Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/i2XhNcqSZagT4Ql8dPkdp1uhQrM.roa
File:                     i2XhNcqSZagT4Ql8dPkdp1uhQrM.roa (raw, json)
Hash identifier:          yuzbVgoZCHvVv3eZ+NVZ9fs5/WX4UeLibRDE3ALSpjs=
Subject key identifier:   8B:65:E1:35:CA:92:65:A8:13:E1:09:7C:74:F9:1D:A7:5B:A1:42:B3
Certificate issuer:       /CN=64ee0489158fe95e1991fd5ce725ea067e11a1fb
Certificate serial:       018CC79466E1F8A14D7FEEA9039FBFD24BC9
Authority key identifier: 64:EE:04:89:15:8F:E9:5E:19:91:FD:5C:E7:25:EA:06:7E:11:A1:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/i2XhNcqSZagT4Ql8dPkdp1uhQrM.roa
Signing time:             Tue 02 Jan 2024 00:30:40 +0000
ROA not before:           Tue 02 Jan 2024 00:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39757
IP address blocks:        62.3.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:66:e1:f8:a1:4d:7f:ee:a9:03:9f:bf:d2:4b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64ee0489158fe95e1991fd5ce725ea067e11a1fb
        Validity
            Not Before: Jan  2 00:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b65e135ca9265a813e1097c74f91da75ba142b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fa:31:d4:1d:aa:18:21:e5:39:f7:cf:cd:03:
                    5e:75:68:c9:a3:32:e6:d3:23:98:85:e2:ec:fb:63:
                    9a:13:45:1b:f2:a7:ad:5d:6f:fe:2f:5b:d7:c0:02:
                    68:0c:88:93:96:67:b1:13:cd:9f:cb:cf:38:54:44:
                    82:ce:59:2a:c9:8c:28:28:d4:4c:62:5f:d7:3e:d8:
                    a9:a6:de:c3:cb:29:c7:b5:ee:4a:78:c9:52:c2:23:
                    ec:a6:5a:04:c1:2a:60:2c:f9:11:ef:05:05:51:5a:
                    02:81:2d:ff:51:0b:c3:f1:79:76:05:df:e4:4c:43:
                    4c:c1:08:55:71:86:31:ed:3d:77:e9:d1:55:d5:b4:
                    43:90:d3:3a:b7:a0:aa:75:b4:9d:79:90:90:71:ac:
                    46:56:72:fe:23:fe:e9:9b:91:66:47:2a:a9:e3:53:
                    bb:c4:3f:0b:b7:d1:b9:5c:78:29:5c:6c:57:2d:0b:
                    a1:6e:52:1b:f0:27:50:72:38:0c:c2:d3:2b:26:e6:
                    74:11:c4:28:67:a0:e7:6f:13:e9:3c:de:e6:e7:72:
                    9d:41:20:eb:80:f5:18:6e:44:6a:60:ca:5c:4c:db:
                    a6:9b:a7:0f:ad:8d:87:d3:22:f9:e4:b8:73:36:e4:
                    25:0f:2a:ad:7b:01:a7:f0:8d:1b:ff:1c:05:00:16:
                    d9:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:65:E1:35:CA:92:65:A8:13:E1:09:7C:74:F9:1D:A7:5B:A1:42:B3
            X509v3 Authority Key Identifier:
                keyid:64:EE:04:89:15:8F:E9:5E:19:91:FD:5C:E7:25:EA:06:7E:11:A1:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/i2XhNcqSZagT4Ql8dPkdp1uhQrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/18ae02-e72d-4430-85d8-473c5ba55362/1/ZO4EiRWP6V4Zkf1c5yXqBn4Rofs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:e9:f8:03:cd:d0:21:90:b1:1c:94:0d:60:10:c4:f4:95:58:
         28:46:94:f8:47:96:f1:9c:29:83:4d:47:7e:26:ed:fb:2c:b3:
         ee:65:52:c8:ee:2b:72:63:87:f4:d0:4a:b0:08:09:3b:84:98:
         59:0d:bf:1a:fa:cc:e0:52:4f:5d:82:18:4b:0a:90:eb:bd:2e:
         f1:e5:e0:e9:92:70:24:df:52:47:0e:b2:ec:5d:a2:63:ee:96:
         17:33:98:58:f0:d1:c6:18:b2:5d:47:eb:b0:20:6a:6e:db:7a:
         74:03:f2:2d:fc:5e:67:9c:19:ec:3b:d4:9a:20:97:6f:21:3d:
         6d:03:91:a9:99:01:1f:7f:ad:4f:cf:1c:65:62:a0:8d:7e:f7:
         12:98:32:3c:bd:b5:67:8a:02:78:8f:68:1b:b3:cd:84:a4:3e:
         e4:00:67:73:c4:68:3b:47:ac:5b:6e:24:cd:6e:e2:64:d4:de:
         58:d1:c4:c4:64:62:7b:3f:32:79:fe:61:46:fd:b2:21:06:20:
         a9:c1:4c:62:8d:1f:cf:b8:83:cd:f4:79:6a:9d:36:f6:19:e0:
         d9:d5:fd:d0:4a:a7:d9:b1:50:36:a2:9c:3c:54:b6:8f:5f:3f:
         b4:7d:27:f6:62:17:3d:db:df:07:cb:05:12:0e:53:bd:7f:cf:
         40:98:5a:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlGbh+KFNf+6pA5+/0kvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZWUwNDg5MTU4ZmU5NWUxOTkxZmQ1Y2U3MjVlYTA2N2Ux
MWExZmIwHhcNMjQwMTAyMDAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjY1ZTEzNWNhOTI2NWE4MTNlMTA5N2M3NGY5MWRhNzViYTE0MmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPox1B2qGCHlOffPzQNedWjJozLm
0yOYheLs+2OaE0Ub8qetXW/+L1vXwAJoDIiTlmexE82fy884VESCzlkqyYwoKNRM
Yl/XPtippt7DyynHte5KeMlSwiPsploEwSpgLPkR7wUFUVoCgS3/UQvD8Xl2Bd/k
TENMwQhVcYYx7T136dFV1bRDkNM6t6CqdbSdeZCQcaxGVnL+I/7pm5FmRyqp41O7
xD8Lt9G5XHgpXGxXLQuhblIb8CdQcjgMwtMrJuZ0EcQoZ6DnbxPpPN7m53KdQSDr
gPUYbkRqYMpcTNumm6cPrY2H0yL55LhzNuQlDyqtewGn8I0b/xwFABbZSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItl4TXKkmWoE+EJfHT5HadboUKzMB8GA1UdIwQY
MBaAFGTuBIkVj+leGZH9XOcl6gZ+EaH7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk80RWlSV1A2VjRaa2YxYzV5WHFCbjRSb2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8xOGFlMDItZTcyZC00NDMwLTg1ZDgt
NDczYzViYTU1MzYyLzEvaTJYaE5jcVNaYWdUNFFsOGRQa2RwMXVoUXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8xOGFlMDItZTcyZC00NDMwLTg1ZDgtNDczYzViYTU1MzYy
LzEvWk80RWlSV1A2VjRaa2YxYzV5WHFCbjRSb2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgM9MA0G
CSqGSIb3DQEBCwUAA4IBAQCF6fgDzdAhkLEclA1gEMT0lVgoRpT4R5bxnCmDTUd+
Ju37LLPuZVLI7ityY4f00EqwCAk7hJhZDb8a+szgUk9dghhLCpDrvS7x5eDpknAk
31JHDrLsXaJj7pYXM5hY8NHGGLJdR+uwIGpu23p0A/It/F5nnBnsO9SaIJdvIT1t
A5GpmQEff61PzxxlYqCNfvcSmDI8vbVnigJ4j2gbs82EpD7kAGdzxGg7R6xbbiTN
buJk1N5Y0cTEZGJ7PzJ5/mFG/bIhBiCpwUxijR/PuIPN9HlqnTb2GeDZ1f3QSqfZ
sVA2opw8VLaPXz+0fSf2Yhc9298HywUSDlO9f89AmFoS
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:46:36 2024 by rpki-client on console-ams.rpki-client.org