Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/bJzXB4Egfy965SkYaz2mANcyGVk.roa
File:                     bJzXB4Egfy965SkYaz2mANcyGVk.roa (raw, json)
Hash identifier:          xYRbxLQNkMqj0AkdAHdMwnudOMSEza8BRXp0F9gfq+I=
Subject key identifier:   6C:9C:D7:07:81:20:7F:2F:7A:E5:29:18:6B:3D:A6:00:D7:32:19:59
Certificate issuer:       /CN=18886007da1730b0770d8604db73d12fd264f3f9
Certificate serial:       018DF53DA3E2AEA312D38E3FEEF91A59C508
Authority key identifier: 18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/bJzXB4Egfy965SkYaz2mANcyGVk.roa
Signing time:             Thu 29 Feb 2024 14:21:14 +0000
ROA not before:           Thu 29 Feb 2024 14:21:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47594
IP address blocks:        213.171.1.0/24 maxlen: 24
                          213.171.2.0/24 maxlen: 24
                          213.171.11.0/24 maxlen: 24
                          213.171.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 20:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f5:3d:a3:e2:ae:a3:12:d3:8e:3f:ee:f9:1a:59:c5:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18886007da1730b0770d8604db73d12fd264f3f9
        Validity
            Not Before: Feb 29 14:21:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c9cd70781207f2f7ae529186b3da600d7321959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ad:4c:cd:59:6a:94:94:da:8f:84:d3:2c:06:
                    a3:31:81:68:32:b1:bb:fd:54:87:bc:a3:a9:72:f4:
                    b5:db:44:f9:a5:af:f0:3d:f7:6c:07:94:69:4c:e2:
                    49:11:8b:cb:18:ad:7e:f8:5a:3d:4b:53:0d:f7:20:
                    2a:0c:e6:5e:cb:aa:35:f4:2d:f0:2d:b3:04:6c:c1:
                    69:28:fd:f3:82:44:0e:c8:e3:47:57:2d:ef:a4:4f:
                    37:ae:4b:ed:c2:46:80:0b:9c:38:8f:ab:7b:5a:0b:
                    c0:72:5f:ea:42:f5:28:b6:19:13:8f:40:02:11:d3:
                    f8:49:a9:2a:30:37:f7:e6:ac:3d:36:24:73:47:f4:
                    38:83:79:16:ca:70:0e:9c:9d:ba:15:91:54:6a:bf:
                    3e:12:89:83:52:09:96:0d:a5:90:e7:de:84:e4:1c:
                    78:96:87:58:60:15:ad:26:a1:01:c0:8a:d6:9f:08:
                    f8:0b:fc:d2:9e:39:75:76:64:da:9c:c2:54:99:31:
                    46:6f:31:bf:47:38:b4:71:cf:0d:86:28:3b:c9:54:
                    c3:e4:62:8a:18:45:dd:84:91:ea:ab:26:0c:70:8c:
                    67:c8:13:95:93:cc:ec:1d:8f:fa:bd:32:b0:0d:f8:
                    af:10:4a:69:8e:3d:52:28:eb:25:e7:7e:5e:84:4e:
                    bb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:9C:D7:07:81:20:7F:2F:7A:E5:29:18:6B:3D:A6:00:D7:32:19:59
            X509v3 Authority Key Identifier:
                keyid:18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/bJzXB4Egfy965SkYaz2mANcyGVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.171.1.0-213.171.2.255
                  213.171.11.0/24
                  213.171.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:54:2b:eb:3d:75:2d:9c:35:aa:2f:d8:15:d1:b3:dc:23:da:
         b8:0c:2e:aa:f3:73:92:0d:af:0a:2d:06:8e:d0:ca:a2:3a:dd:
         ba:9b:99:4f:d6:4b:7e:ec:02:79:c4:6b:6f:97:1f:88:6b:04:
         6d:cf:f3:29:9f:1b:39:8f:19:a6:4e:6d:e8:69:da:07:49:0b:
         37:48:f8:e5:68:63:05:a6:7b:7c:db:41:f1:91:06:2a:f5:cf:
         6a:eb:8c:71:fa:7a:de:1a:41:9c:e2:bb:7f:c5:cf:d4:4f:c1:
         67:fe:17:01:5c:eb:92:ec:ba:96:53:6e:f2:7e:59:f4:9c:5c:
         0d:35:d0:5f:e6:6c:b9:26:d4:7e:69:6a:f9:12:1a:31:c5:55:
         44:60:8a:69:d5:81:f0:16:e3:02:9e:93:b7:ad:77:87:4e:b4:
         05:8e:db:82:e7:a0:ed:32:8e:0a:d3:69:54:29:d2:46:40:95:
         ba:a9:bb:af:d8:e2:40:32:15:32:4c:d3:12:93:e4:1a:ff:bb:
         42:73:72:b8:39:f6:3f:1d:3a:82:24:3c:68:11:25:d4:3a:9a:
         3d:77:a1:96:c1:c2:4a:6b:f3:d1:a7:75:ae:5d:aa:2d:ec:28:
         57:0d:ee:4e:4c:00:16:15:96:8f:9a:6f:8a:6a:59:a8:70:cb:
         68:62:c9:79
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY31PaPirqMS044/7vkaWcUIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ODg2MDA3ZGExNzMwYjA3NzBkODYwNGRiNzNkMTJmZDI2
NGYzZjkwHhcNMjQwMjI5MTQyMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzljZDcwNzgxMjA3ZjJmN2FlNTI5MTg2YjNkYTYwMGQ3MzIxOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK1MzVlqlJTaj4TTLAajMYFoMrG7
/VSHvKOpcvS120T5pa/wPfdsB5RpTOJJEYvLGK1++Fo9S1MN9yAqDOZey6o19C3w
LbMEbMFpKP3zgkQOyONHVy3vpE83rkvtwkaAC5w4j6t7WgvAcl/qQvUothkTj0AC
EdP4SakqMDf35qw9NiRzR/Q4g3kWynAOnJ26FZFUar8+EomDUgmWDaWQ596E5Bx4
lodYYBWtJqEBwIrWnwj4C/zSnjl1dmTanMJUmTFGbzG/Rzi0cc8Nhig7yVTD5GKK
GEXdhJHqqyYMcIxnyBOVk8zsHY/6vTKwDfivEEppjj1SKOsl535ehE67wwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFGyc1weBIH8veuUpGGs9pgDXMhlZMB8GA1UdIwQY
MBaAFBiIYAfaFzCwdw2GBNtz0S/SZPP5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEt
MTY5YzgzNmJkNmIwLzEvYkp6WEI0RWdmeTk2NVNrWWF6Mm1BTmN5R1ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEtMTY5YzgzNmJkNmIw
LzEvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBADVqwED
BADVqwIDBADVqwsDBADVqw0wDQYJKoZIhvcNAQELBQADggEBAHpUK+s9dS2cNaov
2BXRs9wj2rgMLqrzc5INrwotBo7QyqI63bqbmU/WS37sAnnEa2+XH4hrBG3P8ymf
GzmPGaZObehp2gdJCzdI+OVoYwWme3zbQfGRBir1z2rrjHH6et4aQZziu3/Fz9RP
wWf+FwFc65LsupZTbvJ+WfScXA010F/mbLkm1H5pavkSGjHFVURgimnVgfAW4wKe
k7etd4dOtAWO24LnoO0yjgrTaVQp0kZAlbqpu6/Y4kAyFTJM0xKT5Br/u0Jzcrg5
9j8dOoIkPGgRJdQ6mj13oZbBwkpr89Gnda5dqi3sKFcN7k5MABYVlo+ab4pqWahw
y2hiyXk=
-----END CERTIFICATE-----
Generated at Sun Jun 16 04:57:15 2024 by rpki-client on console-ams.rpki-client.org