Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/2dGAU9HdMqGvTHzhqKHjTpCsK8Q.roa
File:                     2dGAU9HdMqGvTHzhqKHjTpCsK8Q.roa (raw, json)
Hash identifier:          mLalQ/BF3idj7yfAPZVT0aNzX6CdHoDlA2NUdQrPLNk=
Subject key identifier:   D9:D1:80:53:D1:DD:32:A1:AF:4C:7C:E1:A8:A1:E3:4E:90:AC:2B:C4
Certificate issuer:       /CN=677b43f538f0ae720e527b2a6c0b8a876d96c947
Certificate serial:       018CC86F3C41991F4A39F05C7815ACC889CA
Authority key identifier: 67:7B:43:F5:38:F0:AE:72:0E:52:7B:2A:6C:0B:8A:87:6D:96:C9:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z3tD9TjwrnIOUnsqbAuKh22WyUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/2dGAU9HdMqGvTHzhqKHjTpCsK8Q.roa
Signing time:             Tue 02 Jan 2024 04:29:42 +0000
ROA not before:           Tue 02 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62113
IP address blocks:        185.38.172.0/23 maxlen: 24
                          185.38.174.0/24 maxlen: 24
                          2a01:4260::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/Z3tD9TjwrnIOUnsqbAuKh22WyUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/Z3tD9TjwrnIOUnsqbAuKh22WyUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z3tD9TjwrnIOUnsqbAuKh22WyUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3c:41:99:1f:4a:39:f0:5c:78:15:ac:c8:89:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=677b43f538f0ae720e527b2a6c0b8a876d96c947
        Validity
            Not Before: Jan  2 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9d18053d1dd32a1af4c7ce1a8a1e34e90ac2bc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:24:c8:88:c0:0d:3d:79:e7:8d:3f:23:e8:cd:
                    64:09:9a:8e:7d:41:9a:65:6a:a4:b9:52:c6:84:16:
                    de:d7:93:35:9f:b5:b6:62:0b:48:c0:5f:45:c0:f9:
                    7e:56:96:4f:a3:d0:56:9e:88:11:0c:81:0b:6a:d4:
                    1d:89:00:a5:72:a2:67:33:bb:fb:94:a8:5c:28:fb:
                    2f:1f:43:d8:b9:e8:42:2a:3f:c1:b2:e0:b2:56:30:
                    67:e5:1b:c3:ee:2f:75:d6:dc:e3:c6:58:25:de:a7:
                    b3:49:18:86:7b:08:b3:84:ee:7b:d1:f3:35:48:69:
                    66:15:bf:18:2d:e1:ae:41:c9:c8:cd:fe:00:f1:d3:
                    46:f3:c0:56:ef:9b:61:e6:71:ba:c4:c6:ac:5e:af:
                    0f:4d:aa:8c:98:60:4a:b3:8d:4f:c7:57:e6:42:c7:
                    97:f0:4b:81:ac:70:b4:16:9e:cc:22:2c:0c:11:f3:
                    50:ad:59:30:be:54:fc:c8:5c:66:af:58:f7:d3:cc:
                    8c:aa:a9:c0:d4:b2:32:59:28:2e:6a:38:e0:51:6c:
                    b1:c1:82:5a:d4:58:f0:ae:ba:3e:c7:50:0d:cf:42:
                    0d:58:bf:80:a6:df:57:d2:0a:23:0a:26:96:52:19:
                    59:66:96:7f:7f:de:b2:fe:69:1e:2e:70:25:28:92:
                    a0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:D1:80:53:D1:DD:32:A1:AF:4C:7C:E1:A8:A1:E3:4E:90:AC:2B:C4
            X509v3 Authority Key Identifier:
                keyid:67:7B:43:F5:38:F0:AE:72:0E:52:7B:2A:6C:0B:8A:87:6D:96:C9:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z3tD9TjwrnIOUnsqbAuKh22WyUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/2dGAU9HdMqGvTHzhqKHjTpCsK8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5a6eee-a09a-44e1-88db-2878203a009d/1/Z3tD9TjwrnIOUnsqbAuKh22WyUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.172.0-185.38.174.255
                IPv6:
                  2a01:4260::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:84:f2:8a:fb:5b:43:2c:29:61:c6:3d:a6:e1:94:5e:17:5a:
         fc:3e:14:43:e6:4f:4e:2b:a8:f8:af:ee:66:d7:a2:d0:3c:7f:
         d4:ec:4e:51:bf:bd:93:75:b5:98:14:86:fe:5e:61:91:96:86:
         04:06:ba:52:e1:e7:05:fd:c5:68:58:b2:f2:1d:44:1a:b1:20:
         f9:d5:7f:a7:8b:85:eb:cc:32:d1:e4:05:da:38:26:39:6c:17:
         e7:68:4f:33:d2:40:9d:a7:ea:cd:68:69:92:24:96:ce:00:db:
         fd:f5:31:f9:b5:63:14:9e:24:e3:89:4e:d1:20:58:27:38:f5:
         b2:e3:6c:2f:26:99:8c:99:79:6f:c6:f0:ad:68:61:e8:82:9f:
         9f:00:b0:2f:6e:8e:07:18:a5:21:a8:e1:8c:76:2c:fe:83:69:
         78:8e:81:85:27:07:4c:00:07:d4:ec:ff:0f:48:e5:0d:e0:6c:
         82:b2:fa:17:92:db:3c:e0:5e:57:0b:39:27:4a:c4:fa:d2:41:
         8d:1b:d8:09:f1:f9:ce:e0:73:eb:1b:1f:ed:38:44:3a:af:1c:
         ef:60:01:d7:e4:09:e9:4f:41:f0:e4:89:55:9b:98:97:26:d1:
         38:bc:9e:9e:c0:a6:44:79:47:b9:13:de:8d:20:a2:ce:e7:f4:
         ac:06:6f:f9
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzIbzxBmR9KOfBceBWsyInKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3N2I0M2Y1MzhmMGFlNzIwZTUyN2IyYTZjMGI4YTg3NmQ5
NmM5NDcwHhcNMjQwMTAyMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWQxODA1M2QxZGQzMmExYWY0YzdjZTFhOGExZTM0ZTkwYWMyYmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CTIiMANPXnnjT8j6M1kCZqOfUGa
ZWqkuVLGhBbe15M1n7W2YgtIwF9FwPl+VpZPo9BWnogRDIELatQdiQClcqJnM7v7
lKhcKPsvH0PYuehCKj/BsuCyVjBn5RvD7i911tzjxlgl3qezSRiGewizhO570fM1
SGlmFb8YLeGuQcnIzf4A8dNG88BW75th5nG6xMasXq8PTaqMmGBKs41Px1fmQseX
8EuBrHC0Fp7MIiwMEfNQrVkwvlT8yFxmr1j308yMqqnA1LIyWSguajjgUWyxwYJa
1Fjwrro+x1ANz0INWL+Apt9X0gojCiaWUhlZZpZ/f96y/mkeLnAlKJKgNQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFNnRgFPR3TKhr0x84aih406QrCvEMB8GA1UdIwQY
MBaAFGd7Q/U48K5yDlJ7KmwLiodtlslHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjN0RDlUandybklPVW5zcWJBdUtoMjJXeVVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81YTZlZWUtYTA5YS00NGUxLTg4ZGIt
Mjg3ODIwM2EwMDlkLzEvMmRHQVU5SGRNcUd2VEh6aHFLSGpUcENzSzhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81YTZlZWUtYTA5YS00NGUxLTg4ZGItMjg3ODIwM2EwMDlk
LzEvWjN0RDlUandybklPVW5zcWJBdUtoMjJXeVVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAK5JqwD
BAC5Jq4wDQQCAAIwBwMFAyoBQmAwDQYJKoZIhvcNAQELBQADggEBAJ+E8or7W0Ms
KWHGPabhlF4XWvw+FEPmT04rqPiv7mbXotA8f9TsTlG/vZN1tZgUhv5eYZGWhgQG
ulLh5wX9xWhYsvIdRBqxIPnVf6eLhevMMtHkBdo4JjlsF+doTzPSQJ2n6s1oaZIk
ls4A2/31Mfm1YxSeJOOJTtEgWCc49bLjbC8mmYyZeW/G8K1oYeiCn58AsC9ujgcY
pSGo4Yx2LP6DaXiOgYUnB0wAB9Ts/w9I5Q3gbIKy+heS2zzgXlcLOSdKxPrSQY0b
2Anx+c7gc+sbH+04RDqvHO9gAdfkCelPQfDkiVWbmJcm0Ti8np7ApkR5R7kT3o0g
os7n9KwGb/k=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:35:35 2024 by rpki-client on console-ams.rpki-client.org