Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/5wfHQ8GSej0IrX2pV3wmaVXjop0.roa
File:                     5wfHQ8GSej0IrX2pV3wmaVXjop0.roa (raw, json)
Hash identifier:          ElUujBBjVmtnQVGDdndCIFCz/a24p1Aut2h5n+urfWs=
Subject key identifier:   E7:07:C7:43:C1:92:7A:3D:08:AD:7D:A9:57:7C:26:69:55:E3:A2:9D
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB68F63ACFEFA762C8D6046F49A35A
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/5wfHQ8GSej0IrX2pV3wmaVXjop0.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212147
IP address blocks:        85.202.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:68:f6:3a:cf:ef:a7:62:c8:d6:04:6f:49:a3:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e707c743c1927a3d08ad7da9577c266955e3a29d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ca:c3:28:20:fb:b5:0e:df:45:e8:1a:c8:b6:
                    30:ee:1b:15:4d:68:e7:72:e7:86:9c:06:e1:33:d5:
                    8a:a3:c2:26:29:9e:14:63:06:2c:c3:90:56:13:00:
                    33:60:b7:d7:99:2c:9e:9d:87:47:f7:30:4b:fc:25:
                    d1:9f:57:a4:e2:b3:2a:b1:8e:95:c1:c0:36:87:14:
                    96:e5:0b:fd:f0:43:e2:6f:3c:36:29:0f:94:34:66:
                    52:6d:75:3f:7c:bb:d5:e9:20:a4:9e:26:c5:66:b0:
                    64:f6:52:da:f5:6e:b5:7a:f4:a9:5a:a4:e5:99:f7:
                    53:91:1b:7b:91:ab:81:c0:0b:5f:5b:86:ae:7b:37:
                    7e:8a:3e:c4:9f:2f:47:b4:d8:f6:f9:e9:2e:4f:ae:
                    1b:56:ee:c5:01:91:23:43:e6:9d:54:db:34:87:b4:
                    47:29:29:1d:26:50:1d:18:51:d1:06:88:c9:6c:90:
                    b0:21:fc:37:db:bd:4c:81:27:ab:e4:fb:f6:9d:a8:
                    f8:ac:07:5f:a9:5a:64:c1:22:7b:bb:55:35:3f:5b:
                    40:c3:1c:df:6f:95:71:a3:14:d5:3a:8e:28:1b:e6:
                    92:b5:23:0e:5e:e5:42:ef:70:27:44:4f:0e:b7:a1:
                    73:a1:14:28:8a:c6:5c:7c:35:8b:27:f4:c5:cc:53:
                    de:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:07:C7:43:C1:92:7A:3D:08:AD:7D:A9:57:7C:26:69:55:E3:A2:9D
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/5wfHQ8GSej0IrX2pV3wmaVXjop0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:4a:68:0a:82:38:50:5a:75:cd:66:41:83:b9:87:a9:84:d3:
         96:69:47:e5:70:82:13:b4:95:51:c2:19:24:0a:d7:42:cb:64:
         dd:b0:2a:bc:bb:85:b0:ac:44:6e:49:2a:e6:fd:d8:86:4c:50:
         42:1e:16:fe:d7:07:3b:17:35:10:f5:fe:03:c8:ed:13:6c:ec:
         46:fd:1e:b2:52:16:9f:44:94:cf:70:6b:e4:78:77:e1:6c:ae:
         66:13:a9:51:77:28:a8:f2:30:ac:32:44:2b:63:f6:56:c0:6e:
         ab:80:37:5f:c4:86:8d:34:c5:d9:cc:59:fd:51:c8:5f:77:56:
         4d:b2:28:c5:8c:11:89:c3:1f:14:01:94:34:2a:cc:64:7c:7e:
         46:18:14:d5:fe:b3:43:27:ab:b7:d1:8b:be:34:b7:10:f2:b4:
         e7:d7:d0:59:37:37:7e:6b:59:0d:14:45:54:b9:10:08:e1:05:
         84:a7:c8:5e:7f:c6:9d:2f:d7:19:ba:da:b8:87:97:d6:9f:37:
         f0:73:5c:66:45:cb:a9:24:50:b2:9e:f3:9f:27:ae:f4:fe:89:
         77:7e:e3:1a:e0:4c:19:ca:49:89:a3:79:fa:17:0c:81:f1:93:
         6a:a7:f7:30:a3:ae:9f:e5:40:63:10:d2:e5:36:54:31:55:b0:
         e9:6f:93:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22j2Os/vp2LI1gRvSaNaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzA3Yzc0M2MxOTI3YTNkMDhhZDdkYTk1NzdjMjY2OTU1ZTNhMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsrDKCD7tQ7fRegayLYw7hsVTWjn
cueGnAbhM9WKo8ImKZ4UYwYsw5BWEwAzYLfXmSyenYdH9zBL/CXRn1ek4rMqsY6V
wcA2hxSW5Qv98EPibzw2KQ+UNGZSbXU/fLvV6SCknibFZrBk9lLa9W61evSpWqTl
mfdTkRt7kauBwAtfW4auezd+ij7Eny9HtNj2+ekuT64bVu7FAZEjQ+adVNs0h7RH
KSkdJlAdGFHRBojJbJCwIfw3271MgSer5Pv2naj4rAdfqVpkwSJ7u1U1P1tAwxzf
b5VxoxTVOo4oG+aStSMOXuVC73AnRE8Ot6FzoRQoisZcfDWLJ/TFzFPeBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcHx0PBkno9CK19qVd8JmlV46KdMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvNXdmSFE4R1NlajBJclgycFYzd21hVlhqb3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcpWMA0G
CSqGSIb3DQEBCwUAA4IBAQBySmgKgjhQWnXNZkGDuYephNOWaUflcIITtJVRwhkk
CtdCy2TdsCq8u4WwrERuSSrm/diGTFBCHhb+1wc7FzUQ9f4DyO0TbOxG/R6yUhaf
RJTPcGvkeHfhbK5mE6lRdyio8jCsMkQrY/ZWwG6rgDdfxIaNNMXZzFn9Uchfd1ZN
sijFjBGJwx8UAZQ0KsxkfH5GGBTV/rNDJ6u30Yu+NLcQ8rTn19BZNzd+a1kNFEVU
uRAI4QWEp8hef8adL9cZutq4h5fWnzfwc1xmRcupJFCynvOfJ670/ol3fuMa4EwZ
ykmJo3n6FwyB8ZNqp/cwo66f5UBjENLlNlQxVbDpb5Nz
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:41:23 2024 by rpki-client on console-ams.rpki-client.org