Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/2B1mQlbgxSaXvo16VT-tf1_f2oE.roa
File:                     2B1mQlbgxSaXvo16VT-tf1_f2oE.roa (raw, json)
Hash identifier:          hlL6IdasOSwfpyusOxkW+2xzRUgHeqpGjKSz9jGe8Eo=
Subject key identifier:   D8:1D:66:42:56:E0:C5:26:97:BE:8D:7A:55:3F:AD:7F:5F:DF:DA:81
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       018CC8015179E53292A2AE098228F453FE92
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/2B1mQlbgxSaXvo16VT-tf1_f2oE.roa
Signing time:             Tue 02 Jan 2024 02:29:38 +0000
ROA not before:           Tue 02 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2874
IP address blocks:        57.79.0.0/16 maxlen: 32
                          57.86.0.0/16 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:51:79:e5:32:92:a2:ae:09:82:28:f4:53:fe:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  2 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d81d664256e0c52697be8d7a553fad7f5fdfda81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:90:79:3a:ad:8c:1f:ec:66:ca:71:38:c3:f9:
                    c3:df:d8:e2:a8:5e:d1:8f:a3:16:ff:29:45:94:14:
                    64:88:54:ab:06:d8:b8:91:15:04:0f:ad:52:10:e1:
                    9b:93:5e:22:6b:37:9d:a4:4f:59:28:56:fe:f1:71:
                    ab:c4:f2:82:3d:ab:0c:fb:73:6f:d2:3a:df:95:b7:
                    9d:88:03:85:aa:19:00:4d:aa:82:d6:3f:e5:32:29:
                    4c:60:e4:66:5a:ae:76:ec:ee:65:6c:13:7b:4e:5e:
                    0a:fc:17:6c:5a:7a:a6:a4:90:7a:45:88:95:be:e5:
                    d1:26:35:1c:fe:eb:5d:60:33:14:74:89:a0:f5:40:
                    42:e9:9f:54:2a:3b:4b:7e:81:b0:4d:7d:2a:0d:61:
                    4a:00:9a:7d:f7:3c:25:d6:5d:0d:09:26:d5:24:e6:
                    1c:68:9f:f8:9e:64:c4:85:70:f5:7e:b4:54:bc:5f:
                    ac:b9:f2:15:01:80:1a:d7:be:13:84:d2:cc:f3:08:
                    c1:66:20:d9:0c:1a:4a:18:ca:32:23:99:2b:a5:88:
                    b7:e9:44:a0:17:7b:8c:28:c9:21:87:06:fd:0c:4b:
                    dc:cc:84:e8:c8:e9:85:99:0d:fc:9a:44:fa:ca:f7:
                    51:0d:9f:ee:ac:a6:4a:32:4e:81:d3:f9:e5:ce:d2:
                    9a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:1D:66:42:56:E0:C5:26:97:BE:8D:7A:55:3F:AD:7F:5F:DF:DA:81
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/2B1mQlbgxSaXvo16VT-tf1_f2oE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.79.0.0/16
                  57.86.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c0:02:43:76:28:02:28:6a:31:45:bd:8d:a5:e8:1f:c2:44:63:
         40:e5:80:3e:aa:ce:a0:8c:08:45:4a:35:d6:63:e4:05:44:6c:
         5a:95:80:a0:59:da:e6:06:32:5f:58:f7:f6:26:b0:03:05:d3:
         c4:40:e9:67:b7:75:4e:93:1f:17:3d:fb:c9:56:80:a9:d3:a0:
         b8:fd:c1:c1:31:ee:1d:03:ba:57:f2:47:f1:21:10:f0:c9:8c:
         8e:33:48:31:09:fd:52:64:88:e3:fb:5c:22:92:e9:b3:b9:b4:
         22:75:6b:42:63:38:49:24:70:4d:4d:fe:09:a1:9e:46:21:0e:
         b7:46:97:f4:18:26:d8:be:4d:d6:4e:ea:23:87:5c:76:c0:9d:
         10:5a:b2:76:fc:b1:f6:8c:36:e7:c3:a0:79:06:39:27:9c:e1:
         96:a3:84:7d:b6:dd:52:0e:02:4e:54:a4:58:09:7c:5b:0d:64:
         9d:83:2b:22:55:f4:44:27:9d:76:8a:ea:12:97:87:2d:19:5e:
         19:72:c5:f9:27:43:64:18:21:66:c6:be:b0:a9:e6:ee:b9:2f:
         a0:8a:f6:c8:18:ea:8a:95:61:cd:f5:8d:2d:dc:73:b7:11:22:
         ae:6f:91:bc:ab:83:ae:2d:97:5e:4b:45:0c:44:aa:e5:4e:1d:
         9e:f1:ef:45
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzIAVF55TKSoq4Jgij0U/6SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjQwMTAyMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODFkNjY0MjU2ZTBjNTI2OTdiZThkN2E1NTNmYWQ3ZjVmZGZkYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZB5Oq2MH+xmynE4w/nD39jiqF7R
j6MW/ylFlBRkiFSrBti4kRUED61SEOGbk14iazedpE9ZKFb+8XGrxPKCPasM+3Nv
0jrflbediAOFqhkATaqC1j/lMilMYORmWq527O5lbBN7Tl4K/BdsWnqmpJB6RYiV
vuXRJjUc/utdYDMUdImg9UBC6Z9UKjtLfoGwTX0qDWFKAJp99zwl1l0NCSbVJOYc
aJ/4nmTEhXD1frRUvF+sufIVAYAa174ThNLM8wjBZiDZDBpKGMoyI5krpYi36USg
F3uMKMkhhwb9DEvczIToyOmFmQ38mkT6yvdRDZ/urKZKMk6B0/nlztKaUQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFNgdZkJW4MUml76NelU/rX9f39qBMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvMkIxbVFsYmd4U2FYdm8xNlZULXRmMV9mMm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAOU8DAwA5
VjANBgkqhkiG9w0BAQsFAAOCAQEAwAJDdigCKGoxRb2NpegfwkRjQOWAPqrOoIwI
RUo11mPkBURsWpWAoFna5gYyX1j39iawAwXTxEDpZ7d1TpMfFz37yVaAqdOguP3B
wTHuHQO6V/JH8SEQ8MmMjjNIMQn9UmSI4/tcIpLps7m0InVrQmM4SSRwTU3+CaGe
RiEOt0aX9Bgm2L5N1k7qI4dcdsCdEFqydvyx9ow258OgeQY5J5zhlqOEfbbdUg4C
TlSkWAl8Ww1knYMrIlX0RCeddorqEpeHLRleGXLF+SdDZBghZsa+sKnm7rkvoIr2
yBjqipVhzfWNLdxztxEirm+RvKuDri2XXktFDESq5U4dnvHvRQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:53 2024 by rpki-client on console-ams.rpki-client.org