Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/_yvMuwLQOOs9T04o2lBzsdR5RLI.roa
File:                     _yvMuwLQOOs9T04o2lBzsdR5RLI.roa (raw, json)
Hash identifier:          zXfO2VOt+xSDyGtPtSAC9lHn5l4jfLJwezEfjkcnS+Y=
Subject key identifier:   FF:2B:CC:BB:02:D0:38:EB:3D:4F:4E:28:DA:50:73:B1:D4:79:44:B2
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6C067DC7C59ED7CC1014718D50D21
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/_yvMuwLQOOs9T04o2lBzsdR5RLI.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207107
IP address blocks:        92.52.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c0:67:dc:7c:59:ed:7c:c1:01:47:18:d5:0d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff2bccbb02d038eb3d4f4e28da5073b1d47944b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b9:22:35:4b:09:59:f1:f7:6e:d4:2b:78:d3:
                    59:68:b4:67:9b:7f:e1:e0:03:21:d6:a7:79:b4:eb:
                    bc:b3:97:a3:26:76:4d:c2:8a:73:8e:c1:36:cb:f7:
                    ac:86:4f:ea:09:92:a8:e0:23:45:3b:44:c0:3e:f1:
                    9d:31:ea:a4:a5:e5:4a:7c:21:9a:c7:79:3a:da:bf:
                    83:4c:41:f4:5e:dd:5d:eb:39:a5:b9:85:1c:07:5f:
                    08:84:5e:a8:5e:df:dd:b6:f4:5c:3d:fa:91:82:00:
                    6f:e1:5d:ae:eb:46:19:42:0b:ba:58:a4:55:09:a7:
                    15:61:f3:24:e5:1b:7a:ea:5d:32:42:f1:91:8e:2e:
                    be:f8:25:b7:ea:64:7d:4a:ac:6f:e1:99:8a:80:ed:
                    cd:f5:a3:db:18:60:2b:10:10:ec:c8:7c:f0:3d:94:
                    6c:51:2f:fc:13:26:e7:bd:5c:32:32:ad:14:74:f7:
                    28:ef:61:79:2e:9e:1f:47:83:a0:fc:26:91:6a:db:
                    28:66:ff:84:a9:35:09:92:a9:76:49:d7:42:98:2f:
                    f0:d7:f4:df:e3:e6:a4:70:89:f6:35:92:aa:e3:d0:
                    e2:a2:2b:42:0c:50:05:37:02:f9:e5:96:14:8f:4d:
                    1d:28:1c:5a:87:4e:0b:94:c7:0f:cb:f4:af:cc:8c:
                    14:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:2B:CC:BB:02:D0:38:EB:3D:4F:4E:28:DA:50:73:B1:D4:79:44:B2
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/_yvMuwLQOOs9T04o2lBzsdR5RLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.52.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:64:f7:92:46:f4:b0:64:da:51:eb:86:d0:ac:16:19:79:15:
         b5:af:75:fa:b2:d0:28:88:02:1f:a7:dd:71:a7:f9:3a:79:cb:
         70:f0:1d:76:8c:be:b0:b7:eb:f1:8d:17:53:10:04:11:c8:22:
         25:ac:2d:e1:fc:3f:cd:20:3e:7f:1f:62:db:b7:bd:1f:cb:3d:
         62:44:20:5c:96:29:72:a4:f9:9c:a0:da:2c:5a:00:c6:50:06:
         a2:7c:c2:05:8b:7b:60:48:6e:b3:67:98:14:61:dc:0a:76:aa:
         03:bb:8d:91:6a:cf:ae:1e:85:ca:9e:6a:70:43:ec:25:96:ee:
         93:6e:b8:6e:9b:c5:6e:89:b9:8d:df:16:63:86:d7:3f:8a:0b:
         ea:94:fa:b2:1b:b1:b3:b0:62:88:81:13:ad:7c:ec:cb:33:f6:
         cf:d9:fe:92:c1:f2:ec:2e:6d:7a:9e:0c:8d:5e:a0:c5:a8:6b:
         0f:ad:2e:b3:32:97:2e:2b:dc:a2:64:0e:87:e9:9d:76:28:f4:
         20:6d:4b:18:7c:df:04:63:ee:f7:4d:8a:6c:88:76:ab:c5:28:
         8c:38:c5:cc:62:fa:11:60:92:64:5e:71:36:1f:40:33:14:26:
         37:3e:9d:22:2d:2d:ef:16:2f:6e:5c:3a:29:f6:4c:0b:2f:a3:
         e3:69:80:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsBn3HxZ7XzBAUcY1Q0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjJiY2NiYjAyZDAzOGViM2Q0ZjRlMjhkYTUwNzNiMWQ0Nzk0NGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbkiNUsJWfH3btQreNNZaLRnm3/h
4AMh1qd5tOu8s5ejJnZNwopzjsE2y/eshk/qCZKo4CNFO0TAPvGdMeqkpeVKfCGa
x3k62r+DTEH0Xt1d6zmluYUcB18IhF6oXt/dtvRcPfqRggBv4V2u60YZQgu6WKRV
CacVYfMk5Rt66l0yQvGRji6++CW36mR9Sqxv4ZmKgO3N9aPbGGArEBDsyHzwPZRs
US/8EybnvVwyMq0UdPco72F5Lp4fR4Og/CaRatsoZv+EqTUJkql2SddCmC/w1/Tf
4+akcIn2NZKq49DioitCDFAFNwL55ZYUj00dKBxah04LlMcPy/SvzIwUYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8rzLsC0DjrPU9OKNpQc7HUeUSyMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvX3l2TXV3TFFPT3M5VDA0bzJsQnpzZFI1UkxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDTeMA0G
CSqGSIb3DQEBCwUAA4IBAQAqZPeSRvSwZNpR64bQrBYZeRW1r3X6stAoiAIfp91x
p/k6ectw8B12jL6wt+vxjRdTEAQRyCIlrC3h/D/NID5/H2Lbt70fyz1iRCBclily
pPmcoNosWgDGUAaifMIFi3tgSG6zZ5gUYdwKdqoDu42Ras+uHoXKnmpwQ+wllu6T
brhum8VuibmN3xZjhtc/igvqlPqyG7GzsGKIgROtfOzLM/bP2f6SwfLsLm16ngyN
XqDFqGsPrS6zMpcuK9yiZA6H6Z12KPQgbUsYfN8EY+73TYpsiHarxSiMOMXMYvoR
YJJkXnE2H0AzFCY3Pp0iLS3vFi9uXDop9kwLL6PjaYCw
-----END CERTIFICATE-----
Generated at Mon Nov 25 09:34:43 2024 by rpki-client on console-ams.rpki-client.org