Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/2Yjy3Fb7SillH2-McFapBuVVIL0.roa
File:                     2Yjy3Fb7SillH2-McFapBuVVIL0.roa (raw, json)
Hash identifier:          1zHaq5sD9NUDMNlqxGXHG6NCURbsJVKRndNr2vve9w0=
Subject key identifier:   D9:88:F2:DC:56:FB:4A:29:65:1F:6F:8C:70:56:A9:06:E5:55:20:BD
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80296F09D6FAAB7F5EF11A391B41E99
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/2Yjy3Fb7SillH2-McFapBuVVIL0.roa
Signing time:             Tue 02 Jan 2024 02:31:02 +0000
ROA not before:           Tue 02 Jan 2024 02:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        194.5.66.0/24 maxlen: 24
                          45.147.225.0/24 maxlen: 24
                          185.108.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:96:f0:9d:6f:aa:b7:f5:ef:11:a3:91:b4:1e:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d988f2dc56fb4a29651f6f8c7056a906e55520bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e2:1e:85:31:70:0f:42:71:77:ce:ec:f9:a2:
                    33:cb:38:7c:8f:c0:e7:38:b2:c8:5c:81:f8:b8:f1:
                    b5:4a:40:49:3a:bf:3f:55:85:78:7c:19:be:06:fa:
                    3d:bd:98:7b:51:8e:83:16:f8:92:35:9b:d5:40:ac:
                    61:6d:43:ec:d8:b7:5f:f8:7e:01:fb:83:e9:c0:23:
                    1f:f0:7b:76:bd:e4:07:96:28:39:2b:92:46:26:ec:
                    3e:18:97:ba:54:2a:b1:54:4c:a2:7c:3c:da:e0:53:
                    ec:b4:91:2f:0b:ae:21:d6:b2:3d:07:c6:d6:d9:d0:
                    f1:24:af:a0:1b:2f:5d:58:df:8a:07:6b:42:1f:2d:
                    c5:7e:4c:63:81:62:09:b6:dd:5c:d9:c7:6b:70:33:
                    61:1e:28:e1:dc:ce:6c:53:f0:44:ca:47:81:07:b6:
                    0b:cb:07:1f:89:f8:7e:8c:21:19:a6:83:c4:5d:05:
                    ee:bf:16:ff:b1:88:29:27:b6:a7:b3:18:d1:ff:b9:
                    b0:25:d2:e5:08:26:ec:68:40:33:5a:04:cc:8b:bf:
                    a2:2e:33:ec:38:63:3e:91:d3:f5:d8:8f:ae:db:9c:
                    78:57:33:56:9e:01:b0:3b:40:36:50:f3:8e:ae:1f:
                    34:ae:5c:95:b4:d8:6e:5a:4e:38:35:d0:90:7d:7c:
                    0e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:88:F2:DC:56:FB:4A:29:65:1F:6F:8C:70:56:A9:06:E5:55:20:BD
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/2Yjy3Fb7SillH2-McFapBuVVIL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.225.0/24
                  185.108.207.0/24
                  194.5.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:44:79:9a:d1:09:d9:a1:4f:53:1f:6e:7b:82:2b:de:8b:05:
         29:77:95:51:c3:06:5f:c1:fa:1e:73:e1:0a:87:42:1a:ce:58:
         78:eb:25:34:62:74:5b:a4:8c:a3:35:9a:34:14:d8:42:4a:a8:
         d4:c7:f3:92:71:ab:23:6b:d7:a1:fe:a3:59:6a:d8:44:95:73:
         54:49:96:82:3a:f8:1d:96:a2:6b:1d:5c:07:99:12:f3:e3:f6:
         6d:8c:75:d2:9b:70:0d:d4:91:61:5e:82:3d:95:74:9c:7e:f6:
         6e:e6:9a:80:07:82:ca:08:66:73:a5:20:34:58:3f:83:bd:b5:
         ed:3e:ff:f0:1c:da:e0:9c:85:74:5e:2a:f3:62:3f:2a:14:a3:
         2d:16:e6:17:03:d5:99:aa:8b:6e:ca:7d:7b:42:e2:84:ef:4b:
         7c:84:52:ff:6a:cf:4e:88:51:47:8a:c3:12:46:bb:65:53:69:
         33:6e:da:2a:00:3c:05:c8:27:ce:e1:34:15:4b:9c:9e:d1:de:
         f4:e9:85:1b:ae:de:3f:74:c0:4e:25:ae:1a:54:fb:ad:0f:cb:
         9b:44:a8:2d:f0:f7:06:08:9b:5b:b6:20:da:f1:01:bb:24:76:
         d8:f8:29:2a:6a:eb:be:cb:10:92:12:5b:c0:c8:85:9c:3f:46:
         b0:a5:b2:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIApbwnW+qt/XvEaORtB6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTg4ZjJkYzU2ZmI0YTI5NjUxZjZmOGM3MDU2YTkwNmU1NTUyMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguIehTFwD0Jxd87s+aIzyzh8j8Dn
OLLIXIH4uPG1SkBJOr8/VYV4fBm+Bvo9vZh7UY6DFviSNZvVQKxhbUPs2Ldf+H4B
+4PpwCMf8Ht2veQHlig5K5JGJuw+GJe6VCqxVEyifDza4FPstJEvC64h1rI9B8bW
2dDxJK+gGy9dWN+KB2tCHy3FfkxjgWIJtt1c2cdrcDNhHijh3M5sU/BEykeBB7YL
ywcfifh+jCEZpoPEXQXuvxb/sYgpJ7ansxjR/7mwJdLlCCbsaEAzWgTMi7+iLjPs
OGM+kdP12I+u25x4VzNWngGwO0A2UPOOrh80rlyVtNhuWk44NdCQfXwODQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNmI8txW+0opZR9vjHBWqQblVSC9MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMllqeTNGYjdTaWxsSDItTWNGYXBCdVZWSUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZPhAwQA
uWzPAwQAwgVCMA0GCSqGSIb3DQEBCwUAA4IBAQALRHma0QnZoU9TH257giveiwUp
d5VRwwZfwfoec+EKh0Iazlh46yU0YnRbpIyjNZo0FNhCSqjUx/OScasja9eh/qNZ
athElXNUSZaCOvgdlqJrHVwHmRLz4/ZtjHXSm3AN1JFhXoI9lXScfvZu5pqAB4LK
CGZzpSA0WD+DvbXtPv/wHNrgnIV0XirzYj8qFKMtFuYXA9WZqotuyn17QuKE70t8
hFL/as9OiFFHisMSRrtlU2kzbtoqADwFyCfO4TQVS5ye0d706YUbrt4/dMBOJa4a
VPutD8ubRKgt8PcGCJtbtiDa8QG7JHbY+Ckqauu+yxCSElvAyIWcP0awpbL/
-----END CERTIFICATE-----
Generated at Thu Nov 21 19:41:48 2024 by rpki-client on console-fra.rpki-client.org