Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/d09b56-4fcb-47bf-8025-99878cc9b14c/1/2-KvKLcygQV1bctBugvX4im-EIE.roa
File:                     2-KvKLcygQV1bctBugvX4im-EIE.roa (raw, json)
Hash identifier:          ap3oo5NJBAoMeclF5N2aYwleeNlIxlA+UdGTmZera7E=
Subject key identifier:   DB:E2:AF:28:B7:32:81:05:75:6D:CB:41:BA:0B:D7:E2:29:BE:10:81
Certificate issuer:       /CN=36cfaffc9c7868708f3c81ee5c0d64c35ac1bef1
Certificate serial:       0192B3F20B4F83FD36B5297EAC6E979D3989
Authority key identifier: 36:CF:AF:FC:9C:78:68:70:8F:3C:81:EE:5C:0D:64:C3:5A:C1:BE:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ns-v_Jx4aHCPPIHuXA1kw1rBvvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/d09b56-4fcb-47bf-8025-99878cc9b14c/1/2-KvKLcygQV1bctBugvX4im-EIE.roa
Signing time:             Tue 22 Oct 2024 11:17:17 +0000
ROA not before:           Tue 22 Oct 2024 11:17:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206948
IP address blocks:        91.226.78.0/24 maxlen: 24
                          91.226.160.0/24 maxlen: 24
                          91.226.184.0/24 maxlen: 24
                          185.216.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/d09b56-4fcb-47bf-8025-99878cc9b14c/1/Ns-v_Jx4aHCPPIHuXA1kw1rBvvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/d09b56-4fcb-47bf-8025-99878cc9b14c/1/Ns-v_Jx4aHCPPIHuXA1kw1rBvvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ns-v_Jx4aHCPPIHuXA1kw1rBvvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b3:f2:0b:4f:83:fd:36:b5:29:7e:ac:6e:97:9d:39:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36cfaffc9c7868708f3c81ee5c0d64c35ac1bef1
        Validity
            Not Before: Oct 22 11:17:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbe2af28b7328105756dcb41ba0bd7e229be1081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:65:24:29:28:9c:7a:54:19:84:fd:87:ed:1d:
                    91:3f:85:a9:eb:7b:ac:ec:42:6e:cf:3f:03:e9:e6:
                    b4:33:69:09:1e:10:2f:99:58:39:53:be:f1:51:44:
                    60:ff:c0:fa:99:48:8e:3c:be:a9:52:3b:4c:24:b5:
                    b6:02:40:ca:ac:37:83:33:0b:84:bb:2d:fd:8a:fb:
                    b5:89:ce:6e:38:68:c8:b0:4f:54:8b:a2:09:53:59:
                    a2:f7:b6:5c:ea:2e:ca:ad:25:14:bf:60:9a:28:49:
                    9d:b8:58:35:45:92:67:29:77:63:46:56:bd:21:c5:
                    ce:a2:e8:54:0f:96:64:6d:a8:ba:dd:f4:10:f2:0b:
                    88:87:fb:9a:2f:8d:7f:24:45:ca:a4:07:47:36:a8:
                    e1:8c:51:5f:68:38:2e:82:2e:fe:73:3e:32:16:05:
                    7f:93:31:0e:23:c4:5a:6d:9b:6c:92:89:1a:ce:0c:
                    e4:57:ad:f9:07:45:e5:20:65:57:da:fb:e5:c6:b8:
                    29:50:81:05:be:4a:79:e4:ad:ac:72:b2:f0:c6:31:
                    86:ce:0a:5d:57:d3:4c:19:09:82:8d:71:7a:13:c1:
                    e1:57:6e:f0:9f:98:45:cb:33:ec:dd:00:06:e8:d1:
                    a5:48:dd:3d:aa:77:e5:ab:d0:67:02:b6:ac:bd:90:
                    92:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E2:AF:28:B7:32:81:05:75:6D:CB:41:BA:0B:D7:E2:29:BE:10:81
            X509v3 Authority Key Identifier:
                keyid:36:CF:AF:FC:9C:78:68:70:8F:3C:81:EE:5C:0D:64:C3:5A:C1:BE:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ns-v_Jx4aHCPPIHuXA1kw1rBvvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d09b56-4fcb-47bf-8025-99878cc9b14c/1/2-KvKLcygQV1bctBugvX4im-EIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d09b56-4fcb-47bf-8025-99878cc9b14c/1/Ns-v_Jx4aHCPPIHuXA1kw1rBvvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.78.0/24
                  91.226.160.0/24
                  91.226.184.0/24
                  185.216.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:5c:cd:3b:db:96:cf:d7:c4:3e:3d:29:3a:d2:eb:13:a9:d4:
         af:86:5b:ae:a5:af:1a:23:3a:03:71:0e:d1:c0:a6:96:9d:43:
         b8:30:b5:23:27:17:29:0a:c1:12:94:cf:09:59:86:e5:1f:e8:
         1b:6e:c1:fb:9a:cc:c5:e2:2e:24:94:71:34:4b:d2:d5:50:10:
         cc:37:f9:0e:45:81:f8:aa:1a:5d:0a:1a:8c:3e:5f:c9:81:3d:
         58:18:2a:7c:e2:e1:7a:28:ed:18:72:12:23:c5:73:0a:6b:81:
         5a:f9:6b:8b:11:37:59:2f:5e:75:fc:e9:21:c7:7a:5c:8d:37:
         b2:ee:81:cc:ce:0f:e5:fc:dd:7a:5c:30:b0:6b:39:13:4b:e3:
         2d:61:1b:27:c1:04:a0:df:a6:92:35:bf:20:d0:24:67:26:7a:
         be:1f:c3:6c:28:9b:68:e2:be:37:01:27:c6:d4:ed:56:3b:b3:
         5b:1a:d8:fe:a5:6a:f7:4a:b3:56:68:19:c7:e6:07:f9:67:ed:
         e2:6e:d4:28:aa:49:92:c8:bb:53:53:9d:db:a1:48:59:ad:39:
         95:f5:41:f0:ae:9c:31:de:86:cd:04:ef:81:e7:7c:f0:2f:45:
         b7:2e:b5:73:04:7b:a7:dc:72:ec:10:9c:6f:a4:77:9d:be:42:
         6a:78:b7:b4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZKz8gtPg/02tSl+rG6XnTmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Y2ZhZmZjOWM3ODY4NzA4ZjNjODFlZTVjMGQ2NGMzNWFj
MWJlZjEwHhcNMjQxMDIyMTExNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmUyYWYyOGI3MzI4MTA1NzU2ZGNiNDFiYTBiZDdlMjI5YmUxMDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomUkKSicelQZhP2H7R2RP4Wp63us
7EJuzz8D6ea0M2kJHhAvmVg5U77xUURg/8D6mUiOPL6pUjtMJLW2AkDKrDeDMwuE
uy39ivu1ic5uOGjIsE9Ui6IJU1mi97Zc6i7KrSUUv2CaKEmduFg1RZJnKXdjRla9
IcXOouhUD5Zkbai63fQQ8guIh/uaL41/JEXKpAdHNqjhjFFfaDgugi7+cz4yFgV/
kzEOI8RabZtskokazgzkV635B0XlIGVX2vvlxrgpUIEFvkp55K2scrLwxjGGzgpd
V9NMGQmCjXF6E8HhV27wn5hFyzPs3QAG6NGlSN09qnflq9BnArasvZCSAwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNviryi3MoEFdW3LQboL1+IpvhCBMB8GA1UdIwQY
MBaAFDbPr/yceGhwjzyB7lwNZMNawb7xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnMtdl9KeDRhSENQUElIdVhBMWt3MXJCdnZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9kMDliNTYtNGZjYi00N2JmLTgwMjUt
OTk4NzhjYzliMTRjLzEvMi1LdktMY3lnUVYxYmN0QnVndlg0aW0tRUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9kMDliNTYtNGZjYi00N2JmLTgwMjUtOTk4NzhjYzliMTRj
LzEvTnMtdl9KeDRhSENQUElIdVhBMWt3MXJCdnZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW+JOAwQA
W+KgAwQAW+K4AwQBudi2MA0GCSqGSIb3DQEBCwUAA4IBAQAEXM0725bP18Q+PSk6
0usTqdSvhluupa8aIzoDcQ7RwKaWnUO4MLUjJxcpCsESlM8JWYblH+gbbsH7mszF
4i4klHE0S9LVUBDMN/kORYH4qhpdChqMPl/JgT1YGCp84uF6KO0YchIjxXMKa4Fa
+WuLETdZL151/Okhx3pcjTey7oHMzg/l/N16XDCwazkTS+MtYRsnwQSg36aSNb8g
0CRnJnq+H8NsKJto4r43ASfG1O1WO7NbGtj+pWr3SrNWaBnH5gf5Z+3ibtQoqkmS
yLtTU53boUhZrTmV9UHwrpwx3obNBO+B53zwL0W3LrVzBHun3HLsEJxvpHedvkJq
eLe0
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:11:34 2024 by rpki-client on console-ams.rpki-client.org