Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/EH5HGaec_gYJ-cHrKAW7atbg_S4.roa
File:                     EH5HGaec_gYJ-cHrKAW7atbg_S4.roa (raw, json)
Hash identifier:          jBJ2XbkxmB4jMMsj7oQA4o7g6p3iX/lLlauLXMw1S44=
Subject key identifier:   10:7E:47:19:A7:9C:FE:06:09:F9:C1:EB:28:05:BB:6A:D6:E0:FD:2E
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018E60207B73BCA329AE4053A14C5D92448E
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/EH5HGaec_gYJ-cHrKAW7atbg_S4.roa
Signing time:             Thu 21 Mar 2024 08:28:45 +0000
ROA not before:           Thu 21 Mar 2024 08:28:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212027
IP address blocks:        212.80.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:20:7b:73:bc:a3:29:ae:40:53:a1:4c:5d:92:44:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Mar 21 08:28:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=107e4719a79cfe0609f9c1eb2805bb6ad6e0fd2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2a:5a:06:73:d9:a6:9b:0a:9a:68:3a:e9:c6:
                    f9:58:d4:fc:19:8a:ef:a2:ac:b9:aa:13:37:f6:10:
                    19:cd:c0:24:de:e6:2e:19:fa:f4:1c:11:af:1f:2f:
                    81:fd:4e:1e:a7:e6:b7:40:15:3a:32:6e:67:5b:86:
                    b0:4a:e5:56:e4:1e:e5:44:25:8c:2a:70:35:97:41:
                    26:1b:9b:b6:d2:73:0f:ac:9d:6e:78:9f:91:f3:1c:
                    22:1c:1d:8c:39:f6:ca:2d:7e:31:4c:4a:28:b3:ef:
                    70:c1:a5:ae:d4:59:f9:ee:22:a0:4a:14:18:4a:1a:
                    da:75:9b:28:e7:1a:ea:3a:61:56:9d:b3:6a:1f:7a:
                    14:f2:35:de:99:8b:aa:c9:39:e1:71:23:85:58:ac:
                    76:33:f3:94:79:26:66:5f:77:b2:79:0b:2a:14:39:
                    26:25:d6:23:40:2a:43:69:5b:f2:52:bf:c4:39:16:
                    aa:58:13:63:6c:02:3a:85:cd:a5:9b:3e:db:ca:17:
                    51:5b:e6:1b:53:63:bc:1f:83:27:2d:11:fb:91:99:
                    16:cd:0c:de:89:1f:d5:09:51:0f:81:fd:2c:93:20:
                    ab:b2:fc:0f:35:2d:e7:18:8a:54:bb:62:ca:9f:58:
                    63:a6:c0:8d:0e:cf:4a:f3:2e:22:ad:5c:31:d2:d2:
                    11:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:7E:47:19:A7:9C:FE:06:09:F9:C1:EB:28:05:BB:6A:D6:E0:FD:2E
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/EH5HGaec_gYJ-cHrKAW7atbg_S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:aa:d9:54:b0:8e:48:57:33:da:7c:73:8a:21:87:81:cc:7a:
         35:05:22:01:0d:c8:b9:9b:e2:d6:b1:d2:85:bf:87:b5:02:b2:
         c5:86:ff:53:69:5d:c8:d5:e8:6b:a6:bd:2e:d4:26:20:7d:8b:
         48:8a:dd:48:6d:56:a4:53:e6:b1:73:08:ea:29:37:f7:52:ef:
         4e:b0:bb:6b:43:32:a2:ce:ce:ab:b5:11:8e:7d:1d:e2:0e:fa:
         9f:2d:8c:d4:c4:bb:dd:72:28:c6:1c:92:da:59:88:9d:57:59:
         96:aa:7b:8a:b3:26:41:3c:75:32:49:45:1e:65:1a:80:da:08:
         13:10:30:78:fb:bc:61:cd:1f:83:f8:41:dc:4e:5b:13:06:60:
         96:53:c5:62:42:d2:3b:e3:36:bb:a4:65:53:c4:09:17:2e:69:
         2d:33:d2:2a:3c:69:21:b7:c9:4b:cc:86:cf:2b:53:29:6b:90:
         8d:7f:f9:32:6b:cb:da:86:dd:90:37:1a:00:c9:a5:16:40:6f:
         86:1f:2f:9f:2f:79:86:0f:25:78:7e:af:e1:43:33:58:a8:ba:
         8c:cd:98:2d:ce:0a:18:ff:32:94:cc:a4:7d:f5:d4:07:e7:da:
         5c:0b:53:98:5d:18:6a:ae:07:d6:5b:5c:ce:40:db:47:8d:fb:
         7a:93:2b:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5gIHtzvKMprkBToUxdkkSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMzIxMDgyODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDdlNDcxOWE3OWNmZTA2MDlmOWMxZWIyODA1YmI2YWQ2ZTBmZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjypaBnPZppsKmmg66cb5WNT8GYrv
oqy5qhM39hAZzcAk3uYuGfr0HBGvHy+B/U4ep+a3QBU6Mm5nW4awSuVW5B7lRCWM
KnA1l0EmG5u20nMPrJ1ueJ+R8xwiHB2MOfbKLX4xTEoos+9wwaWu1Fn57iKgShQY
ShradZso5xrqOmFWnbNqH3oU8jXemYuqyTnhcSOFWKx2M/OUeSZmX3eyeQsqFDkm
JdYjQCpDaVvyUr/EORaqWBNjbAI6hc2lmz7byhdRW+YbU2O8H4MnLRH7kZkWzQze
iR/VCVEPgf0skyCrsvwPNS3nGIpUu2LKn1hjpsCNDs9K8y4irVwx0tIR4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBB+RxmnnP4GCfnB6ygFu2rW4P0uMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvRUg1SEdhZWNfZ1lKLWNIcktBVzdhdGJnX1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FAGMA0G
CSqGSIb3DQEBCwUAA4IBAQBbqtlUsI5IVzPafHOKIYeBzHo1BSIBDci5m+LWsdKF
v4e1ArLFhv9TaV3I1ehrpr0u1CYgfYtIit1IbVakU+axcwjqKTf3Uu9OsLtrQzKi
zs6rtRGOfR3iDvqfLYzUxLvdcijGHJLaWYidV1mWqnuKsyZBPHUySUUeZRqA2ggT
EDB4+7xhzR+D+EHcTlsTBmCWU8ViQtI74za7pGVTxAkXLmktM9IqPGkht8lLzIbP
K1Mpa5CNf/kya8vaht2QNxoAyaUWQG+GHy+fL3mGDyV4fq/hQzNYqLqMzZgtzgoY
/zKUzKR99dQH59pcC1OYXRhqrgfWW1zOQNtHjft6kyus
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:53:49 2024 by rpki-client on console-fra.rpki-client.org