Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/bCSieWo-w4fpCq83KLhIaTqEOW4.roa
File:                     bCSieWo-w4fpCq83KLhIaTqEOW4.roa (raw, json)
Hash identifier:          kTQtlhHM4IZrhBolk9xQ5GppIc04PHq1Qs6KhkQC5fI=
Subject key identifier:   6C:24:A2:79:6A:3E:C3:87:E9:0A:AF:37:28:B8:48:69:3A:84:39:6E
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       018CC8DF320FFB3BDF2CA4E51E40D61C33C1
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/bCSieWo-w4fpCq83KLhIaTqEOW4.roa
Signing time:             Tue 02 Jan 2024 06:31:59 +0000
ROA not before:           Tue 02 Jan 2024 06:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205577
IP address blocks:        147.234.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:32:0f:fb:3b:df:2c:a4:e5:1e:40:d6:1c:33:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 06:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c24a2796a3ec387e90aaf3728b848693a84396e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:74:15:b5:a4:0c:5e:1f:8b:af:32:d1:8e:ae:
                    e1:8d:0a:af:85:01:fa:5c:24:9b:74:c6:90:c9:59:
                    ea:e8:de:23:f3:26:83:1c:08:9b:a8:c5:b1:c6:d9:
                    0b:86:28:79:21:77:fd:4e:ad:90:a8:5f:0e:6d:03:
                    9e:2f:05:a1:da:17:f9:6d:9d:32:31:3a:52:c9:8e:
                    f1:74:8a:a0:dd:32:2e:34:fe:c4:ee:09:37:ee:9d:
                    66:45:3a:db:ea:0d:c1:b6:4c:96:86:d2:ca:7f:a5:
                    da:50:19:21:e6:ca:19:94:0d:8f:35:36:ba:0a:a6:
                    52:e9:b7:e1:f3:b3:33:25:b9:5f:9b:27:6d:13:b3:
                    1b:e3:00:a5:40:7b:ce:37:28:44:ca:7e:ab:4f:a7:
                    b3:92:ad:f7:6d:e0:0a:61:6b:8a:b6:5b:b3:78:1f:
                    7f:eb:32:c3:ca:05:4d:f9:60:08:00:0e:25:a6:fd:
                    01:83:dd:6a:d1:f3:fa:c0:c7:f6:e4:4d:b3:41:55:
                    2c:38:e2:34:32:3d:6a:14:6a:17:c6:92:5c:5d:3d:
                    21:a8:81:fd:87:0e:c5:ed:12:a9:91:2a:65:8e:2a:
                    ec:70:be:ee:e0:0f:9a:7c:c0:7e:40:f4:f0:97:3d:
                    7a:76:7d:33:de:15:b8:67:65:34:13:35:fa:38:93:
                    31:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:24:A2:79:6A:3E:C3:87:E9:0A:AF:37:28:B8:48:69:3A:84:39:6E
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/bCSieWo-w4fpCq83KLhIaTqEOW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:fc:98:06:db:ff:ad:44:ec:2a:12:9a:e1:54:e9:d8:5a:8b:
         e7:de:3f:ba:be:13:45:74:48:ce:d7:57:b4:d2:82:86:91:5f:
         fc:a8:22:7c:e3:11:2e:b1:9a:d6:90:25:9a:60:20:df:6e:d8:
         fa:71:17:d1:33:5a:5d:8d:60:d2:98:d9:95:50:cb:71:36:05:
         97:72:5a:63:45:b8:94:40:29:69:37:9f:a1:99:a8:75:a8:c7:
         9e:46:02:bc:02:1e:c5:e5:3e:e8:d2:9d:9b:c9:77:13:20:c0:
         a4:3c:c6:29:97:56:77:65:96:48:8c:5d:c2:5f:46:60:6e:9e:
         c2:bb:ef:24:0e:a7:2a:18:b1:d4:7f:cf:ce:0d:4c:be:c6:8e:
         d3:6f:87:74:e8:09:44:d4:83:e5:f4:8f:59:7c:88:fd:06:5a:
         74:f9:cb:dc:b3:e7:53:c8:32:8c:73:11:db:f8:92:6e:96:6c:
         e6:e5:ba:09:7e:ab:10:ed:c5:41:54:ba:f9:9a:b2:bc:2e:aa:
         41:f0:7f:54:93:d9:29:06:b3:14:41:0b:30:fc:61:fe:09:b6:
         0b:9f:b8:d6:e2:39:1c:ab:2f:5c:98:ba:bc:69:e6:40:96:45:
         99:59:94:ca:82:87:cc:5e:17:84:ed:6c:b6:97:67:4f:ee:b0:
         1b:c8:a5:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3zIP+zvfLKTlHkDWHDPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjQwMTAyMDYzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzI0YTI3OTZhM2VjMzg3ZTkwYWFmMzcyOGI4NDg2OTNhODQzOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnQVtaQMXh+LrzLRjq7hjQqvhQH6
XCSbdMaQyVnq6N4j8yaDHAibqMWxxtkLhih5IXf9Tq2QqF8ObQOeLwWh2hf5bZ0y
MTpSyY7xdIqg3TIuNP7E7gk37p1mRTrb6g3BtkyWhtLKf6XaUBkh5soZlA2PNTa6
CqZS6bfh87MzJblfmydtE7Mb4wClQHvONyhEyn6rT6ezkq33beAKYWuKtluzeB9/
6zLDygVN+WAIAA4lpv0Bg91q0fP6wMf25E2zQVUsOOI0Mj1qFGoXxpJcXT0hqIH9
hw7F7RKpkSpljirscL7u4A+afMB+QPTwlz16dn0z3hW4Z2U0EzX6OJMxfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwkonlqPsOH6QqvNyi4SGk6hDluMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvYkNTaWVXby13NGZwQ3E4M0tMaElhVHFFT1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+oUMA0G
CSqGSIb3DQEBCwUAA4IBAQBP/JgG2/+tROwqEprhVOnYWovn3j+6vhNFdEjO11e0
0oKGkV/8qCJ84xEusZrWkCWaYCDfbtj6cRfRM1pdjWDSmNmVUMtxNgWXclpjRbiU
QClpN5+hmah1qMeeRgK8Ah7F5T7o0p2byXcTIMCkPMYpl1Z3ZZZIjF3CX0Zgbp7C
u+8kDqcqGLHUf8/ODUy+xo7Tb4d06AlE1IPl9I9ZfIj9Blp0+cvcs+dTyDKMcxHb
+JJulmzm5boJfqsQ7cVBVLr5mrK8LqpB8H9Uk9kpBrMUQQsw/GH+CbYLn7jW4jkc
qy9cmLq8aeZAlkWZWZTKgofMXheE7Wy2l2dP7rAbyKX3
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:59:18 2024 by rpki-client on console-fra.rpki-client.org