Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/6HsXin8nvk0w429rw1_4Tsb_Cro.roa
File:                     6HsXin8nvk0w429rw1_4Tsb_Cro.roa (raw, json)
Hash identifier:          W9ZJ/K+6i7LEhuNVMl+1WINcgeNyr68g7tVCJ8KSzCo=
Subject key identifier:   E8:7B:17:8A:7F:27:BE:4D:30:E3:6F:6B:C3:5F:F8:4E:C6:FF:0A:BA
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018DC624D9F134E58F52DDD87E69EB3D6536
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/6HsXin8nvk0w429rw1_4Tsb_Cro.roa
Signing time:             Tue 20 Feb 2024 10:52:00 +0000
ROA not before:           Tue 20 Feb 2024 10:52:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        37.44.212.0/24 maxlen: 24
                          171.22.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:24:d9:f1:34:e5:8f:52:dd:d8:7e:69:eb:3d:65:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Feb 20 10:52:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e87b178a7f27be4d30e36f6bc35ff84ec6ff0aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4c:7e:84:5b:93:63:41:46:4a:33:33:b4:97:
                    09:e9:13:15:2a:83:d4:28:c1:08:46:15:6d:85:6e:
                    2d:fc:63:f5:02:61:5c:ae:38:12:6c:54:56:31:bd:
                    60:29:bb:27:4c:15:36:ca:5c:4a:92:82:ca:b3:66:
                    6b:e0:ac:a7:7d:45:bd:5e:6e:19:b0:7f:b3:6f:32:
                    42:c3:b4:2b:9e:1f:0d:30:49:b0:39:57:98:9d:3c:
                    bd:89:d1:15:46:f9:04:d8:a2:06:91:c9:07:fe:20:
                    b7:fd:02:d1:e3:0b:50:f6:86:c0:23:31:81:86:8c:
                    db:0f:f1:4a:07:fe:72:04:ae:05:7f:fa:ce:32:90:
                    89:de:30:d9:5b:42:df:2a:98:93:6b:0f:07:a4:20:
                    0a:f3:a9:4d:e3:34:e9:ec:47:ae:2e:41:fe:7b:0e:
                    44:10:0b:4f:5f:a6:40:81:d6:4f:ed:1c:18:95:54:
                    bd:50:d2:dd:83:1f:20:64:44:b7:c4:03:94:0d:99:
                    fc:bc:f4:9f:0b:43:4c:00:b0:06:05:a0:de:26:5c:
                    8b:58:b5:c7:8a:f0:4c:91:51:42:12:13:ae:9f:9a:
                    af:9c:b5:f1:2e:ff:22:01:9a:72:ed:23:81:9a:5b:
                    14:79:38:02:d8:76:c2:ab:43:2a:1a:e6:7e:db:db:
                    ee:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:7B:17:8A:7F:27:BE:4D:30:E3:6F:6B:C3:5F:F8:4E:C6:FF:0A:BA
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/6HsXin8nvk0w429rw1_4Tsb_Cro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.212.0/24
                  171.22.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:22:0e:70:c3:15:88:48:26:bc:08:b7:62:88:6f:ad:7e:18:
         ad:5c:ca:25:06:c9:59:3d:53:93:dc:59:f4:16:11:2b:28:f0:
         c4:9b:cb:af:e4:0a:10:ff:b6:41:cc:b6:63:29:d8:ec:5b:df:
         c5:a3:04:52:1f:0a:3c:df:a4:cc:55:2c:b5:d2:a3:1f:61:53:
         73:c9:21:2b:dc:fd:53:88:c7:f9:0f:da:16:b6:f0:f8:3e:af:
         91:b4:f6:86:19:29:91:7f:23:93:47:ce:b8:4e:a4:2d:34:57:
         60:84:5a:b9:99:ef:bb:e9:26:0c:b6:bf:a4:b0:4c:14:86:38:
         11:d3:85:3b:d5:72:b7:e4:c8:41:3e:9a:40:17:db:df:40:38:
         26:ff:35:a0:8b:9d:b9:89:6f:52:eb:06:7b:6f:3f:c1:c1:2d:
         9a:4b:b3:db:69:20:ce:13:aa:0d:23:01:56:f8:ee:80:3f:9e:
         0d:6a:de:4d:ef:6e:26:21:c9:b2:23:f4:8b:7f:fb:cc:0d:07:
         80:44:22:e1:2b:0a:a9:ac:de:c1:2f:2f:fe:df:b6:0c:57:e3:
         4b:30:6d:6c:04:e7:64:28:60:6f:bf:b1:76:95:21:1b:8c:14:
         b2:84:d8:a0:44:fb:23:d8:9f:99:e6:3c:81:c7:97:d1:db:17:
         db:ab:c9:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3GJNnxNOWPUt3YfmnrPWU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMjIwMTA1MjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODdiMTc4YTdmMjdiZTRkMzBlMzZmNmJjMzVmZjg0ZWM2ZmYwYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEx+hFuTY0FGSjMztJcJ6RMVKoPU
KMEIRhVthW4t/GP1AmFcrjgSbFRWMb1gKbsnTBU2ylxKkoLKs2Zr4KynfUW9Xm4Z
sH+zbzJCw7Qrnh8NMEmwOVeYnTy9idEVRvkE2KIGkckH/iC3/QLR4wtQ9obAIzGB
hozbD/FKB/5yBK4Ff/rOMpCJ3jDZW0LfKpiTaw8HpCAK86lN4zTp7EeuLkH+ew5E
EAtPX6ZAgdZP7RwYlVS9UNLdgx8gZES3xAOUDZn8vPSfC0NMALAGBaDeJlyLWLXH
ivBMkVFCEhOun5qvnLXxLv8iAZpy7SOBmlsUeTgC2HbCq0MqGuZ+29vuaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOh7F4p/J75NMONva8Nf+E7G/wq6MB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvNkhzWGluOG52azB3NDI5cncxXzRUc2JfQ3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJSzUAwQC
qxbcMA0GCSqGSIb3DQEBCwUAA4IBAQAaIg5wwxWISCa8CLdiiG+tfhitXMolBslZ
PVOT3Fn0FhErKPDEm8uv5AoQ/7ZBzLZjKdjsW9/FowRSHwo836TMVSy10qMfYVNz
ySEr3P1TiMf5D9oWtvD4Pq+RtPaGGSmRfyOTR864TqQtNFdghFq5me+76SYMtr+k
sEwUhjgR04U71XK35MhBPppAF9vfQDgm/zWgi525iW9S6wZ7bz/BwS2aS7PbaSDO
E6oNIwFW+O6AP54Nat5N724mIcmyI/SLf/vMDQeARCLhKwqprN7BLy/+37YMV+NL
MG1sBOdkKGBvv7F2lSEbjBSyhNigRPsj2J+Z5jyBx5fR2xfbq8n9
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:49:28 2024 by rpki-client on console-fra.rpki-client.org