Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/0f4d1a-e4b6-49c6-a50d-d1e30a5cac88/1/L2WDQsBqKDl0hP07UvmJJ6oaPVY.roa
File:                     L2WDQsBqKDl0hP07UvmJJ6oaPVY.roa (raw, json)
Hash identifier:          ZmwdzRnjWf20ldUNctykwUqcik84nCmfee5+r1fEQjg=
Subject key identifier:   2F:65:83:42:C0:6A:28:39:74:84:FD:3B:52:F9:89:27:AA:1A:3D:56
Certificate issuer:       /CN=321ffff5033a7901a3e9f275f6dc6e8ea0f93b8a
Certificate serial:       018CC79526C3B3444C1119ADFE7795AC68AC
Authority key identifier: 32:1F:FF:F5:03:3A:79:01:A3:E9:F2:75:F6:DC:6E:8E:A0:F9:3B:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mh__9QM6eQGj6fJ19txujqD5O4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/0f4d1a-e4b6-49c6-a50d-d1e30a5cac88/1/L2WDQsBqKDl0hP07UvmJJ6oaPVY.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56376
IP address blocks:        94.231.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/0f4d1a-e4b6-49c6-a50d-d1e30a5cac88/1/Mh__9QM6eQGj6fJ19txujqD5O4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/0f4d1a-e4b6-49c6-a50d-d1e30a5cac88/1/Mh__9QM6eQGj6fJ19txujqD5O4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mh__9QM6eQGj6fJ19txujqD5O4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:26:c3:b3:44:4c:11:19:ad:fe:77:95:ac:68:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=321ffff5033a7901a3e9f275f6dc6e8ea0f93b8a
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f658342c06a28397484fd3b52f98927aa1a3d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d6:97:82:c9:07:87:23:e1:0a:87:fc:6b:a9:
                    cf:42:7b:2d:91:e8:9e:af:cb:97:66:fe:06:1e:71:
                    2b:62:c7:b4:fe:f2:e6:72:2d:d4:96:7a:85:6f:c4:
                    c4:2c:62:92:7a:3d:55:7e:98:a4:15:ab:79:39:7c:
                    e9:f8:30:ab:35:0f:12:e9:fb:d2:c4:66:8b:da:22:
                    85:22:72:fa:e7:2c:e9:17:70:82:34:e1:2c:34:8d:
                    c0:40:bb:14:c4:02:27:8e:ac:c7:7b:6c:6a:64:5e:
                    49:06:88:31:19:df:e7:7f:7a:ff:ca:2c:6b:c2:bc:
                    21:f8:4b:94:60:1d:b5:5c:21:22:17:43:f5:37:2d:
                    8c:f7:36:95:1f:ee:9a:5f:27:c9:3d:86:04:16:35:
                    32:96:d8:eb:3c:50:39:bc:7a:91:c0:2c:e9:b6:a4:
                    65:47:c6:e7:e5:77:c4:c1:0a:56:5c:be:ee:95:d3:
                    73:0c:e6:6a:95:f6:4a:64:48:a9:3a:95:cb:ad:e6:
                    43:bb:f6:35:dc:c7:b7:c7:a3:de:04:7f:01:50:99:
                    b4:ed:ff:f8:99:4a:0c:ad:0d:12:b9:62:94:5e:0c:
                    f6:ad:86:6b:9d:ef:0d:0e:3b:10:39:c9:96:ed:e3:
                    d6:24:35:8c:b5:48:85:08:3d:20:ce:96:50:b0:40:
                    5a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:65:83:42:C0:6A:28:39:74:84:FD:3B:52:F9:89:27:AA:1A:3D:56
            X509v3 Authority Key Identifier:
                keyid:32:1F:FF:F5:03:3A:79:01:A3:E9:F2:75:F6:DC:6E:8E:A0:F9:3B:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mh__9QM6eQGj6fJ19txujqD5O4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/0f4d1a-e4b6-49c6-a50d-d1e30a5cac88/1/L2WDQsBqKDl0hP07UvmJJ6oaPVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/0f4d1a-e4b6-49c6-a50d-d1e30a5cac88/1/Mh__9QM6eQGj6fJ19txujqD5O4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:6d:79:1b:c7:7e:7a:fc:42:35:a9:b2:c7:de:78:48:86:a1:
         7a:e9:c5:60:5a:37:0c:ad:a2:43:86:bc:ab:e9:e7:c1:77:f2:
         78:46:21:5d:e8:c5:3b:33:15:ca:ff:09:8d:a0:67:2d:8f:d3:
         9e:47:71:f2:43:aa:82:1d:b7:0b:b0:5b:55:3a:e9:ed:33:63:
         0c:bc:b3:33:c3:7e:81:44:9e:f7:ab:7c:8c:ec:08:a5:67:2d:
         e9:9f:0d:73:37:4e:59:14:83:6a:85:e2:a0:cf:f9:c3:09:0f:
         43:de:21:7c:39:c6:54:11:7e:94:9c:73:79:a0:58:de:06:70:
         2f:b7:29:d8:09:3c:37:26:c4:d4:73:55:7d:bd:f4:d4:88:d3:
         81:b8:b7:5d:28:a1:97:7a:5c:e2:46:be:d5:37:55:6c:18:bf:
         3a:58:2f:67:23:9e:0b:af:08:ee:fb:5e:10:35:64:5a:31:19:
         e6:07:4e:2e:73:e9:13:b5:e7:1c:42:7b:56:6e:bb:85:0f:22:
         44:5d:0b:a7:20:b6:a3:a6:9c:e5:9b:87:c2:d5:28:c0:48:9a:
         6b:1b:cc:82:ca:a9:4b:1f:71:38:b3:fd:6f:1b:82:4b:7a:22:
         71:b4:62:dd:8f:16:7a:75:d6:71:5f:04:f5:2e:a0:42:da:77:
         9b:ed:7e:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSbDs0RMERmt/neVrGisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMWZmZmY1MDMzYTc5MDFhM2U5ZjI3NWY2ZGM2ZThlYTBm
OTNiOGEwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjY1ODM0MmMwNmEyODM5NzQ4NGZkM2I1MmY5ODkyN2FhMWEzZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtaXgskHhyPhCof8a6nPQnstkeie
r8uXZv4GHnErYse0/vLmci3UlnqFb8TELGKSej1VfpikFat5OXzp+DCrNQ8S6fvS
xGaL2iKFInL65yzpF3CCNOEsNI3AQLsUxAInjqzHe2xqZF5JBogxGd/nf3r/yixr
wrwh+EuUYB21XCEiF0P1Ny2M9zaVH+6aXyfJPYYEFjUyltjrPFA5vHqRwCzptqRl
R8bn5XfEwQpWXL7uldNzDOZqlfZKZEipOpXLreZDu/Y13Me3x6PeBH8BUJm07f/4
mUoMrQ0SuWKUXgz2rYZrne8NDjsQOcmW7ePWJDWMtUiFCD0gzpZQsEBaEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9lg0LAaig5dIT9O1L5iSeqGj1WMB8GA1UdIwQY
MBaAFDIf//UDOnkBo+nydfbcbo6g+TuKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWhfXzlRTTZlUUdqNmZKMTl0eHVqcUQ1TzRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8wZjRkMWEtZTRiNi00OWM2LWE1MGQt
ZDFlMzBhNWNhYzg4LzEvTDJXRFFzQnFLRGwwaFAwN1V2bUpKNm9hUFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8wZjRkMWEtZTRiNi00OWM2LWE1MGQtZDFlMzBhNWNhYzg4
LzEvTWhfXzlRTTZlUUdqNmZKMTl0eHVqcUQ1TzRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufEMA0G
CSqGSIb3DQEBCwUAA4IBAQCqbXkbx356/EI1qbLH3nhIhqF66cVgWjcMraJDhryr
6efBd/J4RiFd6MU7MxXK/wmNoGctj9OeR3HyQ6qCHbcLsFtVOuntM2MMvLMzw36B
RJ73q3yM7AilZy3pnw1zN05ZFINqheKgz/nDCQ9D3iF8OcZUEX6UnHN5oFjeBnAv
tynYCTw3JsTUc1V9vfTUiNOBuLddKKGXelziRr7VN1VsGL86WC9nI54Lrwju+14Q
NWRaMRnmB04uc+kTteccQntWbruFDyJEXQunILajppzlm4fC1SjASJprG8yCyqlL
H3E4s/1vG4JLeiJxtGLdjxZ6ddZxXwT1LqBC2neb7X41
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:32:43 2024 by rpki-client on console-ams.rpki-client.org