Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/d4d2f8-8dc1-4070-977e-a6cec04595f8/1/J6WYl1HdJYfipFWQM4P8txdZBNg.roa
File:                     J6WYl1HdJYfipFWQM4P8txdZBNg.roa (raw, json)
Hash identifier:          n33kmY0bPpWyxN93ufYybRAuK95cCDHq18g+Q/m8lEc=
Subject key identifier:   27:A5:98:97:51:DD:25:87:E2:A4:55:90:33:83:FC:B7:17:59:04:D8
Certificate issuer:       /CN=83e2340ef5c4a4952eb413d288c29d9378342232
Certificate serial:       018CC4254D38EE7078D3A907CE2B81B00083
Authority key identifier: 83:E2:34:0E:F5:C4:A4:95:2E:B4:13:D2:88:C2:9D:93:78:34:22:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g-I0DvXEpJUutBPSiMKdk3g0IjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/d4d2f8-8dc1-4070-977e-a6cec04595f8/1/J6WYl1HdJYfipFWQM4P8txdZBNg.roa
Signing time:             Mon 01 Jan 2024 08:30:28 +0000
ROA not before:           Mon 01 Jan 2024 08:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59608
IP address blocks:        188.213.84.0/23 maxlen: 24
                          2a11:e687::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/d4d2f8-8dc1-4070-977e-a6cec04595f8/1/g-I0DvXEpJUutBPSiMKdk3g0IjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/d4d2f8-8dc1-4070-977e-a6cec04595f8/1/g-I0DvXEpJUutBPSiMKdk3g0IjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g-I0DvXEpJUutBPSiMKdk3g0IjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4d:38:ee:70:78:d3:a9:07:ce:2b:81:b0:00:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83e2340ef5c4a4952eb413d288c29d9378342232
        Validity
            Not Before: Jan  1 08:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27a5989751dd2587e2a455903383fcb7175904d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9d:d5:e6:02:88:c8:d9:0c:a6:13:d0:2b:92:
                    83:ff:b5:eb:18:e3:47:11:af:2b:53:ad:f0:df:ec:
                    11:ae:24:db:30:c3:81:87:08:b1:7d:7e:15:60:61:
                    57:2b:6a:1b:93:56:c9:82:bc:e1:0a:f6:91:ae:a5:
                    30:7b:15:58:10:5d:30:2a:c9:2f:33:8c:19:9c:de:
                    bc:c6:72:57:b6:4e:a7:11:38:62:b0:9c:ea:fc:02:
                    46:eb:f5:0c:2e:1c:34:a3:e4:fc:b8:91:42:6a:d1:
                    d8:aa:47:6c:6d:0e:85:5e:49:c7:e1:43:a1:d3:4b:
                    33:9c:d9:43:4f:39:40:4b:ef:4d:5f:b2:1a:2f:f0:
                    38:60:3b:b7:57:d3:30:2a:c3:cb:ec:94:ae:1d:72:
                    6d:7f:a6:ba:45:9c:36:41:d9:f1:f2:fd:68:ae:e0:
                    a2:84:bd:1a:94:8c:17:31:e9:de:b2:1d:dd:9d:7b:
                    11:53:c0:4b:30:54:b3:10:17:e2:ce:70:a1:88:6c:
                    08:76:74:f6:5e:0c:3a:67:73:6a:16:ac:1f:12:b2:
                    3d:a2:5c:cb:1f:1c:cd:a4:ff:8b:da:e5:36:a6:96:
                    b5:ec:3b:51:40:e9:b4:8e:15:04:39:61:69:d6:a9:
                    5e:cd:9e:ce:83:57:b0:34:37:48:ee:02:e5:58:6a:
                    09:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:A5:98:97:51:DD:25:87:E2:A4:55:90:33:83:FC:B7:17:59:04:D8
            X509v3 Authority Key Identifier:
                keyid:83:E2:34:0E:F5:C4:A4:95:2E:B4:13:D2:88:C2:9D:93:78:34:22:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g-I0DvXEpJUutBPSiMKdk3g0IjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/d4d2f8-8dc1-4070-977e-a6cec04595f8/1/J6WYl1HdJYfipFWQM4P8txdZBNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/d4d2f8-8dc1-4070-977e-a6cec04595f8/1/g-I0DvXEpJUutBPSiMKdk3g0IjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.213.84.0/23
                IPv6:
                  2a11:e687::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:20:a6:ec:8c:24:a3:22:56:4a:c4:54:93:3e:07:58:b7:f4:
         54:1a:35:5d:20:9f:14:05:73:64:60:1f:bd:3c:2c:09:47:31:
         c8:63:4a:15:3c:dd:23:e6:70:69:f5:88:ba:cb:5c:bc:8c:3f:
         29:36:f6:09:1b:2c:24:52:87:31:c8:83:9f:d5:03:38:02:9e:
         96:4a:89:41:d9:97:ca:28:bd:43:7f:1c:6c:f5:c8:08:e2:1d:
         6c:4c:2b:2f:c3:6e:fd:15:54:7a:31:36:95:ca:c6:22:c7:67:
         33:8f:b4:3c:14:2c:ac:a7:89:ef:a6:fc:35:a3:c5:4f:7d:dc:
         09:4c:db:92:79:ac:9b:04:f7:b7:4e:5d:57:39:90:23:fd:f3:
         33:d5:79:59:67:d4:a5:0b:be:7f:bb:85:9f:8e:03:f7:9f:89:
         7c:87:87:02:ed:79:0d:59:25:bd:e3:b0:27:9c:55:90:f0:30:
         8e:05:8d:90:70:f3:e0:05:1d:b9:3a:98:ba:34:8a:75:9b:f8:
         fe:9b:8c:06:b7:a2:d6:e4:79:a4:2e:84:78:7f:7e:69:18:ce:
         6c:16:d9:e0:83:27:c4:63:f9:98:fe:eb:19:ff:0c:28:18:9b:
         e0:34:ae:6d:b7:aa:37:6d:0e:19:cf:71:e1:39:97:3f:3e:65:
         51:b6:7e:e0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJU047nB406kHziuBsACDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZTIzNDBlZjVjNGE0OTUyZWI0MTNkMjg4YzI5ZDkzNzgz
NDIyMzIwHhcNMjQwMTAxMDgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2E1OTg5NzUxZGQyNTg3ZTJhNDU1OTAzMzgzZmNiNzE3NTkwNGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp3V5gKIyNkMphPQK5KD/7XrGONH
Ea8rU63w3+wRriTbMMOBhwixfX4VYGFXK2obk1bJgrzhCvaRrqUwexVYEF0wKskv
M4wZnN68xnJXtk6nEThisJzq/AJG6/UMLhw0o+T8uJFCatHYqkdsbQ6FXknH4UOh
00sznNlDTzlAS+9NX7IaL/A4YDu3V9MwKsPL7JSuHXJtf6a6RZw2Qdnx8v1oruCi
hL0alIwXMenesh3dnXsRU8BLMFSzEBfiznChiGwIdnT2Xgw6Z3NqFqwfErI9olzL
HxzNpP+L2uU2ppa17DtRQOm0jhUEOWFp1qlezZ7Og1ewNDdI7gLlWGoJDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCelmJdR3SWH4qRVkDOD/LcXWQTYMB8GA1UdIwQY
MBaAFIPiNA71xKSVLrQT0ojCnZN4NCIyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZy1JMER2WEVwSlV1dEJQU2lNS2RrM2cwSWpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kNGQyZjgtOGRjMS00MDcwLTk3N2Ut
YTZjZWMwNDU5NWY4LzEvSjZXWWwxSGRKWWZpcEZXUU00UDh0eGRaQk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kNGQyZjgtOGRjMS00MDcwLTk3N2UtYTZjZWMwNDU5NWY4
LzEvZy1JMER2WEVwSlV1dEJQU2lNS2RrM2cwSWpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBvNVUMA0E
AgACMAcDBQAqEeaHMA0GCSqGSIb3DQEBCwUAA4IBAQBvIKbsjCSjIlZKxFSTPgdY
t/RUGjVdIJ8UBXNkYB+9PCwJRzHIY0oVPN0j5nBp9Yi6y1y8jD8pNvYJGywkUocx
yIOf1QM4Ap6WSolB2ZfKKL1Dfxxs9cgI4h1sTCsvw279FVR6MTaVysYix2czj7Q8
FCysp4nvpvw1o8VPfdwJTNuSeaybBPe3Tl1XOZAj/fMz1XlZZ9SlC75/u4WfjgP3
n4l8h4cC7XkNWSW947AnnFWQ8DCOBY2QcPPgBR25Opi6NIp1m/j+m4wGt6LW5Hmk
LoR4f35pGM5sFtnggyfEY/mY/usZ/wwoGJvgNK5tt6o3bQ4Zz3HhOZc/PmVRtn7g
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:33:34 2024 by rpki-client on console-ams.rpki-client.org