Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/F204NG0N1Cf-DAXLU_Bz7PGDHvU.roa
File:                     F204NG0N1Cf-DAXLU_Bz7PGDHvU.roa (raw, json)
Hash identifier:          VTbR3TEDt8xfezAyay05MXotvFF8QGKzBRrKVx+3LIo=
Subject key identifier:   17:6D:38:34:6D:0D:D4:27:FE:0C:05:CB:53:F0:73:EC:F1:83:1E:F5
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018F76DF228B1F4425DECAD25766D162AF52
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/F204NG0N1Cf-DAXLU_Bz7PGDHvU.roa
Signing time:             Tue 14 May 2024 11:31:25 +0000
ROA not before:           Tue 14 May 2024 11:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44203
IP address blocks:        185.211.202.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Nov 2024 16:12:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:df:22:8b:1f:44:25:de:ca:d2:57:66:d1:62:af:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: May 14 11:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=176d38346d0dd427fe0c05cb53f073ecf1831ef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2b:40:e2:88:6f:2b:63:42:04:18:b6:7e:fd:
                    52:e7:e4:bd:cc:5d:66:50:f0:01:ad:1c:47:79:ad:
                    30:c0:c6:d5:02:bc:09:b0:40:17:09:78:d3:68:33:
                    95:cd:a8:68:7f:28:3c:5b:a9:52:c0:f4:61:16:72:
                    8b:da:ff:9b:04:05:76:45:d0:c1:15:6c:e8:5b:06:
                    e2:10:d6:2c:7b:59:6a:8f:28:d9:3a:6d:5b:63:ec:
                    79:03:d1:9b:89:a9:d5:0c:06:42:f5:51:c5:f9:4d:
                    89:45:54:57:7d:37:72:1a:d9:71:e8:24:f5:75:13:
                    56:fa:dc:6c:77:02:e3:3c:8d:81:ed:1a:12:ec:04:
                    05:46:1a:8f:27:09:fe:87:08:00:21:3b:4d:83:92:
                    a0:94:d6:f8:e3:5d:ce:b3:0e:08:4a:21:c4:41:34:
                    e2:3f:8f:12:c9:41:06:43:db:a3:79:d0:c8:92:23:
                    3e:05:b8:da:6d:a5:50:7e:c9:80:55:25:99:5a:1e:
                    2b:cf:e3:0f:64:1d:4c:59:48:fd:b9:a7:28:45:6c:
                    a8:bc:30:7c:d2:a1:4a:35:e3:41:66:ee:1c:6a:27:
                    d1:87:b0:ff:22:34:a8:7d:c2:f2:20:0f:16:cb:25:
                    2a:ce:79:84:16:bd:14:6b:b6:c8:d9:12:67:50:91:
                    9f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:6D:38:34:6D:0D:D4:27:FE:0C:05:CB:53:F0:73:EC:F1:83:1E:F5
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/F204NG0N1Cf-DAXLU_Bz7PGDHvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:f5:f6:d0:21:8c:38:c4:13:d6:24:88:33:3c:46:e4:a1:3b:
         92:25:0f:46:dc:36:9a:7e:7e:3c:9a:4b:f1:b7:f3:11:24:77:
         cc:6a:0f:59:61:f5:2a:a3:57:8d:17:97:8e:db:2f:65:ab:a2:
         84:3f:f4:b7:ff:d8:2b:bc:7c:a2:59:a2:9c:03:9c:08:e2:16:
         89:70:60:0c:52:c2:f7:ef:71:bb:73:78:04:ae:6c:66:53:ab:
         6c:e0:9e:3b:d2:bd:55:43:29:6b:92:64:1b:01:34:ae:68:64:
         1b:85:ff:11:5a:9c:b2:35:ee:89:74:ab:4d:e8:3d:fc:b8:b7:
         5c:26:ef:79:ee:d0:e0:68:8f:f2:60:b8:26:01:05:7b:75:05:
         30:2a:02:60:37:a6:78:81:f0:3a:67:05:71:46:cb:43:a7:0c:
         e9:7a:f1:f8:75:b0:6a:95:08:31:56:48:36:99:53:74:dd:34:
         3f:43:f4:65:11:c9:f4:78:e5:b1:74:9f:2d:7d:12:1c:b1:1a:
         df:e2:77:c8:31:57:5a:b2:33:62:23:3a:fd:54:ea:66:3c:2d:
         29:a4:f8:30:bd:74:ff:bc:8a:20:aa:2b:2e:43:8c:15:33:81:
         4a:fa:2b:b3:39:ec:95:4e:b9:80:4e:ea:d5:0a:88:e8:b6:b5:
         30:56:d5:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY923yKLH0Ql3srSV2bRYq9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwNTE0MTEzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzZkMzgzNDZkMGRkNDI3ZmUwYzA1Y2I1M2YwNzNlY2YxODMxZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsStA4ohvK2NCBBi2fv1S5+S9zF1m
UPABrRxHea0wwMbVArwJsEAXCXjTaDOVzahofyg8W6lSwPRhFnKL2v+bBAV2RdDB
FWzoWwbiENYse1lqjyjZOm1bY+x5A9GbianVDAZC9VHF+U2JRVRXfTdyGtlx6CT1
dRNW+txsdwLjPI2B7RoS7AQFRhqPJwn+hwgAITtNg5KglNb4413Osw4ISiHEQTTi
P48SyUEGQ9ujedDIkiM+BbjabaVQfsmAVSWZWh4rz+MPZB1MWUj9uacoRWyovDB8
0qFKNeNBZu4caifRh7D/IjSofcLyIA8WyyUqznmEFr0Ua7bI2RJnUJGfhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdtODRtDdQn/gwFy1Pwc+zxgx71MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvRjIwNE5HME4xQ2YtREFYTFVfQno3UEdESHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudPKMA0G
CSqGSIb3DQEBCwUAA4IBAQCx9fbQIYw4xBPWJIgzPEbkoTuSJQ9G3Daafn48mkvx
t/MRJHfMag9ZYfUqo1eNF5eO2y9lq6KEP/S3/9grvHyiWaKcA5wI4haJcGAMUsL3
73G7c3gErmxmU6ts4J470r1VQylrkmQbATSuaGQbhf8RWpyyNe6JdKtN6D38uLdc
Ju957tDgaI/yYLgmAQV7dQUwKgJgN6Z4gfA6ZwVxRstDpwzpevH4dbBqlQgxVkg2
mVN03TQ/Q/RlEcn0eOWxdJ8tfRIcsRrf4nfIMVdasjNiIzr9VOpmPC0ppPgwvXT/
vIogqisuQ4wVM4FK+iuzOeyVTrmATurVCojotrUwVtVW
-----END CERTIFICATE-----
Generated at Thu Oct 31 22:56:58 2024 by rpki-client on console-fra.rpki-client.org