Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/2fv-_iSBnxzAE5fYNDFbQddXIwU.roa
File:                     2fv-_iSBnxzAE5fYNDFbQddXIwU.roa (raw, json)
Hash identifier:          tC3x8O6b2Z5PhzDUQp72TfTcF2yte/CL0Yt7sp9bLIU=
Subject key identifier:   D9:FB:FE:FE:24:81:9F:1C:C0:13:97:D8:34:31:5B:41:D7:57:23:05
Certificate issuer:       /CN=9213f2c2d06c64b895457ab50fc4920283a49cc7
Certificate serial:       018CC9690E9AB634EA8BD1545C0BF21B6E01
Authority key identifier: 92:13:F2:C2:D0:6C:64:B8:95:45:7A:B5:0F:C4:92:02:83:A4:9C:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/khPywtBsZLiVRXq1D8SSAoOknMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/2fv-_iSBnxzAE5fYNDFbQddXIwU.roa
Signing time:             Tue 02 Jan 2024 09:02:34 +0000
ROA not before:           Tue 02 Jan 2024 09:02:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210107
IP address blocks:        194.1.184.0/24 maxlen: 24
                          194.1.192.0/24 maxlen: 24
                          2a0f:c943::/32 maxlen: 32
                          2a0f:c941::/32 maxlen: 32
                          2a0f:c945::/32 maxlen: 32
                          2a0f:c947::/32 maxlen: 32
                          2a0f:c944::/32 maxlen: 32
                          2a0f:c942::/32 maxlen: 32
                          2a0f:c940::/32 maxlen: 32
                          2a0f:c946::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/khPywtBsZLiVRXq1D8SSAoOknMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/khPywtBsZLiVRXq1D8SSAoOknMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/khPywtBsZLiVRXq1D8SSAoOknMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:69:0e:9a:b6:34:ea:8b:d1:54:5c:0b:f2:1b:6e:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9213f2c2d06c64b895457ab50fc4920283a49cc7
        Validity
            Not Before: Jan  2 09:02:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9fbfefe24819f1cc01397d834315b41d7572305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c4:fc:f4:c2:58:b2:2b:13:28:80:4a:d3:67:
                    00:95:d4:8c:07:de:15:d7:1d:5e:d0:92:bc:d9:3b:
                    78:00:a5:96:6f:e7:7f:82:2a:1c:17:72:83:44:61:
                    3a:d6:17:82:55:b6:6d:e5:41:19:f5:1d:14:16:8b:
                    21:0d:3b:d2:5e:62:8b:e9:c7:a8:ab:fc:9a:df:3f:
                    86:2b:33:a5:ab:e0:e1:71:79:32:41:80:13:f7:86:
                    9f:38:6a:85:18:37:7f:6b:89:2a:c6:a6:dc:42:f1:
                    35:a2:f8:d7:f3:f1:e9:0b:e5:e5:31:e5:27:6d:00:
                    53:81:d0:7d:a3:59:e1:0c:44:1c:34:66:ea:07:99:
                    84:e7:72:17:66:c5:de:18:dc:b9:7f:89:09:95:08:
                    c7:7e:58:3b:13:c8:db:d4:25:85:55:d0:04:00:05:
                    b4:43:2a:d0:33:86:34:fd:b7:0e:1e:81:a6:a0:63:
                    90:d8:47:d0:c8:cc:0c:8c:1d:d0:ae:68:24:67:4a:
                    d8:4e:35:24:8b:53:70:f0:4b:3f:ae:53:fe:71:f5:
                    54:fa:9d:f1:a8:34:0e:b4:d5:44:02:c4:69:37:d6:
                    c9:2a:75:b1:65:80:7a:47:cf:5a:11:c6:d5:f2:e5:
                    e6:79:af:d9:48:5e:c0:03:ce:c8:b9:1f:cc:5e:ef:
                    0b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:FB:FE:FE:24:81:9F:1C:C0:13:97:D8:34:31:5B:41:D7:57:23:05
            X509v3 Authority Key Identifier:
                keyid:92:13:F2:C2:D0:6C:64:B8:95:45:7A:B5:0F:C4:92:02:83:A4:9C:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/khPywtBsZLiVRXq1D8SSAoOknMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/2fv-_iSBnxzAE5fYNDFbQddXIwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/khPywtBsZLiVRXq1D8SSAoOknMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.184.0/24
                  194.1.192.0/24
                IPv6:
                  2a0f:c940::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:a7:79:f6:8d:9e:29:1b:7f:52:d2:d6:5f:a0:de:03:cb:2e:
         2e:4e:e6:b7:b5:42:93:71:4f:9e:c4:28:44:a2:fa:5a:09:05:
         95:44:fb:f2:bc:26:66:5e:6b:85:6f:39:80:d3:e2:f0:26:1d:
         4d:4c:25:9d:70:05:99:a4:dd:3e:a3:d2:c0:43:93:73:9e:8f:
         ad:3f:05:ff:46:e0:4f:72:73:b4:fa:e9:c2:14:c2:27:55:ee:
         da:aa:4c:ef:bf:31:da:af:9a:6a:40:b9:e9:da:2d:7a:c1:bb:
         11:44:88:bf:e1:0b:33:40:ff:b5:ab:d4:39:aa:be:58:0c:e4:
         e0:58:69:3f:9e:64:0a:8c:3e:8f:23:ab:9b:d2:ef:9c:75:91:
         eb:08:f9:81:db:31:03:b7:f0:f0:5a:10:55:4e:85:a6:e0:eb:
         8c:6d:20:9c:af:98:d6:44:fd:f9:0c:76:73:aa:3c:1c:f0:36:
         e7:a5:82:98:e8:49:26:db:6c:1d:0e:44:f5:66:f9:d7:16:d6:
         e6:32:89:fb:a1:c9:80:f1:06:5b:b1:bd:b2:95:b3:f1:dd:3f:
         ce:96:29:7b:66:10:54:5c:e5:52:b3:c9:5a:10:71:76:6a:ef:
         a6:26:6d:e1:1c:93:93:e6:e3:19:4a:50:28:04:6e:64:89:d1:
         29:45:44:91
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJaQ6atjTqi9FUXAvyG24BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMTNmMmMyZDA2YzY0Yjg5NTQ1N2FiNTBmYzQ5MjAyODNh
NDljYzcwHhcNMjQwMTAyMDkwMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWZiZmVmZTI0ODE5ZjFjYzAxMzk3ZDgzNDMxNWI0MWQ3NTcyMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8T89MJYsisTKIBK02cAldSMB94V
1x1e0JK82Tt4AKWWb+d/giocF3KDRGE61heCVbZt5UEZ9R0UFoshDTvSXmKL6ceo
q/ya3z+GKzOlq+DhcXkyQYAT94afOGqFGDd/a4kqxqbcQvE1ovjX8/HpC+XlMeUn
bQBTgdB9o1nhDEQcNGbqB5mE53IXZsXeGNy5f4kJlQjHflg7E8jb1CWFVdAEAAW0
QyrQM4Y0/bcOHoGmoGOQ2EfQyMwMjB3QrmgkZ0rYTjUki1Nw8Es/rlP+cfVU+p3x
qDQOtNVEAsRpN9bJKnWxZYB6R89aEcbV8uXmea/ZSF7AA87IuR/MXu8L4QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNn7/v4kgZ8cwBOX2DQxW0HXVyMFMB8GA1UdIwQY
MBaAFJIT8sLQbGS4lUV6tQ/EkgKDpJzHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2hQeXd0QnNaTGlWUlhxMUQ4U1NBb09rbk1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8zMWE2YTQtOGE5ZC00N2EyLThmYmIt
YjlkZmYzZTdhMzJlLzEvMmZ2LV9pU0JueHpBRTVmWU5ERmJRZGRYSXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8zMWE2YTQtOGE5ZC00N2EyLThmYmItYjlkZmYzZTdhMzJl
LzEva2hQeXd0QnNaTGlWUlhxMUQ4U1NBb09rbk1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwgG4AwQA
wgHAMA0EAgACMAcDBQMqD8lAMA0GCSqGSIb3DQEBCwUAA4IBAQAAp3n2jZ4pG39S
0tZfoN4Dyy4uTua3tUKTcU+exChEovpaCQWVRPvyvCZmXmuFbzmA0+LwJh1NTCWd
cAWZpN0+o9LAQ5Nzno+tPwX/RuBPcnO0+unCFMInVe7aqkzvvzHar5pqQLnp2i16
wbsRRIi/4QszQP+1q9Q5qr5YDOTgWGk/nmQKjD6PI6ub0u+cdZHrCPmB2zEDt/Dw
WhBVToWm4OuMbSCcr5jWRP35DHZzqjwc8DbnpYKY6Ekm22wdDkT1ZvnXFtbmMon7
ocmA8QZbsb2ylbPx3T/Olil7ZhBUXOVSs8laEHF2au+mJm3hHJOT5uMZSlAoBG5k
idEpRUSR
-----END CERTIFICATE-----
Generated at Sun Nov 24 22:21:59 2024 by rpki-client on console-fra.rpki-client.org