Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/bo20zRcNK4gDpQFqmq493cs7Iws.roa
File:                     bo20zRcNK4gDpQFqmq493cs7Iws.roa (raw, json)
Hash identifier:          BMW/aozE9QHU8Sli24iHI58RaAOI11qJFq4gtCIiqAE=
Subject key identifier:   6E:8D:B4:CD:17:0D:2B:88:03:A5:01:6A:9A:AE:3D:DD:CB:3B:23:0B
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       018CC9BCA90980D6E7E18C073458EFCC11CC
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/bo20zRcNK4gDpQFqmq493cs7Iws.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202085
IP address blocks:        213.252.216.0/22 maxlen: 22
                          213.252.222.0/24 maxlen: 24
                          213.252.221.0/24 maxlen: 24
                          213.252.210.0/23 maxlen: 24
                          213.252.211.0/24 maxlen: 24
                          213.252.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a9:09:80:d6:e7:e1:8c:07:34:58:ef:cc:11:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e8db4cd170d2b8803a5016a9aae3dddcb3b230b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ce:e8:79:ae:e0:87:25:36:fb:01:31:88:e6:
                    da:5a:52:fa:0e:b9:1a:b1:79:68:03:2a:96:bf:f2:
                    33:df:f6:15:09:63:6b:65:18:6f:81:fb:ad:06:41:
                    6f:42:e3:a2:16:f4:2f:0f:16:50:e1:a9:47:a5:f9:
                    77:da:9e:ee:c9:ba:63:ab:4a:61:30:27:aa:ff:d6:
                    ef:f0:11:b6:65:5e:9c:88:c7:50:e3:6c:12:e6:67:
                    d0:cd:93:ba:70:2e:f9:51:38:71:1b:7a:2e:8a:1e:
                    44:50:7c:c1:5b:3a:d1:ec:c2:65:6c:4e:dc:7a:3b:
                    92:db:1e:dd:50:a5:60:bb:8a:85:69:8f:06:42:d4:
                    0b:46:f7:64:3e:96:da:44:e6:4a:34:fd:8a:ec:14:
                    e1:d1:63:b3:e7:09:3e:0b:4e:1e:cc:fc:05:ba:f5:
                    97:c3:67:bb:5c:e8:0f:c7:d5:74:79:28:f6:48:12:
                    ce:6e:af:f1:58:01:21:66:98:75:92:5c:5f:79:e9:
                    5c:9a:27:8d:c9:4a:f3:a7:a0:37:93:03:c5:cb:9c:
                    4e:05:0b:38:9d:48:90:4f:3e:89:fe:87:53:ec:72:
                    88:0e:96:76:4f:cc:72:91:d2:da:c2:03:ec:4c:5b:
                    95:fe:d5:0c:b8:0e:a7:16:de:c7:bc:d5:8d:11:a8:
                    ec:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:8D:B4:CD:17:0D:2B:88:03:A5:01:6A:9A:AE:3D:DD:CB:3B:23:0B
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/bo20zRcNK4gDpQFqmq493cs7Iws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.252.210.0-213.252.219.255
                  213.252.221.0-213.252.222.255

    Signature Algorithm: sha256WithRSAEncryption
         56:71:c8:6a:20:4b:c8:2e:19:3c:b0:2b:30:65:7d:5d:1a:16:
         fc:a2:0a:5c:1b:3e:cf:d2:5f:d8:5b:ac:53:54:cf:b0:f6:d8:
         68:7f:3c:70:89:a3:ba:d3:9a:3f:4e:c2:ba:d0:b1:d3:bd:34:
         18:60:b5:6c:32:28:c9:f1:90:ed:ee:d8:71:64:7f:50:98:cf:
         de:f1:9b:4a:da:ca:2d:af:4a:91:c9:36:03:28:8c:33:3b:b0:
         60:27:b3:c2:54:ae:76:e1:a8:12:b2:ba:d3:25:4e:1d:6e:18:
         00:67:1a:6f:61:1c:f5:b5:cb:45:00:6a:9d:72:a7:24:c2:44:
         ae:99:a6:da:c1:36:0a:23:36:a4:a7:54:8a:ea:3e:e7:f8:3e:
         39:30:25:33:58:d9:06:4b:0b:f6:c1:fa:c2:32:b6:d7:74:d1:
         99:92:d8:ba:86:db:5c:39:13:36:b9:ba:8e:c2:0f:23:90:f6:
         09:b7:92:19:27:44:9d:ec:e6:56:ee:3f:86:54:fb:bb:e7:27:
         d6:8d:6f:29:e4:af:cb:2a:df:79:54:39:08:84:d8:74:b8:8e:
         6c:db:7c:cd:26:ba:42:38:c3:f7:b3:48:c6:27:26:9b:6d:7b:
         73:6f:af:95:bb:bd:48:b6:e6:b3:5c:9d:2e:d6:0b:6c:4e:a3:
         74:a3:80:ae
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzJvKkJgNbn4YwHNFjvzBHMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZThkYjRjZDE3MGQyYjg4MDNhNTAxNmE5YWFlM2RkZGNiM2IyMzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsM7oea7ghyU2+wExiObaWlL6Drka
sXloAyqWv/Iz3/YVCWNrZRhvgfutBkFvQuOiFvQvDxZQ4alHpfl32p7uybpjq0ph
MCeq/9bv8BG2ZV6ciMdQ42wS5mfQzZO6cC75UThxG3ouih5EUHzBWzrR7MJlbE7c
ejuS2x7dUKVgu4qFaY8GQtQLRvdkPpbaROZKNP2K7BTh0WOz5wk+C04ezPwFuvWX
w2e7XOgPx9V0eSj2SBLObq/xWAEhZph1klxfeelcmieNyUrzp6A3kwPFy5xOBQs4
nUiQTz6J/odT7HKIDpZ2T8xykdLawgPsTFuV/tUMuA6nFt7HvNWNEajsAQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFG6NtM0XDSuIA6UBapquPd3LOyMLMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvYm8yMHpSY05LNGdEcFFGcW1xNDkzY3M3SXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAHV/NID
BALV/NgwDAMEANX83QMEANX83jANBgkqhkiG9w0BAQsFAAOCAQEAVnHIaiBLyC4Z
PLArMGV9XRoW/KIKXBs+z9Jf2FusU1TPsPbYaH88cImjutOaP07CutCx0700GGC1
bDIoyfGQ7e7YcWR/UJjP3vGbStrKLa9Kkck2AyiMMzuwYCezwlSuduGoErK60yVO
HW4YAGcab2Ec9bXLRQBqnXKnJMJErpmm2sE2CiM2pKdUiuo+5/g+OTAlM1jZBksL
9sH6wjK213TRmZLYuobbXDkTNrm6jsIPI5D2CbeSGSdEnezmVu4/hlT7u+cn1o1v
KeSvyyrfeVQ5CITYdLiObNt8zSa6QjjD97NIxicmm217c2+vlbu9SLbms1ydLtYL
bE6jdKOArg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:51:32 2024 by rpki-client on console-ams.rpki-client.org