Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/4sI-G6Kgj9R2kDTR61RODi2b-JA.roa
File:                     4sI-G6Kgj9R2kDTR61RODi2b-JA.roa (raw, json)
Hash identifier:          5dgWtit5QSkQUgZaj0N5mA92wjGEeyib1Trc9ASghUs=
Subject key identifier:   E2:C2:3E:1B:A2:A0:8F:D4:76:90:34:D1:EB:54:4E:0E:2D:9B:F8:90
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC79457E44E517C7D2ED1258B205B1292
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/4sI-G6Kgj9R2kDTR61RODi2b-JA.roa
Signing time:             Tue 02 Jan 2024 00:30:36 +0000
ROA not before:           Tue 02 Jan 2024 00:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204393
IP address blocks:        2.188.238.0/24 maxlen: 24
                          2.188.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:57:e4:4e:51:7c:7d:2e:d1:25:8b:20:5b:12:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2c23e1ba2a08fd4769034d1eb544e0e2d9bf890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1e:8f:8a:3d:06:04:d9:41:cc:71:30:62:e6:
                    8d:a0:e3:b4:ab:08:7d:03:fe:4c:22:36:39:af:70:
                    33:ec:a9:92:23:98:61:e4:31:d3:65:1a:6e:46:52:
                    5d:df:2b:c2:b4:f8:25:17:a9:a6:9c:c6:f9:2a:f0:
                    cd:2e:60:6f:ef:c3:de:86:b0:39:05:0d:6b:64:23:
                    3b:0d:36:5d:ec:a9:6b:ea:ca:9d:34:4f:3a:0e:ef:
                    6f:12:a0:da:fa:0a:d1:dc:70:fe:26:f7:a4:b6:62:
                    23:c9:02:42:5f:c2:e0:2a:f7:13:cc:f5:b9:5c:76:
                    38:9c:9a:48:9e:13:0e:30:6c:af:be:d2:dc:21:01:
                    a5:6d:13:04:02:ce:ec:db:12:81:48:95:36:d6:7c:
                    9f:ec:6c:c4:72:d4:24:3c:35:c9:1c:ba:9b:3b:0e:
                    bf:85:2a:34:f0:ee:a0:75:2d:d6:3a:42:58:65:dc:
                    aa:bb:03:a4:cb:1d:a0:ff:3f:ed:39:79:77:f2:78:
                    8f:96:04:fd:db:f5:c1:f1:af:24:04:7f:dd:a0:8d:
                    77:74:53:3d:98:5d:98:73:f0:f8:c9:1b:d3:d4:88:
                    87:89:12:58:3d:09:71:7f:ef:69:07:cd:10:a0:84:
                    66:01:bd:b8:e2:d1:83:4a:d2:74:69:f8:9f:06:38:
                    8e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C2:3E:1B:A2:A0:8F:D4:76:90:34:D1:EB:54:4E:0E:2D:9B:F8:90
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/4sI-G6Kgj9R2kDTR61RODi2b-JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.188.234.0/24
                  2.188.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:4a:0b:4d:b7:e0:98:ea:4f:2b:e7:54:bb:9e:59:09:ab:b7:
         1c:bc:c2:db:20:77:9e:46:6d:58:10:84:f3:f6:13:2b:6d:6d:
         3e:0a:b0:df:c3:27:09:06:3e:dd:8d:d0:7d:12:aa:a2:13:31:
         9f:65:5a:5d:8d:6b:ca:e8:6e:46:50:0e:c1:e8:9a:18:1b:21:
         f6:ff:b7:e3:93:11:80:b4:7b:0e:48:30:9f:ba:51:06:14:7f:
         5e:a5:df:6a:9e:23:bd:0f:d8:87:fb:34:bf:a0:25:10:6e:c3:
         a9:57:fb:63:a1:35:5c:04:8e:9f:0a:7d:24:21:29:14:83:62:
         ee:c1:8a:7a:27:e6:93:8a:d2:6b:f4:f7:01:cc:8c:ac:d9:72:
         d8:87:d7:d7:c2:ab:c6:66:b0:43:55:c4:13:f6:ac:85:43:6e:
         19:a6:06:7d:fb:de:90:f3:14:4a:53:31:71:25:ad:0e:a7:13:
         a7:6d:fc:89:3b:5d:d7:bf:c9:ec:05:35:f6:04:06:16:7f:21:
         bb:2a:9f:a8:87:b4:78:46:f5:f0:ec:81:06:66:88:b0:51:ec:
         c8:d1:88:23:71:0c:7f:46:8c:f8:a4:22:98:78:ad:1b:5d:ac:
         48:4b:29:10:7e:f2:6b:13:30:72:3a:28:05:d1:de:8e:e0:33:
         b1:77:9f:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlFfkTlF8fS7RJYsgWxKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmMyM2UxYmEyYTA4ZmQ0NzY5MDM0ZDFlYjU0NGUwZTJkOWJmODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApR6Pij0GBNlBzHEwYuaNoOO0qwh9
A/5MIjY5r3Az7KmSI5hh5DHTZRpuRlJd3yvCtPglF6mmnMb5KvDNLmBv78PehrA5
BQ1rZCM7DTZd7Klr6sqdNE86Du9vEqDa+grR3HD+JvektmIjyQJCX8LgKvcTzPW5
XHY4nJpInhMOMGyvvtLcIQGlbRMEAs7s2xKBSJU21nyf7GzEctQkPDXJHLqbOw6/
hSo08O6gdS3WOkJYZdyquwOkyx2g/z/tOXl38niPlgT92/XB8a8kBH/doI13dFM9
mF2Yc/D4yRvT1IiHiRJYPQlxf+9pB80QoIRmAb244tGDStJ0afifBjiO8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOLCPhuioI/UdpA00etUTg4tm/iQMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvNHNJLUc2S2dqOVIya0RUUjYxUk9EaTJiLUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAArzqAwQA
ArzuMA0GCSqGSIb3DQEBCwUAA4IBAQCVSgtNt+CY6k8r51S7nlkJq7ccvMLbIHee
Rm1YEITz9hMrbW0+CrDfwycJBj7djdB9EqqiEzGfZVpdjWvK6G5GUA7B6JoYGyH2
/7fjkxGAtHsOSDCfulEGFH9epd9qniO9D9iH+zS/oCUQbsOpV/tjoTVcBI6fCn0k
ISkUg2LuwYp6J+aTitJr9PcBzIys2XLYh9fXwqvGZrBDVcQT9qyFQ24ZpgZ9+96Q
8xRKUzFxJa0OpxOnbfyJO13Xv8nsBTX2BAYWfyG7Kp+oh7R4RvXw7IEGZoiwUezI
0YgjcQx/Roz4pCKYeK0bXaxISykQfvJrEzByOigF0d6O4DOxd594
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:22:19 2024 by rpki-client on console-fra.rpki-client.org