Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/K72sahkHzNTlh2OOiV6IahgHT48.roa
File:                     K72sahkHzNTlh2OOiV6IahgHT48.roa (raw, json)
Hash identifier:          B+N0hfHnmNQDhXiIg8zL6Gug+BT0Qx2nJvcc1l0mFaM=
Subject key identifier:   2B:BD:AC:6A:19:07:CC:D4:E5:87:63:8E:89:5E:88:6A:18:07:4F:8F
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       018D91D6948F07A2B82DF07E614498058C9A
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/K72sahkHzNTlh2OOiV6IahgHT48.roa
Signing time:             Sat 10 Feb 2024 07:06:15 +0000
ROA not before:           Sat 10 Feb 2024 07:06:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213301
IP address blocks:        185.78.84.0/24 maxlen: 24
                          185.78.85.0/24 maxlen: 24
                          185.78.87.0/24 maxlen: 24
                          185.174.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:91:d6:94:8f:07:a2:b8:2d:f0:7e:61:44:98:05:8c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Feb 10 07:06:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bbdac6a1907ccd4e587638e895e886a18074f8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1d:02:29:b5:b6:45:54:a5:64:2b:ca:f1:0c:
                    fd:17:ce:00:87:19:c3:e2:41:09:67:e2:3c:9f:d4:
                    7a:a2:80:a7:23:f4:09:fa:36:be:6c:46:27:eb:42:
                    77:02:5d:43:09:ee:bb:2a:1d:ad:32:3d:fc:ee:56:
                    ec:a0:04:45:3c:86:00:18:76:4b:b5:2a:0f:46:c2:
                    66:54:90:f9:76:b6:bf:1b:e2:7a:c7:70:03:17:21:
                    34:0e:62:8c:8b:0a:7f:5f:f4:a9:67:a6:d7:35:25:
                    f8:09:d5:d6:d4:ae:26:ff:a0:7c:d1:8f:39:40:0f:
                    47:19:24:0e:c1:01:b5:bc:66:a1:58:1c:4d:cc:0e:
                    38:da:ff:d4:44:4a:c1:82:66:73:38:cf:7e:ae:80:
                    c7:06:a5:2b:a6:ac:80:aa:e6:fc:63:29:5a:af:ae:
                    15:e4:23:60:3b:fb:fd:82:ab:e3:d1:0f:e9:84:97:
                    ea:f1:21:92:4d:b8:32:82:08:b1:7e:7e:69:e1:fa:
                    ff:de:bb:a0:24:9b:1c:72:49:a6:2e:98:32:85:7a:
                    02:a5:e3:ac:18:1e:22:8a:54:09:74:f3:bb:ed:34:
                    a2:f2:2e:30:b2:d6:5a:be:9c:09:13:dd:63:77:38:
                    7e:36:7c:c7:82:07:f5:bf:61:6e:f3:7e:a2:11:75:
                    e4:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:BD:AC:6A:19:07:CC:D4:E5:87:63:8E:89:5E:88:6A:18:07:4F:8F
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/K72sahkHzNTlh2OOiV6IahgHT48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.84.0/23
                  185.78.87.0/24
                  185.174.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ba:e0:46:ec:c3:65:d4:38:f3:c2:a4:ef:3a:d9:6a:f4:3e:
         e3:aa:3b:5a:c1:dd:ad:1b:4d:67:b1:92:c6:fc:ed:52:06:5a:
         5a:99:ac:d9:db:49:94:9f:72:18:3d:14:27:44:d0:2d:4a:83:
         25:56:65:8f:38:61:82:68:54:0c:fe:6e:1a:83:ed:98:3f:86:
         e2:24:96:bd:42:6a:66:aa:b2:5c:36:13:d3:bc:b7:2c:72:d5:
         de:a9:b4:56:c6:ee:0a:a2:be:59:62:0f:0e:98:6d:e2:6f:23:
         7b:e7:02:63:06:d0:d5:52:2e:57:d5:90:c8:60:3a:f2:0b:2d:
         b6:f2:cb:47:0d:59:4d:2f:4a:ea:86:9f:72:94:49:56:32:ca:
         e0:a4:bf:42:ac:a6:fd:dd:70:f7:59:a3:92:01:04:54:db:13:
         47:66:25:fe:36:cd:55:62:b5:f1:66:fa:7c:fc:e9:b9:f4:de:
         ea:d3:d0:e0:9d:a4:99:78:03:3c:67:ff:e4:e3:17:7d:d8:21:
         6c:43:5d:e4:32:76:bd:3a:44:8b:d6:6c:7f:05:5b:b2:af:63:
         9e:19:0c:b0:08:1a:bb:dd:10:84:0b:f3:8c:a6:bf:84:79:da:
         e7:28:93:18:df:9a:0b:ed:9e:7a:c9:7a:f4:e9:47:1d:d1:6f:
         fd:a4:ef:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2R1pSPB6K4LfB+YUSYBYyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjQwMjEwMDcwNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmJkYWM2YTE5MDdjY2Q0ZTU4NzYzOGU4OTVlODg2YTE4MDc0ZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzB0CKbW2RVSlZCvK8Qz9F84AhxnD
4kEJZ+I8n9R6ooCnI/QJ+ja+bEYn60J3Al1DCe67Kh2tMj387lbsoARFPIYAGHZL
tSoPRsJmVJD5dra/G+J6x3ADFyE0DmKMiwp/X/SpZ6bXNSX4CdXW1K4m/6B80Y85
QA9HGSQOwQG1vGahWBxNzA442v/URErBgmZzOM9+roDHBqUrpqyAqub8Yylar64V
5CNgO/v9gqvj0Q/phJfq8SGSTbgyggixfn5p4fr/3rugJJscckmmLpgyhXoCpeOs
GB4iilQJdPO77TSi8i4wstZavpwJE91jdzh+NnzHggf1v2Fu836iEXXkpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCu9rGoZB8zU5YdjjoleiGoYB0+PMB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvSzcyc2Foa0h6TlRsaDJPT2lWNklhaGdIVDQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBuU5UAwQA
uU5XAwQAua5EMA0GCSqGSIb3DQEBCwUAA4IBAQAquuBG7MNl1DjzwqTvOtlq9D7j
qjtawd2tG01nsZLG/O1SBlpamazZ20mUn3IYPRQnRNAtSoMlVmWPOGGCaFQM/m4a
g+2YP4biJJa9QmpmqrJcNhPTvLcsctXeqbRWxu4Kor5ZYg8OmG3ibyN75wJjBtDV
Ui5X1ZDIYDryCy228stHDVlNL0rqhp9ylElWMsrgpL9CrKb93XD3WaOSAQRU2xNH
ZiX+Ns1VYrXxZvp8/Om59N7q09DgnaSZeAM8Z//k4xd92CFsQ13kMna9OkSL1mx/
BVuyr2OeGQywCBq73RCEC/OMpr+EedrnKJMY35oL7Z56yXr06Ucd0W/9pO91
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:49:01 2024 by rpki-client on console-fra.rpki-client.org