Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/v4gzHC-WFnf5oJQpD_g5y8gi5gE.roa
File:                     v4gzHC-WFnf5oJQpD_g5y8gi5gE.roa (raw, json)
Hash identifier:          W5/trwRP8exPS73zInEGf4UNDCxa95GtwRftQMKywCE=
Subject key identifier:   BF:88:33:1C:2F:96:16:77:F9:A0:94:29:0F:F8:39:CB:C8:22:E6:01
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       018F15FE3937AAD58E866ED17094CD4A903C
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/v4gzHC-WFnf5oJQpD_g5y8gi5gE.roa
Signing time:             Thu 25 Apr 2024 16:02:13 +0000
ROA not before:           Thu 25 Apr 2024 16:02:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a06:7380::/29 maxlen: 29
                          2a06:7d00::/29 maxlen: 29
                          2a07:4980::/29 maxlen: 29
                          2a07:ec40::/29 maxlen: 29
                          2a0b:6500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:fe:39:37:aa:d5:8e:86:6e:d1:70:94:cd:4a:90:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: Apr 25 16:02:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf88331c2f961677f9a094290ff839cbc822e601
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:1f:4e:28:54:fd:57:1b:2f:9a:42:43:87:e6:
                    08:40:c9:86:b7:eb:1b:ef:c9:e6:a8:45:e6:7a:c5:
                    37:5b:22:8c:de:48:ff:7c:5f:aa:84:fe:23:98:e4:
                    ab:4d:31:59:77:a4:35:74:d6:6a:e9:be:d7:c2:95:
                    74:55:41:98:83:8b:ee:93:6b:f1:1f:f2:0c:05:15:
                    b4:19:20:51:fe:1a:f1:9a:b5:43:08:55:8e:c7:cb:
                    8b:41:fb:4d:4a:68:ea:94:94:a1:49:13:57:78:a4:
                    d6:d3:96:1e:21:57:47:5c:66:d7:54:1a:bd:ba:d6:
                    b6:41:d3:7d:13:b4:35:7b:5e:87:d3:27:f9:f2:25:
                    c7:24:a3:c9:e4:c0:9e:f1:8d:f5:95:d4:ee:58:13:
                    df:cf:f7:e9:2e:80:33:bc:a4:92:6d:03:a8:7f:92:
                    65:60:a9:5c:c9:bf:12:5d:76:e3:9b:93:25:9b:04:
                    45:95:79:ea:35:fa:a5:6b:d7:86:3b:d5:ed:48:98:
                    a9:9a:21:71:d6:e2:93:f7:ab:c9:17:a7:ad:e7:69:
                    13:70:94:d5:a2:bc:c4:c2:4e:e7:54:63:4d:4b:72:
                    2f:25:d6:9a:38:be:5d:39:c0:d3:d5:57:2b:cf:17:
                    82:c0:0f:5c:80:73:2c:5d:7b:15:4b:ec:87:e3:56:
                    fb:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:88:33:1C:2F:96:16:77:F9:A0:94:29:0F:F8:39:CB:C8:22:E6:01
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/v4gzHC-WFnf5oJQpD_g5y8gi5gE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:7380::/29
                  2a06:7d00::/29
                  2a07:4980::/29
                  2a07:ec40::/29
                  2a0b:6500::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:fd:10:d5:0a:37:08:5f:fd:75:61:3f:30:6a:da:38:57:a6:
         67:4e:07:94:16:18:95:52:ae:b5:9b:09:4e:45:96:0f:45:95:
         14:b7:19:38:be:a0:8d:ec:21:5b:50:4e:1e:f5:13:2c:55:f5:
         e7:99:1e:47:ae:de:5c:5d:75:24:3f:29:af:a1:20:0e:b4:d3:
         6f:ee:d9:52:f0:8d:86:72:e6:29:4c:4c:75:94:67:ee:9b:e7:
         dc:e2:9c:7f:05:7a:81:95:fd:35:67:b3:00:5c:a0:43:7e:9f:
         2c:60:c3:5c:16:c4:75:77:aa:f7:fd:3c:d7:2c:1c:31:95:eb:
         f6:af:03:58:11:1e:d4:c1:2a:b0:02:12:18:96:41:e6:af:5b:
         73:69:1c:0b:4b:b8:5d:49:40:df:55:15:c9:9e:61:09:8f:27:
         bd:c5:04:97:cc:68:a2:13:fa:ca:2c:e1:a0:68:5d:f5:ff:b9:
         41:66:38:37:43:5e:68:02:9e:5a:0b:20:46:dc:ec:74:d5:ca:
         a3:48:2e:8c:61:01:6d:ef:9d:14:e7:da:3c:10:cc:6a:e9:98:
         0c:b7:f0:74:59:c0:13:9c:28:f0:a8:d1:36:8b:39:e9:94:28:
         bb:57:3f:bf:a3:e2:6e:40:c1:55:de:36:b8:39:9f:e1:b1:5c:
         f6:d0:27:da
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAY8V/jk3qtWOhm7RcJTNSpA8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjQwNDI1MTYwMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjg4MzMxYzJmOTYxNjc3ZjlhMDk0MjkwZmY4MzljYmM4MjJlNjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAix9OKFT9VxsvmkJDh+YIQMmGt+sb
78nmqEXmesU3WyKM3kj/fF+qhP4jmOSrTTFZd6Q1dNZq6b7XwpV0VUGYg4vuk2vx
H/IMBRW0GSBR/hrxmrVDCFWOx8uLQftNSmjqlJShSRNXeKTW05YeIVdHXGbXVBq9
uta2QdN9E7Q1e16H0yf58iXHJKPJ5MCe8Y31ldTuWBPfz/fpLoAzvKSSbQOof5Jl
YKlcyb8SXXbjm5MlmwRFlXnqNfqla9eGO9XtSJipmiFx1uKT96vJF6et52kTcJTV
orzEwk7nVGNNS3IvJdaaOL5dOcDT1VcrzxeCwA9cgHMsXXsVS+yH41b7FQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFL+IMxwvlhZ3+aCUKQ/4OcvIIuYBMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvdjRnekhDLVdGbmY1b0pRcERfZzV5OGdpNWdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzApBAIAAjAjAwUDKgZzgAMF
AyoGfQADBQMqB0mAAwUDKgfsQAMFAyoLZQAwDQYJKoZIhvcNAQELBQADggEBAJX9
ENUKNwhf/XVhPzBq2jhXpmdOB5QWGJVSrrWbCU5Flg9FlRS3GTi+oI3sIVtQTh71
EyxV9eeZHkeu3lxddSQ/Ka+hIA6002/u2VLwjYZy5ilMTHWUZ+6b59zinH8FeoGV
/TVnswBcoEN+nyxgw1wWxHV3qvf9PNcsHDGV6/avA1gRHtTBKrACEhiWQeavW3Np
HAtLuF1JQN9VFcmeYQmPJ73FBJfMaKIT+sos4aBoXfX/uUFmODdDXmgCnloLIEbc
7HTVyqNILoxhAW3vnRTn2jwQzGrpmAy38HRZwBOcKPCo0TaLOemUKLtXP7+j4m5A
wVXeNrg5n+GxXPbQJ9o=
-----END CERTIFICATE-----
Generated at Sat Jun 15 21:09:33 2024 by rpki-client on console-ams.rpki-client.org