Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/d47be8-2ff0-4c93-b912-905e763f048d/1/sWflfyfMsdM2wmvGb2Qi3dbXW1w.roa
File:                     sWflfyfMsdM2wmvGb2Qi3dbXW1w.roa (raw, json)
Hash identifier:          tuCDQIaWE6AneyKNnjzd8cqpEPv8AKzSKZYpRcYEHZ8=
Subject key identifier:   B1:67:E5:7F:27:CC:B1:D3:36:C2:6B:C6:6F:64:22:DD:D6:D7:5B:5C
Certificate issuer:       /CN=29fcdf7629c4e00e906f1435f449dd109f410b6c
Certificate serial:       018CC649A10F7D1D2A9BA2FA8D8AB738CB1A
Authority key identifier: 29:FC:DF:76:29:C4:E0:0E:90:6F:14:35:F4:49:DD:10:9F:41:0B:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KfzfdinE4A6QbxQ19EndEJ9BC2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/d47be8-2ff0-4c93-b912-905e763f048d/1/sWflfyfMsdM2wmvGb2Qi3dbXW1w.roa
Signing time:             Mon 01 Jan 2024 18:29:23 +0000
ROA not before:           Mon 01 Jan 2024 18:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212296
IP address blocks:        88.135.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/d47be8-2ff0-4c93-b912-905e763f048d/1/KfzfdinE4A6QbxQ19EndEJ9BC2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/d47be8-2ff0-4c93-b912-905e763f048d/1/KfzfdinE4A6QbxQ19EndEJ9BC2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KfzfdinE4A6QbxQ19EndEJ9BC2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:a1:0f:7d:1d:2a:9b:a2:fa:8d:8a:b7:38:cb:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29fcdf7629c4e00e906f1435f449dd109f410b6c
        Validity
            Not Before: Jan  1 18:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b167e57f27ccb1d336c26bc66f6422ddd6d75b5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cc:f5:6a:89:26:3e:b4:fb:73:d7:b6:f3:36:
                    3a:23:08:53:64:95:20:2f:a4:c8:8d:f3:93:dd:4a:
                    d9:d0:a7:4e:b7:0c:f7:a9:ae:ed:76:a3:dd:25:64:
                    dd:62:bd:36:f7:db:6e:f7:da:32:9e:74:61:7e:64:
                    77:f0:4c:be:30:6a:43:2b:fd:6c:5d:79:f2:23:cd:
                    41:48:83:37:38:bc:a1:3c:8c:d8:13:f7:dc:fa:7a:
                    1c:bb:b9:d1:6a:1b:93:c1:eb:f8:13:70:6f:51:5d:
                    74:d7:02:b8:a3:29:ab:02:ee:c4:b1:15:f0:ee:35:
                    39:95:23:a0:d5:ae:56:5b:0d:3b:b0:18:0b:d4:73:
                    30:25:51:88:44:34:bb:95:a0:be:de:2b:f6:0a:46:
                    6e:84:33:aa:35:c0:05:ef:be:ff:17:a7:f0:4c:8f:
                    14:de:b5:df:43:e6:bc:57:a1:9e:09:6e:8f:e6:82:
                    84:f5:4c:e4:16:56:22:a4:07:03:9d:f7:3c:b2:98:
                    6f:7d:a6:f4:05:0b:61:0a:0c:90:56:8b:0e:1b:c1:
                    25:93:23:81:91:fe:cd:83:b1:2b:d0:8b:85:ad:c8:
                    f0:3b:91:37:a8:84:8a:41:24:14:56:3c:c9:da:09:
                    e2:9b:43:ad:28:6f:a9:68:7f:eb:35:c8:19:79:36:
                    ec:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:67:E5:7F:27:CC:B1:D3:36:C2:6B:C6:6F:64:22:DD:D6:D7:5B:5C
            X509v3 Authority Key Identifier:
                keyid:29:FC:DF:76:29:C4:E0:0E:90:6F:14:35:F4:49:DD:10:9F:41:0B:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfzfdinE4A6QbxQ19EndEJ9BC2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d47be8-2ff0-4c93-b912-905e763f048d/1/sWflfyfMsdM2wmvGb2Qi3dbXW1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d47be8-2ff0-4c93-b912-905e763f048d/1/KfzfdinE4A6QbxQ19EndEJ9BC2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:13:41:1d:90:f9:bb:98:ea:3c:d2:3c:3e:63:b7:62:97:ca:
         31:c0:b3:ad:cd:d7:a2:0b:1f:c4:e2:90:fe:32:59:cc:62:0e:
         5f:85:11:ea:b3:88:b5:c8:1b:d3:9d:cc:61:37:e9:a5:46:29:
         e8:f4:1b:6a:cf:32:64:66:c6:39:9e:53:cc:9e:9c:b9:67:48:
         2a:86:45:4d:d5:b2:86:d5:cc:bf:08:9d:69:64:49:0e:0a:1b:
         39:02:0b:19:bc:3a:39:dd:9b:c1:2c:21:79:39:16:1d:ee:c0:
         0c:b6:81:c3:db:97:34:f9:72:7f:ee:8c:79:c2:aa:0f:7b:ab:
         b7:90:23:a3:64:5e:d7:08:58:eb:ae:d0:9e:76:d4:94:a4:a2:
         bc:e6:e0:be:e6:e5:85:bc:3e:b0:e9:58:fb:59:cf:4d:29:06:
         67:eb:cc:7b:62:98:a3:70:78:28:10:3e:c2:ac:a8:c3:6a:3a:
         6d:88:c8:72:b5:6f:29:e0:ad:71:9e:f9:f9:fa:a7:ff:58:63:
         3d:11:09:6b:19:77:ec:46:5e:32:3e:b6:3f:ce:27:02:65:ce:
         2e:29:23:d0:ed:8b:ad:68:4c:79:af:32:30:6c:7b:b2:57:2f:
         e7:25:6a:6d:d6:ab:20:e7:e3:a6:24:25:f3:56:c2:a1:65:5e:
         5a:ce:ed:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSaEPfR0qm6L6jYq3OMsaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZmNkZjc2MjljNGUwMGU5MDZmMTQzNWY0NDlkZDEwOWY0
MTBiNmMwHhcNMjQwMTAxMTgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTY3ZTU3ZjI3Y2NiMWQzMzZjMjZiYzY2ZjY0MjJkZGQ2ZDc1YjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8z1aokmPrT7c9e28zY6IwhTZJUg
L6TIjfOT3UrZ0KdOtwz3qa7tdqPdJWTdYr0299tu99oynnRhfmR38Ey+MGpDK/1s
XXnyI81BSIM3OLyhPIzYE/fc+nocu7nRahuTwev4E3BvUV101wK4oymrAu7EsRXw
7jU5lSOg1a5WWw07sBgL1HMwJVGIRDS7laC+3iv2CkZuhDOqNcAF777/F6fwTI8U
3rXfQ+a8V6GeCW6P5oKE9UzkFlYipAcDnfc8sphvfab0BQthCgyQVosOG8ElkyOB
kf7Ng7Er0IuFrcjwO5E3qISKQSQUVjzJ2gnim0OtKG+paH/rNcgZeTbs1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFn5X8nzLHTNsJrxm9kIt3W11tcMB8GA1UdIwQY
MBaAFCn833YpxOAOkG8UNfRJ3RCfQQtsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2Z6ZmRpbkU0QTZRYnhRMTlFbmRFSjlCQzJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kNDdiZTgtMmZmMC00YzkzLWI5MTIt
OTA1ZTc2M2YwNDhkLzEvc1dmbGZ5Zk1zZE0yd212R2IyUWkzZGJYVzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9kNDdiZTgtMmZmMC00YzkzLWI5MTItOTA1ZTc2M2YwNDhk
LzEvS2Z6ZmRpbkU0QTZRYnhRMTlFbmRFSjlCQzJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWIdEMA0G
CSqGSIb3DQEBCwUAA4IBAQCjE0EdkPm7mOo80jw+Y7dil8oxwLOtzdeiCx/E4pD+
MlnMYg5fhRHqs4i1yBvTncxhN+mlRino9BtqzzJkZsY5nlPMnpy5Z0gqhkVN1bKG
1cy/CJ1pZEkOChs5AgsZvDo53ZvBLCF5ORYd7sAMtoHD25c0+XJ/7ox5wqoPe6u3
kCOjZF7XCFjrrtCedtSUpKK85uC+5uWFvD6w6Vj7Wc9NKQZn68x7YpijcHgoED7C
rKjDajptiMhytW8p4K1xnvn5+qf/WGM9EQlrGXfsRl4yPrY/zicCZc4uKSPQ7Yut
aEx5rzIwbHuyVy/nJWpt1qsg5+OmJCXzVsKhZV5azu3D
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:16:47 2024 by rpki-client on console-fra.rpki-client.org