fe:ac:
                    a4:47:36:11:4c:9f:dc:e2:99:81:66:e9:d9:01:af:
                    ad:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:40:01:7A:DA:0F:14:C3:A0:AE:02:AB:D7:88:08:5F:A0:B7:28:A3
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/_EABetoPFMOgrgKr14gIX6C3KKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:d7:8d:72:48:fe:d4:be:10:1f:5a:78:ca:34:b0:67:74:a1:
         67:4e:d7:56:64:28:ff:b2:e0:52:ad:10:e2:10:ae:66:6e:a6:
         f3:ca:01:b5:10:4a:43:0f:ee:44:20:a3:45:2f:da:87:5f:9d:
         e1:0b:ab:6e:27:41:4a:24:4a:65:4f:60:23:d0:75:c9:d7:f4:
         f8:4d:3c:b8:4c:37:fd:32:83:a1:ca:a7:1c:59:a8:92:2f:ab:
         6d:24:fb:e9:5d:44:99:e1:2d:46:04:90:aa:34:51:ed:d7:d4:
         b6:ec:0c:c6:49:5e:e6:37:b3:66:01:e9:60:0b:06:fc:ff:08:
         41:51:53:51:74:12:d6:07:e0:9b:d8:a9:79:57:38:70:c7:84:
         de:78:01:32:5d:72:e3:a2:0a:44:21:6a:16:d4:d9:c1:62:99:
         8f:80:e0:86:a1:c2:7f:6a:ac:46:a1:69:73:9c:75:82:98:92:
         68:ba:4a:97:0a:92:8a:80:d7:51:6e:3f:90:38:fb:df:11:41:
         eb:81:f4:3a:b2:ad:72:09:2f:ac:09:4d:65:f5:51:d9:56:bc:
         9e:93:6c:51:bc:b4:79:d7:87:13:b8:15:ae:51:cb:05:35:a7:
         58:4a:7d:df:46:bc:8e:0c:5f:da:8e:0e:78:fe:6f:98:cd:6d:
         30:35:21:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22kjPwG0WwHrnkeBPTzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQwMDE3YWRhMGYxNGMzYTBhZTAyYWJkNzg4MDg1ZmEwYjcyOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopT/MwE0h9fW6eEUEjbVXHNv0HdP
eW6+59bwfS6DzGuccThV1FqBgTVLgTN8URWqWM9WH5k6ZWMjnxcufq+ZYuvsRoZn
UNJOoAtCoKnFgoex51aXJfyMYfDEuObgR962W2w1tvPo0knO/M/HSMBRKbEf5T3M
fJeVn5WMKfjgHiq96Unx+lfXTZx0kXSYyZiKf37pWbadyG7vwfD+P1a6exjl6HTG
0sOUMOVMNIdQ8BKB3johhU8ieVHdhKuqpFx/Ktq1X+rr0+eZJfxHZ/9PlRIX0t5K
ilLCf0D9YCsdkg2geMFfGUkrdeDdMTcf/qykRzYRTJ/c4pmBZunZAa+t8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxAAXraDxTDoK4Cq9eICF+gtyijMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvX0VBQmV0b1BGTU9ncmdLcjE0Z0lYNkMzS0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/idMA0G
CSqGSIb3DQEBCwUAA4IBAQCn141ySP7UvhAfWnjKNLBndKFnTtdWZCj/suBSrRDi
EK5mbqbzygG1EEpDD+5EIKNFL9qHX53hC6tuJ0FKJEplT2Aj0HXJ1/T4TTy4TDf9
MoOhyqccWaiSL6ttJPvpXUSZ4S1GBJCqNFHt19S27AzGSV7mN7NmAelgCwb8/whB
UVNRdBLWB+Cb2Kl5Vzhwx4TeeAEyXXLjogpEIWoW1NnBYpmPgOCGocJ/aqxGoWlz
nHWCmJJoukqXCpKKgNdRbj+QOPvfEUHrgfQ6sq1yCS+sCU1l9VHZVryek2xRvLR5
14cTuBWuUcsFNadYSn3fRryODF/ajg54/m+YzW0wNSFI
-----END CERTIFICATE-----
Generated at Tue Nov 26 02:53:42 2024 by rpki-client on console-fra.rpki-client.org