Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/IxtMID-LayU__IW7nnF-9kp2uOw.roa
File:                     IxtMID-LayU__IW7nnF-9kp2uOw.roa (raw, json)
Hash identifier:          3fnJhcYlW8adrdNlD3ire3qkn7LGjA1tD8mRV2yz1Y4=
Subject key identifier:   23:1B:4C:20:3F:8B:6B:25:3F:FC:85:BB:9E:71:7E:F6:4A:76:B8:EC
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0190EDEA2AFD345B1EB630B37E70D24D6135
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/IxtMID-LayU__IW7nnF-9kp2uOw.roa
Signing time:             Fri 26 Jul 2024 07:21:04 +0000
ROA not before:           Fri 26 Jul 2024 07:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214532
IP address blocks:        213.21.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ed:ea:2a:fd:34:5b:1e:b6:30:b3:7e:70:d2:4d:61:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jul 26 07:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=231b4c203f8b6b253ffc85bb9e717ef64a76b8ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4e:c3:1e:1c:01:c8:90:da:87:4a:02:10:88:
                    5d:a4:7b:c2:61:36:16:3a:53:93:34:1f:44:4d:05:
                    f4:f3:4b:a6:a1:22:dc:c7:55:98:c0:e2:71:32:86:
                    35:f9:87:aa:d8:0e:b7:62:ed:ce:ca:d2:45:0b:25:
                    c3:f1:da:87:16:c7:c5:bc:bd:46:b6:7b:7f:86:8a:
                    38:74:af:f2:35:ef:98:05:2d:da:c2:dc:54:8f:bd:
                    1d:8b:aa:be:d0:7f:a4:69:7a:45:a2:e1:65:ef:4a:
                    59:92:8c:6b:a2:9d:60:cf:61:48:18:f1:4d:bc:9c:
                    01:00:88:80:db:63:e9:82:17:1a:d0:18:9b:2d:3d:
                    2b:28:5e:ae:63:f7:63:8c:e0:a7:fb:fb:c5:dd:65:
                    f9:a7:3a:23:bf:b5:e3:05:cf:94:72:e3:39:2e:7b:
                    91:e9:4a:ed:52:5d:c8:55:d7:ce:33:f1:57:63:d8:
                    22:58:f9:a9:a3:ac:95:02:cc:74:8c:d7:47:0c:29:
                    1b:e7:14:74:ea:e6:6d:8a:36:a0:5e:79:d0:dc:e2:
                    95:50:fa:88:c0:ef:27:5c:2b:34:6b:25:4e:1f:5b:
                    84:50:15:d9:9a:84:06:10:cd:2c:9a:4f:46:25:fc:
                    1d:21:75:c3:23:83:01:a5:22:5f:2a:0c:39:c6:3b:
                    01:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:1B:4C:20:3F:8B:6B:25:3F:FC:85:BB:9E:71:7E:F6:4A:76:B8:EC
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/IxtMID-LayU__IW7nnF-9kp2uOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:c5:fd:d9:fe:ac:55:47:76:d5:16:32:5f:ae:f4:88:32:51:
         b1:ac:c4:e3:34:b4:be:24:18:ed:f5:05:ab:81:bc:45:1a:cf:
         cc:3c:9e:17:1f:49:e9:3f:6f:43:ff:be:e0:f7:03:14:0b:d6:
         32:e1:f5:32:f9:e8:74:fb:5d:5a:d4:26:0d:b8:fa:1d:19:33:
         90:38:d9:c0:93:eb:30:82:77:50:62:4d:d6:06:fb:cd:90:d1:
         e2:a5:2c:67:83:c3:02:5e:58:c2:c1:c7:76:3a:a2:64:76:cb:
         34:70:91:3d:d8:6c:c9:0d:e2:94:06:2b:33:ae:59:8b:06:2a:
         d4:9f:77:66:44:ca:65:93:03:44:1a:b2:00:40:9f:45:4a:80:
         90:6c:17:8d:ca:1d:e1:a1:08:86:8e:94:35:2d:34:94:c1:05:
         17:a4:4e:48:84:92:29:d2:c7:c0:6a:86:c1:8a:d5:c4:7a:8d:
         22:a8:9b:8d:4f:f6:5d:90:74:c8:91:83:17:b6:5b:ba:1c:08:
         25:3d:12:38:e5:40:25:8d:76:72:ae:3f:a0:61:d9:4f:64:f7:
         1d:c7:f5:bb:22:1a:65:f1:bb:86:03:e0:13:2a:7c:86:6e:e0:
         48:07:bd:1f:af:10:65:ca:78:d4:98:a1:da:f8:9d:ff:9d:70:
         72:45:d3:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDt6ir9NFsetjCzfnDSTWE1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjQwNzI2MDcyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzFiNGMyMDNmOGI2YjI1M2ZmYzg1YmI5ZTcxN2VmNjRhNzZiOGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs07DHhwByJDah0oCEIhdpHvCYTYW
OlOTNB9ETQX080umoSLcx1WYwOJxMoY1+Yeq2A63Yu3OytJFCyXD8dqHFsfFvL1G
tnt/hoo4dK/yNe+YBS3awtxUj70di6q+0H+kaXpFouFl70pZkoxrop1gz2FIGPFN
vJwBAIiA22Ppghca0BibLT0rKF6uY/djjOCn+/vF3WX5pzojv7XjBc+UcuM5LnuR
6UrtUl3IVdfOM/FXY9giWPmpo6yVAsx0jNdHDCkb5xR06uZtijagXnnQ3OKVUPqI
wO8nXCs0ayVOH1uEUBXZmoQGEM0smk9GJfwdIXXDI4MBpSJfKgw5xjsBRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMbTCA/i2slP/yFu55xfvZKdrjsMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvSXh0TUlELUxheVVfX0lXN25uRi05a3AydU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RXvMA0G
CSqGSIb3DQEBCwUAA4IBAQAaxf3Z/qxVR3bVFjJfrvSIMlGxrMTjNLS+JBjt9QWr
gbxFGs/MPJ4XH0npP29D/77g9wMUC9Yy4fUy+eh0+11a1CYNuPodGTOQONnAk+sw
gndQYk3WBvvNkNHipSxng8MCXljCwcd2OqJkdss0cJE92GzJDeKUBiszrlmLBirU
n3dmRMplkwNEGrIAQJ9FSoCQbBeNyh3hoQiGjpQ1LTSUwQUXpE5IhJIp0sfAaobB
itXEeo0iqJuNT/ZdkHTIkYMXtlu6HAglPRI45UAljXZyrj+gYdlPZPcdx/W7Ihpl
8buGA+ATKnyGbuBIB70frxBlynjUmKHa+J3/nXByRdP9
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:50:15 2024 by rpki-client on console-fra.rpki-client.org