Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/Yr2oqsD2BlcfUhAWTJbFCHYxliM.roa
File:                     Yr2oqsD2BlcfUhAWTJbFCHYxliM.roa (raw, json)
Hash identifier:          p2+0eAEbjFeY7Q45GMx0XAsBZmxVP8j8kIniX625xsM=
Subject key identifier:   62:BD:A8:AA:C0:F6:06:57:1F:52:10:16:4C:96:C5:08:76:31:96:23
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       018CC8DF2CC4D2534393820AF015F5C9EC93
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/Yr2oqsD2BlcfUhAWTJbFCHYxliM.roa
Signing time:             Tue 02 Jan 2024 06:31:58 +0000
ROA not before:           Tue 02 Jan 2024 06:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44282
IP address blocks:        147.234.24.0/24 maxlen: 24
                          147.234.30.0/24 maxlen: 24
                          147.234.30.0/23 maxlen: 23
                          147.234.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:2c:c4:d2:53:43:93:82:0a:f0:15:f5:c9:ec:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 06:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62bda8aac0f606571f5210164c96c50876319623
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8f:e5:06:b4:b2:99:54:ce:40:c9:df:1d:4d:
                    fb:5e:e9:6b:1a:3f:a7:6a:6d:47:b4:f8:47:fa:ab:
                    4c:bd:7f:da:08:79:61:8f:ff:2d:ed:3e:65:1d:67:
                    0b:b2:1a:06:85:dd:e2:36:9f:a3:17:64:76:59:57:
                    22:eb:90:0b:a9:bb:e2:cb:23:99:3b:a1:b8:d0:de:
                    63:fb:8f:e2:b1:12:aa:93:36:85:3e:3e:de:84:ca:
                    9d:1e:82:96:53:01:e6:3e:1b:09:de:1e:88:90:92:
                    ca:98:dc:03:d3:53:80:77:a2:d4:c6:70:77:9c:e6:
                    d4:1b:9b:cc:76:27:01:3f:f9:d1:80:71:28:27:e0:
                    c3:2d:b3:db:32:8c:09:e0:c1:9e:12:a0:ca:a3:01:
                    d3:c8:95:53:13:f9:8e:42:f5:c8:6a:7a:13:8e:01:
                    b2:1d:df:5e:59:30:0e:4d:9c:a0:03:a5:b0:5a:35:
                    be:e8:fe:66:1b:c8:61:e5:7a:1d:94:68:d5:27:cc:
                    c3:1d:06:6a:0a:58:1d:56:10:b5:82:df:cd:5a:4e:
                    0f:56:09:27:38:06:0c:33:c7:e1:5c:94:bf:b8:34:
                    e6:11:8b:9e:3a:d8:8c:28:52:35:6d:6e:ad:2c:bd:
                    ae:86:02:0c:e6:f5:7f:87:2c:84:28:bb:ae:d2:b6:
                    2a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:BD:A8:AA:C0:F6:06:57:1F:52:10:16:4C:96:C5:08:76:31:96:23
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/Yr2oqsD2BlcfUhAWTJbFCHYxliM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.24.0/24
                  147.234.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:81:5d:d3:a1:ce:9a:34:86:c9:14:6b:85:29:03:1e:32:ce:
         8b:ab:ee:fe:bd:0e:83:2f:f8:99:19:5f:24:7c:ad:6f:68:52:
         b5:9a:bd:00:40:41:f7:1e:c8:4b:be:b9:87:7b:61:fd:b0:5c:
         a3:b4:72:c9:44:4c:9c:e4:8b:ff:bf:54:e5:3c:bb:26:93:b5:
         88:a4:be:56:1e:56:b5:be:8a:48:3b:26:a9:76:c3:7d:e7:fb:
         ff:36:71:38:7d:61:bb:19:24:ad:31:19:9c:08:e9:92:9d:9d:
         25:59:5b:e1:a5:54:ee:16:28:c0:c9:41:27:3c:4f:25:e6:b3:
         35:74:87:a2:39:fd:39:b9:f6:67:09:b0:b8:44:d7:8f:8e:f7:
         36:9f:9b:c2:a4:32:ba:e4:b7:bf:38:1a:48:b3:94:07:0f:e9:
         5f:30:ac:42:87:41:8a:a6:a5:84:aa:60:7e:03:5a:67:68:25:
         9b:ce:e6:bd:7c:05:8d:6e:e8:bb:ad:82:7b:39:20:e5:fc:a2:
         4b:57:ea:fe:2f:63:cb:5a:63:0e:02:e9:de:3b:73:e1:fd:4c:
         3e:37:01:84:95:2c:fd:6d:98:a9:88:e8:22:18:8a:9c:6d:c1:
         83:96:6f:e0:c1:26:9b:15:28:3e:26:12:42:50:9a:97:97:69:
         ae:02:0b:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3yzE0lNDk4IK8BX1yeyTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmJkYThhYWMwZjYwNjU3MWY1MjEwMTY0Yzk2YzUwODc2MzE5NjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4/lBrSymVTOQMnfHU37XulrGj+n
am1HtPhH+qtMvX/aCHlhj/8t7T5lHWcLshoGhd3iNp+jF2R2WVci65ALqbviyyOZ
O6G40N5j+4/isRKqkzaFPj7ehMqdHoKWUwHmPhsJ3h6IkJLKmNwD01OAd6LUxnB3
nObUG5vMdicBP/nRgHEoJ+DDLbPbMowJ4MGeEqDKowHTyJVTE/mOQvXIanoTjgGy
Hd9eWTAOTZygA6WwWjW+6P5mG8hh5XodlGjVJ8zDHQZqClgdVhC1gt/NWk4PVgkn
OAYMM8fhXJS/uDTmEYueOtiMKFI1bW6tLL2uhgIM5vV/hyyEKLuu0rYqeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGK9qKrA9gZXH1IQFkyWxQh2MZYjMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvWXIyb3FzRDJCbGNmVWhBV1RKYkZDSFl4bGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk+oYAwQB
k+oeMA0GCSqGSIb3DQEBCwUAA4IBAQAHgV3Toc6aNIbJFGuFKQMeMs6Lq+7+vQ6D
L/iZGV8kfK1vaFK1mr0AQEH3HshLvrmHe2H9sFyjtHLJREyc5Iv/v1TlPLsmk7WI
pL5WHla1vopIOyapdsN95/v/NnE4fWG7GSStMRmcCOmSnZ0lWVvhpVTuFijAyUEn
PE8l5rM1dIeiOf05ufZnCbC4RNePjvc2n5vCpDK65Le/OBpIs5QHD+lfMKxCh0GK
pqWEqmB+A1pnaCWbzua9fAWNbui7rYJ7OSDl/KJLV+r+L2PLWmMOAuneO3Ph/Uw+
NwGElSz9bZipiOgiGIqcbcGDlm/gwSabFSg+JhJCUJqXl2muAgui
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:59:18 2024 by rpki-client on console-fra.rpki-client.org