Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/2FTNKSs2CY6AFF3tVZY8t1GpDzQ.roa
File:                     2FTNKSs2CY6AFF3tVZY8t1GpDzQ.roa (raw, json)
Hash identifier:          HwslynRGhMFIU+Ccc0U4jIHWYwQE0QoZ+bpKgxnblsY=
Subject key identifier:   D8:54:CD:29:2B:36:09:8E:80:14:5D:ED:55:96:3C:B7:51:A9:0F:34
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029798FC88194669339C9DBEBF791C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/2FTNKSs2CY6AFF3tVZY8t1GpDzQ.roa
Signing time:             Tue 02 Jan 2024 02:31:02 +0000
ROA not before:           Tue 02 Jan 2024 02:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212504
IP address blocks:        185.218.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:97:98:fc:88:19:46:69:33:9c:9d:be:bf:79:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d854cd292b36098e80145ded55963cb751a90f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:bd:81:cb:c4:c6:d1:61:52:b1:f3:9b:7f:66:
                    5e:de:b0:79:db:02:40:2f:79:a5:e7:ee:ee:89:0d:
                    db:b5:fd:60:bd:fe:98:06:63:92:81:3a:ca:46:ba:
                    39:d7:8e:a9:47:26:2b:d3:f7:27:02:41:c6:ac:e1:
                    5f:a4:e1:d3:80:44:35:5c:e5:24:1b:ab:a1:46:82:
                    8d:80:84:53:75:08:a0:af:46:c5:e1:6a:f9:0c:61:
                    ab:4d:58:d0:d3:37:07:a5:e4:36:a3:86:41:23:13:
                    bc:98:7b:90:01:52:23:88:cb:c9:c4:32:ae:38:73:
                    87:c4:64:ab:4f:d6:ee:c3:b8:ce:c7:5b:99:ab:f3:
                    c7:42:6f:7f:01:48:75:78:be:04:a2:33:b7:6c:2b:
                    3c:a4:d6:d0:f1:18:d2:8e:27:7b:a2:99:8c:8f:fd:
                    a3:78:6e:c2:1b:8b:74:92:b0:4d:66:68:3b:6a:13:
                    cb:97:16:b5:cb:b5:c5:80:11:f7:56:21:a0:96:41:
                    b2:25:53:2c:ba:97:39:f3:97:1f:60:f5:26:1e:0b:
                    b7:2a:94:b7:9b:c5:e2:19:7e:2d:09:4b:4f:b3:db:
                    9b:f7:15:80:17:31:4b:61:da:dd:81:fc:53:71:da:
                    49:16:86:34:c0:ae:d5:36:6e:38:51:2e:c0:08:8e:
                    3e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:54:CD:29:2B:36:09:8E:80:14:5D:ED:55:96:3C:B7:51:A9:0F:34
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/2FTNKSs2CY6AFF3tVZY8t1GpDzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:89:90:d6:da:c7:eb:03:8a:b7:93:15:68:3a:1d:8b:39:fa:
         ba:c0:f4:9f:90:92:2b:51:4a:1d:7a:d6:79:19:e6:74:64:66:
         2d:6e:6d:2c:de:73:1f:91:bb:44:63:d6:85:c9:ad:03:28:d9:
         b0:17:a6:4a:20:56:89:db:5d:b1:a4:36:50:01:4c:21:43:cb:
         72:7e:f7:a3:48:a5:24:2c:7d:b8:31:37:23:2e:68:cc:69:fb:
         1e:87:ce:b5:7a:d0:7c:d2:13:96:d8:5e:01:4c:f6:40:95:9f:
         c3:14:fb:78:4b:70:25:48:02:f8:cb:73:c6:22:87:16:7f:17:
         26:f5:e6:e5:f2:a2:05:79:f7:1e:4b:76:f8:43:f9:bb:df:27:
         ed:01:fe:5f:26:73:ab:65:f3:4c:38:85:c8:ec:ab:2f:f5:fc:
         f8:ca:48:d6:a5:b5:b7:f9:fd:ae:97:54:01:31:a5:02:7f:c9:
         1c:29:e1:0a:58:b4:fd:70:61:94:fa:b0:e9:03:6b:8f:96:a8:
         86:40:c7:78:e1:2f:27:3d:11:9c:c0:97:7a:f3:1e:ca:64:56:
         21:18:bc:6c:36:41:5d:8a:f6:c5:b6:ca:16:8c:49:e8:24:9a:
         06:92:cf:fb:00:24:b8:8e:48:00:10:f8:d6:83:66:ea:13:9a:
         69:7d:49:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIApeY/IgZRmkznJ2+v3kcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODU0Y2QyOTJiMzYwOThlODAxNDVkZWQ1NTk2M2NiNzUxYTkwZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgb2By8TG0WFSsfObf2Ze3rB52wJA
L3ml5+7uiQ3btf1gvf6YBmOSgTrKRro5146pRyYr0/cnAkHGrOFfpOHTgEQ1XOUk
G6uhRoKNgIRTdQigr0bF4Wr5DGGrTVjQ0zcHpeQ2o4ZBIxO8mHuQAVIjiMvJxDKu
OHOHxGSrT9buw7jOx1uZq/PHQm9/AUh1eL4EojO3bCs8pNbQ8RjSjid7opmMj/2j
eG7CG4t0krBNZmg7ahPLlxa1y7XFgBH3ViGglkGyJVMsupc585cfYPUmHgu3KpS3
m8XiGX4tCUtPs9ub9xWAFzFLYdrdgfxTcdpJFoY0wK7VNm44US7ACI4+mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhUzSkrNgmOgBRd7VWWPLdRqQ80MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMkZUTktTczJDWTZBRkYzdFZaWTh0MUdwRHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudoVMA0G
CSqGSIb3DQEBCwUAA4IBAQBciZDW2sfrA4q3kxVoOh2LOfq6wPSfkJIrUUodetZ5
GeZ0ZGYtbm0s3nMfkbtEY9aFya0DKNmwF6ZKIFaJ212xpDZQAUwhQ8tyfvejSKUk
LH24MTcjLmjMafseh861etB80hOW2F4BTPZAlZ/DFPt4S3AlSAL4y3PGIocWfxcm
9ebl8qIFefceS3b4Q/m73yftAf5fJnOrZfNMOIXI7Ksv9fz4ykjWpbW3+f2ul1QB
MaUCf8kcKeEKWLT9cGGU+rDpA2uPlqiGQMd44S8nPRGcwJd68x7KZFYhGLxsNkFd
ivbFtsoWjEnoJJoGks/7ACS4jkgAEPjWg2bqE5ppfUly
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:41:48 2024 by rpki-client on console-fra.rpki-client.org