Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/a87aec-beaa-4aeb-a48e-8f34bd391d18/1/px6_-QljpN30eJitM7MVFky8_fc.roa
File:                     px6_-QljpN30eJitM7MVFky8_fc.roa (raw, json)
Hash identifier:          XWsoa64wMzOEpaPi5z08PCmsw53FQDmbBP9D5t/H41c=
Subject key identifier:   A7:1E:BF:F9:09:63:A4:DD:F4:78:98:AD:33:B3:15:16:4C:BC:FD:F7
Certificate issuer:       /CN=a5ee926f1f1537b9be75eb4b9d792df41d25cd99
Certificate serial:       018CC56E4AC5EC337035E50F3F36E37CAE17
Authority key identifier: A5:EE:92:6F:1F:15:37:B9:BE:75:EB:4B:9D:79:2D:F4:1D:25:CD:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pe6Sbx8VN7m-detLnXkt9B0lzZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/a87aec-beaa-4aeb-a48e-8f34bd391d18/1/px6_-QljpN30eJitM7MVFky8_fc.roa
Signing time:             Mon 01 Jan 2024 14:29:48 +0000
ROA not before:           Mon 01 Jan 2024 14:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38998
IP address blocks:        193.111.68.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/a87aec-beaa-4aeb-a48e-8f34bd391d18/1/pe6Sbx8VN7m-detLnXkt9B0lzZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/a87aec-beaa-4aeb-a48e-8f34bd391d18/1/pe6Sbx8VN7m-detLnXkt9B0lzZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pe6Sbx8VN7m-detLnXkt9B0lzZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4a:c5:ec:33:70:35:e5:0f:3f:36:e3:7c:ae:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ee926f1f1537b9be75eb4b9d792df41d25cd99
        Validity
            Not Before: Jan  1 14:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a71ebff90963a4ddf47898ad33b315164cbcfdf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:4c:cc:80:28:10:f6:0d:fb:e6:5e:e3:1e:d4:
                    a3:a6:38:5e:d8:58:80:f0:00:57:b5:48:3e:04:8b:
                    c4:93:11:8b:53:ca:68:f3:d6:31:48:3d:fc:82:26:
                    68:ca:97:98:b5:ec:94:45:b5:a1:b4:3f:0a:50:c9:
                    f8:53:02:1a:97:9f:00:46:3a:67:4b:ff:7e:c9:77:
                    18:e6:6b:e5:15:35:25:db:da:d6:56:0f:c9:db:3b:
                    c6:1e:fd:5b:f1:4f:f7:07:87:d8:6c:67:f3:c9:29:
                    fa:aa:f1:2a:37:1f:25:ac:3a:a5:6d:6d:5d:f2:6c:
                    53:0c:ed:8e:5f:5f:db:c8:fd:6d:b7:84:af:96:b8:
                    4a:4e:6f:b2:36:dd:1a:21:ad:15:14:e2:5a:26:26:
                    75:0c:a2:53:a6:d4:47:b7:7f:40:1d:3b:2b:41:f2:
                    57:43:53:68:f6:4e:0d:ad:2c:55:f1:62:03:bf:54:
                    c3:94:83:66:ec:00:19:0e:a0:42:3a:7a:02:a3:0b:
                    1b:f5:cf:9e:e6:5e:6e:db:5c:f7:43:b5:c0:51:6a:
                    65:f6:b8:81:09:65:24:66:19:70:1e:96:29:f6:ef:
                    f0:22:ac:55:97:54:65:d5:45:9a:c8:16:09:eb:7c:
                    a5:35:99:33:9f:4d:e1:e8:88:4d:93:1f:12:ef:30:
                    98:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:1E:BF:F9:09:63:A4:DD:F4:78:98:AD:33:B3:15:16:4C:BC:FD:F7
            X509v3 Authority Key Identifier:
                keyid:A5:EE:92:6F:1F:15:37:B9:BE:75:EB:4B:9D:79:2D:F4:1D:25:CD:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pe6Sbx8VN7m-detLnXkt9B0lzZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a87aec-beaa-4aeb-a48e-8f34bd391d18/1/px6_-QljpN30eJitM7MVFky8_fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a87aec-beaa-4aeb-a48e-8f34bd391d18/1/pe6Sbx8VN7m-detLnXkt9B0lzZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:91:44:1d:79:0a:d6:d7:52:92:08:02:99:16:a4:92:68:58:
         ba:f6:5b:2c:60:cf:50:62:ab:2e:76:e1:7b:23:7f:ed:9c:b1:
         10:ac:c3:9a:3f:c3:27:a2:dd:4b:a4:b4:77:28:26:86:e9:da:
         43:72:4c:36:23:01:33:8a:dd:3a:c9:54:0a:4d:d7:a1:3c:60:
         16:37:f6:dc:94:49:45:84:bd:2f:83:36:55:e4:45:ae:9a:15:
         28:38:84:0c:e7:d0:76:0c:00:69:50:6d:8b:ba:df:cf:0a:56:
         09:f2:85:79:bc:a2:d7:b7:5e:1d:d1:88:6b:b9:93:f5:8f:27:
         1c:9c:28:76:c8:80:18:ee:7b:31:c0:3c:76:ba:df:81:bc:0d:
         6a:02:1f:33:e6:2a:d5:2e:b8:25:4a:3b:dd:f6:24:ba:1a:1e:
         aa:ce:b3:08:74:15:65:b6:0a:f9:b0:9e:20:4d:7f:c8:4d:97:
         3a:2c:34:66:cb:81:d0:ac:cb:d7:cf:46:95:9f:2a:27:d6:4a:
         33:bb:8b:ca:89:cd:8d:59:97:f5:3d:2b:a7:d0:28:97:08:d4:
         fd:fe:6b:bc:59:99:a2:0e:75:4f:7a:be:9c:2f:e7:5c:51:dd:
         e4:8b:3b:df:de:8b:41:b5:67:9e:b3:1e:2a:c0:1e:b6:47:a5:
         9b:a4:40:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbkrF7DNwNeUPPzbjfK4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1ZWU5MjZmMWYxNTM3YjliZTc1ZWI0YjlkNzkyZGY0MWQy
NWNkOTkwHhcNMjQwMTAxMTQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzFlYmZmOTA5NjNhNGRkZjQ3ODk4YWQzM2IzMTUxNjRjYmNmZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8kzMgCgQ9g375l7jHtSjpjhe2FiA
8ABXtUg+BIvEkxGLU8po89YxSD38giZoypeYteyURbWhtD8KUMn4UwIal58ARjpn
S/9+yXcY5mvlFTUl29rWVg/J2zvGHv1b8U/3B4fYbGfzySn6qvEqNx8lrDqlbW1d
8mxTDO2OX1/byP1tt4SvlrhKTm+yNt0aIa0VFOJaJiZ1DKJTptRHt39AHTsrQfJX
Q1No9k4NrSxV8WIDv1TDlINm7AAZDqBCOnoCowsb9c+e5l5u21z3Q7XAUWpl9riB
CWUkZhlwHpYp9u/wIqxVl1Rl1UWayBYJ63ylNZkzn03h6IhNkx8S7zCYIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcev/kJY6Td9HiYrTOzFRZMvP33MB8GA1UdIwQY
MBaAFKXukm8fFTe5vnXrS515LfQdJc2ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGU2U2J4OFZON20tZGV0TG5Ya3Q5QjBselprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9hODdhZWMtYmVhYS00YWViLWE0OGUt
OGYzNGJkMzkxZDE4LzEvcHg2Xy1RbGpwTjMwZUppdE03TVZGa3k4X2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9hODdhZWMtYmVhYS00YWViLWE0OGUtOGYzNGJkMzkxZDE4
LzEvcGU2U2J4OFZON20tZGV0TG5Ya3Q5QjBselprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW9EMA0G
CSqGSIb3DQEBCwUAA4IBAQB6kUQdeQrW11KSCAKZFqSSaFi69lssYM9QYqsuduF7
I3/tnLEQrMOaP8Mnot1LpLR3KCaG6dpDckw2IwEzit06yVQKTdehPGAWN/bclElF
hL0vgzZV5EWumhUoOIQM59B2DABpUG2Lut/PClYJ8oV5vKLXt14d0YhruZP1jycc
nCh2yIAY7nsxwDx2ut+BvA1qAh8z5irVLrglSjvd9iS6Gh6qzrMIdBVltgr5sJ4g
TX/ITZc6LDRmy4HQrMvXz0aVnyon1kozu4vKic2NWZf1PSun0CiXCNT9/mu8WZmi
DnVPer6cL+dcUd3kizvf3otBtWeesx4qwB62R6WbpED8
-----END CERTIFICATE-----
Generated at Sat Jun 15 17:39:00 2024 by rpki-client on console-fra.rpki-client.org