Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/XR2nySbgQRQhUwWDBFrS0r2Zj78.roa
File:                     XR2nySbgQRQhUwWDBFrS0r2Zj78.roa (raw, json)
Hash identifier:          4UZbe6k/n6dfjmlg+5U2ZO13YGqpLDVRng43FGFrf4c=
Subject key identifier:   5D:1D:A7:C9:26:E0:41:14:21:53:05:83:04:5A:D2:D2:BD:99:8F:BF
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018CCA2988A3E659967B81F688EEF0242102
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/XR2nySbgQRQhUwWDBFrS0r2Zj78.roa
Signing time:             Tue 02 Jan 2024 12:32:48 +0000
ROA not before:           Tue 02 Jan 2024 12:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        85.203.17.0/24 maxlen: 24
                          85.203.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:88:a3:e6:59:96:7b:81:f6:88:ee:f0:24:21:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 12:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d1da7c926e0411421530583045ad2d2bd998fbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:62:15:58:0b:99:31:5e:a3:03:58:01:b1:bf:
                    7c:b4:2b:63:a3:c6:6e:8c:b9:da:e6:e7:5d:89:01:
                    39:41:da:f8:44:9f:2c:01:20:26:a6:46:6f:e4:27:
                    06:ec:8d:5c:c6:7d:e3:c9:3d:f3:42:ad:46:4e:40:
                    c6:55:aa:7c:c1:39:7f:23:fc:34:99:cd:65:16:26:
                    f5:b9:b1:e4:10:ed:4d:0a:03:31:b4:ac:95:5a:98:
                    b1:28:63:76:35:3d:2f:09:62:5e:89:33:e4:00:d8:
                    28:ee:18:95:2b:ce:f6:f6:7b:c6:c6:8d:fd:88:f0:
                    9a:58:59:82:88:d7:1c:9f:d5:59:5c:b7:99:8f:85:
                    57:5f:90:ab:23:b4:52:3f:f7:54:99:80:c1:73:02:
                    5a:66:82:df:a7:64:28:2d:ea:94:86:e4:07:91:ee:
                    8f:a5:31:67:92:f1:da:c9:28:44:43:82:b0:8f:bf:
                    49:4d:20:c8:e4:90:6c:a0:a6:2b:7c:9e:4c:29:b9:
                    78:e5:48:9d:af:14:7d:ed:f9:ab:2a:9a:29:0a:fe:
                    69:27:51:f3:f8:58:70:14:32:d8:fc:1b:75:2c:e7:
                    c2:19:77:8c:d7:e0:57:4c:e6:6e:54:78:12:1e:1d:
                    5b:f5:b6:b5:1d:47:65:33:12:f5:5a:b2:de:27:b6:
                    c9:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:1D:A7:C9:26:E0:41:14:21:53:05:83:04:5A:D2:D2:BD:99:8F:BF
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/XR2nySbgQRQhUwWDBFrS0r2Zj78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.17.0-85.203.18.255

    Signature Algorithm: sha256WithRSAEncryption
         68:93:f6:48:1e:0b:19:83:aa:84:58:35:e2:cb:e3:ca:cb:e7:
         13:b0:76:c6:79:37:2e:d2:e7:03:7d:b8:2b:d6:69:37:a2:7e:
         d4:d1:1e:9d:71:9a:63:5e:eb:52:14:0d:e7:9c:8c:75:a4:5b:
         e7:85:25:e0:8b:37:ca:b8:53:5e:e8:8c:54:dd:d0:85:10:bd:
         49:3f:87:8a:c6:2e:5e:cc:52:26:d9:7c:9c:a3:cf:98:4d:15:
         55:f5:5f:30:9a:36:a5:7a:12:64:fc:b4:88:55:4f:96:3a:26:
         f4:1b:21:e2:d1:37:18:5c:2c:39:f1:07:72:68:eb:50:bb:b1:
         f5:cc:52:b2:f4:e2:c0:01:73:f2:d6:1b:39:db:d4:02:de:7d:
         7b:99:87:79:7c:cc:91:13:fd:e7:58:33:8f:01:22:50:ce:bb:
         9f:c4:e8:56:d1:13:d1:f7:47:4f:36:27:53:05:f2:a9:1b:fc:
         fb:33:16:24:8f:9e:57:b7:6f:94:f4:a7:7c:75:12:18:57:2d:
         f8:5b:02:e0:bc:d6:e1:2e:25:ec:36:2a:2d:f9:b3:7b:11:f6:
         c5:14:16:ec:82:d8:8f:4b:02:bb:81:27:7a:15:6e:8a:b0:e1:
         9b:a0:fd:d6:72:39:ce:6d:1a:72:ca:2c:94:57:ac:17:f9:b0:
         3d:9d:49:7f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKKYij5lmWe4H2iO7wJCECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwMTAyMTIzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDFkYTdjOTI2ZTA0MTE0MjE1MzA1ODMwNDVhZDJkMmJkOTk4ZmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWIVWAuZMV6jA1gBsb98tCtjo8Zu
jLna5uddiQE5Qdr4RJ8sASAmpkZv5CcG7I1cxn3jyT3zQq1GTkDGVap8wTl/I/w0
mc1lFib1ubHkEO1NCgMxtKyVWpixKGN2NT0vCWJeiTPkANgo7hiVK8729nvGxo39
iPCaWFmCiNccn9VZXLeZj4VXX5CrI7RSP/dUmYDBcwJaZoLfp2QoLeqUhuQHke6P
pTFnkvHayShEQ4Kwj79JTSDI5JBsoKYrfJ5MKbl45UidrxR97fmrKpopCv5pJ1Hz
+FhwFDLY/Bt1LOfCGXeM1+BXTOZuVHgSHh1b9ba1HUdlMxL1WrLeJ7bJhQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF0dp8km4EEUIVMFgwRa0tK9mY+/MB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvWFIybnlTYmdRUlFoVXdXREJGclMwcjJaajc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABVyxED
BABVyxIwDQYJKoZIhvcNAQELBQADggEBAGiT9kgeCxmDqoRYNeLL48rL5xOwdsZ5
Ny7S5wN9uCvWaTeiftTRHp1xmmNe61IUDeecjHWkW+eFJeCLN8q4U17ojFTd0IUQ
vUk/h4rGLl7MUibZfJyjz5hNFVX1XzCaNqV6EmT8tIhVT5Y6JvQbIeLRNxhcLDnx
B3Jo61C7sfXMUrL04sABc/LWGznb1ALefXuZh3l8zJET/edYM48BIlDOu5/E6FbR
E9H3R082J1MF8qkb/PszFiSPnle3b5T0p3x1EhhXLfhbAuC81uEuJew2Ki35s3sR
9sUUFuyC2I9LAruBJ3oVboqw4Zug/dZyOc5tGnLKLJRXrBf5sD2dSX8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:31:22 2024 by rpki-client on console-fra.rpki-client.org