Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/H2u9v_Wlm4baQe7oBsap1t4B_Ds.roa
File:                     H2u9v_Wlm4baQe7oBsap1t4B_Ds.roa (raw, json)
Hash identifier:          t5hsIT/w7nqGec3K7bge1ielZyr3+fK2x6nkJZiYoL4=
Subject key identifier:   1F:6B:BD:BF:F5:A5:9B:86:DA:41:EE:E8:06:C6:A9:D6:DE:01:FC:3B
Certificate issuer:       /CN=a24b48edc7a325d7f1ae0f257c0e2835171bc9ae
Certificate serial:       018FDD8CDE6E7BFA79861721DC4F11747A21
Authority key identifier: A2:4B:48:ED:C7:A3:25:D7:F1:AE:0F:25:7C:0E:28:35:17:1B:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oktI7cejJdfxrg8lfA4oNRcbya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/H2u9v_Wlm4baQe7oBsap1t4B_Ds.roa
Signing time:             Mon 03 Jun 2024 10:02:27 +0000
ROA not before:           Mon 03 Jun 2024 10:02:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215914
IP address blocks:        213.132.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/oktI7cejJdfxrg8lfA4oNRcbya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/oktI7cejJdfxrg8lfA4oNRcbya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oktI7cejJdfxrg8lfA4oNRcbya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:8c:de:6e:7b:fa:79:86:17:21:dc:4f:11:74:7a:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a24b48edc7a325d7f1ae0f257c0e2835171bc9ae
        Validity
            Not Before: Jun  3 10:02:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f6bbdbff5a59b86da41eee806c6a9d6de01fc3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ad:c0:b8:f4:9a:7c:7e:20:f1:68:4e:ab:0c:
                    d8:98:4b:ad:21:90:cd:3a:68:48:62:81:04:fa:d1:
                    94:54:04:8e:4c:9c:5c:4e:9f:3c:fb:74:26:8c:de:
                    a9:7e:7a:cc:e6:98:c3:5d:d7:d1:0e:a5:52:5c:22:
                    e8:b4:18:43:5e:64:3b:97:14:0a:e9:e2:2f:de:8d:
                    e0:cc:fe:9c:96:c7:dd:63:c9:ee:b6:c9:be:60:3d:
                    fa:3c:59:ac:e4:23:80:31:31:28:bc:ba:65:53:58:
                    7a:c1:aa:c9:f8:21:30:1a:3b:0c:8b:ca:1c:19:ec:
                    55:54:1c:11:c1:66:eb:e2:c9:99:09:08:ea:ca:28:
                    60:c5:74:72:db:5d:70:fd:65:8f:81:da:d4:7b:7d:
                    3c:91:23:d0:62:c0:a3:b8:64:1d:92:00:0a:7d:79:
                    33:46:49:c3:7f:fd:13:07:da:23:01:37:ce:b5:b9:
                    1c:d5:9a:92:50:93:e1:a3:a5:2f:21:75:46:14:16:
                    d7:37:93:83:a2:db:9a:65:9c:dd:03:17:c4:7b:c3:
                    54:c8:83:72:d1:64:e0:28:e2:5c:32:0f:53:8d:76:
                    3f:31:0b:0b:96:3c:1e:9e:c1:cc:c5:64:2c:71:7f:
                    d7:3c:ea:3a:68:4d:40:84:1b:f1:10:a5:e3:07:3a:
                    47:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:6B:BD:BF:F5:A5:9B:86:DA:41:EE:E8:06:C6:A9:D6:DE:01:FC:3B
            X509v3 Authority Key Identifier:
                keyid:A2:4B:48:ED:C7:A3:25:D7:F1:AE:0F:25:7C:0E:28:35:17:1B:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oktI7cejJdfxrg8lfA4oNRcbya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/H2u9v_Wlm4baQe7oBsap1t4B_Ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/62afef-70d1-4fe2-9edf-7f1e57487c1a/1/oktI7cejJdfxrg8lfA4oNRcbya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.132.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:af:4a:94:70:87:55:e6:a8:a7:a7:7c:93:a2:80:6e:d5:fe:
         29:1f:1c:8c:d8:d6:31:5a:28:82:1c:fe:0e:59:2b:2c:e2:a7:
         bc:a5:0c:b1:cb:d0:90:f4:1a:7f:28:41:42:d2:62:53:e8:74:
         f8:ea:69:ff:e4:ed:bc:02:d9:77:92:37:5b:f0:bb:67:aa:56:
         16:14:2f:26:58:cd:39:77:13:d1:85:e7:50:e9:b2:20:d9:44:
         19:63:87:16:c8:d8:41:19:63:b4:9f:f4:e7:c1:78:82:51:3c:
         62:9d:b5:67:43:8d:31:ed:52:74:c9:eb:83:a5:6c:a5:de:f5:
         19:d9:47:de:a5:97:f9:83:c0:a6:48:0b:52:42:76:3e:b3:c5:
         5e:d8:75:45:37:9e:0b:1e:03:6e:86:c2:7a:2b:62:cf:35:2b:
         d6:20:6f:68:c8:03:64:af:b3:50:a2:fc:b4:c3:69:ce:b5:03:
         fd:d9:fa:94:87:f5:e6:21:4b:f0:47:67:dd:e8:0f:c7:62:5a:
         05:30:cb:1f:64:52:3e:ba:eb:9e:88:8d:0e:db:a9:07:0e:37:
         32:ab:5e:6a:3e:be:0a:69:95:4f:06:a6:2b:f9:8c:70:3e:e1:
         55:c3:d9:0f:36:83:0f:33:d0:c2:37:95:25:69:2d:23:92:b8:
         80:ae:37:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/djN5ue/p5hhch3E8RdHohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNGI0OGVkYzdhMzI1ZDdmMWFlMGYyNTdjMGUyODM1MTcx
YmM5YWUwHhcNMjQwNjAzMTAwMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjZiYmRiZmY1YTU5Yjg2ZGE0MWVlZTgwNmM2YTlkNmRlMDFmYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyK3AuPSafH4g8WhOqwzYmEutIZDN
OmhIYoEE+tGUVASOTJxcTp88+3QmjN6pfnrM5pjDXdfRDqVSXCLotBhDXmQ7lxQK
6eIv3o3gzP6clsfdY8nutsm+YD36PFms5COAMTEovLplU1h6warJ+CEwGjsMi8oc
GexVVBwRwWbr4smZCQjqyihgxXRy211w/WWPgdrUe308kSPQYsCjuGQdkgAKfXkz
RknDf/0TB9ojATfOtbkc1ZqSUJPho6UvIXVGFBbXN5ODotuaZZzdAxfEe8NUyINy
0WTgKOJcMg9TjXY/MQsLljwensHMxWQscX/XPOo6aE1AhBvxEKXjBzpHlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9rvb/1pZuG2kHu6AbGqdbeAfw7MB8GA1UdIwQY
MBaAFKJLSO3HoyXX8a4PJXwOKDUXG8muMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2t0STdjZWpKZGZ4cmc4bGZBNG9OUmNieWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni82MmFmZWYtNzBkMS00ZmUyLTllZGYt
N2YxZTU3NDg3YzFhLzEvSDJ1OXZfV2xtNGJhUWU3b0JzYXAxdDRCX0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni82MmFmZWYtNzBkMS00ZmUyLTllZGYtN2YxZTU3NDg3YzFh
LzEvb2t0STdjZWpKZGZ4cmc4bGZBNG9OUmNieWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YTOMA0G
CSqGSIb3DQEBCwUAA4IBAQCXr0qUcIdV5qinp3yTooBu1f4pHxyM2NYxWiiCHP4O
WSss4qe8pQyxy9CQ9Bp/KEFC0mJT6HT46mn/5O28Atl3kjdb8LtnqlYWFC8mWM05
dxPRhedQ6bIg2UQZY4cWyNhBGWO0n/TnwXiCUTxinbVnQ40x7VJ0yeuDpWyl3vUZ
2UfepZf5g8CmSAtSQnY+s8Ve2HVFN54LHgNuhsJ6K2LPNSvWIG9oyANkr7NQovy0
w2nOtQP92fqUh/XmIUvwR2fd6A/HYloFMMsfZFI+uuueiI0O26kHDjcyq15qPr4K
aZVPBqYr+YxwPuFVw9kPNoMPM9DCN5UlaS0jkriArjfn
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:45:11 2024 by rpki-client on console-fra.rpki-client.org