Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/afe2b9-f9a5-4c6b-ab5e-b9d7f41fc189/1/aEqLiO7p8BrTYpGK8NCTiZeH0VY.roa
File:                     aEqLiO7p8BrTYpGK8NCTiZeH0VY.roa (raw, json)
Hash identifier:          fAOyPzse8dtqVSj9tzWnJZ7X9wBGPE9lFkibBDcZ0X8=
Subject key identifier:   68:4A:8B:88:EE:E9:F0:1A:D3:62:91:8A:F0:D0:93:89:97:87:D1:56
Certificate issuer:       /CN=d73b40aebf88c17b1b562128a56f4245f2f15438
Certificate serial:       018CC5DCF933F5159AE0CAF6FFF337F46BD6
Authority key identifier: D7:3B:40:AE:BF:88:C1:7B:1B:56:21:28:A5:6F:42:45:F2:F1:54:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1ztArr-IwXsbViEopW9CRfLxVDg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/afe2b9-f9a5-4c6b-ab5e-b9d7f41fc189/1/aEqLiO7p8BrTYpGK8NCTiZeH0VY.roa
Signing time:             Mon 01 Jan 2024 16:30:42 +0000
ROA not before:           Mon 01 Jan 2024 16:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201893
IP address blocks:        2.57.132.0/22 maxlen: 22
                          185.229.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/afe2b9-f9a5-4c6b-ab5e-b9d7f41fc189/1/1ztArr-IwXsbViEopW9CRfLxVDg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/afe2b9-f9a5-4c6b-ab5e-b9d7f41fc189/1/1ztArr-IwXsbViEopW9CRfLxVDg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1ztArr-IwXsbViEopW9CRfLxVDg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f9:33:f5:15:9a:e0:ca:f6:ff:f3:37:f4:6b:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d73b40aebf88c17b1b562128a56f4245f2f15438
        Validity
            Not Before: Jan  1 16:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=684a8b88eee9f01ad362918af0d093899787d156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:1e:bb:8f:e7:41:9d:50:0e:aa:09:a6:0b:0c:
                    b2:24:64:1b:35:ed:1c:cd:e3:7f:b4:04:9c:24:07:
                    a6:2b:bf:42:2a:20:62:72:50:ca:d2:b9:5a:8b:32:
                    40:53:3b:63:2f:27:32:29:55:56:f1:95:0c:9d:cf:
                    84:4b:45:07:ed:68:6b:42:18:51:12:f7:6d:f4:dc:
                    59:f2:fd:e4:83:0a:48:bd:12:c4:12:28:8c:03:17:
                    9e:d9:02:7b:9c:c9:b5:ea:20:34:a6:6a:ce:e2:86:
                    7d:ed:bb:9d:f2:bc:b1:bd:a6:a6:2d:f0:bf:48:7f:
                    0b:68:2e:c2:63:84:18:d0:72:b5:b6:67:02:55:d8:
                    14:c3:9e:d0:93:58:4c:b0:7d:5b:ca:a1:99:c9:dc:
                    72:72:37:62:9a:fb:e6:d6:b9:2b:2b:87:a2:29:18:
                    61:3b:16:d0:29:c2:71:cb:ef:6e:a2:65:65:a0:1f:
                    bd:0c:a2:cc:c5:57:e8:53:87:32:14:af:b9:51:e0:
                    03:02:8c:08:20:de:8d:ca:8f:da:71:41:f9:47:8b:
                    67:35:3d:d9:ca:d9:f3:7e:68:f6:da:b7:2d:86:18:
                    d4:86:0e:62:3f:44:95:61:ec:0d:df:67:ea:df:b5:
                    22:7a:3b:30:46:7e:cd:7d:66:ff:bf:a9:69:db:b9:
                    66:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:4A:8B:88:EE:E9:F0:1A:D3:62:91:8A:F0:D0:93:89:97:87:D1:56
            X509v3 Authority Key Identifier:
                keyid:D7:3B:40:AE:BF:88:C1:7B:1B:56:21:28:A5:6F:42:45:F2:F1:54:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1ztArr-IwXsbViEopW9CRfLxVDg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/afe2b9-f9a5-4c6b-ab5e-b9d7f41fc189/1/aEqLiO7p8BrTYpGK8NCTiZeH0VY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/afe2b9-f9a5-4c6b-ab5e-b9d7f41fc189/1/1ztArr-IwXsbViEopW9CRfLxVDg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.132.0/22
                  185.229.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cf:41:26:7a:9b:5c:36:97:47:66:67:d9:e2:0f:e7:3e:d4:92:
         5a:6d:2c:bb:c5:6b:79:7e:73:eb:fa:6e:b4:15:e7:ec:96:5c:
         5a:58:db:d5:5b:3b:b4:30:c1:9d:53:e3:91:4b:bc:1b:72:b3:
         22:ea:ec:9e:02:69:4b:ce:f6:a6:e3:9f:99:6e:5b:2e:b2:8c:
         4b:14:80:17:e9:bc:70:98:01:64:4a:b9:bf:a8:3c:74:02:57:
         00:cc:e5:9d:0b:7d:0d:b2:58:75:15:ad:70:1c:9b:82:d9:dd:
         3a:93:63:78:f7:3d:cb:aa:0e:00:60:c9:c5:f9:03:41:3d:1e:
         a1:ea:05:bf:e2:54:32:d1:77:64:40:ca:35:38:e7:ff:50:71:
         2b:ee:2c:27:7e:bf:1b:b1:87:bf:3c:78:c4:05:d6:4c:13:7a:
         c7:a5:3a:6b:e9:80:59:a1:b8:09:6d:79:95:58:af:b1:92:fd:
         fc:0c:e5:c6:7b:52:12:df:1c:c6:93:4e:be:6d:4d:90:68:1b:
         21:3d:95:ad:3b:54:89:f0:09:83:59:a2:d5:69:a6:dd:e2:1f:
         d5:9e:8f:36:c5:56:32:05:56:79:3b:07:6e:c6:e1:56:51:0c:
         bd:f6:ac:6b:7d:7c:e6:63:1f:0d:42:dc:52:5d:3a:b2:a8:1d:
         80:8b:d3:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3Pkz9RWa4Mr2//M39GvWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3M2I0MGFlYmY4OGMxN2IxYjU2MjEyOGE1NmY0MjQ1ZjJm
MTU0MzgwHhcNMjQwMTAxMTYzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODRhOGI4OGVlZTlmMDFhZDM2MjkxOGFmMGQwOTM4OTk3ODdkMTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7R67j+dBnVAOqgmmCwyyJGQbNe0c
zeN/tAScJAemK79CKiBiclDK0rlaizJAUztjLycyKVVW8ZUMnc+ES0UH7WhrQhhR
Evdt9NxZ8v3kgwpIvRLEEiiMAxee2QJ7nMm16iA0pmrO4oZ97bud8ryxvaamLfC/
SH8LaC7CY4QY0HK1tmcCVdgUw57Qk1hMsH1byqGZydxycjdimvvm1rkrK4eiKRhh
OxbQKcJxy+9uomVloB+9DKLMxVfoU4cyFK+5UeADAowIIN6Nyo/acUH5R4tnNT3Z
ytnzfmj22rcthhjUhg5iP0SVYewN32fq37UiejswRn7NfWb/v6lp27lmtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGhKi4ju6fAa02KRivDQk4mXh9FWMB8GA1UdIwQY
MBaAFNc7QK6/iMF7G1YhKKVvQkXy8VQ4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXp0QXJyLUl3WHNiVmlFb3BXOUNSZkx4VkRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9hZmUyYjktZjlhNS00YzZiLWFiNWUt
YjlkN2Y0MWZjMTg5LzEvYUVxTGlPN3A4QnJUWXBHSzhOQ1RpWmVIMFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9hZmUyYjktZjlhNS00YzZiLWFiNWUtYjlkN2Y0MWZjMTg5
LzEvMXp0QXJyLUl3WHNiVmlFb3BXOUNSZkx4VkRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAjmEAwQC
ueV8MA0GCSqGSIb3DQEBCwUAA4IBAQDPQSZ6m1w2l0dmZ9niD+c+1JJabSy7xWt5
fnPr+m60FefsllxaWNvVWzu0MMGdU+ORS7wbcrMi6uyeAmlLzvam45+ZblsusoxL
FIAX6bxwmAFkSrm/qDx0AlcAzOWdC30Nslh1Fa1wHJuC2d06k2N49z3Lqg4AYMnF
+QNBPR6h6gW/4lQy0XdkQMo1OOf/UHEr7iwnfr8bsYe/PHjEBdZME3rHpTpr6YBZ
obgJbXmVWK+xkv38DOXGe1IS3xzGk06+bU2QaBshPZWtO1SJ8AmDWaLVaabd4h/V
no82xVYyBVZ5OwduxuFWUQy99qxrfXzmYx8NQtxSXTqyqB2Ai9NC
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:11:42 2024 by rpki-client on console-ams.rpki-client.org