Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/BkPdC4mcS2HToE9zsM1kbx71nWU.roa
File:                     BkPdC4mcS2HToE9zsM1kbx71nWU.roa (raw, json)
Hash identifier:          0uNaR6Wz2uXc8/qmNWg+6Qe6F0WF4S8Xa2S6iRSxPVA=
Subject key identifier:   06:43:DD:0B:89:9C:4B:61:D3:A0:4F:73:B0:CD:64:6F:1E:F5:9D:65
Certificate issuer:       /CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
Certificate serial:       018CC5014A15E8EB6A43E8E1B80B84A9297D
Authority key identifier: D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/BkPdC4mcS2HToE9zsM1kbx71nWU.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31198
IP address blocks:        62.228.242.0/24 maxlen: 24
                          62.228.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4a:15:e8:eb:6a:43:e8:e1:b8:0b:84:a9:29:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d411abc4c0468ab2891eaacadba0dc0377936fd5
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0643dd0b899c4b61d3a04f73b0cd646f1ef59d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ac:24:52:ea:aa:05:a4:c7:12:98:42:f1:e0:
                    4c:65:57:9b:2d:e9:be:7d:56:a2:37:16:35:d4:06:
                    ab:63:28:dd:5d:41:cb:83:87:46:12:b4:53:63:b6:
                    f1:ab:02:9a:7e:bf:8d:40:9d:55:cc:ec:a8:68:43:
                    03:b0:4f:40:5a:ad:c0:c3:0f:3e:3a:2e:82:a9:38:
                    4f:55:fb:56:56:b4:b0:be:fe:30:f6:34:d6:8f:5a:
                    b7:06:b6:dc:40:66:30:aa:7d:ed:3d:6d:9b:d1:f2:
                    7d:a7:d8:09:21:6b:cc:cd:49:ec:2d:ba:07:12:ee:
                    1e:2d:b3:e3:e0:61:8a:a3:95:3b:7e:33:c1:b3:8d:
                    06:b8:a6:af:b9:09:73:59:ab:e2:f5:94:1e:3c:82:
                    98:da:e8:3d:6c:7b:5e:7c:c2:6b:a4:3e:ca:d9:77:
                    d6:22:8f:d7:17:15:31:95:e5:be:4b:97:51:39:88:
                    0c:1a:a5:31:b3:f1:ae:e5:f3:f0:17:e7:4d:9d:7e:
                    8c:b3:61:01:ca:9f:67:fa:33:8c:82:4f:b5:2a:72:
                    8a:d9:09:e8:e3:77:08:9e:ec:c6:7a:c9:ef:9e:a6:
                    4c:16:17:f9:a6:37:6a:72:b1:4a:d8:85:1e:0a:e8:
                    56:03:f3:f8:7a:ba:db:65:2e:ce:d6:84:a0:96:04:
                    b0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:43:DD:0B:89:9C:4B:61:D3:A0:4F:73:B0:CD:64:6F:1E:F5:9D:65
            X509v3 Authority Key Identifier:
                keyid:D4:11:AB:C4:C0:46:8A:B2:89:1E:AA:CA:DB:A0:DC:03:77:93:6F:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BGrxMBGirKJHqrK26DcA3eTb9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/BkPdC4mcS2HToE9zsM1kbx71nWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/618e53-afc4-40df-8612-b0f4b9c37e49/1/1BGrxMBGirKJHqrK26DcA3eTb9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.228.242.0/24
                  62.228.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:46:48:5f:ed:cc:31:90:e1:72:5e:22:5f:ba:e9:29:88:25:
         6f:e0:fe:86:69:dd:29:f6:0a:2c:7c:3c:b9:fb:90:03:05:2e:
         0b:64:ca:8f:c2:12:e0:31:b9:31:a2:bb:5d:3d:19:6b:f0:ad:
         51:7a:e6:9e:99:0d:78:f8:fa:70:06:ec:ab:2a:53:f6:1d:89:
         bb:47:e3:fe:88:c0:ec:e3:ff:19:39:42:83:7f:65:75:92:48:
         1c:f6:2e:49:e3:fa:0a:c6:e0:0f:30:b9:0d:da:2e:75:2f:30:
         8a:40:c5:98:03:28:93:4b:1c:07:4c:a9:d3:13:41:7d:aa:60:
         af:15:d0:33:c8:e3:11:e2:cf:4c:64:3a:16:14:b0:b8:fd:84:
         b7:83:ed:c8:e4:c6:31:41:6b:90:81:09:7f:f2:55:de:a1:3b:
         ad:cc:eb:97:39:04:b5:47:28:6f:94:50:a1:d2:47:99:19:83:
         72:09:91:8c:61:09:f4:78:a2:9b:de:d0:34:60:cd:82:d7:60:
         4c:08:12:a8:8d:e9:5c:4b:5d:8b:1c:6f:5a:9e:20:6b:7f:48:
         48:24:ca:f0:8d:b0:9e:72:d3:c1:0d:f6:a7:de:5c:40:85:33:
         86:52:94:c5:e2:dd:80:f1:6c:c1:eb:11:1c:e0:cc:ac:0a:0e:
         f6:8b:41:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAUoV6OtqQ+jhuAuEqSl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTFhYmM0YzA0NjhhYjI4OTFlYWFjYWRiYTBkYzAzNzc5
MzZmZDUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQzZGQwYjg5OWM0YjYxZDNhMDRmNzNiMGNkNjQ2ZjFlZjU5ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6wkUuqqBaTHEphC8eBMZVebLem+
fVaiNxY11AarYyjdXUHLg4dGErRTY7bxqwKafr+NQJ1VzOyoaEMDsE9AWq3Aww8+
Oi6CqThPVftWVrSwvv4w9jTWj1q3BrbcQGYwqn3tPW2b0fJ9p9gJIWvMzUnsLboH
Eu4eLbPj4GGKo5U7fjPBs40GuKavuQlzWavi9ZQePIKY2ug9bHtefMJrpD7K2XfW
Io/XFxUxleW+S5dROYgMGqUxs/Gu5fPwF+dNnX6Ms2EByp9n+jOMgk+1KnKK2Qno
43cInuzGesnvnqZMFhf5pjdqcrFK2IUeCuhWA/P4errbZS7O1oSglgSwdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAZD3QuJnEth06BPc7DNZG8e9Z1lMB8GA1UdIwQY
MBaAFNQRq8TARoqyiR6qytug3AN3k2/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTIt
YjBmNGI5YzM3ZTQ5LzEvQmtQZEM0bWNTMkhUb0U5enNNMWtieDcxbldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MThlNTMtYWZjNC00MGRmLTg2MTItYjBmNGI5YzM3ZTQ5
LzEvMUJHcnhNQkdpcktKSHFySzI2RGNBM2VUYjlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPuTyAwQA
PuT8MA0GCSqGSIb3DQEBCwUAA4IBAQA2Rkhf7cwxkOFyXiJfuukpiCVv4P6Gad0p
9gosfDy5+5ADBS4LZMqPwhLgMbkxortdPRlr8K1ReuaemQ14+PpwBuyrKlP2HYm7
R+P+iMDs4/8ZOUKDf2V1kkgc9i5J4/oKxuAPMLkN2i51LzCKQMWYAyiTSxwHTKnT
E0F9qmCvFdAzyOMR4s9MZDoWFLC4/YS3g+3I5MYxQWuQgQl/8lXeoTutzOuXOQS1
RyhvlFCh0keZGYNyCZGMYQn0eKKb3tA0YM2C12BMCBKojelcS12LHG9aniBrf0hI
JMrwjbCectPBDfan3lxAhTOGUpTF4t2A8WzB6xEc4MysCg72i0F0
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:14:31 2024 by rpki-client on console-fra.rpki-client.org