Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/2HvWSLZjNyRnB3g8ErnBvhyNO0k.roa
File:                     2HvWSLZjNyRnB3g8ErnBvhyNO0k.roa (raw, json)
Hash identifier:          sHRQ/R0VwEdirGDsy0dy11hSCt9fzpuUltck5Uq1pcY=
Subject key identifier:   D8:7B:D6:48:B6:63:37:24:67:07:78:3C:12:B9:C1:BE:1C:8D:3B:49
Certificate issuer:       /CN=f1a06c6c108e9419b2cdb21d48b49a6bbd6c16df
Certificate serial:       018CC5013297CF66068907540B436FAB4E8C
Authority key identifier: F1:A0:6C:6C:10:8E:94:19:B2:CD:B2:1D:48:B4:9A:6B:BD:6C:16:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/2HvWSLZjNyRnB3g8ErnBvhyNO0k.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207404
IP address blocks:        194.127.208.0/22 maxlen: 24
                          2001:678:c48::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:32:97:cf:66:06:89:07:54:0b:43:6f:ab:4e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1a06c6c108e9419b2cdb21d48b49a6bbd6c16df
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d87bd648b66337246707783c12b9c1be1c8d3b49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d7:b0:af:43:9a:d9:44:94:57:e7:e5:d3:08:
                    8c:f1:6b:5a:77:a6:57:3c:f5:35:37:4c:b2:d9:69:
                    70:ea:2e:9d:5f:ae:1e:80:99:35:62:a2:71:79:bd:
                    a9:a4:3c:99:e9:ac:8b:8e:5b:ed:04:98:91:0f:28:
                    08:b8:61:8b:25:06:8a:b8:82:b9:2c:73:1d:1c:6c:
                    47:90:0a:13:95:26:00:d0:9d:f9:04:0a:4b:40:26:
                    c1:bd:d2:06:64:5a:31:22:38:78:7c:01:b8:7d:6d:
                    6e:11:93:98:c6:48:b9:cf:f6:8b:18:e9:e9:71:09:
                    06:57:7d:3e:80:df:79:6e:0b:fa:9f:00:40:f6:f5:
                    2e:7c:16:1b:4c:b9:b4:08:0b:3f:54:94:64:da:d6:
                    a3:2b:fa:a9:49:11:97:9b:4e:b2:e2:1e:f8:ec:3d:
                    5e:86:c3:2c:21:52:94:5c:e9:c7:ee:b4:17:8e:24:
                    c8:6a:8e:1b:6a:a6:24:bf:fd:d8:c0:b3:9e:dc:4b:
                    6e:f1:97:a4:1c:d5:45:d4:97:5f:5e:0d:5c:5c:2e:
                    e9:8f:53:e8:7a:9d:15:b5:2d:dc:5c:7b:c9:68:67:
                    95:b9:37:e1:cc:7d:19:f7:7f:cc:15:7c:60:5e:fe:
                    e8:1d:b5:3b:8d:39:93:39:7c:ba:99:01:b9:8f:98:
                    44:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7B:D6:48:B6:63:37:24:67:07:78:3C:12:B9:C1:BE:1C:8D:3B:49
            X509v3 Authority Key Identifier:
                keyid:F1:A0:6C:6C:10:8E:94:19:B2:CD:B2:1D:48:B4:9A:6B:BD:6C:16:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8aBsbBCOlBmyzbIdSLSaa71sFt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/2HvWSLZjNyRnB3g8ErnBvhyNO0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/def647-9186-4729-bb99-142ebe869316/1/8aBsbBCOlBmyzbIdSLSaa71sFt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.208.0/22
                IPv6:
                  2001:678:c48::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:b4:a9:05:d1:2d:f1:eb:f6:9d:dc:62:9e:11:ec:0f:b9:8f:
         cc:f9:5a:6f:28:67:58:70:7b:88:57:32:9f:26:ab:9e:90:ea:
         d4:ca:99:e6:94:5c:16:3b:94:8f:08:cd:18:dc:bc:f9:37:37:
         88:4d:45:45:4b:a2:33:70:73:e1:9f:33:50:40:48:82:1e:d7:
         e4:3e:38:ec:28:e9:d6:2f:08:c8:59:0d:77:ba:65:a5:0d:39:
         4c:29:0b:69:ed:41:36:d1:7a:b3:ad:27:3a:4a:61:a5:d5:ef:
         fe:19:c8:cc:76:71:88:f9:33:da:53:dc:80:77:31:ae:b5:1e:
         c1:17:4e:e7:d7:01:fe:c1:1f:fd:b3:46:3d:4f:78:a4:5f:d8:
         34:26:59:4c:1a:a5:f0:33:10:78:ff:a4:48:dc:bd:89:94:72:
         29:0a:93:fb:5f:56:01:e8:78:43:78:72:75:d2:48:94:37:6c:
         56:ed:06:6e:46:be:12:a2:be:c9:ee:0f:67:00:41:ae:3f:9e:
         77:a1:78:aa:d1:11:d7:00:77:cd:2a:b9:ee:42:da:a1:98:f0:
         ac:9d:00:f5:d2:81:41:cb:89:e1:eb:99:64:b9:ee:f1:c4:7b:
         12:36:15:66:a0:cb:35:af:06:bd:0e:7a:a6:48:d2:5c:82:c2:
         5e:63:89:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFATKXz2YGiQdUC0Nvq06MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYTA2YzZjMTA4ZTk0MTliMmNkYjIxZDQ4YjQ5YTZiYmQ2
YzE2ZGYwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODdiZDY0OGI2NjMzNzI0NjcwNzc4M2MxMmI5YzFiZTFjOGQzYjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9ewr0Oa2USUV+fl0wiM8Wtad6ZX
PPU1N0yy2Wlw6i6dX64egJk1YqJxeb2ppDyZ6ayLjlvtBJiRDygIuGGLJQaKuIK5
LHMdHGxHkAoTlSYA0J35BApLQCbBvdIGZFoxIjh4fAG4fW1uEZOYxki5z/aLGOnp
cQkGV30+gN95bgv6nwBA9vUufBYbTLm0CAs/VJRk2tajK/qpSRGXm06y4h747D1e
hsMsIVKUXOnH7rQXjiTIao4baqYkv/3YwLOe3Etu8ZekHNVF1JdfXg1cXC7pj1Po
ep0VtS3cXHvJaGeVuTfhzH0Z93/MFXxgXv7oHbU7jTmTOXy6mQG5j5hEWQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNh71ki2YzckZwd4PBK5wb4cjTtJMB8GA1UdIwQY
MBaAFPGgbGwQjpQZss2yHUi0mmu9bBbfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGFCc2JCQ09sQm15emJJZFNMU2FhNzFzRnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9kZWY2NDctOTE4Ni00NzI5LWJiOTkt
MTQyZWJlODY5MzE2LzEvMkh2V1NMWmpOeVJuQjNnOEVybkJ2aHlOTzBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9kZWY2NDctOTE4Ni00NzI5LWJiOTktMTQyZWJlODY5MzE2
LzEvOGFCc2JCQ09sQm15emJJZFNMU2FhNzFzRnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwn/QMA8E
AgACMAkDBwAgAQZ4DEgwDQYJKoZIhvcNAQELBQADggEBAHC0qQXRLfHr9p3cYp4R
7A+5j8z5Wm8oZ1hwe4hXMp8mq56Q6tTKmeaUXBY7lI8IzRjcvPk3N4hNRUVLojNw
c+GfM1BASIIe1+Q+OOwo6dYvCMhZDXe6ZaUNOUwpC2ntQTbRerOtJzpKYaXV7/4Z
yMx2cYj5M9pT3IB3Ma61HsEXTufXAf7BH/2zRj1PeKRf2DQmWUwapfAzEHj/pEjc
vYmUcikKk/tfVgHoeEN4cnXSSJQ3bFbtBm5GvhKivsnuD2cAQa4/nneheKrREdcA
d80que5C2qGY8KydAPXSgUHLieHrmWS57vHEexI2FWagyzWvBr0OeqZI0lyCwl5j
iS4=
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:41:43 2024 by rpki-client on console-ams.rpki-client.org