Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/i2eJrEfelYQqyMxjfIMrwo3xZoE.roa
File:                     i2eJrEfelYQqyMxjfIMrwo3xZoE.roa (raw, json)
Hash identifier:          bJaj1yoLKIUnxfE/GQdxLjgX2i4lI/zxxe1rr7T/GTo=
Subject key identifier:   8B:67:89:AC:47:DE:95:84:2A:C8:CC:63:7C:83:2B:C2:8D:F1:66:81
Certificate issuer:       /CN=b8d23b1e6c07e62af2d2e7eb6de0893b09119abb
Certificate serial:       019420D5E8139E0DBAEF807E7BBB8AFA3880
Authority key identifier: B8:D2:3B:1E:6C:07:E6:2A:F2:D2:E7:EB:6D:E0:89:3B:09:11:9A:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNI7HmwH5iry0ufrbeCJOwkRmrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/i2eJrEfelYQqyMxjfIMrwo3xZoE.roa
Signing time:             Wed 01 Jan 2025 07:47:57 +0000
ROA not before:           Wed 01 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204141
IP address blocks:        82.211.192.0/19 maxlen: 19
                          185.140.0.0/22 maxlen: 22
                          2a03:19c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/uNI7HmwH5iry0ufrbeCJOwkRmrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/uNI7HmwH5iry0ufrbeCJOwkRmrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNI7HmwH5iry0ufrbeCJOwkRmrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e8:13:9e:0d:ba:ef:80:7e:7b:bb:8a:fa:38:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d23b1e6c07e62af2d2e7eb6de0893b09119abb
        Validity
            Not Before: Jan  1 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b6789ac47de95842ac8cc637c832bc28df16681
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:54:55:91:a6:15:80:de:1d:a5:88:f0:a6:95:
                    0e:5b:02:d1:84:1a:79:07:ec:8b:db:9b:b5:9c:2a:
                    9e:41:3d:d8:9d:66:24:07:81:39:60:03:7d:0e:2c:
                    e4:11:29:09:dd:c7:43:f1:70:9b:56:18:87:fd:35:
                    e9:12:a5:ca:48:9b:7c:e3:91:ce:7d:c8:03:aa:8d:
                    64:09:3f:6d:5e:10:79:dd:05:d7:d2:04:39:c0:b9:
                    bb:2d:24:fc:8c:4f:17:2b:0e:db:c1:ec:99:b6:55:
                    d4:7d:b3:d7:cb:71:5a:af:2e:6a:98:aa:85:27:21:
                    67:49:e9:17:74:50:ea:94:ce:da:22:40:ab:b1:4f:
                    cd:1c:ef:e8:0f:92:74:3b:53:6f:7f:35:ca:fb:26:
                    67:7f:07:39:99:0b:bd:20:b4:7e:26:1b:14:2d:52:
                    f1:78:33:a9:ce:a9:32:85:6b:db:6d:ae:03:0c:2d:
                    03:27:31:f4:4a:fc:f5:b6:73:6a:bd:44:9b:c3:ca:
                    77:32:a3:57:25:66:ec:8b:25:43:37:f3:6a:6c:88:
                    27:38:f6:b9:2a:e4:3f:9d:b8:88:0a:e3:f3:3b:45:
                    69:a9:eb:55:ca:30:8b:4d:bf:9a:7c:eb:e4:7f:79:
                    46:82:27:61:c0:26:9c:fa:59:e8:7f:23:f7:69:39:
                    68:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:67:89:AC:47:DE:95:84:2A:C8:CC:63:7C:83:2B:C2:8D:F1:66:81
            X509v3 Authority Key Identifier:
                keyid:B8:D2:3B:1E:6C:07:E6:2A:F2:D2:E7:EB:6D:E0:89:3B:09:11:9A:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNI7HmwH5iry0ufrbeCJOwkRmrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/i2eJrEfelYQqyMxjfIMrwo3xZoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/b74aa2-25e0-4ad5-8cc3-69061ef2c499/1/uNI7HmwH5iry0ufrbeCJOwkRmrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.211.192.0/19
                  185.140.0.0/22
                IPv6:
                  2a03:19c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:07:ce:76:d1:0a:e2:bf:39:cd:cc:3f:ae:45:7b:a1:5d:17:
         28:2d:dd:53:82:bf:60:6a:f4:aa:70:8d:c4:bb:b0:f7:ab:23:
         3d:d5:aa:e7:ce:f7:85:f5:07:ad:49:9f:5f:62:c3:46:ec:3e:
         68:7f:96:32:26:a6:67:87:bf:6d:0c:e4:dc:12:a7:34:ca:ea:
         b5:a5:87:90:86:d1:3e:c5:c7:f2:02:2e:ed:cb:2a:b2:12:e6:
         31:82:3d:d8:1e:2f:4e:09:0a:cd:1a:70:6c:06:cf:43:03:d6:
         fe:24:27:fc:68:49:70:26:88:ce:96:82:55:fe:86:80:ec:39:
         b9:90:79:3e:de:fe:95:6f:8b:f9:1a:e1:64:b5:0d:84:9b:af:
         11:e6:fa:7d:e4:bf:49:ea:d2:f3:e1:73:57:57:05:27:42:d2:
         7e:5a:94:fa:1d:ef:2d:1f:e6:a6:31:ea:73:fb:21:be:f2:57:
         1e:8c:56:13:c7:57:a7:c2:36:dc:62:93:6c:bc:d3:1f:de:76:
         2d:16:20:3b:cc:f4:f8:f1:30:f3:bc:37:16:91:1e:bf:ee:6b:
         8a:66:ee:4d:bd:17:70:7b:a9:a0:5e:8c:0b:fa:8d:52:07:3f:
         d1:ab:48:dc:2f:90:11:23:ab:06:16:01:6d:75:00:c8:5c:51:
         4d:03:9f:85
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1egTng2674B+e7uK+jiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDIzYjFlNmMwN2U2MmFmMmQyZTdlYjZkZTA4OTNiMDkx
MTlhYmIwHhcNMjUwMTAxMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjY3ODlhYzQ3ZGU5NTg0MmFjOGNjNjM3YzgzMmJjMjhkZjE2NjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1RVkaYVgN4dpYjwppUOWwLRhBp5
B+yL25u1nCqeQT3YnWYkB4E5YAN9DizkESkJ3cdD8XCbVhiH/TXpEqXKSJt845HO
fcgDqo1kCT9tXhB53QXX0gQ5wLm7LST8jE8XKw7bweyZtlXUfbPXy3Fary5qmKqF
JyFnSekXdFDqlM7aIkCrsU/NHO/oD5J0O1NvfzXK+yZnfwc5mQu9ILR+JhsULVLx
eDOpzqkyhWvbba4DDC0DJzH0Svz1tnNqvUSbw8p3MqNXJWbsiyVDN/NqbIgnOPa5
KuQ/nbiICuPzO0VpqetVyjCLTb+afOvkf3lGgidhwCac+lnofyP3aTloXwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFItniaxH3pWEKsjMY3yDK8KN8WaBMB8GA1UdIwQY
MBaAFLjSOx5sB+Yq8tLn623giTsJEZq7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5JN0htd0g1aXJ5MHVmcmJlQ0pPd2tSbXJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9iNzRhYTItMjVlMC00YWQ1LThjYzMt
NjkwNjFlZjJjNDk5LzEvaTJlSnJFZmVsWVFxeU14amZJTXJ3bzN4Wm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9iNzRhYTItMjVlMC00YWQ1LThjYzMtNjkwNjFlZjJjNDk5
LzEvdU5JN0htd0g1aXJ5MHVmcmJlQ0pPd2tSbXJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFUtPAAwQC
uYwAMA0EAgACMAcDBQAqAxnAMA0GCSqGSIb3DQEBCwUAA4IBAQCzB8520QrivznN
zD+uRXuhXRcoLd1Tgr9gavSqcI3Eu7D3qyM91arnzveF9QetSZ9fYsNG7D5of5Yy
JqZnh79tDOTcEqc0yuq1pYeQhtE+xcfyAi7tyyqyEuYxgj3YHi9OCQrNGnBsBs9D
A9b+JCf8aElwJojOloJV/oaA7Dm5kHk+3v6Vb4v5GuFktQ2Em68R5vp95L9J6tLz
4XNXVwUnQtJ+WpT6He8tH+amMepz+yG+8lcejFYTx1enwjbcYpNsvNMf3nYtFiA7
zPT48TDzvDcWkR6/7muKZu5NvRdwe6mgXowL+o1SBz/Rq0jcL5ARI6sGFgFtdQDI
XFFNA5+F
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:10:49 2025 by rpki-client