Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/r4gdXvrIN4qS1TQbBFWJGE0ZALs.roa
File:                     r4gdXvrIN4qS1TQbBFWJGE0ZALs.roa (raw, json)
Hash identifier:          ubrIfWCR55lVteqtlD5OAwJH/aKv8MwWQ7SM6ERBDjU=
Subject key identifier:   AF:88:1D:5E:FA:C8:37:8A:92:D5:34:1B:04:55:89:18:4D:19:00:BB
Certificate issuer:       /CN=23cbbf9348ae558c6efa0c086f24be04cb23c6e9
Certificate serial:       018DF5BB97B03C017916F17FFA4B92D14207
Authority key identifier: 23:CB:BF:93:48:AE:55:8C:6E:FA:0C:08:6F:24:BE:04:CB:23:C6:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I8u_k0iuVYxu-gwIbyS-BMsjxuk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/r4gdXvrIN4qS1TQbBFWJGE0ZALs.roa
Signing time:             Thu 29 Feb 2024 16:38:48 +0000
ROA not before:           Thu 29 Feb 2024 16:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215733
IP address blocks:        185.24.232.0/24 maxlen: 24
                          2a04:2e02::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/I8u_k0iuVYxu-gwIbyS-BMsjxuk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/I8u_k0iuVYxu-gwIbyS-BMsjxuk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I8u_k0iuVYxu-gwIbyS-BMsjxuk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f5:bb:97:b0:3c:01:79:16:f1:7f:fa:4b:92:d1:42:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23cbbf9348ae558c6efa0c086f24be04cb23c6e9
        Validity
            Not Before: Feb 29 16:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af881d5efac8378a92d5341b045589184d1900bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:7d:20:78:34:63:8d:8b:c2:61:41:5f:4b:2c:
                    6e:91:c1:27:ca:59:3a:5d:ef:74:61:34:fa:c4:46:
                    e0:6e:7d:20:89:92:88:41:b9:59:f6:73:63:dc:23:
                    a6:81:99:96:c5:83:29:fd:f2:9d:af:d8:1b:c2:14:
                    4c:3b:54:04:cd:ad:28:db:6f:48:7c:dd:93:1d:ad:
                    3f:5b:93:d2:b5:52:4c:f2:3b:e0:04:96:8a:63:c6:
                    3c:58:d2:89:10:05:98:4e:e8:13:fb:59:3e:60:ee:
                    29:e1:45:b2:a6:6f:90:fd:4c:41:4f:a9:8c:fc:ca:
                    52:2d:48:3e:6a:f0:fa:7d:b4:e8:b9:aa:87:bb:b7:
                    62:ac:66:23:d6:f7:84:50:85:f7:2d:d0:4e:35:d9:
                    ca:62:46:89:f9:70:46:72:8d:9a:be:f0:13:20:13:
                    0f:b8:b0:1d:4c:39:0c:32:c0:e2:aa:a8:d0:ae:02:
                    cf:bb:ad:e3:ca:0c:6b:56:58:78:4a:0f:0b:9e:85:
                    e2:90:02:0c:02:8d:a8:ee:68:b8:8d:c7:75:4c:e6:
                    25:70:c9:03:49:d9:cb:8b:29:3a:77:15:39:8e:72:
                    b6:4e:cc:4f:59:17:7c:a6:e7:5f:ce:5c:d4:bc:6b:
                    da:3a:34:f7:e5:25:97:ef:82:1c:fd:01:a1:54:1e:
                    6b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:88:1D:5E:FA:C8:37:8A:92:D5:34:1B:04:55:89:18:4D:19:00:BB
            X509v3 Authority Key Identifier:
                keyid:23:CB:BF:93:48:AE:55:8C:6E:FA:0C:08:6F:24:BE:04:CB:23:C6:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I8u_k0iuVYxu-gwIbyS-BMsjxuk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/r4gdXvrIN4qS1TQbBFWJGE0ZALs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e90f9-e8d3-4562-a5b3-621ee052a6fc/1/I8u_k0iuVYxu-gwIbyS-BMsjxuk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.232.0/24
                IPv6:
                  2a04:2e02::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:01:8c:10:03:21:b4:ce:1a:cd:3a:5e:39:5c:1b:f7:00:bb:
         19:fb:96:d0:ad:ee:a3:c9:84:22:b5:09:07:c5:64:41:4c:ba:
         3d:18:23:20:19:20:9c:32:67:d8:3d:ce:16:25:d2:17:4a:03:
         95:7c:37:e3:8e:68:19:43:c4:69:43:48:62:ce:8a:a7:cf:d0:
         07:af:1a:26:bb:fa:14:94:75:09:11:f1:da:84:a8:d1:b7:14:
         e6:95:ff:df:a2:c2:9a:5b:a0:7c:64:84:45:8a:f9:c6:c2:50:
         e2:1f:d3:40:01:7b:2b:af:81:d0:dd:b7:d4:73:7d:ee:f3:78:
         2a:43:ae:b8:64:33:8b:41:42:a9:c3:92:0a:f4:94:61:bd:7c:
         7e:90:7e:85:45:2c:bb:3d:6e:3c:8c:a2:d0:fc:cb:bd:f9:0a:
         d0:92:b5:31:e6:9e:92:66:80:eb:5d:ec:3e:b0:31:c9:88:3b:
         42:b3:d1:0b:87:24:67:40:7d:90:d5:d4:bc:27:2d:64:78:bc:
         08:10:1c:49:38:51:af:34:10:e8:5c:a4:06:72:68:4a:0f:f5:
         89:08:2c:8a:9d:d8:d7:b1:f4:c3:85:17:52:5c:d4:4c:9f:99:
         a4:ea:d0:aa:6e:d0:5f:dd:85:3b:99:49:49:2c:ac:d0:dd:8b:
         c4:09:a0:4f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY31u5ewPAF5FvF/+kuS0UIHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzY2JiZjkzNDhhZTU1OGM2ZWZhMGMwODZmMjRiZTA0Y2Iy
M2M2ZTkwHhcNMjQwMjI5MTYzODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjg4MWQ1ZWZhYzgzNzhhOTJkNTM0MWIwNDU1ODkxODRkMTkwMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjX0geDRjjYvCYUFfSyxukcEnylk6
Xe90YTT6xEbgbn0giZKIQblZ9nNj3COmgZmWxYMp/fKdr9gbwhRMO1QEza0o229I
fN2THa0/W5PStVJM8jvgBJaKY8Y8WNKJEAWYTugT+1k+YO4p4UWypm+Q/UxBT6mM
/MpSLUg+avD6fbTouaqHu7dirGYj1veEUIX3LdBONdnKYkaJ+XBGco2avvATIBMP
uLAdTDkMMsDiqqjQrgLPu63jygxrVlh4Sg8LnoXikAIMAo2o7mi4jcd1TOYlcMkD
SdnLiyk6dxU5jnK2TsxPWRd8pudfzlzUvGvaOjT35SWX74Ic/QGhVB5rOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK+IHV76yDeKktU0GwRViRhNGQC7MB8GA1UdIwQY
MBaAFCPLv5NIrlWMbvoMCG8kvgTLI8bpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTh1X2swaXVWWXh1LWd3SWJ5Uy1CTXNqeHVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wZTkwZjktZThkMy00NTYyLWE1YjMt
NjIxZWUwNTJhNmZjLzEvcjRnZFh2cklONHFTMVRRYkJGV0pHRTBaQUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wZTkwZjktZThkMy00NTYyLWE1YjMtNjIxZWUwNTJhNmZj
LzEvSTh1X2swaXVWWXh1LWd3SWJ5Uy1CTXNqeHVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRjoMA0E
AgACMAcDBQAqBC4CMA0GCSqGSIb3DQEBCwUAA4IBAQB5AYwQAyG0zhrNOl45XBv3
ALsZ+5bQre6jyYQitQkHxWRBTLo9GCMgGSCcMmfYPc4WJdIXSgOVfDfjjmgZQ8Rp
Q0hizoqnz9AHrxomu/oUlHUJEfHahKjRtxTmlf/fosKaW6B8ZIRFivnGwlDiH9NA
AXsrr4HQ3bfUc33u83gqQ664ZDOLQUKpw5IK9JRhvXx+kH6FRSy7PW48jKLQ/Mu9
+QrQkrUx5p6SZoDrXew+sDHJiDtCs9ELhyRnQH2Q1dS8Jy1keLwIEBxJOFGvNBDo
XKQGcmhKD/WJCCyKndjXsfTDhRdSXNRMn5mk6tCqbtBf3YU7mUlJLKzQ3YvECaBP
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:14:44 2024 by rpki-client on console-fra.rpki-client.org