Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/cd-ftqB9JHKs3BmUKTgdqGh53R4.roa
File:                     cd-ftqB9JHKs3BmUKTgdqGh53R4.roa (raw, json)
Hash identifier:          r/7zf4Z7jmcyzSYvVzEm++IoFduZgp/xXCYBEQPS4WU=
Subject key identifier:   71:DF:9F:B6:A0:7D:24:72:AC:DC:19:94:29:38:1D:A8:68:79:DD:1E
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64ADDAB5A2983789D3AEE0FC0A51380
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/cd-ftqB9JHKs3BmUKTgdqGh53R4.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212843
IP address blocks:        212.86.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dd:ab:5a:29:83:78:9d:3a:ee:0f:c0:a5:13:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71df9fb6a07d2472acdc199429381da86879dd1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:69:91:89:3b:f9:08:ac:81:81:63:bd:05:12:
                    2c:8a:3d:b1:f7:dc:70:4f:3c:f2:a1:29:d5:45:30:
                    58:b3:c1:be:2e:e5:40:e3:68:16:70:a0:0d:0b:4e:
                    40:84:06:73:0f:51:dd:c1:e2:cf:cf:73:a5:b4:44:
                    db:d1:47:62:57:0f:fb:08:6b:0b:b1:55:ff:98:a8:
                    bb:77:95:78:29:a4:ac:ef:30:28:c8:65:95:17:f2:
                    ef:8f:35:b9:6c:62:f8:22:90:6a:52:65:64:9c:4f:
                    d7:eb:27:dd:71:ce:a0:36:2b:6c:49:42:c7:bd:a9:
                    59:e7:d3:2a:d8:5f:32:27:21:3e:b6:ff:f5:e9:05:
                    ca:ef:fd:32:e6:3d:1a:ae:78:8f:50:86:f0:32:e1:
                    9a:98:40:0b:03:90:ad:ac:54:ea:c0:56:bf:e0:67:
                    fb:e7:ef:56:df:4e:aa:c9:78:df:f9:92:be:09:3b:
                    1d:a1:0e:43:11:59:98:32:65:c1:ab:e5:b9:01:8d:
                    ee:f8:4f:87:2b:a9:7e:1b:38:5a:50:3e:86:d7:db:
                    2c:cd:fb:7c:78:8d:86:fc:ea:f7:ce:0f:27:3e:3e:
                    9b:ba:bd:8a:0f:6e:0c:cb:f8:0b:cb:9c:de:d3:c1:
                    05:30:a2:e2:55:64:cd:1d:49:4d:16:d3:3b:3c:b8:
                    99:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:DF:9F:B6:A0:7D:24:72:AC:DC:19:94:29:38:1D:A8:68:79:DD:1E
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/cd-ftqB9JHKs3BmUKTgdqGh53R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.86.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:1a:41:1d:fe:eb:f7:04:41:f3:b5:b1:71:94:9a:21:5c:df:
         93:a7:31:e9:f9:f7:12:51:ab:5d:14:ea:0e:59:67:30:c2:59:
         a6:f8:b4:ad:87:2d:29:1a:61:90:8f:0f:87:6b:1a:6b:b6:61:
         b8:d1:4e:f9:6a:17:84:82:fc:dd:b7:10:94:c1:fa:c9:2d:fc:
         2f:51:de:b5:aa:fa:a3:0a:32:eb:29:61:1f:40:0c:40:9b:26:
         18:e6:9a:35:74:b5:5a:93:2e:41:04:b8:f4:1c:35:2a:67:5a:
         45:2b:8e:3e:40:18:53:32:69:7d:ac:58:eb:96:c4:ef:7e:d7:
         2e:3c:60:b4:ac:df:4c:73:cc:c8:fb:cc:3f:92:de:82:a6:05:
         a4:4e:cb:2f:11:b0:cc:12:08:a2:bd:0c:76:f5:4b:34:40:b7:
         e5:f9:ce:dd:49:78:6c:3b:cb:ff:9d:d1:c3:64:53:b4:67:06:
         63:aa:25:a9:7b:51:33:57:9b:d8:4c:a3:a7:b2:c7:d5:de:cb:
         c1:69:bc:c8:ea:d7:2d:d7:d8:c6:a8:d6:f0:1d:73:51:83:e0:
         fb:d2:3d:b9:96:5d:7a:2f:33:22:40:48:f3:07:1a:e2:41:04:
         3d:9c:f4:18:cf:89:4d:22:e9:10:6b:69:36:ef:44:11:20:01:
         fc:26:d7:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSt2rWimDeJ067g/ApROAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWRmOWZiNmEwN2QyNDcyYWNkYzE5OTQyOTM4MWRhODY4NzlkZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGmRiTv5CKyBgWO9BRIsij2x99xw
TzzyoSnVRTBYs8G+LuVA42gWcKANC05AhAZzD1HdweLPz3OltETb0UdiVw/7CGsL
sVX/mKi7d5V4KaSs7zAoyGWVF/LvjzW5bGL4IpBqUmVknE/X6yfdcc6gNitsSULH
valZ59Mq2F8yJyE+tv/16QXK7/0y5j0arniPUIbwMuGamEALA5CtrFTqwFa/4Gf7
5+9W306qyXjf+ZK+CTsdoQ5DEVmYMmXBq+W5AY3u+E+HK6l+GzhaUD6G19sszft8
eI2G/Or3zg8nPj6bur2KD24My/gLy5ze08EFMKLiVWTNHUlNFtM7PLiZLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHfn7agfSRyrNwZlCk4Hahoed0eMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvY2QtZnRxQjlKSEtzM0JtVUtUZ2RxR2g1M1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FZhMA0G
CSqGSIb3DQEBCwUAA4IBAQAuGkEd/uv3BEHztbFxlJohXN+TpzHp+fcSUatdFOoO
WWcwwlmm+LSthy0pGmGQjw+HaxprtmG40U75aheEgvzdtxCUwfrJLfwvUd61qvqj
CjLrKWEfQAxAmyYY5po1dLVaky5BBLj0HDUqZ1pFK44+QBhTMml9rFjrlsTvftcu
PGC0rN9Mc8zI+8w/kt6CpgWkTssvEbDMEgiivQx29Us0QLfl+c7dSXhsO8v/ndHD
ZFO0ZwZjqiWpe1EzV5vYTKOnssfV3svBabzI6tct19jGqNbwHXNRg+D70j25ll16
LzMiQEjzBxriQQQ9nPQYz4lNIukQa2k270QRIAH8Jtcp
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:21:26 2024 by rpki-client on console-ams.rpki-client.org