Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/2tsRvJ2BerDHJiTWJCS0ajkvzMc.roa
File:                     2tsRvJ2BerDHJiTWJCS0ajkvzMc.roa (raw, json)
Hash identifier:          jIe0aMKamH/9N9MZUSp9Z9B/qGkyBz8SAOSxBfnBKEc=
Subject key identifier:   DA:DB:11:BC:9D:81:7A:B0:C7:26:24:D6:24:24:B4:6A:39:2F:CC:C7
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A47A9EFA8A42CB242C8D078450A58
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/2tsRvJ2BerDHJiTWJCS0ajkvzMc.roa
Signing time:             Tue 02 Jan 2024 12:33:37 +0000
ROA not before:           Tue 02 Jan 2024 12:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207676
IP address blocks:        92.253.218.0/23 maxlen: 24
                          146.120.110.0/24 maxlen: 24
                          92.253.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:47:a9:ef:a8:a4:2c:b2:42:c8:d0:78:45:0a:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dadb11bc9d817ab0c72624d62424b46a392fccc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d3:b6:06:71:c5:72:8e:a6:cf:5e:7f:b2:10:
                    b6:f8:50:1f:b2:bf:b1:c6:7e:16:cc:f0:5e:3b:7b:
                    90:c3:0e:66:98:99:18:f1:8e:b3:8b:ec:30:7a:b8:
                    5d:5c:55:26:06:f9:3a:66:1b:f1:f2:f2:a6:01:79:
                    54:3f:0a:52:e6:8a:11:b1:7d:22:ec:b4:89:7c:d5:
                    f7:ce:95:90:2a:fa:d1:b9:e7:2a:76:e3:f1:b0:e4:
                    8f:ca:e2:1f:2e:1e:55:74:66:6a:05:f0:c8:7d:bc:
                    a1:31:e7:fd:c8:5c:4a:1a:7a:17:1d:aa:ca:6d:77:
                    46:67:16:35:ef:c4:d5:82:be:f6:bb:89:c1:70:ef:
                    64:04:ff:d1:5b:ef:8f:54:f8:fe:9f:f4:65:a9:a1:
                    5f:2b:77:78:5c:e2:1b:b0:e0:ad:f1:8c:16:ff:12:
                    f6:18:07:08:5e:28:d9:2a:22:ff:6a:fa:24:8e:02:
                    ea:8e:f4:b0:59:32:43:05:25:40:7a:c8:7c:1a:50:
                    d6:59:65:b9:9b:2b:7d:6d:0a:dc:f5:d9:80:83:18:
                    1e:e4:7d:3e:de:73:fe:ba:fa:18:26:70:66:c9:3e:
                    bf:8c:ce:9b:5d:23:b0:15:d8:15:90:d7:0f:c5:b2:
                    f5:eb:eb:2e:35:83:99:0e:10:e0:93:99:31:b1:cd:
                    36:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:DB:11:BC:9D:81:7A:B0:C7:26:24:D6:24:24:B4:6A:39:2F:CC:C7
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/2tsRvJ2BerDHJiTWJCS0ajkvzMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.253.218.0/23
                  92.253.235.0/24
                  146.120.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:a8:1c:0c:c6:ec:49:ea:85:de:89:4c:6c:ee:12:04:27:aa:
         ca:aa:58:85:0a:a0:1f:cd:39:10:aa:38:43:cf:73:24:04:ae:
         46:a6:b4:c5:1e:91:0d:36:8e:35:67:4c:10:8b:81:ba:f2:58:
         9e:6b:46:ca:86:f7:b3:dc:fa:58:a3:09:c8:6c:da:6c:c0:ac:
         ca:d4:eb:57:e8:94:26:a2:98:70:7a:95:64:f0:2b:ec:cc:2c:
         28:12:2b:7f:7c:a1:a7:76:74:30:e0:95:44:8b:d5:b3:dd:36:
         26:50:ad:49:8c:2c:5a:41:ca:98:24:af:7b:59:95:a4:8a:94:
         3f:76:8e:63:10:3c:8f:6c:27:25:dc:3c:34:88:7e:1d:49:79:
         01:ad:dc:05:ed:73:a2:6a:82:c6:8d:8d:a5:25:57:f7:65:47:
         2c:eb:b1:d2:1e:b7:38:ba:5b:6f:29:7f:a4:4a:34:94:9d:8a:
         f2:cb:14:f4:62:15:ee:ad:9e:e0:1d:dc:10:c1:47:26:3a:87:
         7e:ea:ee:5e:98:18:dd:78:01:32:e1:c5:7d:13:56:6a:5d:85:
         58:6a:c2:21:b4:82:0f:20:42:28:19:e2:ec:fa:61:77:d2:ba:
         31:4c:43:35:93:0a:0b:ad:3b:40:12:50:70:f0:3c:e0:92:95:
         f4:3f:a8:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKkep76ikLLJCyNB4RQpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWRiMTFiYzlkODE3YWIwYzcyNjI0ZDYyNDI0YjQ2YTM5MmZjY2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9O2BnHFco6mz15/shC2+FAfsr+x
xn4WzPBeO3uQww5mmJkY8Y6zi+wwerhdXFUmBvk6Zhvx8vKmAXlUPwpS5ooRsX0i
7LSJfNX3zpWQKvrRuecqduPxsOSPyuIfLh5VdGZqBfDIfbyhMef9yFxKGnoXHarK
bXdGZxY178TVgr72u4nBcO9kBP/RW++PVPj+n/RlqaFfK3d4XOIbsOCt8YwW/xL2
GAcIXijZKiL/avokjgLqjvSwWTJDBSVAesh8GlDWWWW5myt9bQrc9dmAgxge5H0+
3nP+uvoYJnBmyT6/jM6bXSOwFdgVkNcPxbL16+suNYOZDhDgk5kxsc02EQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNrbEbydgXqwxyYk1iQktGo5L8zHMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvMnRzUnZKMkJlckRISmlUV0pDUzBhamt2ek1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBXP3aAwQA
XP3rAwQAknhuMA0GCSqGSIb3DQEBCwUAA4IBAQB4qBwMxuxJ6oXeiUxs7hIEJ6rK
qliFCqAfzTkQqjhDz3MkBK5GprTFHpENNo41Z0wQi4G68liea0bKhvez3PpYownI
bNpswKzK1OtX6JQmophwepVk8CvszCwoEit/fKGndnQw4JVEi9Wz3TYmUK1JjCxa
QcqYJK97WZWkipQ/do5jEDyPbCcl3Dw0iH4dSXkBrdwF7XOiaoLGjY2lJVf3ZUcs
67HSHrc4ultvKX+kSjSUnYryyxT0YhXurZ7gHdwQwUcmOod+6u5emBjdeAEy4cV9
E1ZqXYVYasIhtIIPIEIoGeLs+mF30roxTEM1kwoLrTtAElBw8DzgkpX0P6h1
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:25:41 2024 by rpki-client on console-ams.rpki-client.org