Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/ZdFkgGv5RO8qCLGxlkqlkFgFktw.roa
File:                     ZdFkgGv5RO8qCLGxlkqlkFgFktw.roa (raw, json)
Hash identifier:          TmYqxWN95IMIKi+TIJhYeU8oWLuQJC96mwmCYhgpV5M=
Subject key identifier:   65:D1:64:80:6B:F9:44:EF:2A:08:B1:B1:96:4A:A5:90:58:05:92:DC
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC7944E975EB9C96E916D16E07C506DC4
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/ZdFkgGv5RO8qCLGxlkqlkFgFktw.roa
Signing time:             Tue 02 Jan 2024 00:30:34 +0000
ROA not before:           Tue 02 Jan 2024 00:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     582
IP address blocks:        2.179.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4e:97:5e:b9:c9:6e:91:6d:16:e0:7c:50:6d:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65d164806bf944ef2a08b1b1964aa590580592dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:48:3d:83:a7:5f:fc:3d:3f:0d:2e:ad:37:43:
                    14:b8:e5:04:e7:01:72:e7:ca:5f:e9:ac:5a:b2:36:
                    b9:5c:a1:04:69:a6:5e:48:d8:49:46:36:da:c6:54:
                    a5:a1:23:90:c3:a5:5e:39:52:6e:50:dc:5e:40:4e:
                    01:58:07:fc:3f:4d:0b:da:c5:f4:77:2c:5d:c4:75:
                    72:83:9b:1a:ed:43:04:68:25:48:98:d4:7b:b6:f4:
                    d9:d4:3b:12:8c:f7:62:56:a9:a4:ee:bb:80:cf:03:
                    5d:41:9f:b2:63:2f:8c:4d:70:3e:32:d0:9b:31:cb:
                    85:77:21:8c:8e:5e:e1:cc:4a:9a:1c:89:42:21:88:
                    eb:15:e3:53:fa:3f:c6:29:ce:ae:d7:4d:52:8c:50:
                    d8:43:36:cf:5c:a7:96:b9:a1:5d:c2:76:16:bc:f6:
                    ba:40:18:67:ae:cc:77:4b:6b:34:6d:e8:47:39:54:
                    6e:6f:e4:f5:5a:e0:0a:d3:c3:74:20:0f:25:34:ba:
                    06:6f:dc:26:d4:48:b0:9c:61:a2:97:cf:8b:e5:39:
                    1c:00:ac:e9:10:e6:e8:20:19:3a:96:34:35:12:f3:
                    4b:41:92:71:4f:01:c4:4a:8f:1e:58:1f:bd:62:e7:
                    bf:85:a7:81:8d:70:ec:c2:9b:c6:31:7e:e4:2c:88:
                    f8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:D1:64:80:6B:F9:44:EF:2A:08:B1:B1:96:4A:A5:90:58:05:92:DC
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/ZdFkgGv5RO8qCLGxlkqlkFgFktw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.179.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:06:9e:7a:e7:25:51:d4:6e:90:ad:d7:2f:a0:cb:bb:47:d6:
         c0:1b:3f:84:dc:3d:31:af:29:06:42:6c:86:8e:c6:c0:38:ee:
         a0:78:d3:98:00:6c:6f:83:13:1d:91:bc:d3:82:24:59:0f:32:
         54:1f:86:90:55:ee:41:eb:09:90:b1:d3:e8:6a:16:2e:ca:7e:
         08:5a:51:06:8e:9f:57:16:45:15:aa:7d:af:32:5b:5d:6e:e9:
         75:cb:17:b7:d1:29:f6:28:6c:97:20:f8:f5:48:49:91:fe:fe:
         3e:3a:ce:9a:e0:d8:12:d7:a9:35:b4:a8:52:c0:a4:1b:35:7c:
         59:4a:1e:63:29:5e:2d:36:69:2a:12:7f:be:38:c6:29:b1:eb:
         b6:d1:25:99:f3:3b:4c:ce:d8:62:22:e2:7f:04:3f:83:c1:bb:
         b7:ba:84:41:11:2e:ac:b1:11:94:91:47:50:53:0d:4e:80:88:
         09:28:1a:65:ce:95:f5:16:7c:21:06:4f:de:b1:17:2b:44:24:
         be:a1:e1:1a:72:3a:47:4c:c6:46:c4:e8:c1:90:ca:83:c2:01:
         7f:01:d7:37:3f:38:42:c8:f9:d1:ba:85:30:e6:28:03:3c:27:
         1f:c9:e0:b0:c3:ad:6a:00:df:31:80:d7:0a:7a:f8:59:9d:25:
         d4:e9:af:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlE6XXrnJbpFtFuB8UG3EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWQxNjQ4MDZiZjk0NGVmMmEwOGIxYjE5NjRhYTU5MDU4MDU5MmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkg9g6df/D0/DS6tN0MUuOUE5wFy
58pf6axasja5XKEEaaZeSNhJRjbaxlSloSOQw6VeOVJuUNxeQE4BWAf8P00L2sX0
dyxdxHVyg5sa7UMEaCVImNR7tvTZ1DsSjPdiVqmk7ruAzwNdQZ+yYy+MTXA+MtCb
McuFdyGMjl7hzEqaHIlCIYjrFeNT+j/GKc6u101SjFDYQzbPXKeWuaFdwnYWvPa6
QBhnrsx3S2s0behHOVRub+T1WuAK08N0IA8lNLoGb9wm1EiwnGGil8+L5TkcAKzp
EOboIBk6ljQ1EvNLQZJxTwHESo8eWB+9Yue/haeBjXDswpvGMX7kLIj4AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXRZIBr+UTvKgixsZZKpZBYBZLcMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvWmRGa2dHdjVSTzhxQ0xHeGxrcWxrRmdGa3R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCArMQMA0G
CSqGSIb3DQEBCwUAA4IBAQBPBp565yVR1G6QrdcvoMu7R9bAGz+E3D0xrykGQmyG
jsbAOO6geNOYAGxvgxMdkbzTgiRZDzJUH4aQVe5B6wmQsdPoahYuyn4IWlEGjp9X
FkUVqn2vMltdbul1yxe30Sn2KGyXIPj1SEmR/v4+Os6a4NgS16k1tKhSwKQbNXxZ
Sh5jKV4tNmkqEn++OMYpseu20SWZ8ztMzthiIuJ/BD+Dwbu3uoRBES6ssRGUkUdQ
Uw1OgIgJKBplzpX1FnwhBk/esRcrRCS+oeEacjpHTMZGxOjBkMqDwgF/Adc3PzhC
yPnRuoUw5igDPCcfyeCww61qAN8xgNcKevhZnSXU6a8N
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:38:37 2024 by rpki-client on console-ams.rpki-client.org