Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e95e79-2702-40e0-9b8a-e7717b287066/1/zpF5Kp4VKdLaWEdEZZ1qyt_oXGQ.roa
File:                     zpF5Kp4VKdLaWEdEZZ1qyt_oXGQ.roa (raw, json)
Hash identifier:          Dtm+c+uU7/4+m6dTBv7WnbSpU02cmzAxJ8K9he1sJ8g=
Subject key identifier:   CE:91:79:2A:9E:15:29:D2:DA:58:47:44:65:9D:6A:CA:DF:E8:5C:64
Certificate issuer:       /CN=c2ce0814167eaa8189fd84d390270eadf29482cb
Certificate serial:       018CF3954010E8AF3CB26EB0C7E9C9F6D26B
Authority key identifier: C2:CE:08:14:16:7E:AA:81:89:FD:84:D3:90:27:0E:AD:F2:94:82:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ws4IFBZ-qoGJ_YTTkCcOrfKUgss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e95e79-2702-40e0-9b8a-e7717b287066/1/zpF5Kp4VKdLaWEdEZZ1qyt_oXGQ.roa
Signing time:             Wed 10 Jan 2024 13:34:53 +0000
ROA not before:           Wed 10 Jan 2024 13:34:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210220
IP address blocks:        193.162.101.0/24 maxlen: 24
                          178.218.244.0/22 maxlen: 22
                          2a0d:bfc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e95e79-2702-40e0-9b8a-e7717b287066/1/ws4IFBZ-qoGJ_YTTkCcOrfKUgss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e95e79-2702-40e0-9b8a-e7717b287066/1/ws4IFBZ-qoGJ_YTTkCcOrfKUgss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ws4IFBZ-qoGJ_YTTkCcOrfKUgss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:95:40:10:e8:af:3c:b2:6e:b0:c7:e9:c9:f6:d2:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ce0814167eaa8189fd84d390270eadf29482cb
        Validity
            Not Before: Jan 10 13:34:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce91792a9e1529d2da584744659d6acadfe85c64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6d:66:be:37:54:d4:dc:ea:3f:30:fb:f3:e5:
                    11:bc:95:47:68:58:a7:26:64:60:c3:1f:67:a5:9b:
                    2e:1d:8f:e9:9a:7d:dd:74:18:e7:b7:05:99:10:40:
                    d6:30:6f:94:55:33:5f:30:b2:a1:0d:e5:fa:94:dd:
                    e8:be:43:ca:bd:61:86:24:1a:9a:00:0e:9e:d0:66:
                    62:da:40:1f:ae:ce:20:86:77:af:8a:16:11:26:6b:
                    5f:97:f9:72:28:8a:13:fe:08:86:8f:f6:28:f7:27:
                    9c:a5:d3:fd:fb:9e:18:94:68:84:b3:a6:f1:bf:ac:
                    d8:d6:d8:e7:fd:23:35:fc:14:f3:84:77:d1:1e:45:
                    3b:3a:45:36:ab:e8:57:90:d8:5f:38:5c:41:f3:10:
                    83:4b:2a:11:10:5f:c3:02:fd:9a:a1:15:15:8e:2e:
                    6a:28:eb:b7:e0:47:9b:63:72:5b:e3:41:23:cf:54:
                    b4:b3:64:43:21:4a:fb:09:4d:a2:9b:33:0d:84:7d:
                    f5:b9:75:5c:e8:12:c6:a6:90:c4:39:48:fd:df:b4:
                    12:ec:1a:39:8a:9f:dd:e7:1e:ae:67:36:4f:6f:0b:
                    5e:4c:58:29:91:a3:9d:10:28:3c:f8:a3:8d:8b:ac:
                    95:f8:59:47:f3:d5:ce:ec:93:da:a8:df:1a:4f:4b:
                    19:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:91:79:2A:9E:15:29:D2:DA:58:47:44:65:9D:6A:CA:DF:E8:5C:64
            X509v3 Authority Key Identifier:
                keyid:C2:CE:08:14:16:7E:AA:81:89:FD:84:D3:90:27:0E:AD:F2:94:82:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ws4IFBZ-qoGJ_YTTkCcOrfKUgss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e95e79-2702-40e0-9b8a-e7717b287066/1/zpF5Kp4VKdLaWEdEZZ1qyt_oXGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e95e79-2702-40e0-9b8a-e7717b287066/1/ws4IFBZ-qoGJ_YTTkCcOrfKUgss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.218.244.0/22
                  193.162.101.0/24
                IPv6:
                  2a0d:bfc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:4a:e3:fc:9b:01:cf:8a:cd:14:89:ac:58:b8:7d:0a:04:2c:
         27:c3:07:79:d8:2b:21:a7:4b:c2:95:b5:49:84:29:80:c4:d5:
         b4:0b:c6:6a:73:63:0b:d1:8d:6a:c6:3a:e4:0c:a8:d2:36:ae:
         b7:33:ba:08:89:77:c4:bb:ad:94:32:c0:d6:13:53:82:a2:fc:
         81:2d:17:d0:0e:18:3e:66:d1:df:2e:88:b0:a8:b9:d5:a0:1d:
         f6:6b:3c:cc:18:a7:e8:05:dd:b5:ef:af:94:75:f7:d9:0d:f1:
         16:a7:e5:f3:e9:39:a3:44:2b:38:03:23:25:15:29:4e:51:59:
         77:13:45:0b:fc:b2:69:73:9a:7c:01:a4:ca:e1:79:c7:8c:2b:
         81:7d:45:17:6e:51:67:60:5e:b3:b7:46:19:1b:95:ff:41:f8:
         74:2f:a2:0b:11:e2:80:d0:3a:75:60:34:da:80:44:c5:9a:b8:
         c0:c0:4b:2d:73:15:8c:61:01:b0:2f:e7:6f:67:af:f2:6c:16:
         b6:10:f7:eb:60:9f:98:77:57:70:93:4c:32:be:14:b4:85:05:
         fd:fa:9a:a1:67:ca:bd:ae:4c:5e:94:c2:7c:b0:3c:e6:61:a5:
         91:6f:15:4c:32:6d:69:af:86:b4:bd:3e:50:a0:51:e4:d8:a9:
         73:25:fc:c6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzzlUAQ6K88sm6wx+nJ9tJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyY2UwODE0MTY3ZWFhODE4OWZkODRkMzkwMjcwZWFkZjI5
NDgyY2IwHhcNMjQwMTEwMTMzNDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTkxNzkyYTllMTUyOWQyZGE1ODQ3NDQ2NTlkNmFjYWRmZTg1YzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm1mvjdU1NzqPzD78+URvJVHaFin
JmRgwx9npZsuHY/pmn3ddBjntwWZEEDWMG+UVTNfMLKhDeX6lN3ovkPKvWGGJBqa
AA6e0GZi2kAfrs4ghnevihYRJmtfl/lyKIoT/giGj/Yo9yecpdP9+54YlGiEs6bx
v6zY1tjn/SM1/BTzhHfRHkU7OkU2q+hXkNhfOFxB8xCDSyoREF/DAv2aoRUVji5q
KOu34EebY3Jb40Ejz1S0s2RDIUr7CU2imzMNhH31uXVc6BLGppDEOUj937QS7Bo5
ip/d5x6uZzZPbwteTFgpkaOdECg8+KONi6yV+FlH89XO7JPaqN8aT0sZ5QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM6ReSqeFSnS2lhHRGWdasrf6FxkMB8GA1UdIwQY
MBaAFMLOCBQWfqqBif2E05AnDq3ylILLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3M0SUZCWi1xb0dKX1lUVGtDY09yZktVZ3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lOTVlNzktMjcwMi00MGUwLTliOGEt
ZTc3MTdiMjg3MDY2LzEvenBGNUtwNFZLZExhV0VkRVpaMXF5dF9vWEdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lOTVlNzktMjcwMi00MGUwLTliOGEtZTc3MTdiMjg3MDY2
LzEvd3M0SUZCWi1xb0dKX1lUVGtDY09yZktVZ3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCstr0AwQA
waJlMA0EAgACMAcDBQAqDb/AMA0GCSqGSIb3DQEBCwUAA4IBAQAGSuP8mwHPis0U
iaxYuH0KBCwnwwd52Cshp0vClbVJhCmAxNW0C8Zqc2ML0Y1qxjrkDKjSNq63M7oI
iXfEu62UMsDWE1OCovyBLRfQDhg+ZtHfLoiwqLnVoB32azzMGKfoBd2176+UdffZ
DfEWp+Xz6TmjRCs4AyMlFSlOUVl3E0UL/LJpc5p8AaTK4XnHjCuBfUUXblFnYF6z
t0YZG5X/Qfh0L6ILEeKA0Dp1YDTagETFmrjAwEstcxWMYQGwL+dvZ6/ybBa2EPfr
YJ+Yd1dwk0wyvhS0hQX9+pqhZ8q9rkxelMJ8sDzmYaWRbxVMMm1pr4a0vT5QoFHk
2KlzJfzG
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:37:56 2024 by rpki-client on console-ams.rpki-client.org