Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_Sp5FHH4VHTlHQTBsXMgFX6TLgA.roa
File:                     _Sp5FHH4VHTlHQTBsXMgFX6TLgA.roa (raw, json)
Hash identifier:          mDtFYVTn0Jgzi3e2BskhZ/SLIrzc5te8oQMIdWH+iJs=
Subject key identifier:   FD:2A:79:14:71:F8:54:74:E5:1D:04:C1:B1:73:20:15:7E:93:2E:00
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3897767B8DF9DB96E18AF350F2C9
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_Sp5FHH4VHTlHQTBsXMgFX6TLgA.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207159
IP address blocks:        185.195.184.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:38:97:76:7b:8d:f9:db:96:e1:8a:f3:50:f2:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd2a791471f85474e51d04c1b17320157e932e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5f:50:22:df:97:a2:7f:76:8b:c7:ab:42:23:
                    cf:9d:98:e3:ba:89:d7:ce:33:5e:6d:70:e1:bb:7a:
                    3c:85:a3:38:0e:1c:1a:0e:fc:70:e9:d2:f9:cb:6b:
                    92:34:c8:f2:b3:92:a7:e1:37:9f:21:fb:35:2f:3a:
                    a2:91:b9:98:20:67:aa:a3:1e:fe:4d:1c:a9:8f:14:
                    74:cf:a3:d0:41:b1:65:0c:82:0a:7a:6a:5c:00:e8:
                    db:86:3f:be:0b:7c:ff:62:e0:fe:69:99:95:f8:7f:
                    07:a3:09:27:1f:b6:86:0e:89:46:76:8e:b1:c7:e5:
                    0d:9d:1d:90:31:8c:79:08:a0:f3:c1:fc:98:e9:bd:
                    49:fe:4e:1f:b9:58:80:d9:13:e6:b4:8d:7e:f4:36:
                    69:f7:ea:1e:83:b0:36:04:7e:db:98:92:1d:a0:51:
                    93:79:26:b3:70:5d:85:f9:62:e1:1a:3e:bb:a2:f7:
                    84:7d:7d:91:ec:3b:92:48:17:5b:48:6c:3c:90:9c:
                    6f:09:ef:aa:e4:cd:90:11:11:96:c5:c7:13:c3:66:
                    a7:3b:b2:4c:1f:0d:2e:ee:91:89:61:37:19:2b:ca:
                    8a:e4:94:cc:49:3b:79:4b:70:e5:f6:1f:9c:5f:a4:
                    3f:a7:e0:ff:61:d9:ed:e0:39:80:fb:57:db:fd:b9:
                    51:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:2A:79:14:71:F8:54:74:E5:1D:04:C1:B1:73:20:15:7E:93:2E:00
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_Sp5FHH4VHTlHQTBsXMgFX6TLgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:cf:e0:d6:53:d6:84:f5:c4:a0:50:4c:f5:ca:5f:15:d5:23:
         d9:77:97:7a:ee:4a:03:4e:c5:55:8a:42:7a:86:30:bf:cc:fb:
         b5:b3:fd:32:bd:0c:5d:03:b6:24:8d:a1:27:31:aa:a1:27:32:
         1b:b1:cc:53:ab:ad:08:e9:b3:6a:ad:d8:b6:55:98:18:86:c5:
         46:73:3f:d6:20:bd:ac:1b:c3:8e:c7:9f:74:96:f5:ce:91:6d:
         0a:4a:f6:7f:11:99:c5:f4:b9:60:f7:fa:87:ad:3d:a9:bf:87:
         5a:b4:78:c2:7c:15:9e:2b:d5:1f:6f:05:9d:c5:be:06:74:7c:
         1b:05:73:e7:c5:ed:ba:f5:63:6c:ce:eb:aa:1c:5a:45:68:93:
         7a:c7:2b:44:5a:7d:21:ce:a4:67:f8:45:e1:04:a4:5a:f6:e1:
         80:d1:fe:97:f5:28:4f:d9:4d:a0:c5:1d:7c:f6:9d:35:e8:fe:
         e8:b9:7a:42:f1:61:91:5e:db:63:2a:7e:2b:61:8d:de:5f:0a:
         3d:93:de:82:74:1a:62:71:be:72:41:c0:0d:51:35:d7:3d:62:
         8e:3e:3e:4b:1c:ed:94:33:7b:06:0f:e5:e6:28:b4:fb:f2:a6:
         4f:ca:98:58:af:45:1f:d9:f9:6a:22:56:92:92:e6:80:06:55:
         99:1e:53:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ziXdnuN+duW4YrzUPLJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDJhNzkxNDcxZjg1NDc0ZTUxZDA0YzFiMTczMjAxNTdlOTMyZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuF9QIt+Xon92i8erQiPPnZjjuonX
zjNebXDhu3o8haM4DhwaDvxw6dL5y2uSNMjys5Kn4TefIfs1LzqikbmYIGeqox7+
TRypjxR0z6PQQbFlDIIKempcAOjbhj++C3z/YuD+aZmV+H8HowknH7aGDolGdo6x
x+UNnR2QMYx5CKDzwfyY6b1J/k4fuViA2RPmtI1+9DZp9+oeg7A2BH7bmJIdoFGT
eSazcF2F+WLhGj67oveEfX2R7DuSSBdbSGw8kJxvCe+q5M2QERGWxccTw2anO7JM
Hw0u7pGJYTcZK8qK5JTMSTt5S3Dl9h+cX6Q/p+D/Ydnt4DmA+1fb/blRXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0qeRRx+FR05R0EwbFzIBV+ky4AMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvX1NwNUZISDRWSFRsSFFUQnNYTWdGWDZUTGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucO4MA0G
CSqGSIb3DQEBCwUAA4IBAQB9z+DWU9aE9cSgUEz1yl8V1SPZd5d67koDTsVVikJ6
hjC/zPu1s/0yvQxdA7YkjaEnMaqhJzIbscxTq60I6bNqrdi2VZgYhsVGcz/WIL2s
G8OOx590lvXOkW0KSvZ/EZnF9Llg9/qHrT2pv4datHjCfBWeK9UfbwWdxb4GdHwb
BXPnxe269WNszuuqHFpFaJN6xytEWn0hzqRn+EXhBKRa9uGA0f6X9ShP2U2gxR18
9p016P7ouXpC8WGRXttjKn4rYY3eXwo9k96CdBpicb5yQcANUTXXPWKOPj5LHO2U
M3sGD+XmKLT78qZPyphYr0Uf2flqIlaSkuaABlWZHlN5
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:46:31 2024 by rpki-client on console-ams.rpki-client.org