Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/2lNGbLGf5m48X4VbgdyJNwUgaVI.roa
File:                     2lNGbLGf5m48X4VbgdyJNwUgaVI.roa (raw, json)
Hash identifier:          6/FvLqKiz/kV5MtLtyXtlzrgJuWkPim84LndyYgyJOA=
Subject key identifier:   DA:53:46:6C:B1:9F:E6:6E:3C:5F:85:5B:81:DC:89:37:05:20:69:52
Certificate issuer:       /CN=5fadd0e945bc61101c69bce64a3d728ba1bb8661
Certificate serial:       018CCA292B66EF55D02597018E5D48A7C5C6
Authority key identifier: 5F:AD:D0:E9:45:BC:61:10:1C:69:BC:E6:4A:3D:72:8B:A1:BB:86:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X63Q6UW8YRAcabzmSj1yi6G7hmE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/2lNGbLGf5m48X4VbgdyJNwUgaVI.roa
Signing time:             Tue 02 Jan 2024 12:32:24 +0000
ROA not before:           Tue 02 Jan 2024 12:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207493
IP address blocks:        94.231.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/X63Q6UW8YRAcabzmSj1yi6G7hmE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/X63Q6UW8YRAcabzmSj1yi6G7hmE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X63Q6UW8YRAcabzmSj1yi6G7hmE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:2b:66:ef:55:d0:25:97:01:8e:5d:48:a7:c5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fadd0e945bc61101c69bce64a3d728ba1bb8661
        Validity
            Not Before: Jan  2 12:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da53466cb19fe66e3c5f855b81dc893705206952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:24:83:23:41:5e:15:bb:c9:57:54:f7:a4:e9:
                    ee:c6:a6:15:e6:2a:63:b9:3b:86:a5:ae:c7:8c:9f:
                    26:33:4c:95:f8:3a:bb:66:2b:f2:55:96:fc:2c:4d:
                    3e:ce:c4:86:a1:7b:bc:c5:de:fd:ce:34:4a:06:e9:
                    3b:dc:d6:24:30:61:8d:84:f6:dd:0c:cb:96:28:fb:
                    63:8e:72:e2:58:df:10:be:22:fe:2b:8c:c6:f6:94:
                    31:32:d3:07:49:68:22:b0:ad:26:61:7d:fc:af:09:
                    f5:5a:01:86:3b:09:df:3a:2c:3a:fa:32:6d:8c:17:
                    da:ed:44:af:91:85:7d:7e:72:da:cf:ae:16:c0:c4:
                    85:84:e5:f6:b4:bd:ad:6d:b1:ea:f6:2e:9d:ab:62:
                    b1:a4:a3:83:6e:04:ab:99:79:1c:77:55:f9:9e:82:
                    21:ce:6b:fb:8c:e6:f0:9e:9c:87:dc:04:4c:6b:aa:
                    56:c2:9d:9e:6a:24:2e:c5:0b:ab:a0:20:d1:71:9f:
                    1f:42:8a:cb:f1:cc:eb:c7:38:4b:21:31:99:6c:bc:
                    ea:ee:1d:6b:4e:f1:96:62:88:5a:d5:8e:b9:4f:37:
                    fb:16:5f:0a:2b:8d:38:8d:47:f2:c7:19:ef:57:7b:
                    60:85:ec:0e:d2:65:82:12:42:a5:90:1d:56:ab:f9:
                    06:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:53:46:6C:B1:9F:E6:6E:3C:5F:85:5B:81:DC:89:37:05:20:69:52
            X509v3 Authority Key Identifier:
                keyid:5F:AD:D0:E9:45:BC:61:10:1C:69:BC:E6:4A:3D:72:8B:A1:BB:86:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X63Q6UW8YRAcabzmSj1yi6G7hmE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/2lNGbLGf5m48X4VbgdyJNwUgaVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b0073d-388f-4ab9-b90e-71c7e8ac59c0/1/X63Q6UW8YRAcabzmSj1yi6G7hmE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:19:04:1a:ec:93:3f:93:e1:15:3b:af:dc:a8:61:88:d6:1a:
         94:5e:f3:08:0d:18:c9:85:1f:30:89:b2:e9:f9:3e:15:a2:33:
         c4:ad:eb:d9:ea:a5:e6:c7:f1:a5:03:c9:2e:7a:16:60:70:0c:
         45:72:27:f6:a0:f3:a6:53:84:73:49:f7:29:2b:98:53:61:9b:
         73:a5:43:17:09:6a:e8:e6:58:b9:fc:e6:57:89:63:71:2b:e8:
         63:aa:90:46:de:29:f4:69:3a:9b:f8:ca:ae:05:72:90:38:c2:
         d5:84:02:f3:53:ac:05:b0:ff:4e:29:fb:40:3c:65:b6:84:25:
         cb:c4:3b:66:52:59:f6:d6:1c:e3:6f:f1:7a:14:57:8b:b5:de:
         f4:30:d9:14:85:9e:3f:cc:e3:b6:32:54:9f:84:0c:7d:b4:f9:
         c3:30:c1:db:25:65:ab:19:d0:34:ed:53:97:52:1d:61:aa:76:
         99:1e:f4:2b:39:6f:0a:6d:ac:8f:ad:30:a1:d9:36:44:96:a5:
         cc:33:95:e8:ef:b0:1f:fe:eb:7f:1a:a0:a6:3c:de:32:2d:1d:
         83:35:df:be:4a:ed:84:be:60:b8:c0:f6:3d:d7:d2:ba:60:36:
         f2:8e:03:63:fc:35:a0:de:83:01:02:9f:14:9b:49:a2:2c:54:
         aa:9c:a1:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKStm71XQJZcBjl1Ip8XGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYWRkMGU5NDViYzYxMTAxYzY5YmNlNjRhM2Q3MjhiYTFi
Yjg2NjEwHhcNMjQwMTAyMTIzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTUzNDY2Y2IxOWZlNjZlM2M1Zjg1NWI4MWRjODkzNzA1MjA2OTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSSDI0FeFbvJV1T3pOnuxqYV5ipj
uTuGpa7HjJ8mM0yV+Dq7ZivyVZb8LE0+zsSGoXu8xd79zjRKBuk73NYkMGGNhPbd
DMuWKPtjjnLiWN8QviL+K4zG9pQxMtMHSWgisK0mYX38rwn1WgGGOwnfOiw6+jJt
jBfa7USvkYV9fnLaz64WwMSFhOX2tL2tbbHq9i6dq2KxpKODbgSrmXkcd1X5noIh
zmv7jObwnpyH3ARMa6pWwp2eaiQuxQuroCDRcZ8fQorL8czrxzhLITGZbLzq7h1r
TvGWYoha1Y65Tzf7Fl8KK404jUfyxxnvV3tghewO0mWCEkKlkB1Wq/kGawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpTRmyxn+ZuPF+FW4HciTcFIGlSMB8GA1UdIwQY
MBaAFF+t0OlFvGEQHGm85ko9couhu4ZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDYzUTZVVzhZUkFjYWJ6bVNqMXlpNkc3aG1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iMDA3M2QtMzg4Zi00YWI5LWI5MGUt
NzFjN2U4YWM1OWMwLzEvMmxOR2JMR2Y1bTQ4WDRWYmdkeUpOd1VnYVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iMDA3M2QtMzg4Zi00YWI5LWI5MGUtNzFjN2U4YWM1OWMw
LzEvWDYzUTZVVzhZUkFjYWJ6bVNqMXlpNkc3aG1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufBMA0G
CSqGSIb3DQEBCwUAA4IBAQAuGQQa7JM/k+EVO6/cqGGI1hqUXvMIDRjJhR8wibLp
+T4VojPErevZ6qXmx/GlA8kuehZgcAxFcif2oPOmU4RzSfcpK5hTYZtzpUMXCWro
5li5/OZXiWNxK+hjqpBG3in0aTqb+MquBXKQOMLVhALzU6wFsP9OKftAPGW2hCXL
xDtmUln21hzjb/F6FFeLtd70MNkUhZ4/zOO2MlSfhAx9tPnDMMHbJWWrGdA07VOX
Uh1hqnaZHvQrOW8KbayPrTCh2TZElqXMM5Xo77Af/ut/GqCmPN4yLR2DNd++Su2E
vmC4wPY919K6YDbyjgNj/DWg3oMBAp8Um0miLFSqnKGH
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:14:37 2024 by rpki-client on console-fra.rpki-client.org