Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/292HIn314WxQqkS_9HKlqlFz1-w.roa
File:                     292HIn314WxQqkS_9HKlqlFz1-w.roa (raw, json)
Hash identifier:          O4w0Zihh/EYSdRVtZcaZQe+Za/IXEDcrypuJ559P0Xs=
Subject key identifier:   DB:DD:87:22:7D:F5:E1:6C:50:AA:44:BF:F4:72:A5:AA:51:73:D7:EC
Certificate issuer:       /CN=cbd41cc121e0cb60a3a98dbf72ba4dbd63eebe9f
Certificate serial:       018CC2DB222CCE426F105BE4F39A051566ED
Authority key identifier: CB:D4:1C:C1:21:E0:CB:60:A3:A9:8D:BF:72:BA:4D:BD:63:EE:BE:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9QcwSHgy2CjqY2_crpNvWPuvp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/292HIn314WxQqkS_9HKlqlFz1-w.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208506
IP address blocks:        213.178.136.0/22 maxlen: 22
                          213.178.138.0/24 maxlen: 24
                          213.178.139.0/24 maxlen: 24
                          213.178.136.0/23 maxlen: 23
                          213.178.136.0/24 maxlen: 24
                          213.178.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/y9QcwSHgy2CjqY2_crpNvWPuvp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/y9QcwSHgy2CjqY2_crpNvWPuvp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9QcwSHgy2CjqY2_crpNvWPuvp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:22:2c:ce:42:6f:10:5b:e4:f3:9a:05:15:66:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd41cc121e0cb60a3a98dbf72ba4dbd63eebe9f
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbdd87227df5e16c50aa44bff472a5aa5173d7ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0c:20:91:89:ad:dd:ea:5c:b0:9b:de:29:57:
                    fb:7b:86:8f:6c:40:ae:fd:37:f6:79:83:94:43:b5:
                    b7:c5:e2:76:bc:dc:dd:5f:a5:ed:93:94:c3:b3:c2:
                    da:03:f8:8c:05:b8:59:52:ec:60:4a:20:97:06:fe:
                    0c:0c:7f:82:b4:e7:9b:18:e4:94:33:b0:bd:bf:a2:
                    2b:b8:6f:c9:5f:6c:bd:ba:db:4a:5d:5c:02:76:0a:
                    25:69:1b:db:5a:0d:43:22:3c:c4:12:e3:80:b3:65:
                    9a:41:35:2e:1f:cb:de:f7:4b:38:29:23:80:5b:98:
                    1c:2a:58:cf:c1:24:a3:ee:ce:1a:51:fc:e8:1f:ca:
                    0c:d1:83:d2:58:ae:b8:26:17:e8:f9:b7:43:da:44:
                    9a:0c:a4:f6:b4:04:66:c0:40:26:58:c5:48:ca:0c:
                    2e:d6:08:85:17:e3:96:fc:44:f7:0a:b1:b4:bf:cf:
                    52:06:b2:09:d0:01:1b:e0:fe:77:2c:ff:4d:78:86:
                    57:da:7f:30:bd:10:b0:10:81:bf:20:c9:1f:76:6d:
                    63:f6:cf:e4:33:48:26:14:4f:51:b9:5c:f4:71:dd:
                    e6:6e:72:98:83:4e:07:c9:c0:15:f1:c3:d9:a2:61:
                    71:31:5c:c7:de:27:60:8a:04:1c:ce:6c:63:6d:b9:
                    94:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:DD:87:22:7D:F5:E1:6C:50:AA:44:BF:F4:72:A5:AA:51:73:D7:EC
            X509v3 Authority Key Identifier:
                keyid:CB:D4:1C:C1:21:E0:CB:60:A3:A9:8D:BF:72:BA:4D:BD:63:EE:BE:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9QcwSHgy2CjqY2_crpNvWPuvp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/292HIn314WxQqkS_9HKlqlFz1-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/7eb4e8-bcb1-49ef-b944-53a5af765343/1/y9QcwSHgy2CjqY2_crpNvWPuvp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:8c:83:d1:d2:c8:95:ee:b1:5b:57:00:e3:ac:ff:60:66:93:
         7c:de:06:03:0f:b4:09:fc:eb:85:b8:45:f3:c9:97:1b:41:b2:
         b0:d4:d2:bb:a5:b2:9a:a2:55:6f:e0:ee:0b:10:25:64:ed:26:
         06:fe:9d:64:7e:3e:14:3d:d8:36:f3:cf:2f:f3:c4:0c:9b:ba:
         15:59:81:b1:8a:0e:d9:a3:16:4e:b5:fb:88:4d:f9:fe:45:85:
         8c:81:51:78:cb:22:4a:c7:94:89:35:fb:a5:29:81:02:b0:66:
         e9:cd:ae:3d:40:00:16:8b:ac:2f:20:0c:a7:2a:73:82:17:b5:
         77:f0:69:e6:04:81:69:ae:e6:e7:ea:fd:e5:b5:4b:4d:ac:b2:
         f6:a6:23:7b:3b:b6:92:19:a1:88:80:c8:5c:82:13:be:e9:0e:
         b5:eb:53:7c:3d:2a:63:07:2b:11:27:f7:3f:61:b2:5d:2e:96:
         5c:4f:7b:d9:62:ad:bb:66:ab:bf:cb:9f:88:c8:d8:e5:0d:b3:
         41:c3:a8:33:19:9b:c9:c6:be:da:88:b5:90:30:4a:fa:84:e9:
         31:2f:90:e2:d4:2d:ef:97:f2:97:9c:dc:59:bc:50:ba:38:63:
         01:aa:eb:08:bc:77:3d:98:a3:05:0a:c7:01:9f:1e:2e:9e:95:
         4c:63:91:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yIszkJvEFvk85oFFWbtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDQxY2MxMjFlMGNiNjBhM2E5OGRiZjcyYmE0ZGJkNjNl
ZWJlOWYwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmRkODcyMjdkZjVlMTZjNTBhYTQ0YmZmNDcyYTVhYTUxNzNkN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAwgkYmt3epcsJveKVf7e4aPbECu
/Tf2eYOUQ7W3xeJ2vNzdX6Xtk5TDs8LaA/iMBbhZUuxgSiCXBv4MDH+CtOebGOSU
M7C9v6IruG/JX2y9uttKXVwCdgolaRvbWg1DIjzEEuOAs2WaQTUuH8ve90s4KSOA
W5gcKljPwSSj7s4aUfzoH8oM0YPSWK64Jhfo+bdD2kSaDKT2tARmwEAmWMVIygwu
1giFF+OW/ET3CrG0v89SBrIJ0AEb4P53LP9NeIZX2n8wvRCwEIG/IMkfdm1j9s/k
M0gmFE9RuVz0cd3mbnKYg04HycAV8cPZomFxMVzH3idgigQczmxjbbmUpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvdhyJ99eFsUKpEv/RypapRc9fsMB8GA1UdIwQY
MBaAFMvUHMEh4Mtgo6mNv3K6Tb1j7r6fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlRY3dTSGd5MkNqcVkyX2NycE52V1B1dnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny83ZWI0ZTgtYmNiMS00OWVmLWI5NDQt
NTNhNWFmNzY1MzQzLzEvMjkySEluMzE0V3hRcWtTXzlIS2xxbEZ6MS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny83ZWI0ZTgtYmNiMS00OWVmLWI5NDQtNTNhNWFmNzY1MzQz
LzEveTlRY3dTSGd5MkNqcVkyX2NycE52V1B1dnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bKIMA0G
CSqGSIb3DQEBCwUAA4IBAQCTjIPR0siV7rFbVwDjrP9gZpN83gYDD7QJ/OuFuEXz
yZcbQbKw1NK7pbKaolVv4O4LECVk7SYG/p1kfj4UPdg2888v88QMm7oVWYGxig7Z
oxZOtfuITfn+RYWMgVF4yyJKx5SJNfulKYECsGbpza49QAAWi6wvIAynKnOCF7V3
8GnmBIFprubn6v3ltUtNrLL2piN7O7aSGaGIgMhcghO+6Q6161N8PSpjBysRJ/c/
YbJdLpZcT3vZYq27Zqu/y5+IyNjlDbNBw6gzGZvJxr7aiLWQMEr6hOkxL5Di1C3v
l/KXnNxZvFC6OGMBqusIvHc9mKMFCscBnx4unpVMY5Go
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:23:28 2024 by rpki-client on console-fra.rpki-client.org