Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/vBa0rZQGfOy8HlaSDXAgcKVeQlI.roa
File:                     vBa0rZQGfOy8HlaSDXAgcKVeQlI.roa (raw, json)
Hash identifier:          Mc0VpCGCrjayIDhCz8aMfuAh2evm6OOrBf1kyNaLuDI=
Subject key identifier:   BC:16:B4:AD:94:06:7C:EC:BC:1E:56:92:0D:70:20:70:A5:5E:42:52
Certificate issuer:       /CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
Certificate serial:       018CC64A9CDCA9EEC89D08E9A450E200BA7B
Authority key identifier: 35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/vBa0rZQGfOy8HlaSDXAgcKVeQlI.roa
Signing time:             Mon 01 Jan 2024 18:30:27 +0000
ROA not before:           Mon 01 Jan 2024 18:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.155.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:9c:dc:a9:ee:c8:9d:08:e9:a4:50:e2:00:ba:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
        Validity
            Not Before: Jan  1 18:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc16b4ad94067cecbc1e56920d702070a55e4252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:37:de:b0:49:48:2d:9c:0b:61:f1:33:26:03:
                    81:13:9e:0a:17:c3:e4:36:c5:59:bc:91:ed:28:01:
                    d5:74:b1:b4:e4:17:6f:4d:e9:f7:46:93:5d:52:6a:
                    62:3f:c8:02:0f:13:81:6f:94:fa:cb:26:89:c4:f9:
                    c4:f9:0b:f3:ac:6f:45:62:85:c3:c2:d3:ce:b0:42:
                    0f:78:1d:11:24:04:e1:1e:d8:8a:85:90:30:b9:ec:
                    b3:a1:df:9f:15:39:88:c5:5a:08:16:6a:75:86:a9:
                    60:bf:f3:f2:0b:6b:e5:8c:50:3a:17:67:66:37:66:
                    01:b3:46:bc:71:3e:14:b2:61:20:04:7d:32:52:6c:
                    7d:7f:28:a4:33:2e:bd:14:6b:c4:57:df:95:95:49:
                    89:be:98:7c:0f:ef:8f:b5:cf:43:31:38:25:fb:05:
                    8b:d0:58:d2:e4:6c:62:cd:e7:67:0f:40:e0:bd:6b:
                    92:73:54:72:0e:6d:d9:9f:52:55:17:8d:46:89:fd:
                    14:78:6e:49:24:70:6f:7c:7f:1c:02:37:31:d4:01:
                    78:e8:4e:92:ea:bf:be:2c:48:d7:c4:b1:ad:68:0c:
                    fd:8c:bc:90:c9:09:ac:31:95:de:4d:9b:8e:8b:3e:
                    9b:24:dc:b5:03:db:a2:94:91:fc:ea:bd:8c:63:8d:
                    64:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:16:B4:AD:94:06:7C:EC:BC:1E:56:92:0D:70:20:70:A5:5E:42:52
            X509v3 Authority Key Identifier:
                keyid:35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/vBa0rZQGfOy8HlaSDXAgcKVeQlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:dc:eb:c2:77:6f:7c:eb:59:58:d7:03:c9:7e:d5:47:8a:df:
         c8:79:33:ad:5a:16:1f:f1:34:09:63:23:9a:71:00:f5:e9:dd:
         55:e4:55:82:65:00:95:4d:74:33:ef:a7:16:ea:76:e8:6e:a7:
         9e:f3:b3:13:94:11:2a:f3:b6:5c:54:0b:9a:ff:05:a8:e9:b0:
         2d:19:00:2e:97:ab:5f:c0:c8:f6:a0:41:f5:7d:b1:3f:14:0b:
         57:a0:0b:ca:4a:c2:24:d4:43:be:5e:a5:3d:31:a3:eb:39:dc:
         cf:b8:90:59:26:3c:16:fb:32:7c:7d:e9:f8:31:bb:74:13:5d:
         24:7b:38:72:54:c2:53:0b:d4:47:7f:c8:92:ab:fc:9a:80:df:
         cb:2a:f2:8b:75:5c:29:fa:fa:19:c0:03:ed:d2:c7:40:f1:bb:
         79:4a:7f:e4:4d:17:ae:38:14:a2:db:8d:47:b4:80:a3:ae:17:
         60:63:9d:86:d0:d7:fc:53:63:cf:a0:e4:13:44:61:08:2c:2f:
         19:7d:f5:f4:4a:07:69:e9:a5:81:23:cc:00:d6:27:df:b3:6d:
         c8:c9:09:e6:98:16:e6:8f:00:7b:84:c7:64:4e:cc:10:69:87:
         a7:32:47:a7:17:2d:12:13:a6:db:50:7c:60:b8:af:03:cb:c0:
         6d:d3:f3:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSpzcqe7InQjppFDiALp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTdjOWRlOTI3ZmE3NWJlYWVmNzg4NWYwZDg4ZjZmNGQy
YTBlZDYwHhcNMjQwMTAxMTgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzE2YjRhZDk0MDY3Y2VjYmMxZTU2OTIwZDcwMjA3MGE1NWU0MjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DfesElILZwLYfEzJgOBE54KF8Pk
NsVZvJHtKAHVdLG05BdvTen3RpNdUmpiP8gCDxOBb5T6yyaJxPnE+QvzrG9FYoXD
wtPOsEIPeB0RJAThHtiKhZAwueyzod+fFTmIxVoIFmp1hqlgv/PyC2vljFA6F2dm
N2YBs0a8cT4UsmEgBH0yUmx9fyikMy69FGvEV9+VlUmJvph8D++Ptc9DMTgl+wWL
0FjS5GxizednD0DgvWuSc1RyDm3Zn1JVF41Gif0UeG5JJHBvfH8cAjcx1AF46E6S
6r++LEjXxLGtaAz9jLyQyQmsMZXeTZuOiz6bJNy1A9uilJH86r2MY41k3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLwWtK2UBnzsvB5Wkg1wIHClXkJSMB8GA1UdIwQY
MBaAFDUXyd6Sf6db6u94hfDYj29NKg7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTIt
ZmQzYjMwMDJjMGJiLzEvdkJhMHJaUUdmT3k4SGxhU0RYQWdjS1ZlUWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTItZmQzYjMwMDJjMGJi
LzEvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvpMA0G
CSqGSIb3DQEBCwUAA4IBAQAn3OvCd29861lY1wPJftVHit/IeTOtWhYf8TQJYyOa
cQD16d1V5FWCZQCVTXQz76cW6nbobqee87MTlBEq87ZcVAua/wWo6bAtGQAul6tf
wMj2oEH1fbE/FAtXoAvKSsIk1EO+XqU9MaPrOdzPuJBZJjwW+zJ8fen4Mbt0E10k
ezhyVMJTC9RHf8iSq/yagN/LKvKLdVwp+voZwAPt0sdA8bt5Sn/kTReuOBSi241H
tICjrhdgY52G0Nf8U2PPoOQTRGEILC8ZffX0Sgdp6aWBI8wA1iffs23IyQnmmBbm
jwB7hMdkTswQaYenMkenFy0SE6bbUHxguK8Dy8Bt0/N5
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:52:10 2024 by rpki-client on console-fra.rpki-client.org