Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/ynfihzFc7YfJIUEvGPDHZQ2TRdY.roa
File:                     ynfihzFc7YfJIUEvGPDHZQ2TRdY.roa (raw, json)
Hash identifier:          TgU13S8UJnw2iJGjrqcpBH4pRmvAxXdYOGtOO9GDgQw=
Subject key identifier:   CA:77:E2:87:31:5C:ED:87:C9:21:41:2F:18:F0:C7:65:0D:93:45:D6
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC212E3A0501745BCC222665EA60D1
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/ynfihzFc7YfJIUEvGPDHZQ2TRdY.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205003
IP address blocks:        212.183.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:21:2e:3a:05:01:74:5b:cc:22:26:65:ea:60:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca77e287315ced87c921412f18f0c7650d9345d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:1d:d1:cf:a1:4e:04:a2:5a:64:0a:13:3e:13:
                    57:3c:97:6d:ae:28:e4:28:9f:be:4d:06:7d:ad:55:
                    71:d9:a8:c5:5c:50:47:61:1b:01:37:9a:53:f8:97:
                    bc:00:95:63:fa:b9:6e:8e:f8:92:40:14:8c:a9:c2:
                    ee:33:55:98:45:df:d2:d0:03:f8:b3:84:34:44:ca:
                    c7:08:5b:b6:6a:5e:3b:18:2e:56:5b:87:f8:b2:76:
                    52:42:bb:82:dd:34:63:56:a1:55:80:b7:22:b2:63:
                    70:65:38:53:90:d8:ef:6f:0c:95:e7:72:91:fb:dc:
                    40:f3:b2:d3:24:c5:60:29:3f:9f:78:a4:76:9f:12:
                    b6:05:a4:83:d0:b0:3b:46:3e:7e:78:7c:9f:93:31:
                    06:8f:66:fa:63:27:0f:de:f0:eb:ea:79:51:d4:04:
                    1d:04:a9:24:bf:48:9e:4c:d0:01:28:bc:8b:2a:97:
                    58:0b:26:9b:e2:8b:8c:4d:b3:ad:4b:f1:e8:54:d0:
                    d7:ec:4c:f8:63:49:0f:a6:48:88:a6:58:02:5f:32:
                    25:40:a3:80:72:0c:f5:b3:79:98:9b:c3:e6:6a:5a:
                    a0:ff:ad:ce:1b:7d:cc:d4:4b:7d:5d:07:9a:48:7f:
                    30:39:1b:3c:1d:81:bb:23:59:0e:79:6c:bb:39:e9:
                    b9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:77:E2:87:31:5C:ED:87:C9:21:41:2F:18:F0:C7:65:0D:93:45:D6
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/ynfihzFc7YfJIUEvGPDHZQ2TRdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.183.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:e3:58:a3:aa:0e:69:6d:63:ea:eb:3a:80:3a:02:92:e5:ac:
         9b:58:eb:36:41:b4:80:c2:49:26:e0:e8:1a:e4:b1:4d:85:b8:
         ed:ac:e8:24:5d:1a:ad:32:5b:3a:15:c3:bb:de:82:eb:7d:38:
         f0:91:b0:15:d9:d0:17:be:df:2e:95:0b:04:4e:82:1b:65:d3:
         88:ca:01:08:d6:01:44:c4:1d:5b:f9:9a:86:52:a0:9f:7c:0e:
         6d:4b:a4:c2:08:a8:8f:58:d0:59:18:53:20:0b:f7:d5:0d:fb:
         7a:14:90:d2:bc:17:27:04:27:f2:e5:a2:73:7b:ef:79:20:9e:
         f5:59:29:f8:64:87:bd:f2:d1:a8:3c:bd:6d:de:93:51:25:69:
         f8:b9:ca:d5:10:9f:a1:11:36:ea:09:8b:7e:8f:35:56:9d:3d:
         79:9b:29:a5:fa:e6:af:c4:cd:e5:eb:06:b8:3c:d2:c4:ef:a2:
         8b:d5:b3:9f:14:6f:fe:a2:0b:ba:df:da:43:0f:87:71:14:12:
         58:78:98:75:d7:9c:d6:c4:70:c9:63:aa:98:93:19:8a:34:ac:
         02:7c:b9:85:24:fc:33:f3:36:32:cd:71:d2:3b:19:c1:2e:c0:
         35:a7:ec:a3:23:a8:85:af:fa:6e:19:14:6b:7e:bf:eb:cc:68:
         43:5b:22:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CEuOgUBdFvMIiZl6mDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTc3ZTI4NzMxNWNlZDg3YzkyMTQxMmYxOGYwYzc2NTBkOTM0NWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhB3Rz6FOBKJaZAoTPhNXPJdtrijk
KJ++TQZ9rVVx2ajFXFBHYRsBN5pT+Je8AJVj+rlujviSQBSMqcLuM1WYRd/S0AP4
s4Q0RMrHCFu2al47GC5WW4f4snZSQruC3TRjVqFVgLcismNwZThTkNjvbwyV53KR
+9xA87LTJMVgKT+feKR2nxK2BaSD0LA7Rj5+eHyfkzEGj2b6YycP3vDr6nlR1AQd
BKkkv0ieTNABKLyLKpdYCyab4ouMTbOtS/HoVNDX7Ez4Y0kPpkiIplgCXzIlQKOA
cgz1s3mYm8Pmalqg/63OG33M1Et9XQeaSH8wORs8HYG7I1kOeWy7Oem5qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMp34ocxXO2HySFBLxjwx2UNk0XWMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEveW5maWh6RmM3WWZKSVVFdkdQREhaUTJUUmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1LccMA0G
CSqGSIb3DQEBCwUAA4IBAQAu41ijqg5pbWPq6zqAOgKS5aybWOs2QbSAwkkm4Oga
5LFNhbjtrOgkXRqtMls6FcO73oLrfTjwkbAV2dAXvt8ulQsEToIbZdOIygEI1gFE
xB1b+ZqGUqCffA5tS6TCCKiPWNBZGFMgC/fVDft6FJDSvBcnBCfy5aJze+95IJ71
WSn4ZIe98tGoPL1t3pNRJWn4ucrVEJ+hETbqCYt+jzVWnT15myml+uavxM3l6wa4
PNLE76KL1bOfFG/+ogu639pDD4dxFBJYeJh115zWxHDJY6qYkxmKNKwCfLmFJPwz
8zYyzXHSOxnBLsA1p+yjI6iFr/puGRRrfr/rzGhDWyKX
-----END CERTIFICATE-----
Generated at Sat Nov 23 01:18:11 2024 by rpki-client on console-fra.rpki-client.org