Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/4uEOUhhiRQCIdO48q3JUxHAMSc4.roa
File:                     4uEOUhhiRQCIdO48q3JUxHAMSc4.roa (raw, json)
Hash identifier:          ExqhK0JCQtDvYdcp0o7N7bHCo196yGJ5+FLN868iaZU=
Subject key identifier:   E2:E1:0E:52:18:62:45:00:88:74:EE:3C:AB:72:54:C4:70:0C:49:CE
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       018CC9BCA83E67651A1EE3D56BBC9B6D9C12
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/4uEOUhhiRQCIdO48q3JUxHAMSc4.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198622
IP address blocks:        213.252.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a8:3e:67:65:1a:1e:e3:d5:6b:bc:9b:6d:9c:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2e10e52186245008874ee3cab7254c4700c49ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:3f:fb:a5:1d:cf:10:3c:fe:c3:43:cd:b7:93:
                    8f:8c:71:17:8e:46:0e:5f:b7:5a:6b:9a:e7:8d:fa:
                    63:a5:e1:b7:6b:ac:0b:34:dc:df:b7:63:de:8b:64:
                    93:5e:05:78:02:fa:75:2d:7f:85:3a:1e:78:bf:55:
                    4f:24:74:de:ca:c4:1d:c3:5d:ab:3f:bf:0d:3b:67:
                    c3:aa:c3:12:34:d9:b2:2b:33:20:a7:39:bd:90:46:
                    69:57:7b:97:cc:ae:75:31:6f:3f:86:c4:66:5d:06:
                    70:83:b1:72:48:15:88:11:be:e2:de:ae:91:07:0c:
                    ca:80:9b:16:94:e5:c5:db:05:ad:13:75:7c:c8:94:
                    5d:ff:d9:1b:64:a1:7e:38:76:f6:fd:6f:45:2d:68:
                    44:84:a8:d2:64:9c:df:37:7a:4d:a4:3b:b4:32:aa:
                    01:f1:21:02:50:64:26:57:9d:7f:f2:5f:94:b2:63:
                    2b:05:3b:41:70:da:d5:a7:e3:bc:c3:08:af:86:4f:
                    68:a3:e0:5f:5d:ec:01:39:ca:fb:47:08:1a:85:fe:
                    ab:06:c5:79:5d:67:40:c3:39:5a:29:ed:e5:11:49:
                    7f:3d:7c:fd:4c:72:ee:55:49:69:1c:fe:db:62:cb:
                    80:f5:ed:ce:7e:e5:55:b4:81:05:be:90:e4:9b:43:
                    e6:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:E1:0E:52:18:62:45:00:88:74:EE:3C:AB:72:54:C4:70:0C:49:CE
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/4uEOUhhiRQCIdO48q3JUxHAMSc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.252.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:70:4d:ff:7e:e8:c0:63:e4:a1:32:8d:b4:07:25:63:5a:87:
         76:7a:74:29:f8:77:48:a0:fa:a5:04:2b:d5:97:e1:90:9a:5e:
         b3:9b:0d:61:ae:73:15:b8:3e:bd:4a:90:08:3c:e6:6b:ee:f3:
         b0:48:77:73:ce:02:ae:fe:86:ad:81:89:c9:1b:21:e0:cb:3c:
         6a:20:10:6c:9f:d4:c2:52:a8:63:a4:5a:bc:bd:f5:0f:db:14:
         aa:ee:aa:36:b2:dd:cb:f6:80:44:5b:86:10:72:e2:cf:e1:66:
         86:6b:03:dd:ce:61:59:f8:a1:ef:e5:a9:47:21:07:26:4f:31:
         66:0a:65:72:fc:8c:2b:02:34:2e:a0:8b:1e:36:8c:05:29:35:
         c2:ab:36:a3:c9:42:a0:1c:b5:0c:54:bc:64:75:9d:92:21:a3:
         74:74:1e:eb:04:a6:34:30:ba:ec:5e:a0:d2:d7:b6:e9:cb:38:
         7f:6d:44:0b:21:0f:e3:57:92:d0:a1:d8:0b:77:f4:c1:58:a4:
         89:ab:4d:39:d0:09:dc:4f:23:68:2f:fe:7e:97:93:6c:8f:0e:
         7f:4b:ee:bd:3d:fd:9e:2d:a8:e8:a5:da:90:3f:63:0e:e9:fb:
         d9:31:03:3f:ad:d0:74:e2:ba:a1:25:10:68:ff:0a:84:1a:11:
         8c:cb:4d:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKg+Z2UaHuPVa7ybbZwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmUxMGU1MjE4NjI0NTAwODg3NGVlM2NhYjcyNTRjNDcwMGM0OWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7j/7pR3PEDz+w0PNt5OPjHEXjkYO
X7daa5rnjfpjpeG3a6wLNNzft2Pei2STXgV4Avp1LX+FOh54v1VPJHTeysQdw12r
P78NO2fDqsMSNNmyKzMgpzm9kEZpV3uXzK51MW8/hsRmXQZwg7FySBWIEb7i3q6R
BwzKgJsWlOXF2wWtE3V8yJRd/9kbZKF+OHb2/W9FLWhEhKjSZJzfN3pNpDu0MqoB
8SECUGQmV51/8l+UsmMrBTtBcNrVp+O8wwivhk9oo+BfXewBOcr7Rwgahf6rBsV5
XWdAwzlaKe3lEUl/PXz9THLuVUlpHP7bYsuA9e3OfuVVtIEFvpDkm0Pm8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLhDlIYYkUAiHTuPKtyVMRwDEnOMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvNHVFT1VoaGlSUUNJZE80OHEzSlV4SEFNU2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fz/MA0G
CSqGSIb3DQEBCwUAA4IBAQAAcE3/fujAY+ShMo20ByVjWod2enQp+HdIoPqlBCvV
l+GQml6zmw1hrnMVuD69SpAIPOZr7vOwSHdzzgKu/oatgYnJGyHgyzxqIBBsn9TC
UqhjpFq8vfUP2xSq7qo2st3L9oBEW4YQcuLP4WaGawPdzmFZ+KHv5alHIQcmTzFm
CmVy/IwrAjQuoIseNowFKTXCqzajyUKgHLUMVLxkdZ2SIaN0dB7rBKY0MLrsXqDS
17bpyzh/bUQLIQ/jV5LQodgLd/TBWKSJq0050AncTyNoL/5+l5Nsjw5/S+69Pf2e
LajopdqQP2MO6fvZMQM/rdB04rqhJRBo/wqEGhGMy00j
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:51:31 2024 by rpki-client on console-ams.rpki-client.org