Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/ECpdMH9NhJ-EuIAtc71cxG9ryaw.roa
File:                     ECpdMH9NhJ-EuIAtc71cxG9ryaw.roa (raw, json)
Hash identifier:          QwMynKi7KrguLOlUk2EUh6XTvltorR7QsjWUQshkB/k=
Subject key identifier:   10:2A:5D:30:7F:4D:84:9F:84:B8:80:2D:73:BD:5C:C4:6F:6B:C9:AC
Certificate issuer:       /CN=e2636e02f1554f70d971a656849c01bdff138ce8
Certificate serial:       01922468EB6480E26F60837B5A6E82A2A62D
Authority key identifier: E2:63:6E:02:F1:55:4F:70:D9:71:A6:56:84:9C:01:BD:FF:13:8C:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/ECpdMH9NhJ-EuIAtc71cxG9ryaw.roa
Signing time:             Tue 24 Sep 2024 14:21:48 +0000
ROA not before:           Tue 24 Sep 2024 14:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28708
IP address blocks:        185.171.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 20:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:68:eb:64:80:e2:6f:60:83:7b:5a:6e:82:a2:a6:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2636e02f1554f70d971a656849c01bdff138ce8
        Validity
            Not Before: Sep 24 14:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=102a5d307f4d849f84b8802d73bd5cc46f6bc9ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:22:f7:e9:dc:3b:d8:9c:41:71:59:8d:cb:2c:
                    9f:6e:6e:47:a2:48:29:ef:9c:e2:b5:15:a3:2a:15:
                    90:6e:d8:64:0f:b5:ed:e7:ff:76:38:a7:5a:2e:13:
                    92:e9:6c:b5:27:c1:4d:64:21:ce:83:a2:19:ce:93:
                    b4:d0:79:8b:b2:8f:33:c7:54:eb:5e:3e:3d:41:bd:
                    e1:ed:67:c7:01:f9:1f:67:c9:9d:8d:e0:1b:04:c9:
                    5e:5d:e0:aa:e9:d4:34:a8:80:80:7e:58:c6:44:9b:
                    80:4e:ad:db:77:a2:e9:4d:c9:ae:a0:4f:0c:c9:4f:
                    aa:25:0c:b2:81:e8:07:9a:0a:51:69:e5:50:01:27:
                    13:cc:b5:77:97:e3:7b:06:0b:6a:a3:bf:1d:d5:49:
                    10:f0:02:02:52:71:bf:eb:50:98:dd:e2:3c:9c:f9:
                    6d:8f:89:3a:91:36:0b:f2:d4:e7:79:16:fd:6e:0c:
                    aa:3f:50:d5:a9:b6:50:99:3a:d1:87:d3:00:46:70:
                    6e:d5:21:b3:a0:aa:c2:79:43:5b:40:20:95:5b:0c:
                    78:6f:ea:3f:dc:a6:c4:ed:88:17:05:62:2f:9c:e1:
                    51:56:e6:91:9d:13:8e:df:b8:b1:d8:15:83:f4:d1:
                    3f:33:b8:56:29:b7:d4:93:a7:86:ef:6a:ab:b3:4f:
                    a8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:2A:5D:30:7F:4D:84:9F:84:B8:80:2D:73:BD:5C:C4:6F:6B:C9:AC
            X509v3 Authority Key Identifier:
                keyid:E2:63:6E:02:F1:55:4F:70:D9:71:A6:56:84:9C:01:BD:FF:13:8C:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/ECpdMH9NhJ-EuIAtc71cxG9ryaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:19:28:84:66:8f:53:62:7e:dd:fc:c1:e3:51:04:a9:5b:65:
         57:09:06:b6:a6:5c:29:51:8f:41:b2:78:f5:62:ab:ed:48:ad:
         f3:33:6a:70:fd:2b:df:29:56:64:bc:b1:57:d0:0c:64:33:0e:
         fc:67:42:f1:f0:68:3f:3f:59:28:2c:0b:72:27:68:76:98:89:
         0c:75:98:b9:48:13:c3:b9:9f:a1:38:a3:f3:bf:9d:b7:cf:d9:
         e3:20:6a:6a:7d:5a:20:9a:cb:61:ef:46:2b:5c:ee:e8:1d:6e:
         fc:68:c8:f3:15:ec:99:cc:b7:2b:42:24:62:84:38:0c:f1:cb:
         9d:b1:d1:e8:59:33:fe:69:24:06:2f:87:54:d7:2b:1d:00:36:
         e5:86:10:f9:97:2a:3d:a7:27:9c:e2:2e:c1:f8:09:c6:e5:5d:
         7b:a4:e6:03:9c:4b:38:fa:e9:aa:33:df:39:4e:12:7e:63:75:
         f2:1e:fc:f8:ed:6c:a9:f9:f5:6f:ed:88:78:b7:c9:15:42:3d:
         6e:cd:f6:07:3a:59:de:21:b2:5e:80:a8:94:e7:3b:0b:b3:60:
         d9:26:70:cb:81:63:44:dc:b0:27:e0:9a:1f:f0:76:28:b5:9c:
         63:64:f2:95:d9:da:4d:fa:c5:20:57:61:46:e0:bb:af:a4:87:
         15:26:fd:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIkaOtkgOJvYIN7Wm6CoqYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNjM2ZTAyZjE1NTRmNzBkOTcxYTY1Njg0OWMwMWJkZmYx
MzhjZTgwHhcNMjQwOTI0MTQyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDJhNWQzMDdmNGQ4NDlmODRiODgwMmQ3M2JkNWNjNDZmNmJjOWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliL36dw72JxBcVmNyyyfbm5Hokgp
75zitRWjKhWQbthkD7Xt5/92OKdaLhOS6Wy1J8FNZCHOg6IZzpO00HmLso8zx1Tr
Xj49Qb3h7WfHAfkfZ8mdjeAbBMleXeCq6dQ0qICAfljGRJuATq3bd6LpTcmuoE8M
yU+qJQyygegHmgpRaeVQAScTzLV3l+N7Bgtqo78d1UkQ8AICUnG/61CY3eI8nPlt
j4k6kTYL8tTneRb9bgyqP1DVqbZQmTrRh9MARnBu1SGzoKrCeUNbQCCVWwx4b+o/
3KbE7YgXBWIvnOFRVuaRnROO37ix2BWD9NE/M7hWKbfUk6eG72qrs0+oYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAqXTB/TYSfhLiALXO9XMRva8msMB8GA1UdIwQY
MBaAFOJjbgLxVU9w2XGmVoScAb3/E4zoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG1OdUF2RlZUM0RaY2FaV2hKd0J2ZjhUak9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMzU1MTMtZWJkYi00NTUwLWE3ZDQt
MTJmOWY3MzNkYzRmLzEvRUNwZE1IOU5oSi1FdUlBdGM3MWN4RzlyeWF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMzU1MTMtZWJkYi00NTUwLWE3ZDQtMTJmOWY3MzNkYzRm
LzEvNG1OdUF2RlZUM0RaY2FaV2hKd0J2ZjhUak9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaugMA0G
CSqGSIb3DQEBCwUAA4IBAQCiGSiEZo9TYn7d/MHjUQSpW2VXCQa2plwpUY9Bsnj1
YqvtSK3zM2pw/SvfKVZkvLFX0AxkMw78Z0Lx8Gg/P1koLAtyJ2h2mIkMdZi5SBPD
uZ+hOKPzv523z9njIGpqfVogmsth70YrXO7oHW78aMjzFeyZzLcrQiRihDgM8cud
sdHoWTP+aSQGL4dU1ysdADblhhD5lyo9pyec4i7B+AnG5V17pOYDnEs4+umqM985
ThJ+Y3XyHvz47Wyp+fVv7Yh4t8kVQj1uzfYHOlneIbJegKiU5zsLs2DZJnDLgWNE
3LAn4Jof8HYotZxjZPKV2dpN+sUgV2FG4LuvpIcVJv1U
-----END CERTIFICATE-----
Generated at Tue Nov 26 03:15:38 2024 by rpki-client on console-ams.rpki-client.org