Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/dee66f-45cc-4cb4-9fbb-642ce674f974/1/0tp1nP42grcTIJ9Q1AbVzA-sh5I.roa
File:                     0tp1nP42grcTIJ9Q1AbVzA-sh5I.roa (raw, json)
Hash identifier:          dfSMq4r11nG9rR2z/jAoqnl58X5Caxmbhas0j6Lzf78=
Subject key identifier:   D2:DA:75:9C:FE:36:82:B7:13:20:9F:50:D4:06:D5:CC:0F:AC:87:92
Certificate issuer:       /CN=dbaef5c32bea4b54d17e241b5cccaf07bc0a8ee9
Certificate serial:       018CC8011B4FEDFC0D46998E87BF57A056DF
Authority key identifier: DB:AE:F5:C3:2B:EA:4B:54:D1:7E:24:1B:5C:CC:AF:07:BC:0A:8E:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2671wyvqS1TRfiQbXMyvB7wKjuk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/dee66f-45cc-4cb4-9fbb-642ce674f974/1/0tp1nP42grcTIJ9Q1AbVzA-sh5I.roa
Signing time:             Tue 02 Jan 2024 02:29:24 +0000
ROA not before:           Tue 02 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203827
IP address blocks:        185.255.220.0/24 maxlen: 24
                          185.255.223.0/24 maxlen: 24
                          185.255.221.0/24 maxlen: 24
                          185.255.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/dee66f-45cc-4cb4-9fbb-642ce674f974/1/2671wyvqS1TRfiQbXMyvB7wKjuk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/dee66f-45cc-4cb4-9fbb-642ce674f974/1/2671wyvqS1TRfiQbXMyvB7wKjuk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2671wyvqS1TRfiQbXMyvB7wKjuk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1b:4f:ed:fc:0d:46:99:8e:87:bf:57:a0:56:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbaef5c32bea4b54d17e241b5cccaf07bc0a8ee9
        Validity
            Not Before: Jan  2 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2da759cfe3682b713209f50d406d5cc0fac8792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:db:dd:e4:62:29:f8:1e:22:75:87:f3:55:7f:
                    1f:23:11:23:aa:73:9a:c7:7c:5e:b8:84:4c:19:c1:
                    b4:d4:7f:4c:ac:ab:99:1e:cd:b4:07:67:53:f1:69:
                    23:ca:dd:12:a8:e0:76:ae:42:42:97:b7:9a:41:7e:
                    89:03:00:67:fe:6c:2b:ec:40:c6:89:9a:51:d4:25:
                    fb:b5:a1:96:0e:98:b9:b2:ce:05:f3:8a:ee:2f:6b:
                    c7:95:05:06:5c:23:4f:92:d8:68:69:54:e3:b6:65:
                    e1:b9:96:3f:96:34:5c:91:96:eb:1e:20:be:df:4c:
                    14:c2:82:99:64:b1:68:f2:73:4b:57:da:af:e2:a4:
                    12:2a:55:ef:bc:42:2c:77:9a:8b:91:2b:59:93:35:
                    a2:33:4c:32:f5:b6:84:3f:e7:60:86:b9:25:a6:1d:
                    4d:01:d1:44:1d:94:cf:7b:72:6e:20:82:7d:75:5c:
                    8e:48:f8:0a:56:f3:c4:3c:f0:cc:4a:21:c8:0b:8c:
                    f3:8d:ce:45:9e:68:68:94:0a:3a:73:fd:62:8a:08:
                    8d:d5:85:71:8a:52:4b:bd:0e:8d:39:dc:17:d3:18:
                    e0:01:42:29:e3:ac:d7:39:8b:46:77:8f:ae:4b:ca:
                    2f:de:f8:46:56:ea:4f:f1:dd:d9:00:10:5b:bc:28:
                    e6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:DA:75:9C:FE:36:82:B7:13:20:9F:50:D4:06:D5:CC:0F:AC:87:92
            X509v3 Authority Key Identifier:
                keyid:DB:AE:F5:C3:2B:EA:4B:54:D1:7E:24:1B:5C:CC:AF:07:BC:0A:8E:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2671wyvqS1TRfiQbXMyvB7wKjuk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/dee66f-45cc-4cb4-9fbb-642ce674f974/1/0tp1nP42grcTIJ9Q1AbVzA-sh5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/dee66f-45cc-4cb4-9fbb-642ce674f974/1/2671wyvqS1TRfiQbXMyvB7wKjuk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:3b:77:0c:4e:bf:16:da:cf:a6:5f:ad:7a:1f:7b:47:be:32:
         b1:14:f1:95:d5:69:87:88:42:ec:7b:75:45:06:92:86:b8:b5:
         11:24:d9:e2:9d:56:a8:f1:f7:73:db:5e:00:d5:00:a3:91:50:
         8c:b0:3d:0e:a8:38:c3:e6:01:67:c0:52:38:e4:16:9b:ec:b4:
         29:53:bc:cd:6c:95:ef:e8:63:f0:9c:01:2c:b2:6f:38:eb:6e:
         a1:26:fc:06:0e:3f:29:f4:20:2f:e2:86:df:6d:e0:5c:99:40:
         a4:f5:ac:c5:bd:ee:68:16:21:78:5d:d1:2d:9a:9c:d6:db:7a:
         9e:37:59:a2:35:40:c4:67:23:3f:83:2f:a1:6f:43:2a:e6:71:
         ba:8c:3f:3a:1e:7d:ba:51:ff:8e:d8:b6:78:79:a9:1b:00:96:
         4f:8a:e2:64:9c:a5:e7:3d:fa:ef:30:97:9c:9d:4c:b5:a9:3f:
         2d:7e:f4:d3:d1:2b:7c:36:bc:17:1b:b8:4b:a2:29:29:28:00:
         f2:c0:af:99:59:1d:9e:e9:47:36:ee:bf:cb:23:ad:15:c3:77:
         a8:66:ec:82:42:e3:0b:13:43:b4:ba:2f:22:19:72:96:d2:bf:
         9a:46:cb:46:d8:77:b6:c7:4a:73:07:96:35:ae:99:14:ff:7a:
         0b:77:1e:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARtP7fwNRpmOh79XoFbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYWVmNWMzMmJlYTRiNTRkMTdlMjQxYjVjY2NhZjA3YmMw
YThlZTkwHhcNMjQwMTAyMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmRhNzU5Y2ZlMzY4MmI3MTMyMDlmNTBkNDA2ZDVjYzBmYWM4NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Nvd5GIp+B4idYfzVX8fIxEjqnOa
x3xeuIRMGcG01H9MrKuZHs20B2dT8Wkjyt0SqOB2rkJCl7eaQX6JAwBn/mwr7EDG
iZpR1CX7taGWDpi5ss4F84ruL2vHlQUGXCNPkthoaVTjtmXhuZY/ljRckZbrHiC+
30wUwoKZZLFo8nNLV9qv4qQSKlXvvEIsd5qLkStZkzWiM0wy9baEP+dghrklph1N
AdFEHZTPe3JuIIJ9dVyOSPgKVvPEPPDMSiHIC4zzjc5FnmholAo6c/1iigiN1YVx
ilJLvQ6NOdwX0xjgAUIp46zXOYtGd4+uS8ov3vhGVupP8d3ZABBbvCjmRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLadZz+NoK3EyCfUNQG1cwPrIeSMB8GA1UdIwQY
MBaAFNuu9cMr6ktU0X4kG1zMrwe8Co7pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjY3MXd5dnFTMVRSZmlRYlhNeXZCN3dLanVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9kZWU2NmYtNDVjYy00Y2I0LTlmYmIt
NjQyY2U2NzRmOTc0LzEvMHRwMW5QNDJncmNUSUo5UTFBYlZ6QS1zaDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9kZWU2NmYtNDVjYy00Y2I0LTlmYmItNjQyY2U2NzRmOTc0
LzEvMjY3MXd5dnFTMVRSZmlRYlhNeXZCN3dLanVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf/cMA0G
CSqGSIb3DQEBCwUAA4IBAQAOO3cMTr8W2s+mX616H3tHvjKxFPGV1WmHiELse3VF
BpKGuLURJNninVao8fdz214A1QCjkVCMsD0OqDjD5gFnwFI45Bab7LQpU7zNbJXv
6GPwnAEssm84626hJvwGDj8p9CAv4obfbeBcmUCk9azFve5oFiF4XdEtmpzW23qe
N1miNUDEZyM/gy+hb0Mq5nG6jD86Hn26Uf+O2LZ4eakbAJZPiuJknKXnPfrvMJec
nUy1qT8tfvTT0St8NrwXG7hLoikpKADywK+ZWR2e6Uc27r/LI60Vw3eoZuyCQuML
E0O0ui8iGXKW0r+aRstG2He2x0pzB5Y1rpkU/3oLdx78
-----END CERTIFICATE-----
Generated at Tue Nov 26 21:28:33 2024 by rpki-client on console-fra.rpki-client.org