Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/rzLhMhqIVMi1H0fNLVQSh-ho6jY.roa
File:                     rzLhMhqIVMi1H0fNLVQSh-ho6jY.roa (raw, json)
Hash identifier:          AZUtASmzk8+HuBxNjvu0Sk4MmxpUnQbWcNweaEO+bpo=
Subject key identifier:   AF:32:E1:32:1A:88:54:C8:B5:1F:47:CD:2D:54:12:87:E8:68:EA:36
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018CD01DE1317A016FC0E87B3083087C1380
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/rzLhMhqIVMi1H0fNLVQSh-ho6jY.roa
Signing time:             Wed 03 Jan 2024 16:17:48 +0000
ROA not before:           Wed 03 Jan 2024 16:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199614
IP address blocks:        87.254.2.0/24 maxlen: 24
                          87.254.10.0/24 maxlen: 24
                          87.254.12.0/23 maxlen: 24
                          87.254.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Dec 2024 14:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d0:1d:e1:31:7a:01:6f:c0:e8:7b:30:83:08:7c:13:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan  3 16:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af32e1321a8854c8b51f47cd2d541287e868ea36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:50:ed:58:4f:1a:3d:d4:10:40:83:39:e3:0b:
                    f8:a2:a2:35:81:d6:6f:e3:31:0a:e9:47:0f:f0:35:
                    92:a0:a1:c6:c0:87:c7:a1:f9:90:22:4c:d2:71:ab:
                    81:94:9c:08:b8:68:59:05:ec:63:a5:33:79:8f:21:
                    6c:ed:ac:d9:9b:bd:ed:0f:94:6b:e4:05:85:f4:dc:
                    f2:ea:46:89:a6:69:6c:6a:73:10:8b:33:7b:6a:fa:
                    91:94:ff:60:80:8b:75:37:ca:6e:a8:f5:46:4a:44:
                    d3:3b:ea:ec:da:a1:a5:b2:f6:ea:d2:ab:0d:11:db:
                    af:69:61:d1:b6:e5:a8:fb:40:1d:b3:91:af:17:be:
                    2a:f0:4e:8c:a9:c4:fa:a4:9f:5f:48:78:eb:3c:59:
                    f5:27:a5:39:22:47:85:d8:ef:e5:e5:f2:cc:69:29:
                    d1:50:62:26:2c:8d:8b:91:1c:bb:92:4f:ea:fc:53:
                    43:65:ce:20:bc:0c:b5:e2:11:bd:f2:72:33:8d:b9:
                    92:aa:9e:3e:eb:23:23:3b:9f:8f:60:6b:ab:fe:2c:
                    7c:e3:4d:6f:41:2e:65:45:d1:10:67:ee:42:a1:b9:
                    d7:00:87:1e:e2:a8:2a:79:be:6c:44:53:2d:7f:0c:
                    a1:1f:cc:81:2b:9a:54:fa:91:a5:f9:c9:4c:90:6c:
                    2b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:32:E1:32:1A:88:54:C8:B5:1F:47:CD:2D:54:12:87:E8:68:EA:36
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/rzLhMhqIVMi1H0fNLVQSh-ho6jY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.2.0/24
                  87.254.10.0/24
                  87.254.12.0/23
                  87.254.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:64:26:80:a8:88:56:be:40:7a:e1:69:eb:02:5f:a8:60:ee:
         e9:6f:92:e1:a0:23:96:8e:d3:b1:30:6e:ad:82:c0:26:22:2b:
         8b:ef:0e:00:e8:ce:90:f9:1b:6f:37:2c:a9:9d:b3:94:33:d5:
         86:db:eb:b3:e2:a6:44:1d:70:4c:81:6e:b0:dd:c3:d5:ad:ee:
         a7:83:5e:be:d2:a4:0e:d5:5d:f1:8a:95:30:0e:98:c1:a5:27:
         3a:cb:bd:40:40:c9:5b:75:1c:d9:96:e5:eb:ba:80:9e:48:d2:
         8d:4a:5f:bd:cf:08:ba:d8:c7:76:b9:02:4d:9a:a9:d0:82:87:
         cf:ba:76:c5:a2:20:f4:dc:84:f3:2b:20:b7:e4:68:5b:97:23:
         19:b4:db:1e:3a:a3:66:1a:24:30:9b:f4:d5:b2:f7:ae:ea:93:
         f1:13:f6:f8:e0:20:ef:f1:b8:f9:18:c8:f8:19:e4:37:70:4e:
         fb:13:b3:4e:f8:9d:2d:4b:19:44:92:e2:4d:b9:6a:20:8a:6c:
         10:74:ca:21:04:a9:8a:ba:ed:0a:fc:d0:02:9a:b3:ae:f2:cb:
         84:41:c7:64:3a:8c:f3:79:3d:49:30:18:01:3e:e7:d4:99:81:
         8d:7b:d8:6b:07:c9:f5:b0:10:8a:c6:a2:07:4a:25:61:d3:b6:
         e1:54:78:42
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzQHeExegFvwOh7MIMIfBOAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwMTAzMTYxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjMyZTEzMjFhODg1NGM4YjUxZjQ3Y2QyZDU0MTI4N2U4NjhlYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1DtWE8aPdQQQIM54wv4oqI1gdZv
4zEK6UcP8DWSoKHGwIfHofmQIkzScauBlJwIuGhZBexjpTN5jyFs7azZm73tD5Rr
5AWF9Nzy6kaJpmlsanMQizN7avqRlP9ggIt1N8puqPVGSkTTO+rs2qGlsvbq0qsN
EduvaWHRtuWo+0Ads5GvF74q8E6MqcT6pJ9fSHjrPFn1J6U5IkeF2O/l5fLMaSnR
UGImLI2LkRy7kk/q/FNDZc4gvAy14hG98nIzjbmSqp4+6yMjO5+PYGur/ix8401v
QS5lRdEQZ+5CobnXAIce4qgqeb5sRFMtfwyhH8yBK5pU+pGl+clMkGwr7wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFK8y4TIaiFTItR9HzS1UEofoaOo2MB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvcnpMaE1ocUlWTWkxSDBmTkxWUVNoLWhvNmpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAV/4CAwQA
V/4KAwQBV/4MAwQAV/4WMA0GCSqGSIb3DQEBCwUAA4IBAQALZCaAqIhWvkB64Wnr
Al+oYO7pb5LhoCOWjtOxMG6tgsAmIiuL7w4A6M6Q+RtvNyypnbOUM9WG2+uz4qZE
HXBMgW6w3cPVre6ng16+0qQO1V3xipUwDpjBpSc6y71AQMlbdRzZluXruoCeSNKN
Sl+9zwi62Md2uQJNmqnQgofPunbFoiD03ITzKyC35GhblyMZtNseOqNmGiQwm/TV
sveu6pPxE/b44CDv8bj5GMj4GeQ3cE77E7NO+J0tSxlEkuJNuWogimwQdMohBKmK
uu0K/NACmrOu8suEQcdkOozzeT1JMBgBPufUmYGNe9hrB8n1sBCKxqIHSiVh07bh
VHhC
-----END CERTIFICATE-----
Generated at Thu Dec 12 20:25:45 2024 by rpki-client on console-fra.rpki-client.org