Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/vWH70oIlCnt8vRyNDdgiKFTZzVQ.roa
File:                     vWH70oIlCnt8vRyNDdgiKFTZzVQ.roa (raw, json)
Hash identifier:          nMHI595NYdWq3JwMGJWblF1heQ1F5dc3hyZV2B2Wj6s=
Subject key identifier:   BD:61:FB:D2:82:25:0A:7B:7C:BD:1C:8D:0D:D8:22:28:54:D9:CD:54
Certificate issuer:       /CN=69f295a3108f5cf1d326ffe9bf610fbcf18d72df
Certificate serial:       018F24B4E9446CA6002B39D7FC4929943DBB
Authority key identifier: 69:F2:95:A3:10:8F:5C:F1:D3:26:FF:E9:BF:61:0F:BC:F1:8D:72:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/afKVoxCPXPHTJv_pv2EPvPGNct8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/vWH70oIlCnt8vRyNDdgiKFTZzVQ.roa
Signing time:             Sun 28 Apr 2024 12:36:27 +0000
ROA not before:           Sun 28 Apr 2024 12:36:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40987
IP address blocks:        185.223.44.0/24 maxlen: 24
                          185.223.45.0/24 maxlen: 24
                          185.223.46.0/24 maxlen: 24
                          185.223.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/afKVoxCPXPHTJv_pv2EPvPGNct8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/afKVoxCPXPHTJv_pv2EPvPGNct8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/afKVoxCPXPHTJv_pv2EPvPGNct8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:24:b4:e9:44:6c:a6:00:2b:39:d7:fc:49:29:94:3d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69f295a3108f5cf1d326ffe9bf610fbcf18d72df
        Validity
            Not Before: Apr 28 12:36:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd61fbd282250a7b7cbd1c8d0dd8222854d9cd54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:17:4a:18:14:9b:cb:bd:94:8e:40:d3:1f:66:
                    32:f5:82:36:a8:19:78:81:97:97:cc:37:5e:b8:4f:
                    e4:8e:6e:3e:e6:27:27:92:c6:f1:e5:51:97:f0:8b:
                    49:49:fe:c2:c5:b5:c9:1b:f4:d2:05:39:b8:c5:54:
                    55:0f:6f:83:a3:95:ed:bb:20:35:c3:49:ea:7a:86:
                    c6:04:88:87:c7:29:d2:ff:7f:1d:57:01:eb:81:56:
                    7f:b0:56:b7:8c:6d:e2:56:8e:f5:db:e9:af:93:26:
                    eb:63:14:83:ab:6e:3e:5e:a8:b3:ff:7c:be:ec:08:
                    9e:03:43:16:6f:69:7c:79:ff:91:b0:c7:b2:9c:c5:
                    5d:43:0d:0e:8f:3c:08:ab:7f:23:aa:20:12:4a:62:
                    46:6c:b6:43:31:43:75:32:e9:59:c2:ca:65:e0:25:
                    99:10:c6:8e:aa:80:ca:13:6c:40:6f:6c:6c:2c:8c:
                    6f:d9:ba:62:39:d1:69:70:35:ea:de:f5:ba:5b:46:
                    27:b9:67:c3:38:6b:8a:aa:d0:49:f4:fa:e7:6a:51:
                    af:10:12:cd:a8:4b:2a:2a:5c:2b:27:e7:cb:c4:17:
                    fc:53:78:83:12:f6:91:c6:14:a2:39:54:a7:74:0f:
                    95:6b:1b:b3:eb:78:fb:3b:f6:06:b2:bd:74:2c:1c:
                    c4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:61:FB:D2:82:25:0A:7B:7C:BD:1C:8D:0D:D8:22:28:54:D9:CD:54
            X509v3 Authority Key Identifier:
                keyid:69:F2:95:A3:10:8F:5C:F1:D3:26:FF:E9:BF:61:0F:BC:F1:8D:72:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/afKVoxCPXPHTJv_pv2EPvPGNct8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/vWH70oIlCnt8vRyNDdgiKFTZzVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/430cf7-4407-4247-b2da-5a10d19cf1f3/1/afKVoxCPXPHTJv_pv2EPvPGNct8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:35:23:fe:6b:ab:06:d5:ed:50:64:6f:e0:a5:6a:6d:45:a7:
         64:89:b5:f3:e1:5f:93:63:58:df:0b:46:a6:88:2f:00:f5:d5:
         a2:01:b2:73:21:ea:40:4e:e1:22:3a:3d:b2:b0:51:c4:77:50:
         eb:a6:6c:64:d8:01:4a:c7:79:31:7a:6c:d0:f2:26:2d:eb:20:
         f3:73:90:b0:26:bd:a4:0b:e3:23:72:da:92:b7:3a:a7:dd:79:
         58:92:3d:0a:bd:2d:20:5b:47:9a:e1:2f:3a:f1:15:0c:f7:e0:
         f4:ee:8a:de:82:54:e3:5c:a5:ba:9e:43:4f:e6:97:de:8a:7e:
         d1:f7:c4:3e:00:6b:39:e2:5e:62:21:b7:33:e9:56:45:52:ed:
         e6:30:d5:01:c6:75:4f:a6:4c:e9:d3:25:55:65:0b:23:73:9d:
         fe:f0:3c:40:73:e9:b8:17:24:22:fa:33:51:84:2f:5e:03:67:
         8d:89:5d:1a:74:d4:af:57:31:ff:c4:63:24:c7:ba:ed:75:38:
         62:b1:48:f9:fa:6f:2d:a1:58:c2:0d:7a:f5:b0:a9:d7:4e:85:
         b7:56:31:2a:56:a9:87:3b:3f:a0:a4:3d:d1:5b:1b:d5:36:1b:
         6a:a0:d7:1f:45:4a:c1:56:e7:20:d6:41:9f:bf:26:21:ff:04:
         85:c9:6f:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8ktOlEbKYAKznX/EkplD27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZjI5NWEzMTA4ZjVjZjFkMzI2ZmZlOWJmNjEwZmJjZjE4
ZDcyZGYwHhcNMjQwNDI4MTIzNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDYxZmJkMjgyMjUwYTdiN2NiZDFjOGQwZGQ4MjIyODU0ZDljZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hdKGBSby72UjkDTH2Yy9YI2qBl4
gZeXzDdeuE/kjm4+5icnksbx5VGX8ItJSf7CxbXJG/TSBTm4xVRVD2+Do5XtuyA1
w0nqeobGBIiHxynS/38dVwHrgVZ/sFa3jG3iVo712+mvkybrYxSDq24+Xqiz/3y+
7AieA0MWb2l8ef+RsMeynMVdQw0OjzwIq38jqiASSmJGbLZDMUN1MulZwspl4CWZ
EMaOqoDKE2xAb2xsLIxv2bpiOdFpcDXq3vW6W0YnuWfDOGuKqtBJ9PrnalGvEBLN
qEsqKlwrJ+fLxBf8U3iDEvaRxhSiOVSndA+Vaxuz63j7O/YGsr10LBzEHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1h+9KCJQp7fL0cjQ3YIihU2c1UMB8GA1UdIwQY
MBaAFGnylaMQj1zx0yb/6b9hD7zxjXLfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWZLVm94Q1BYUEhUSnZfcHYyRVB2UEdOY3Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny80MzBjZjctNDQwNy00MjQ3LWIyZGEt
NWExMGQxOWNmMWYzLzEvdldINzBvSWxDbnQ4dlJ5TkRkZ2lLRlRaelZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny80MzBjZjctNDQwNy00MjQ3LWIyZGEtNWExMGQxOWNmMWYz
LzEvYWZLVm94Q1BYUEhUSnZfcHYyRVB2UEdOY3Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud8sMA0G
CSqGSIb3DQEBCwUAA4IBAQCONSP+a6sG1e1QZG/gpWptRadkibXz4V+TY1jfC0am
iC8A9dWiAbJzIepATuEiOj2ysFHEd1Drpmxk2AFKx3kxemzQ8iYt6yDzc5CwJr2k
C+MjctqStzqn3XlYkj0KvS0gW0ea4S868RUM9+D07oreglTjXKW6nkNP5pfein7R
98Q+AGs54l5iIbcz6VZFUu3mMNUBxnVPpkzp0yVVZQsjc53+8DxAc+m4FyQi+jNR
hC9eA2eNiV0adNSvVzH/xGMkx7rtdThisUj5+m8toVjCDXr1sKnXToW3VjEqVqmH
Oz+gpD3RWxvVNhtqoNcfRUrBVucg1kGfvyYh/wSFyW8/
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:42:49 2024 by rpki-client on console-ams.rpki-client.org