Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/F8M_agMr3GGnvM2bxpdc1OrXn8g.roa
File:                     F8M_agMr3GGnvM2bxpdc1OrXn8g.roa (raw, json)
Hash identifier:          vWa8IO+BdTTMmfkUw+GRfzbark1ksrqVZW9eBkPD1nY=
Subject key identifier:   17:C3:3F:6A:03:2B:DC:61:A7:BC:CD:9B:C6:97:5C:D4:EA:D7:9F:C8
Certificate issuer:       /CN=e50e6692d9728da81f5c4f49e150773e1afbc80b
Certificate serial:       018CC49302CE9EF860E726B156C93AC33F4B
Authority key identifier: E5:0E:66:92:D9:72:8D:A8:1F:5C:4F:49:E1:50:77:3E:1A:FB:C8:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Q5mktlyjagfXE9J4VB3Phr7yAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/F8M_agMr3GGnvM2bxpdc1OrXn8g.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210658
IP address blocks:        62.204.47.0/24 maxlen: 24
                          5.181.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/5Q5mktlyjagfXE9J4VB3Phr7yAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/5Q5mktlyjagfXE9J4VB3Phr7yAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Q5mktlyjagfXE9J4VB3Phr7yAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:02:ce:9e:f8:60:e7:26:b1:56:c9:3a:c3:3f:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e50e6692d9728da81f5c4f49e150773e1afbc80b
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17c33f6a032bdc61a7bccd9bc6975cd4ead79fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:cf:c3:a4:d1:03:20:90:4f:49:23:6b:30:01:
                    e8:e5:2a:77:c5:0f:79:b3:3f:08:54:46:f9:3d:e9:
                    9d:b5:4e:d1:e0:34:9c:cf:b6:03:3e:75:46:6e:49:
                    7d:94:aa:38:27:01:58:ed:f2:cb:a5:47:7c:5a:f9:
                    0e:94:bc:da:e2:4a:83:a6:eb:2a:07:a2:65:40:a8:
                    bb:c2:f0:0a:7e:e5:df:da:b5:6f:09:78:5b:1d:74:
                    c8:bb:8f:50:f7:f8:d0:45:ab:0d:18:63:40:f7:f3:
                    73:4c:ca:aa:20:67:fe:b3:b1:68:55:24:bb:af:88:
                    bf:99:68:2e:d7:7d:85:a9:83:84:5f:ae:e9:7d:18:
                    fe:42:d8:04:37:7b:44:6a:7c:ab:c1:7c:bb:01:40:
                    6d:ad:b2:3c:b3:f0:0b:10:6d:63:5e:66:76:42:6e:
                    c7:48:d2:1c:7a:ee:f6:15:55:f7:df:34:75:7d:2b:
                    14:be:25:e2:1c:2c:ea:06:91:6f:37:1a:4e:14:e0:
                    1e:81:eb:05:56:a1:e3:f5:b9:1b:6b:81:05:7b:b3:
                    07:08:0e:39:f6:cc:4d:34:7f:f6:c5:09:ab:72:3d:
                    19:5c:54:65:e2:5e:84:0e:c5:d7:66:c1:6e:4a:e2:
                    b1:c5:97:43:de:24:db:b4:20:87:0e:c3:c9:ba:0e:
                    f6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:C3:3F:6A:03:2B:DC:61:A7:BC:CD:9B:C6:97:5C:D4:EA:D7:9F:C8
            X509v3 Authority Key Identifier:
                keyid:E5:0E:66:92:D9:72:8D:A8:1F:5C:4F:49:E1:50:77:3E:1A:FB:C8:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Q5mktlyjagfXE9J4VB3Phr7yAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/F8M_agMr3GGnvM2bxpdc1OrXn8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/f2ed50-4c9a-4344-9148-039c1405e175/1/5Q5mktlyjagfXE9J4VB3Phr7yAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.16.0/24
                  62.204.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:ad:01:47:e4:c6:93:a7:45:f5:1f:30:17:72:fe:0b:28:60:
         42:ac:fe:70:16:16:f1:9f:97:18:c7:08:ed:a5:aa:b2:76:44:
         98:9f:2f:47:ce:35:71:78:6e:33:dc:d9:d3:6f:f8:44:f2:f8:
         69:c7:96:fb:b1:04:81:8e:f1:c2:19:73:97:76:c4:45:c8:c0:
         1e:ff:ec:6c:fd:cf:75:9f:0a:c1:a3:94:f9:d1:15:66:0c:08:
         8f:6a:da:5a:28:e9:e9:b3:93:39:25:6f:b5:e0:bc:aa:b6:aa:
         62:04:3f:b2:1d:e1:d5:39:ec:c1:17:40:e2:c0:9f:9d:25:0e:
         ef:a9:82:0b:26:c4:78:8d:a1:e4:a5:16:d5:fa:a0:e8:cd:20:
         81:8e:dc:ba:2b:3a:01:f1:4f:b3:ea:a7:9f:df:80:1b:7f:68:
         fa:50:af:36:58:93:ea:95:7d:9e:09:da:c2:47:2f:02:e9:36:
         c2:bd:ae:f5:3e:d9:4c:49:1d:9b:3e:19:ed:2a:22:72:37:03:
         16:0b:99:9e:ab:11:4d:c8:33:c8:e6:41:16:12:8f:da:68:6f:
         75:8d:13:3c:04:f6:d9:88:2a:37:46:13:7f:da:55:b9:d8:e5:
         23:83:88:b4:ba:4a:d8:36:59:b5:d3:0b:02:e1:65:13:3b:68:
         63:f3:6a:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkwLOnvhg5yaxVsk6wz9LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MGU2NjkyZDk3MjhkYTgxZjVjNGY0OWUxNTA3NzNlMWFm
YmM4MGIwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2MzM2Y2YTAzMmJkYzYxYTdiY2NkOWJjNjk3NWNkNGVhZDc5ZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4c/DpNEDIJBPSSNrMAHo5Sp3xQ95
sz8IVEb5PemdtU7R4DScz7YDPnVGbkl9lKo4JwFY7fLLpUd8WvkOlLza4kqDpusq
B6JlQKi7wvAKfuXf2rVvCXhbHXTIu49Q9/jQRasNGGNA9/NzTMqqIGf+s7FoVSS7
r4i/mWgu132FqYOEX67pfRj+QtgEN3tEanyrwXy7AUBtrbI8s/ALEG1jXmZ2Qm7H
SNIceu72FVX33zR1fSsUviXiHCzqBpFvNxpOFOAegesFVqHj9bkba4EFe7MHCA45
9sxNNH/2xQmrcj0ZXFRl4l6EDsXXZsFuSuKxxZdD3iTbtCCHDsPJug72oQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBfDP2oDK9xhp7zNm8aXXNTq15/IMB8GA1UdIwQY
MBaAFOUOZpLZco2oH1xPSeFQdz4a+8gLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVE1bWt0bHlqYWdmWEU5SjRWQjNQaHI3eUFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9mMmVkNTAtNGM5YS00MzQ0LTkxNDgt
MDM5YzE0MDVlMTc1LzEvRjhNX2FnTXIzR0dudk0yYnhwZGMxT3JYbjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9mMmVkNTAtNGM5YS00MzQ0LTkxNDgtMDM5YzE0MDVlMTc1
LzEvNVE1bWt0bHlqYWdmWEU5SjRWQjNQaHI3eUFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbUQAwQA
PswvMA0GCSqGSIb3DQEBCwUAA4IBAQAirQFH5MaTp0X1HzAXcv4LKGBCrP5wFhbx
n5cYxwjtpaqydkSYny9HzjVxeG4z3NnTb/hE8vhpx5b7sQSBjvHCGXOXdsRFyMAe
/+xs/c91nwrBo5T50RVmDAiPatpaKOnps5M5JW+14LyqtqpiBD+yHeHVOezBF0Di
wJ+dJQ7vqYILJsR4jaHkpRbV+qDozSCBjty6KzoB8U+z6qef34Abf2j6UK82WJPq
lX2eCdrCRy8C6TbCva71PtlMSR2bPhntKiJyNwMWC5meqxFNyDPI5kEWEo/aaG91
jRM8BPbZiCo3RhN/2lW52OUjg4i0ukrYNlm10wsC4WUTO2hj82oh
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:01:07 2024 by rpki-client on console-fra.rpki-client.org