Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/e5ea19-0b7b-431f-91bf-abcc905d9ffe/1/os18bP7cFEkTJ7Fn_42mx7Jk9Xo.roa
File:                     os18bP7cFEkTJ7Fn_42mx7Jk9Xo.roa (raw, json)
Hash identifier:          bkHfZ/iwQB9mJPstrkJiutrF8EIMbjTde2F+DXna/W8=
Subject key identifier:   A2:CD:7C:6C:FE:DC:14:49:13:27:B1:67:FF:8D:A6:C7:B2:64:F5:7A
Certificate issuer:       /CN=6547443e620d63c8e4f54a67178474d1f909af68
Certificate serial:       018CCA99C0887611393FFAC34A03B023B60D
Authority key identifier: 65:47:44:3E:62:0D:63:C8:E4:F5:4A:67:17:84:74:D1:F9:09:AF:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZUdEPmINY8jk9UpnF4R00fkJr2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/e5ea19-0b7b-431f-91bf-abcc905d9ffe/1/os18bP7cFEkTJ7Fn_42mx7Jk9Xo.roa
Signing time:             Tue 02 Jan 2024 14:35:23 +0000
ROA not before:           Tue 02 Jan 2024 14:35:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21466
IP address blocks:        213.230.32.0/20 maxlen: 24
                          213.230.40.0/21 maxlen: 24
                          185.166.80.0/22 maxlen: 24
                          213.202.32.0/21 maxlen: 24
                          213.202.32.0/19 maxlen: 24
                          213.202.40.0/21 maxlen: 24
                          213.202.48.0/20 maxlen: 24
                          2a06:3f40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/e5ea19-0b7b-431f-91bf-abcc905d9ffe/1/ZUdEPmINY8jk9UpnF4R00fkJr2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/e5ea19-0b7b-431f-91bf-abcc905d9ffe/1/ZUdEPmINY8jk9UpnF4R00fkJr2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZUdEPmINY8jk9UpnF4R00fkJr2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:c0:88:76:11:39:3f:fa:c3:4a:03:b0:23:b6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6547443e620d63c8e4f54a67178474d1f909af68
        Validity
            Not Before: Jan  2 14:35:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2cd7c6cfedc14491327b167ff8da6c7b264f57a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2a:22:cb:c1:0d:0b:1c:12:23:90:52:5b:c3:
                    7a:ea:ac:73:54:d9:a6:38:b6:7c:3a:f2:9e:0e:a5:
                    24:16:9e:15:a1:ae:07:36:f9:5a:47:f3:b0:26:d7:
                    6c:cb:2a:0a:98:dd:df:2a:00:f7:0d:4f:cd:f7:c3:
                    78:ca:0f:c9:a7:ab:f2:68:54:f1:e6:97:06:d4:82:
                    b1:7b:8c:3d:6d:d6:eb:8f:98:93:7b:f4:1b:58:78:
                    ca:e2:82:7b:5a:30:d7:2d:77:cc:93:46:66:a2:c5:
                    01:6a:e8:7a:ca:14:e5:82:98:7a:f3:a4:93:92:ce:
                    28:8f:38:ec:39:28:b8:9d:8b:26:47:77:a7:35:7a:
                    cd:d4:cd:90:8c:ff:4e:be:3f:13:71:a1:3c:e8:c8:
                    22:b1:b6:0a:4d:18:c6:ba:9a:85:52:80:85:e5:8e:
                    3c:11:40:ee:77:59:f3:30:b1:5a:39:8a:ba:26:12:
                    8e:62:e6:38:90:ed:32:ec:f3:fe:80:c6:94:b7:7c:
                    31:14:19:61:49:e8:db:3c:47:21:51:83:ce:8b:4d:
                    19:f8:97:fc:8d:f1:f6:82:b8:1e:30:c3:21:48:05:
                    23:cc:36:5f:73:81:19:bf:05:7b:99:a9:2a:8c:7c:
                    86:ba:d7:d6:2a:4e:79:3e:63:c9:0f:4c:20:a9:56:
                    44:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:CD:7C:6C:FE:DC:14:49:13:27:B1:67:FF:8D:A6:C7:B2:64:F5:7A
            X509v3 Authority Key Identifier:
                keyid:65:47:44:3E:62:0D:63:C8:E4:F5:4A:67:17:84:74:D1:F9:09:AF:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZUdEPmINY8jk9UpnF4R00fkJr2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/e5ea19-0b7b-431f-91bf-abcc905d9ffe/1/os18bP7cFEkTJ7Fn_42mx7Jk9Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/e5ea19-0b7b-431f-91bf-abcc905d9ffe/1/ZUdEPmINY8jk9UpnF4R00fkJr2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.80.0/22
                  213.202.32.0/19
                  213.230.32.0/20
                IPv6:
                  2a06:3f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:3f:06:bc:a0:91:d7:d9:f1:87:7f:04:0c:4e:e8:37:42:93:
         10:28:1e:f3:ae:7c:53:96:ea:38:73:93:fd:3c:fe:bd:22:50:
         d0:e5:13:0e:97:6b:89:7f:06:32:4b:54:d4:4b:80:7e:62:54:
         f8:b7:18:3d:c8:a6:e2:2f:23:96:44:39:1d:f7:06:59:53:f3:
         9e:12:28:52:1e:56:02:49:31:04:de:20:4e:ea:a2:5d:2e:52:
         57:25:f4:7f:68:c7:d8:c7:81:3c:c7:a2:d7:ed:6a:72:4e:e9:
         8f:85:dd:da:2b:6d:8f:ec:3e:b5:c9:5f:8d:b9:1c:c2:a7:92:
         a8:2a:66:21:4e:8d:20:b0:50:c0:c4:e1:b5:ad:7c:93:53:8d:
         ab:8b:b7:ee:ac:52:d2:e7:c3:a7:ef:d1:0c:de:9e:16:01:98:
         7c:18:fe:72:b7:f7:41:b3:19:12:c7:67:83:c3:43:e5:f9:7c:
         64:78:57:9f:d4:28:e1:a8:21:27:15:73:ce:c2:ca:8a:78:30:
         ee:cd:e1:dd:e8:0d:3c:f8:a1:af:95:1b:0c:0e:e2:da:16:be:
         93:67:42:80:8b:0e:c8:66:23:9e:f3:0c:e3:bf:38:53:9a:38:
         3e:83:01:d4:0c:ab:d6:7f:e3:1c:f1:4d:8a:3a:b3:58:25:cd:
         7b:63:87:b7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzKmcCIdhE5P/rDSgOwI7YNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NDc0NDNlNjIwZDYzYzhlNGY1NGE2NzE3ODQ3NGQxZjkw
OWFmNjgwHhcNMjQwMTAyMTQzNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmNkN2M2Y2ZlZGMxNDQ5MTMyN2IxNjdmZjhkYTZjN2IyNjRmNTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSoiy8ENCxwSI5BSW8N66qxzVNmm
OLZ8OvKeDqUkFp4Voa4HNvlaR/OwJtdsyyoKmN3fKgD3DU/N98N4yg/Jp6vyaFTx
5pcG1IKxe4w9bdbrj5iTe/QbWHjK4oJ7WjDXLXfMk0ZmosUBauh6yhTlgph686ST
ks4ojzjsOSi4nYsmR3enNXrN1M2QjP9Ovj8TcaE86MgisbYKTRjGupqFUoCF5Y48
EUDud1nzMLFaOYq6JhKOYuY4kO0y7PP+gMaUt3wxFBlhSejbPEchUYPOi00Z+Jf8
jfH2grgeMMMhSAUjzDZfc4EZvwV7makqjHyGutfWKk55PmPJD0wgqVZEgQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKLNfGz+3BRJEyexZ/+NpseyZPV6MB8GA1UdIwQY
MBaAFGVHRD5iDWPI5PVKZxeEdNH5Ca9oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlVkRVBtSU5ZOGprOVVwbkY0UjAwZmtKcjJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lNWVhMTktMGI3Yi00MzFmLTkxYmYt
YWJjYzkwNWQ5ZmZlLzEvb3MxOGJQN2NGRWtUSjdGbl80Mm14N0prOVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lNWVhMTktMGI3Yi00MzFmLTkxYmYtYWJjYzkwNWQ5ZmZl
LzEvWlVkRVBtSU5ZOGprOVVwbkY0UjAwZmtKcjJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuaZQAwQF
1cogAwQE1eYgMA0EAgACMAcDBQMqBj9AMA0GCSqGSIb3DQEBCwUAA4IBAQBAPwa8
oJHX2fGHfwQMTug3QpMQKB7zrnxTluo4c5P9PP69IlDQ5RMOl2uJfwYyS1TUS4B+
YlT4txg9yKbiLyOWRDkd9wZZU/OeEihSHlYCSTEE3iBO6qJdLlJXJfR/aMfYx4E8
x6LX7WpyTumPhd3aK22P7D61yV+NuRzCp5KoKmYhTo0gsFDAxOG1rXyTU42ri7fu
rFLS58On79EM3p4WAZh8GP5yt/dBsxkSx2eDw0Pl+XxkeFef1CjhqCEnFXPOwsqK
eDDuzeHd6A08+KGvlRsMDuLaFr6TZ0KAiw7IZiOe8wzjvzhTmjg+gwHUDKvWf+Mc
8U2KOrNYJc17Y4e3
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:40:29 2024 by rpki-client on console-fra.rpki-client.org