Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/mQ2Vz9unnpP_F3g8h_9xilBQvjA.roa
File:                     mQ2Vz9unnpP_F3g8h_9xilBQvjA.roa (raw, json)
Hash identifier:          v3DnxdiQETIdhSt1+VKw1LrsY1zyc5NKfhfYw69iEy4=
Subject key identifier:   99:0D:95:CF:DB:A7:9E:93:FF:17:78:3C:87:FF:71:8A:50:50:BE:30
Certificate issuer:       /CN=f19655b59a864cad73cc295f4f78ff83cae86aac
Certificate serial:       018CCA2AAA308DF08D2617E0DB456409439A
Authority key identifier: F1:96:55:B5:9A:86:4C:AD:73:CC:29:5F:4F:78:FF:83:CA:E8:6A:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZZVtZqGTK1zzClfT3j_g8roaqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/mQ2Vz9unnpP_F3g8h_9xilBQvjA.roa
Signing time:             Tue 02 Jan 2024 12:34:02 +0000
ROA not before:           Tue 02 Jan 2024 12:34:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47777
IP address blocks:        46.19.56.0/21 maxlen: 24
                          94.125.24.0/21 maxlen: 24
                          94.125.28.0/24 maxlen: 24
                          185.15.180.0/22 maxlen: 22
                          185.15.183.0/24 maxlen: 24
                          2a00:1b40::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/8ZZVtZqGTK1zzClfT3j_g8roaqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/8ZZVtZqGTK1zzClfT3j_g8roaqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZZVtZqGTK1zzClfT3j_g8roaqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:aa:30:8d:f0:8d:26:17:e0:db:45:64:09:43:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19655b59a864cad73cc295f4f78ff83cae86aac
        Validity
            Not Before: Jan  2 12:34:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=990d95cfdba79e93ff17783c87ff718a5050be30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:47:91:39:e0:85:95:55:7d:aa:c1:3a:9f:e5:
                    1c:7d:09:b5:8f:2e:43:09:52:f8:19:17:c3:18:2a:
                    76:7b:c0:a0:23:40:08:94:fc:12:f9:d8:7a:80:11:
                    b6:89:68:00:81:05:77:1e:80:73:e9:29:57:38:8d:
                    11:0f:0d:b3:45:d8:2e:e2:da:88:29:51:4e:48:ff:
                    81:88:17:04:fb:e7:b4:7d:f7:8b:35:bd:f5:83:c4:
                    2e:65:c3:cd:9d:9f:df:f5:20:c5:1a:16:9d:bf:c3:
                    06:3e:e8:ca:aa:72:15:1c:8a:62:8d:b1:6c:7c:6a:
                    67:54:e0:f4:6b:4d:8f:39:17:b4:bf:b1:c9:c4:33:
                    28:41:f7:3f:92:3e:c4:47:e5:83:8d:d9:aa:94:55:
                    7f:05:91:39:42:81:f2:6f:0d:99:65:cf:0b:41:29:
                    5f:24:54:e6:62:f5:34:2f:dc:8c:75:03:0a:60:75:
                    ce:53:54:36:1a:0c:92:54:fa:48:14:68:9c:12:b7:
                    8f:d1:d1:15:f6:2a:05:2f:30:f9:07:03:8a:70:09:
                    6d:91:6e:7d:da:6f:bc:7c:cd:c6:16:cb:3c:54:84:
                    82:a7:39:b4:d9:2f:46:a6:05:11:b0:19:ec:62:af:
                    3b:b7:bb:84:37:6b:49:0a:e4:ed:92:a7:27:e3:8e:
                    5b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:0D:95:CF:DB:A7:9E:93:FF:17:78:3C:87:FF:71:8A:50:50:BE:30
            X509v3 Authority Key Identifier:
                keyid:F1:96:55:B5:9A:86:4C:AD:73:CC:29:5F:4F:78:FF:83:CA:E8:6A:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZZVtZqGTK1zzClfT3j_g8roaqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/mQ2Vz9unnpP_F3g8h_9xilBQvjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/2bd1dc-ade1-46c9-b9c0-339ee700af6f/1/8ZZVtZqGTK1zzClfT3j_g8roaqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.56.0/21
                  94.125.24.0/21
                  185.15.180.0/22
                IPv6:
                  2a00:1b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:be:68:33:d6:67:ab:82:48:50:d6:c7:12:7c:7f:af:5a:60:
         cd:66:58:58:28:55:d3:26:3d:76:14:c3:1b:d9:29:e5:06:cf:
         b5:1e:09:a6:4f:19:14:90:92:c1:64:be:a3:ab:3a:4a:fc:83:
         21:24:7a:09:f7:91:fd:5e:e7:90:4c:a2:65:97:f1:e5:47:ae:
         71:94:18:ec:3e:2e:11:34:9b:2b:38:0f:ba:f3:36:f8:3d:77:
         dd:b2:6a:fa:9c:83:b7:09:82:54:2c:51:68:27:94:f4:c8:60:
         33:51:30:c9:8d:f3:32:7a:b3:26:66:0d:b4:65:d9:71:e0:e3:
         bd:ef:2d:6a:0f:17:8c:20:62:bf:15:74:6f:72:df:bc:34:ac:
         d8:1e:b9:f9:af:9b:1b:ce:74:13:36:d1:ab:33:b5:68:e6:5a:
         91:11:65:16:7a:07:99:ce:6b:c7:79:75:aa:b8:7f:29:2c:5a:
         8d:26:50:47:b0:f1:d8:a1:90:62:1a:2d:6d:d4:e9:a1:ee:62:
         65:a9:b9:80:44:1b:41:6f:f0:7d:06:6d:05:3e:7a:25:57:01:
         a1:73:6b:2a:88:0d:cb:63:cb:24:ba:80:5c:7b:10:bd:bc:4d:
         d2:a8:7e:76:5f:58:be:92:2a:a5:1b:ac:84:6d:db:0f:04:ad:
         b2:7b:b0:d6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzKKqowjfCNJhfg20VkCUOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTY1NWI1OWE4NjRjYWQ3M2NjMjk1ZjRmNzhmZjgzY2Fl
ODZhYWMwHhcNMjQwMTAyMTIzNDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTBkOTVjZmRiYTc5ZTkzZmYxNzc4M2M4N2ZmNzE4YTUwNTBiZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkeROeCFlVV9qsE6n+UcfQm1jy5D
CVL4GRfDGCp2e8CgI0AIlPwS+dh6gBG2iWgAgQV3HoBz6SlXOI0RDw2zRdgu4tqI
KVFOSP+BiBcE++e0ffeLNb31g8QuZcPNnZ/f9SDFGhadv8MGPujKqnIVHIpijbFs
fGpnVOD0a02PORe0v7HJxDMoQfc/kj7ER+WDjdmqlFV/BZE5QoHybw2ZZc8LQSlf
JFTmYvU0L9yMdQMKYHXOU1Q2GgySVPpIFGicEreP0dEV9ioFLzD5BwOKcAltkW59
2m+8fM3GFss8VISCpzm02S9GpgURsBnsYq87t7uEN2tJCuTtkqcn445b7wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJkNlc/bp56T/xd4PIf/cYpQUL4wMB8GA1UdIwQY
MBaAFPGWVbWahkytc8wpX094/4PK6GqsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFpaVnRacUdUSzF6ekNsZlQzal9nOHJvYXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8yYmQxZGMtYWRlMS00NmM5LWI5YzAt
MzM5ZWU3MDBhZjZmLzEvbVEyVno5dW5ucFBfRjNnOGhfOXhpbEJRdmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8yYmQxZGMtYWRlMS00NmM5LWI5YzAtMzM5ZWU3MDBhZjZm
LzEvOFpaVnRacUdUSzF6ekNsZlQzal9nOHJvYXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLhM4AwQD
Xn0YAwQCuQ+0MA0EAgACMAcDBQAqABtAMA0GCSqGSIb3DQEBCwUAA4IBAQCQvmgz
1mergkhQ1scSfH+vWmDNZlhYKFXTJj12FMMb2SnlBs+1HgmmTxkUkJLBZL6jqzpK
/IMhJHoJ95H9XueQTKJll/HlR65xlBjsPi4RNJsrOA+68zb4PXfdsmr6nIO3CYJU
LFFoJ5T0yGAzUTDJjfMyerMmZg20Zdlx4OO97y1qDxeMIGK/FXRvct+8NKzYHrn5
r5sbznQTNtGrM7Vo5lqREWUWegeZzmvHeXWquH8pLFqNJlBHsPHYoZBiGi1t1Omh
7mJlqbmARBtBb/B9Bm0FPnolVwGhc2sqiA3LY8skuoBcexC9vE3SqH52X1i+kiql
G6yEbdsPBK2ye7DW
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:15:08 2024 by rpki-client on console-ams.rpki-client.org