Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/4a67f1-742b-41e3-a60f-11363a2bcfab/1/F7FEj2CinHEr6ELU3YDPe-hpCDQ.roa
File:                     F7FEj2CinHEr6ELU3YDPe-hpCDQ.roa (raw, json)
Hash identifier:          gyCJAb60LOtSLHYgddWWE5zxjOdPvzx3Frcb9nOFEQU=
Subject key identifier:   17:B1:44:8F:60:A2:9C:71:2B:E8:42:D4:DD:80:CF:7B:E8:69:08:34
Certificate issuer:       /CN=23f210bc1534badc08ff947d99350471193531b3
Certificate serial:       018CC8DEB2CB762A643C55E849D21028134D
Authority key identifier: 23:F2:10:BC:15:34:BA:DC:08:FF:94:7D:99:35:04:71:19:35:31:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I_IQvBU0utwI_5R9mTUEcRk1MbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/4a67f1-742b-41e3-a60f-11363a2bcfab/1/F7FEj2CinHEr6ELU3YDPe-hpCDQ.roa
Signing time:             Tue 02 Jan 2024 06:31:27 +0000
ROA not before:           Tue 02 Jan 2024 06:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205877
IP address blocks:        185.203.171.0/24 maxlen: 24
                          185.203.170.0/24 maxlen: 24
                          185.203.169.0/24 maxlen: 24
                          185.203.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/4a67f1-742b-41e3-a60f-11363a2bcfab/1/I_IQvBU0utwI_5R9mTUEcRk1MbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/4a67f1-742b-41e3-a60f-11363a2bcfab/1/I_IQvBU0utwI_5R9mTUEcRk1MbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I_IQvBU0utwI_5R9mTUEcRk1MbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:b2:cb:76:2a:64:3c:55:e8:49:d2:10:28:13:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23f210bc1534badc08ff947d99350471193531b3
        Validity
            Not Before: Jan  2 06:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17b1448f60a29c712be842d4dd80cf7be8690834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cd:b8:40:ec:ae:4b:57:95:35:b7:fc:cc:ed:
                    6d:46:0a:45:de:7f:d3:ab:c0:43:04:f1:c2:5c:9e:
                    46:43:0f:25:c4:79:d8:79:84:17:04:d6:af:e4:a3:
                    86:00:da:cc:a7:04:6c:e1:d8:43:0b:f1:33:5b:59:
                    13:04:33:3a:53:f2:df:95:cf:40:4d:de:81:a8:b6:
                    4b:57:a4:e5:84:be:1b:71:66:19:9e:b1:ec:14:d9:
                    66:3b:aa:cb:b2:02:cb:d8:74:c3:83:21:64:4c:81:
                    0f:3e:88:b5:52:c8:c7:1e:72:76:90:ca:d6:d0:38:
                    79:c2:99:8c:2a:c2:93:fa:96:8a:06:87:b7:7b:08:
                    11:d9:25:87:74:3a:f0:45:cd:e8:06:4f:78:0c:17:
                    c6:39:2d:78:5e:e7:ab:e7:d9:50:98:4a:8d:8d:1a:
                    83:93:30:94:1f:a3:e6:74:87:a3:08:a9:49:41:e5:
                    48:95:72:23:b3:21:33:90:27:8b:66:36:4b:94:ae:
                    2f:c8:99:ca:3f:2d:f5:1e:a2:51:0f:af:c9:f4:d6:
                    f7:25:4f:d5:de:1d:fd:96:7a:d6:2a:4a:f1:2b:c5:
                    85:d3:2c:da:79:5a:e4:59:83:ea:d8:3a:72:cf:f3:
                    ee:87:ee:82:a6:70:e1:2e:44:e7:c8:bb:b3:1e:f8:
                    3d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B1:44:8F:60:A2:9C:71:2B:E8:42:D4:DD:80:CF:7B:E8:69:08:34
            X509v3 Authority Key Identifier:
                keyid:23:F2:10:BC:15:34:BA:DC:08:FF:94:7D:99:35:04:71:19:35:31:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I_IQvBU0utwI_5R9mTUEcRk1MbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4a67f1-742b-41e3-a60f-11363a2bcfab/1/F7FEj2CinHEr6ELU3YDPe-hpCDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4a67f1-742b-41e3-a60f-11363a2bcfab/1/I_IQvBU0utwI_5R9mTUEcRk1MbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:f5:d6:82:6a:d6:fe:d5:03:94:2b:c3:11:e8:ef:73:e8:ce:
         78:6f:26:c1:8d:c7:a9:90:c5:35:0e:ad:5f:82:9e:68:ed:06:
         c2:f5:7f:b7:e1:0b:43:68:dd:4d:fc:0f:6f:4a:fa:93:bb:d9:
         df:aa:55:44:4e:27:ee:e7:86:ec:be:23:a0:2d:9d:c2:5e:e7:
         43:b3:6a:01:c9:88:7c:e7:36:f9:ec:ab:89:db:36:46:97:00:
         16:8a:9d:76:58:45:16:a4:00:bb:4b:73:6c:8e:c4:38:d3:df:
         7e:e4:b6:bb:e0:ef:fc:d9:0a:68:8a:25:07:92:11:de:8e:75:
         be:08:47:e4:29:c1:10:60:0a:04:3c:89:0f:1c:18:9b:e0:99:
         7b:a8:8d:88:fb:e6:98:e1:95:1f:3c:1c:f0:a0:7b:16:c8:20:
         ae:09:2a:2f:22:5b:21:8e:0a:f2:04:31:03:f6:b3:59:d1:c0:
         17:f8:2d:20:5e:be:a7:7f:a1:6f:76:22:f7:d7:45:06:ee:77:
         66:6d:59:ae:e8:c3:17:7f:66:28:ac:41:24:7c:be:9c:25:bb:
         b3:0a:fb:66:8f:e4:93:ea:c1:6d:b9:a1:59:42:58:b0:33:24:
         26:cc:1d:ae:90:cd:b9:89:02:f3:a4:90:76:0f:02:0e:00:8d:
         99:50:71:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3rLLdipkPFXoSdIQKBNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZjIxMGJjMTUzNGJhZGMwOGZmOTQ3ZDk5MzUwNDcxMTkz
NTMxYjMwHhcNMjQwMTAyMDYzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2IxNDQ4ZjYwYTI5YzcxMmJlODQyZDRkZDgwY2Y3YmU4NjkwODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc24QOyuS1eVNbf8zO1tRgpF3n/T
q8BDBPHCXJ5GQw8lxHnYeYQXBNav5KOGANrMpwRs4dhDC/EzW1kTBDM6U/Lflc9A
Td6BqLZLV6TlhL4bcWYZnrHsFNlmO6rLsgLL2HTDgyFkTIEPPoi1UsjHHnJ2kMrW
0Dh5wpmMKsKT+paKBoe3ewgR2SWHdDrwRc3oBk94DBfGOS14Xuer59lQmEqNjRqD
kzCUH6PmdIejCKlJQeVIlXIjsyEzkCeLZjZLlK4vyJnKPy31HqJRD6/J9Nb3JU/V
3h39lnrWKkrxK8WF0yzaeVrkWYPq2Dpyz/Puh+6CpnDhLkTnyLuzHvg9UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBexRI9gopxxK+hC1N2Az3voaQg0MB8GA1UdIwQY
MBaAFCPyELwVNLrcCP+UfZk1BHEZNTGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSV9JUXZCVTB1dHdJXzVSOW1UVUVjUmsxTWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi80YTY3ZjEtNzQyYi00MWUzLWE2MGYt
MTEzNjNhMmJjZmFiLzEvRjdGRWoyQ2luSEVyNkVMVTNZRFBlLWhwQ0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi80YTY3ZjEtNzQyYi00MWUzLWE2MGYtMTEzNjNhMmJjZmFi
LzEvSV9JUXZCVTB1dHdJXzVSOW1UVUVjUmsxTWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucuoMA0G
CSqGSIb3DQEBCwUAA4IBAQAP9daCatb+1QOUK8MR6O9z6M54bybBjcepkMU1Dq1f
gp5o7QbC9X+34QtDaN1N/A9vSvqTu9nfqlVETifu54bsviOgLZ3CXudDs2oByYh8
5zb57KuJ2zZGlwAWip12WEUWpAC7S3NsjsQ4099+5La74O/82QpoiiUHkhHejnW+
CEfkKcEQYAoEPIkPHBib4Jl7qI2I++aY4ZUfPBzwoHsWyCCuCSovIlshjgryBDED
9rNZ0cAX+C0gXr6nf6FvdiL310UG7ndmbVmu6MMXf2YorEEkfL6cJbuzCvtmj+ST
6sFtuaFZQliwMyQmzB2ukM25iQLzpJB2DwIOAI2ZUHES
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:45:44 2024 by rpki-client on console-ams.rpki-client.org