Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/I2uF5C-7hWT7y3naeNRoK4lfSZk.roa
File:                     I2uF5C-7hWT7y3naeNRoK4lfSZk.roa (raw, json)
Hash identifier:          P2kb7aG2o8w/e4vKcSw9Nx8Tnto1z1ETB1aTnE8yQPA=
Subject key identifier:   23:6B:85:E4:2F:BB:85:64:FB:CB:79:DA:78:D4:68:2B:89:5F:49:99
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018CC94E6FFCA92712B81C86C1BE699870CB
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/I2uF5C-7hWT7y3naeNRoK4lfSZk.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49150
IP address blocks:        93.174.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6f:fc:a9:27:12:b8:1c:86:c1:be:69:98:70:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=236b85e42fbb8564fbcb79da78d4682b895f4999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1c:7a:ef:be:94:db:87:bc:e1:c8:82:82:16:
                    54:0d:73:17:9a:25:c5:42:3c:c5:65:26:fb:40:9f:
                    b1:e5:e5:11:de:4c:28:8c:bd:02:3f:a6:8c:47:0b:
                    dc:7a:a5:21:4a:02:e2:fc:05:84:6a:4b:dd:7a:07:
                    e4:2b:d0:0d:9b:9c:d9:cf:fa:cd:e7:c2:3c:77:e6:
                    9d:da:70:b9:b2:8e:1d:d8:0d:9c:ba:0d:cb:26:3b:
                    8b:4d:60:a6:bd:2e:db:ad:fb:a8:ff:5f:24:f6:8e:
                    4e:75:28:93:fa:62:98:bc:32:8c:9d:2d:09:6b:94:
                    f1:c0:1a:96:c9:05:8d:09:f3:05:ee:c9:14:d3:2d:
                    7e:de:08:c7:c6:ee:22:63:6f:54:b5:2b:94:33:ca:
                    9f:3a:9f:da:1b:86:63:13:a3:3a:ed:24:5e:23:08:
                    bd:d0:37:ed:f0:8d:20:a3:fd:b3:65:d3:af:c0:cb:
                    9f:e5:40:b7:54:c5:e6:16:4d:35:11:07:5d:48:aa:
                    e3:ec:25:69:99:b6:33:68:a6:00:4e:89:ad:a7:aa:
                    d0:5c:b9:10:ec:12:d0:ff:a7:76:83:d0:39:0a:82:
                    0e:2f:6c:bd:1b:24:57:39:a0:84:37:68:4c:3f:ff:
                    23:77:44:21:d5:3c:1d:26:03:e2:ce:b2:58:e6:ac:
                    bf:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:6B:85:E4:2F:BB:85:64:FB:CB:79:DA:78:D4:68:2B:89:5F:49:99
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/I2uF5C-7hWT7y3naeNRoK4lfSZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:1a:6a:a1:bf:f0:83:5a:11:73:82:f8:20:8c:70:3f:2f:58:
         c9:72:4b:80:5d:c2:ac:43:b9:e3:32:0f:69:e7:9f:c4:b7:ed:
         0a:a6:aa:16:86:0f:80:d0:11:cf:3d:c6:56:94:64:4a:cd:b1:
         18:e2:24:03:05:06:3c:09:2a:cc:e9:b2:f0:69:74:f1:ce:8d:
         54:3a:f5:95:64:4c:b5:8d:29:58:b2:2d:ea:20:11:8d:b1:01:
         6b:98:df:55:60:8f:3b:b6:7d:1b:7e:7c:76:6d:ba:ec:1c:fd:
         af:9c:7b:3f:3a:d8:2a:32:81:8b:64:40:49:5a:5d:28:0c:bb:
         80:54:85:f9:dc:12:2a:84:3e:09:0b:58:c0:10:e2:df:30:16:
         20:ea:44:e2:2b:83:84:96:bd:ab:70:6c:3b:60:8a:cc:f0:59:
         88:75:cf:5a:d7:e4:db:fd:83:87:cb:fa:c8:74:38:59:c9:f9:
         a9:64:2f:ee:c6:65:46:d2:50:0c:1e:93:ad:ab:7a:0b:ad:29:
         5e:72:e6:eb:89:36:38:00:25:01:56:d1:0c:47:c6:dc:a7:9e:
         b2:b8:78:f9:46:f5:d8:10:8b:44:dd:b9:d4:15:98:17:8b:2d:
         3a:a7:c6:1c:77:1a:ee:bf:49:38:e4:2b:a9:56:ba:4a:dc:81:
         84:89:78:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTm/8qScSuByGwb5pmHDLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzZiODVlNDJmYmI4NTY0ZmJjYjc5ZGE3OGQ0NjgyYjg5NWY0OTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRx6776U24e84ciCghZUDXMXmiXF
QjzFZSb7QJ+x5eUR3kwojL0CP6aMRwvceqUhSgLi/AWEakvdegfkK9ANm5zZz/rN
58I8d+ad2nC5so4d2A2cug3LJjuLTWCmvS7brfuo/18k9o5OdSiT+mKYvDKMnS0J
a5TxwBqWyQWNCfMF7skU0y1+3gjHxu4iY29UtSuUM8qfOp/aG4ZjE6M67SReIwi9
0Dft8I0go/2zZdOvwMuf5UC3VMXmFk01EQddSKrj7CVpmbYzaKYATomtp6rQXLkQ
7BLQ/6d2g9A5CoIOL2y9GyRXOaCEN2hMP/8jd0Qh1TwdJgPizrJY5qy/TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNrheQvu4Vk+8t52njUaCuJX0mZMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvSTJ1RjVDLTdoV1Q3eTNuYWVOUm9LNGxmU1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa6hMA0G
CSqGSIb3DQEBCwUAA4IBAQC5Gmqhv/CDWhFzgvggjHA/L1jJckuAXcKsQ7njMg9p
55/Et+0KpqoWhg+A0BHPPcZWlGRKzbEY4iQDBQY8CSrM6bLwaXTxzo1UOvWVZEy1
jSlYsi3qIBGNsQFrmN9VYI87tn0bfnx2bbrsHP2vnHs/OtgqMoGLZEBJWl0oDLuA
VIX53BIqhD4JC1jAEOLfMBYg6kTiK4OElr2rcGw7YIrM8FmIdc9a1+Tb/YOHy/rI
dDhZyfmpZC/uxmVG0lAMHpOtq3oLrSlecubriTY4ACUBVtEMR8bcp56yuHj5RvXY
EItE3bnUFZgXiy06p8Ycdxruv0k45CupVrpK3IGEiXh+
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:00:17 2024 by rpki-client on console-fra.rpki-client.org