Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/bYmB2DxHDKjmzpHlGM1HdzTzH6k.roa
File:                     bYmB2DxHDKjmzpHlGM1HdzTzH6k.roa (raw, json)
Hash identifier:          rtOYfi76pX8hvn8UbFMrfOfKcNQgvWXIjROPXI6kJVc=
Subject key identifier:   6D:89:81:D8:3C:47:0C:A8:E6:CE:91:E5:18:CD:47:77:34:F3:1F:A9
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018CC4924B8ED079CE93904A218D04301D7C
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/bYmB2DxHDKjmzpHlGM1HdzTzH6k.roa
Signing time:             Mon 01 Jan 2024 10:29:31 +0000
ROA not before:           Mon 01 Jan 2024 10:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25374
IP address blocks:        212.21.130.0/24 maxlen: 24
                          212.21.140.0/22 maxlen: 24
                          212.21.144.0/21 maxlen: 24
                          212.21.152.0/22 maxlen: 24
                          212.21.156.0/23 maxlen: 24
                          212.21.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:4b:8e:d0:79:ce:93:90:4a:21:8d:04:30:1d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 10:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d8981d83c470ca8e6ce91e518cd477734f31fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4d:6b:3d:5f:4a:3e:1a:50:46:b1:7a:5c:ec:
                    ae:d3:52:aa:8d:56:e6:b6:8b:91:71:9a:b4:0b:d1:
                    e0:8c:bf:74:fd:53:b0:35:96:3f:9f:bb:c7:8c:04:
                    19:2c:2b:40:22:78:d5:c5:a7:a6:73:ac:eb:f7:34:
                    65:44:d4:3b:f4:1f:78:a4:10:db:0b:58:c1:79:e4:
                    7d:1a:f1:e0:76:9c:9d:63:52:e3:21:70:6b:d7:4f:
                    b7:41:1a:df:31:44:c0:1b:06:c5:ed:50:b2:d5:55:
                    26:76:e6:fb:51:f0:c4:b1:75:4d:bd:85:5f:50:18:
                    2c:68:05:f8:45:9e:17:e3:a2:eb:b2:76:3d:7b:8b:
                    e7:28:35:34:aa:c8:2b:56:50:6d:c7:74:b2:12:44:
                    9e:0e:8e:1c:86:7c:d2:a7:ec:ba:9f:02:52:57:cc:
                    18:4c:8f:0c:c6:30:f4:f6:96:a6:39:2a:d7:0a:46:
                    59:af:43:22:f6:97:3b:d7:32:f3:a2:cf:83:16:af:
                    fb:31:92:4b:84:40:f1:b4:e2:14:fe:cb:cc:39:f2:
                    80:a7:0e:07:7b:b8:90:91:c0:0f:e4:61:78:30:c2:
                    06:97:a2:63:28:73:af:0d:66:e9:48:b2:aa:3f:10:
                    a5:9f:25:a1:06:1d:76:00:9e:31:ac:2d:d1:19:f7:
                    28:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:89:81:D8:3C:47:0C:A8:E6:CE:91:E5:18:CD:47:77:34:F3:1F:A9
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/bYmB2DxHDKjmzpHlGM1HdzTzH6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.21.130.0/24
                  212.21.140.0-212.21.158.255

    Signature Algorithm: sha256WithRSAEncryption
         b7:7b:cc:62:7e:80:24:39:43:2c:f8:f8:68:bf:cc:6b:bd:83:
         bf:0d:3b:a6:64:32:ee:58:19:9f:7f:22:6a:2c:b4:09:42:8f:
         a6:f1:e6:75:58:96:bb:26:dd:e3:91:45:d1:f4:af:1b:17:10:
         23:38:c3:41:d7:ea:e3:92:da:fb:90:f4:66:26:fd:cc:5f:c4:
         22:4f:02:cc:05:7d:f4:63:5b:82:45:2f:eb:9e:41:a4:14:41:
         ba:bb:3a:95:e5:06:1d:04:15:7e:aa:22:0b:8e:1d:db:c0:ef:
         d5:0f:a7:84:f4:63:bf:10:3f:54:0e:74:d6:31:9e:3a:55:b6:
         d6:13:df:0d:1b:19:9a:a7:d2:86:84:26:df:25:1a:fb:87:31:
         fb:63:39:1f:25:1a:1a:29:35:5f:f3:60:cd:bb:df:37:37:95:
         c6:34:91:85:87:ec:b4:53:19:5c:e1:93:2b:fa:00:25:80:5b:
         b2:a7:53:94:2a:1b:31:7a:2d:23:fb:4d:4b:0f:42:b2:35:22:
         65:99:fb:91:ea:7b:c0:d6:aa:8f:48:70:54:2e:79:e3:90:8f:
         2e:f2:0d:53:0e:b9:c8:c1:17:f6:25:46:92:d6:b5:92:64:04:
         71:c5:36:31:ae:be:b5:c0:48:be:84:1a:fd:c0:ec:ff:d7:f3:
         14:d0:ae:de
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzEkkuO0HnOk5BKIY0EMB18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwMTAxMTAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDg5ODFkODNjNDcwY2E4ZTZjZTkxZTUxOGNkNDc3NzM0ZjMxZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU1rPV9KPhpQRrF6XOyu01KqjVbm
touRcZq0C9HgjL90/VOwNZY/n7vHjAQZLCtAInjVxaemc6zr9zRlRNQ79B94pBDb
C1jBeeR9GvHgdpydY1LjIXBr10+3QRrfMUTAGwbF7VCy1VUmdub7UfDEsXVNvYVf
UBgsaAX4RZ4X46LrsnY9e4vnKDU0qsgrVlBtx3SyEkSeDo4chnzSp+y6nwJSV8wY
TI8MxjD09pamOSrXCkZZr0Mi9pc71zLzos+DFq/7MZJLhEDxtOIU/svMOfKApw4H
e7iQkcAP5GF4MMIGl6JjKHOvDWbpSLKqPxClnyWhBh12AJ4xrC3RGfco6QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFG2Jgdg8Rwyo5s6R5RjNR3c08x+pMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvYlltQjJEeEhES2ptenBIbEdNMUhkelR6SDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQA1BWCMAwD
BALUFYwDBADUFZ4wDQYJKoZIhvcNAQELBQADggEBALd7zGJ+gCQ5Qyz4+Gi/zGu9
g78NO6ZkMu5YGZ9/ImostAlCj6bx5nVYlrsm3eORRdH0rxsXECM4w0HX6uOS2vuQ
9GYm/cxfxCJPAswFffRjW4JFL+ueQaQUQbq7OpXlBh0EFX6qIguOHdvA79UPp4T0
Y78QP1QOdNYxnjpVttYT3w0bGZqn0oaEJt8lGvuHMftjOR8lGhopNV/zYM273zc3
lcY0kYWH7LRTGVzhkyv6ACWAW7KnU5QqGzF6LSP7TUsPQrI1ImWZ+5Hqe8DWqo9I
cFQueeOQjy7yDVMOucjBF/YlRpLWtZJkBHHFNjGuvrXASL6EGv3A7P/X8xTQrt4=
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:12:56 2024 by rpki-client on console-ams.rpki-client.org