Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/O6ZneyXcmBuSuDgqQSLcpApbdws.roa
File:                     O6ZneyXcmBuSuDgqQSLcpApbdws.roa (raw, json)
Hash identifier:          Ru9PCjwBGm8J5hNGI/77sp6es8NuLMunNCAea2pDdsU=
Subject key identifier:   3B:A6:67:7B:25:DC:98:1B:92:B8:38:2A:41:22:DC:A4:0A:5B:77:0B
Certificate issuer:       /CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
Certificate serial:       018CC2DB46EBF98FA44637F3A5878478BB03
Authority key identifier: DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/O6ZneyXcmBuSuDgqQSLcpApbdws.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207990
IP address blocks:        45.9.48.0/22 maxlen: 32
                          185.246.172.0/22 maxlen: 32
                          46.232.208.0/23 maxlen: 32
                          45.67.132.0/22 maxlen: 32
                          2a09:77c0::/30 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:46:eb:f9:8f:a4:46:37:f3:a5:87:84:78:bb:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ba6677b25dc981b92b8382a4122dca40a5b770b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:33:d9:db:29:c5:c0:f8:b8:20:b3:5c:d8:c0:
                    2c:37:0b:96:ea:38:a3:a2:06:4b:0c:a9:83:c1:8b:
                    e7:29:3c:2a:67:ee:f7:93:c3:0e:72:6b:45:90:f4:
                    4e:ba:44:d2:b1:56:73:c7:d8:13:bc:de:22:11:5d:
                    c1:6b:b8:f7:56:95:7f:46:34:e8:b2:33:17:73:86:
                    51:61:62:2b:5c:14:b6:2a:a9:1a:86:0c:4d:bd:05:
                    a4:08:47:ad:ee:06:10:8e:aa:33:18:c2:05:02:83:
                    6f:6a:e8:a5:c8:8b:f8:40:51:f9:e7:62:bf:8f:ff:
                    f1:3f:a6:f9:8f:44:58:eb:99:ef:e2:06:b0:af:40:
                    f4:e7:f1:0c:47:93:ee:31:5f:58:be:21:e9:b0:30:
                    e1:7e:f0:ce:b1:42:6b:1b:ed:35:75:4a:ac:da:80:
                    4b:30:72:0e:0e:ab:7c:48:92:59:3c:82:48:58:6f:
                    24:33:0a:0e:8b:f6:b2:78:0f:5b:b7:8f:94:e5:1f:
                    e9:e7:2c:33:99:fb:98:88:12:71:37:e7:5e:e1:a5:
                    19:74:b0:d1:31:db:0e:a6:b4:58:2a:4e:9b:bd:38:
                    01:bc:d7:cd:e3:f6:77:21:28:d7:4d:74:c1:ef:65:
                    9b:ba:9f:b7:95:bd:82:fd:7b:72:16:1e:56:ad:24:
                    92:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:A6:67:7B:25:DC:98:1B:92:B8:38:2A:41:22:DC:A4:0A:5B:77:0B
            X509v3 Authority Key Identifier:
                keyid:DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/O6ZneyXcmBuSuDgqQSLcpApbdws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.48.0/22
                  45.67.132.0/22
                  46.232.208.0/23
                  185.246.172.0/22
                IPv6:
                  2a09:77c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         cf:9c:dc:44:97:26:db:89:9e:1c:06:0b:60:8c:a2:c5:9c:0a:
         6c:f1:fd:9e:69:65:f7:a8:f0:01:40:7f:01:cb:1e:b6:ef:88:
         19:51:02:46:d6:63:70:d0:f4:74:f0:27:03:73:9e:da:eb:57:
         9e:77:0f:46:0b:c9:ad:94:08:05:a8:29:6d:c1:a5:3e:5e:8c:
         2a:d5:e1:8d:c8:4c:b3:05:c8:34:25:57:35:04:38:a0:03:9e:
         ae:4f:07:39:d6:80:42:36:46:c4:f4:dc:cc:e9:55:f9:1f:56:
         3f:43:be:65:05:ad:37:a9:1a:c6:87:6f:1c:bb:29:f7:33:21:
         dc:9f:fe:b1:18:c3:0a:30:77:bf:0e:05:51:80:28:43:a8:22:
         7c:2e:05:1e:45:ad:cc:7b:62:20:e9:de:bb:55:05:d3:ce:10:
         bf:1a:3c:8c:2c:ed:97:03:3b:a3:24:12:a2:6d:d2:70:fe:14:
         7d:0a:e2:c2:1a:7f:d6:0e:82:18:c0:b9:a2:16:5c:bd:bb:0f:
         79:92:08:a6:44:dd:8f:61:f3:88:42:a7:88:c5:d3:9f:49:b8:
         bc:0e:fa:b5:2e:2e:9c:6e:cf:b7:6a:8f:06:71:05:15:84:2b:
         51:b2:2e:d7:b8:90:3c:fb:94:9f:81:92:d9:87:09:6d:23:ed:
         f6:dc:1d:05
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzC20br+Y+kRjfzpYeEeLsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOGY5NjFjNmVmYmI3ZjljZTc0MjE3YjFkNWRiYjU0ZTk4
MWM2ZjIwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmE2Njc3YjI1ZGM5ODFiOTJiODM4MmE0MTIyZGNhNDBhNWI3NzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzPZ2ynFwPi4ILNc2MAsNwuW6jij
ogZLDKmDwYvnKTwqZ+73k8MOcmtFkPROukTSsVZzx9gTvN4iEV3Ba7j3VpV/RjTo
sjMXc4ZRYWIrXBS2KqkahgxNvQWkCEet7gYQjqozGMIFAoNvauilyIv4QFH552K/
j//xP6b5j0RY65nv4gawr0D05/EMR5PuMV9YviHpsDDhfvDOsUJrG+01dUqs2oBL
MHIODqt8SJJZPIJIWG8kMwoOi/ayeA9bt4+U5R/p5ywzmfuYiBJxN+de4aUZdLDR
MdsOprRYKk6bvTgBvNfN4/Z3ISjXTXTB72Wbup+3lb2C/XtyFh5WrSSSTwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFDumZ3sl3Jgbkrg4KkEi3KQKW3cLMB8GA1UdIwQY
MBaAFN+Plhxu+7f5znQhex1du1TpgcbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMt
MjdmMmJjMTYyYTA3LzEvTzZabmV5WGNtQnVTdURncVFTTGNwQXBiZHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMtMjdmMmJjMTYyYTA3
LzEvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLQkwAwQC
LUOEAwQBLujQAwQCufasMA0EAgACMAcDBQIqCXfAMA0GCSqGSIb3DQEBCwUAA4IB
AQDPnNxElybbiZ4cBgtgjKLFnAps8f2eaWX3qPABQH8Byx6274gZUQJG1mNw0PR0
8CcDc57a61eedw9GC8mtlAgFqCltwaU+Xowq1eGNyEyzBcg0JVc1BDigA56uTwc5
1oBCNkbE9NzM6VX5H1Y/Q75lBa03qRrGh28cuyn3MyHcn/6xGMMKMHe/DgVRgChD
qCJ8LgUeRa3Me2Ig6d67VQXTzhC/GjyMLO2XAzujJBKibdJw/hR9CuLCGn/WDoIY
wLmiFly9uw95kgimRN2PYfOIQqeIxdOfSbi8Dvq1Li6cbs+3ao8GcQUVhCtRsi7X
uJA8+5SfgZLZhwltI+323B0F
-----END CERTIFICATE-----
Generated at Sat Jun 15 17:47:20 2024 by rpki-client on console-ams.rpki-client.org