Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/vCR5VKGEqYUoMLLsgO7m6_uApfQ.roa
File:                     vCR5VKGEqYUoMLLsgO7m6_uApfQ.roa (raw, json)
Hash identifier:          wovBXfDd1YlQOITaWG/zungYc9x+r0GJlxd0uusKFdk=
Subject key identifier:   BC:24:79:54:A1:84:A9:85:28:30:B2:EC:80:EE:E6:EB:FB:80:A5:F4
Certificate issuer:       /CN=85f4ee14f6d38a7cf071279dff7b391702e37135
Certificate serial:       018CC2DB31BCC9436AF223ACEF5895E6A3AD
Authority key identifier: 85:F4:EE:14:F6:D3:8A:7C:F0:71:27:9D:FF:7B:39:17:02:E3:71:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/vCR5VKGEqYUoMLLsgO7m6_uApfQ.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210301
IP address blocks:        185.146.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:31:bc:c9:43:6a:f2:23:ac:ef:58:95:e6:a3:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85f4ee14f6d38a7cf071279dff7b391702e37135
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc247954a184a9852830b2ec80eee6ebfb80a5f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:33:62:92:d8:f3:47:e9:67:35:7f:52:5b:bf:
                    47:0c:d5:98:da:9e:cc:00:9c:0d:88:3a:55:60:0e:
                    db:a9:48:91:6d:54:97:1a:9c:31:6f:9b:70:d7:30:
                    7c:4b:d0:13:c9:4c:f2:64:62:b0:ce:92:92:71:f9:
                    94:8c:b9:d4:ac:d4:58:8d:6c:8c:01:ac:19:b2:ac:
                    d1:f4:d7:0e:92:10:99:5e:b3:8d:a0:21:8d:24:b5:
                    e5:41:b6:db:cd:0d:22:d6:68:d7:08:ef:c7:d8:1b:
                    3f:6d:b7:db:7d:0f:d6:07:af:3d:6c:45:00:c3:c9:
                    97:72:11:38:1c:31:11:ec:b3:29:f8:f5:60:f0:f2:
                    37:86:1c:cf:ed:1f:ef:a5:33:67:25:3d:1a:43:40:
                    f8:d3:74:fc:6a:ac:2b:ba:9f:d5:ac:1b:f6:c1:60:
                    2f:f1:25:eb:2d:f1:34:66:f0:57:89:63:c1:c7:95:
                    dd:68:37:a3:fe:5e:04:aa:0b:11:8b:10:de:8c:ad:
                    c9:29:b7:bc:96:4b:3c:45:69:e6:ed:b9:19:56:86:
                    77:89:12:84:e9:ff:a5:2b:d6:6c:b1:55:87:73:ce:
                    b9:e4:ac:03:13:10:10:7a:0b:3b:9a:1f:6e:f3:4b:
                    3d:09:be:1a:44:32:ff:5e:83:90:df:d0:4b:cd:dd:
                    57:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:24:79:54:A1:84:A9:85:28:30:B2:EC:80:EE:E6:EB:FB:80:A5:F4
            X509v3 Authority Key Identifier:
                keyid:85:F4:EE:14:F6:D3:8A:7C:F0:71:27:9D:FF:7B:39:17:02:E3:71:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfTuFPbTinzwcSed_3s5FwLjcTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/vCR5VKGEqYUoMLLsgO7m6_uApfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/4df39a-783c-4d7d-b1be-bfd95a9a6e64/1/hfTuFPbTinzwcSed_3s5FwLjcTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:e1:22:b3:86:f4:8d:26:bb:4b:27:e8:5c:b4:8f:55:1c:bb:
         fe:eb:78:f9:af:a9:af:61:68:1f:9c:fe:ec:86:d6:29:cf:7f:
         c9:2a:64:f3:9b:08:0d:cb:dc:51:2f:4f:1c:9c:b9:5b:02:3e:
         46:0c:17:93:e6:ac:de:be:0d:7e:9e:e8:f0:0e:d1:05:c2:b4:
         e6:e4:86:20:4d:78:84:ae:67:c3:07:d0:7a:90:85:02:2f:a4:
         dc:c9:b3:e3:54:12:77:88:e3:3d:ce:e5:79:74:73:58:1b:a5:
         54:45:dc:d7:be:27:bb:d5:0b:15:ab:ab:fc:5c:7e:9f:46:19:
         00:89:19:99:c4:9d:f7:79:13:da:40:3b:16:54:39:88:79:35:
         b3:e1:30:28:2e:c1:52:af:39:56:c3:56:36:09:07:6f:7d:61:
         4f:12:b2:a5:34:7d:95:60:12:53:b7:aa:1c:8b:b9:a6:5f:a1:
         60:ff:dc:fc:2c:11:23:f9:06:2d:8f:54:46:a2:55:58:e9:fe:
         19:db:d3:b6:38:3d:22:25:f8:80:4c:a5:64:18:3f:81:79:ac:
         f0:7a:49:4d:7d:be:da:37:57:e7:c4:85:5d:a3:22:07:4c:68:
         db:f8:df:5a:df:85:ac:fb:27:65:99:e1:c3:1b:56:91:36:64:
         06:05:81:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zG8yUNq8iOs71iV5qOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZjRlZTE0ZjZkMzhhN2NmMDcxMjc5ZGZmN2IzOTE3MDJl
MzcxMzUwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzI0Nzk1NGExODRhOTg1MjgzMGIyZWM4MGVlZTZlYmZiODBhNWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzNiktjzR+lnNX9SW79HDNWY2p7M
AJwNiDpVYA7bqUiRbVSXGpwxb5tw1zB8S9ATyUzyZGKwzpKScfmUjLnUrNRYjWyM
AawZsqzR9NcOkhCZXrONoCGNJLXlQbbbzQ0i1mjXCO/H2Bs/bbfbfQ/WB689bEUA
w8mXchE4HDER7LMp+PVg8PI3hhzP7R/vpTNnJT0aQ0D403T8aqwrup/VrBv2wWAv
8SXrLfE0ZvBXiWPBx5XdaDej/l4EqgsRixDejK3JKbe8lks8RWnm7bkZVoZ3iRKE
6f+lK9ZssVWHc8655KwDExAQegs7mh9u80s9Cb4aRDL/XoOQ39BLzd1X1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwkeVShhKmFKDCy7IDu5uv7gKX0MB8GA1UdIwQY
MBaAFIX07hT204p88HEnnf97ORcC43E1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZUdUZQYlRpbnp3Y1NlZF8zczVGd0xqY1RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80ZGYzOWEtNzgzYy00ZDdkLWIxYmUt
YmZkOTVhOWE2ZTY0LzEvdkNSNVZLR0VxWVVvTUxMc2dPN202X3VBcGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80ZGYzOWEtNzgzYy00ZDdkLWIxYmUtYmZkOTVhOWE2ZTY0
LzEvaGZUdUZQYlRpbnp3Y1NlZF8zczVGd0xqY1RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZLjMA0G
CSqGSIb3DQEBCwUAA4IBAQB84SKzhvSNJrtLJ+hctI9VHLv+63j5r6mvYWgfnP7s
htYpz3/JKmTzmwgNy9xRL08cnLlbAj5GDBeT5qzevg1+nujwDtEFwrTm5IYgTXiE
rmfDB9B6kIUCL6TcybPjVBJ3iOM9zuV5dHNYG6VURdzXvie71QsVq6v8XH6fRhkA
iRmZxJ33eRPaQDsWVDmIeTWz4TAoLsFSrzlWw1Y2CQdvfWFPErKlNH2VYBJTt6oc
i7mmX6Fg/9z8LBEj+QYtj1RGolVY6f4Z29O2OD0iJfiATKVkGD+BeazweklNfb7a
N1fnxIVdoyIHTGjb+N9a34Ws+ydlmeHDG1aRNmQGBYEc
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:11:47 2024 by rpki-client on console-ams.rpki-client.org