Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/1c9ddc-dc4d-4571-82db-ce53526e6699/1/h2PULX7R1BdW-6e43RXMa5mOIv4.roa
File:                     h2PULX7R1BdW-6e43RXMa5mOIv4.roa (raw, json)
Hash identifier:          aJuQxG4obvcbEKw139Rv5Dqt00M1WHpnK4EnA89b/8s=
Subject key identifier:   87:63:D4:2D:7E:D1:D4:17:56:FB:A7:B8:DD:15:CC:6B:99:8E:22:FE
Certificate issuer:       /CN=69c977d45c29d81bd923fdeb1f092ff34644e33c
Certificate serial:       018CC5007581D4D0DA57186E97288BC1D2C6
Authority key identifier: 69:C9:77:D4:5C:29:D8:1B:D9:23:FD:EB:1F:09:2F:F3:46:44:E3:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/acl31Fwp2BvZI_3rHwkv80ZE4zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/1c9ddc-dc4d-4571-82db-ce53526e6699/1/h2PULX7R1BdW-6e43RXMa5mOIv4.roa
Signing time:             Mon 01 Jan 2024 12:29:50 +0000
ROA not before:           Mon 01 Jan 2024 12:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49544
IP address blocks:        185.191.240.0/22 maxlen: 22
                          2a0a:2140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/1c9ddc-dc4d-4571-82db-ce53526e6699/1/acl31Fwp2BvZI_3rHwkv80ZE4zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/1c9ddc-dc4d-4571-82db-ce53526e6699/1/acl31Fwp2BvZI_3rHwkv80ZE4zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/acl31Fwp2BvZI_3rHwkv80ZE4zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:75:81:d4:d0:da:57:18:6e:97:28:8b:c1:d2:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69c977d45c29d81bd923fdeb1f092ff34644e33c
        Validity
            Not Before: Jan  1 12:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8763d42d7ed1d41756fba7b8dd15cc6b998e22fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c3:b2:c1:40:76:9e:19:67:f3:77:ea:ed:69:
                    10:05:38:d7:44:c8:a7:ad:f9:06:7b:af:11:51:ce:
                    a2:59:f0:a9:f7:6c:2c:c3:76:4f:0c:d2:df:02:48:
                    8e:62:00:ea:5d:60:71:59:8d:c2:40:94:d7:cb:59:
                    c9:8f:67:9d:d2:47:a5:fa:de:04:c8:d6:81:fc:47:
                    39:23:6a:1a:83:d5:e0:bb:6d:b3:ac:cd:2c:b7:f6:
                    f8:bf:6a:63:48:d6:09:a0:8a:c5:69:9b:d0:f9:43:
                    a8:7a:d0:3b:5d:35:1e:e4:24:52:26:df:dd:72:09:
                    81:87:fe:65:ac:dd:cd:26:ba:ed:96:09:97:96:72:
                    46:ab:e7:50:bc:35:b2:8d:df:a2:79:36:7d:b4:ef:
                    36:f1:0f:ca:40:b7:b1:1e:06:42:3e:cf:1d:6b:65:
                    b4:1d:8c:8d:54:f8:aa:5a:a1:87:9d:f4:c9:a2:86:
                    91:1a:ef:50:48:7b:0c:59:42:d2:ea:79:d3:59:bc:
                    99:52:94:84:74:90:ff:bd:7b:c1:52:df:18:7f:74:
                    d5:f7:3d:e2:92:f6:35:fb:f9:8b:29:e6:9b:15:f1:
                    de:d1:0b:dd:f1:41:06:c9:8c:75:d4:8b:f2:91:f1:
                    2d:d1:74:b2:cf:58:de:10:8b:39:01:d4:ae:6a:a3:
                    6d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:63:D4:2D:7E:D1:D4:17:56:FB:A7:B8:DD:15:CC:6B:99:8E:22:FE
            X509v3 Authority Key Identifier:
                keyid:69:C9:77:D4:5C:29:D8:1B:D9:23:FD:EB:1F:09:2F:F3:46:44:E3:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/acl31Fwp2BvZI_3rHwkv80ZE4zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1c9ddc-dc4d-4571-82db-ce53526e6699/1/h2PULX7R1BdW-6e43RXMa5mOIv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1c9ddc-dc4d-4571-82db-ce53526e6699/1/acl31Fwp2BvZI_3rHwkv80ZE4zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.240.0/22
                IPv6:
                  2a0a:2140::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:72:29:12:c1:b3:2d:f0:99:3d:c7:7d:7f:c4:ec:a3:a0:69:
         81:99:6f:82:a9:5d:93:d0:1c:12:83:6e:00:0f:40:d2:b6:36:
         a0:a2:03:0a:3a:fe:48:2b:17:bb:be:ba:1d:66:3a:94:56:f3:
         72:ce:c7:32:05:30:79:b3:c3:a0:4f:ae:66:57:99:bd:02:f0:
         29:a0:f7:ff:41:9e:83:e6:ae:05:6a:5c:ab:30:26:72:71:3a:
         8e:57:ff:99:d2:b6:3c:b1:10:46:c2:13:bd:3f:39:c9:2e:0a:
         9a:d8:da:35:39:a0:5f:e0:f3:9a:63:cc:02:71:e2:12:95:2e:
         ba:f0:8d:22:59:48:a6:e4:10:9b:d5:7a:07:e1:7b:c7:2e:a4:
         bf:1d:81:44:b0:a3:3e:dc:e4:e9:54:08:79:b2:bb:ff:c6:13:
         04:1f:1c:b6:98:2c:fb:ba:99:e2:d8:89:72:0b:ec:fe:64:5a:
         a2:47:8c:eb:84:3f:ee:f3:30:a3:c3:63:0c:7b:8e:65:fe:1a:
         4d:32:b2:d9:97:c4:b4:46:1d:43:e2:27:f6:00:2a:f8:e7:6f:
         b1:17:06:8a:4d:69:18:ee:85:c1:6f:fb:ff:a5:7e:59:29:88:
         bb:f6:2e:dc:7f:51:94:ca:29:e7:0d:56:9c:a1:cc:b1:e7:fc:
         e5:32:f1:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAHWB1NDaVxhulyiLwdLGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5Yzk3N2Q0NWMyOWQ4MWJkOTIzZmRlYjFmMDkyZmYzNDY0
NGUzM2MwHhcNMjQwMTAxMTIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzYzZDQyZDdlZDFkNDE3NTZmYmE3YjhkZDE1Y2M2Yjk5OGUyMmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcOywUB2nhln83fq7WkQBTjXRMin
rfkGe68RUc6iWfCp92wsw3ZPDNLfAkiOYgDqXWBxWY3CQJTXy1nJj2ed0kel+t4E
yNaB/Ec5I2oag9Xgu22zrM0st/b4v2pjSNYJoIrFaZvQ+UOoetA7XTUe5CRSJt/d
cgmBh/5lrN3NJrrtlgmXlnJGq+dQvDWyjd+ieTZ9tO828Q/KQLexHgZCPs8da2W0
HYyNVPiqWqGHnfTJooaRGu9QSHsMWULS6nnTWbyZUpSEdJD/vXvBUt8Yf3TV9z3i
kvY1+/mLKeabFfHe0Qvd8UEGyYx11IvykfEt0XSyz1jeEIs5AdSuaqNtOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIdj1C1+0dQXVvunuN0VzGuZjiL+MB8GA1UdIwQY
MBaAFGnJd9RcKdgb2SP96x8JL/NGROM8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWNsMzFGd3AyQnZaSV8zckh3a3Y4MFpFNHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8xYzlkZGMtZGM0ZC00NTcxLTgyZGIt
Y2U1MzUyNmU2Njk5LzEvaDJQVUxYN1IxQmRXLTZlNDNSWE1hNW1PSXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8xYzlkZGMtZGM0ZC00NTcxLTgyZGItY2U1MzUyNmU2Njk5
LzEvYWNsMzFGd3AyQnZaSV8zckh3a3Y4MFpFNHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub/wMA0E
AgACMAcDBQMqCiFAMA0GCSqGSIb3DQEBCwUAA4IBAQCzcikSwbMt8Jk9x31/xOyj
oGmBmW+CqV2T0BwSg24AD0DStjagogMKOv5IKxe7vrodZjqUVvNyzscyBTB5s8Og
T65mV5m9AvApoPf/QZ6D5q4FalyrMCZycTqOV/+Z0rY8sRBGwhO9PznJLgqa2No1
OaBf4POaY8wCceISlS668I0iWUim5BCb1XoH4XvHLqS/HYFEsKM+3OTpVAh5srv/
xhMEHxy2mCz7upni2IlyC+z+ZFqiR4zrhD/u8zCjw2MMe45l/hpNMrLZl8S0Rh1D
4if2ACr452+xFwaKTWkY7oXBb/v/pX5ZKYi79i7cf1GUyinnDVacocyx5/zlMvH0
-----END CERTIFICATE-----
Generated at Tue Nov 26 03:02:38 2024 by rpki-client on console-fra.rpki-client.org