Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/6ihdTYOlLm5BBj5Guo6nuUlYtWI.roa
File:                     6ihdTYOlLm5BBj5Guo6nuUlYtWI.roa (raw, json)
Hash identifier:          HGY125csKYv7UcG/O8icADC6Ov/awjGJq/0awUp6EX8=
Subject key identifier:   EA:28:5D:4D:83:A5:2E:6E:41:06:3E:46:BA:8E:A7:B9:49:58:B5:62
Certificate issuer:       /CN=0ff8e93f3472ea6be58f3feb74495470095a177d
Certificate serial:       018FE396488BEE436C42F12E0C22D6BC4A95
Authority key identifier: 0F:F8:E9:3F:34:72:EA:6B:E5:8F:3F:EB:74:49:54:70:09:5A:17:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_jpPzRy6mvljz_rdElUcAlaF30.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/6ihdTYOlLm5BBj5Guo6nuUlYtWI.roa
Signing time:             Tue 04 Jun 2024 14:10:27 +0000
ROA not before:           Tue 04 Jun 2024 14:10:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212341
IP address blocks:        139.28.152.0/22 maxlen: 22
                          2a13:1440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/D_jpPzRy6mvljz_rdElUcAlaF30.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/D_jpPzRy6mvljz_rdElUcAlaF30.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_jpPzRy6mvljz_rdElUcAlaF30.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:96:48:8b:ee:43:6c:42:f1:2e:0c:22:d6:bc:4a:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff8e93f3472ea6be58f3feb74495470095a177d
        Validity
            Not Before: Jun  4 14:10:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea285d4d83a52e6e41063e46ba8ea7b94958b562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:72:b2:fd:e5:46:2e:6d:03:6c:57:f1:3b:11:
                    c5:e6:16:48:d8:2c:ae:64:a4:94:78:d5:94:79:4a:
                    4b:3c:67:04:35:b4:79:46:71:1d:39:4c:42:af:f8:
                    ce:ef:8b:4f:7c:0c:f7:75:e8:b6:c0:cc:86:f4:63:
                    0a:37:c7:d7:98:ed:8c:b2:9f:ca:b5:8c:5b:26:b6:
                    79:e9:e4:a1:0a:d6:26:bc:ac:5c:48:4f:a8:57:03:
                    a1:b5:94:8c:cb:a3:54:31:16:68:90:b9:2c:00:0c:
                    49:be:f4:7e:8b:50:bc:27:e8:35:be:40:1b:0f:57:
                    0f:b0:e2:9a:37:15:99:82:2c:d7:36:ba:74:64:5e:
                    31:c3:4a:1d:de:7c:30:08:9a:e6:69:3f:2c:6b:f5:
                    87:a6:d3:2d:d2:bf:15:ff:d7:f0:74:18:32:c6:a4:
                    20:d3:8c:e7:60:c6:29:05:ad:83:6c:98:23:bb:3d:
                    97:0b:bc:e4:c0:80:20:c6:c3:a5:ca:e3:1c:07:ff:
                    97:e1:79:dd:e4:23:b2:31:9b:83:d7:5b:87:86:a2:
                    83:f8:73:38:54:30:33:7d:70:d4:08:0d:9a:fd:c6:
                    de:ed:aa:59:27:36:d3:7f:1a:73:bf:e9:95:77:11:
                    d7:65:af:d6:30:fb:d2:f6:fd:6e:e1:08:e2:4a:7b:
                    f8:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:28:5D:4D:83:A5:2E:6E:41:06:3E:46:BA:8E:A7:B9:49:58:B5:62
            X509v3 Authority Key Identifier:
                keyid:0F:F8:E9:3F:34:72:EA:6B:E5:8F:3F:EB:74:49:54:70:09:5A:17:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_jpPzRy6mvljz_rdElUcAlaF30.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/6ihdTYOlLm5BBj5Guo6nuUlYtWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/D_jpPzRy6mvljz_rdElUcAlaF30.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.152.0/22
                IPv6:
                  2a13:1440::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:b4:af:67:25:42:ee:08:e3:f2:2e:0d:87:1c:3a:1e:41:e7:
         a3:23:e8:97:9f:9c:c1:9a:e5:d8:ed:bf:d8:2e:f1:e8:8e:92:
         b1:c5:01:df:0a:d7:b6:ac:32:6c:c3:15:00:4c:6c:ee:7e:74:
         60:a1:db:01:15:4b:55:55:fc:21:3f:fb:9a:e8:b2:25:3b:39:
         67:c1:ed:5b:93:6b:25:c2:d8:63:28:25:44:c2:f9:5a:8d:0e:
         e7:28:73:62:51:17:4a:2b:47:c2:75:c5:5e:94:a2:ab:4f:73:
         de:ca:89:47:47:f5:01:26:a0:13:ef:3f:1f:a6:47:e0:fd:06:
         58:f4:99:67:85:56:9a:c3:e5:c8:70:fb:ae:aa:50:77:cb:e2:
         d6:84:f7:d8:c5:e8:7e:4f:f2:6c:cc:e6:21:3c:aa:bf:6d:83:
         2a:8a:b3:14:c5:d3:1f:f8:7c:57:b0:33:06:59:cf:b0:9c:7c:
         18:5b:85:43:0f:70:93:ec:8f:bb:70:e4:45:63:ac:07:81:36:
         64:89:be:2f:8d:b1:fc:f1:af:60:ca:13:39:3b:46:60:0b:41:
         ff:87:5e:21:49:95:f3:bf:24:63:fc:ba:37:bd:77:43:eb:f0:
         e7:1f:49:b7:4f:a8:48:2f:4a:15:0f:6c:94:60:d7:c7:5a:1c:
         f4:57:66:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY/jlkiL7kNsQvEuDCLWvEqVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjhlOTNmMzQ3MmVhNmJlNThmM2ZlYjc0NDk1NDcwMDk1
YTE3N2QwHhcNMjQwNjA0MTQxMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTI4NWQ0ZDgzYTUyZTZlNDEwNjNlNDZiYThlYTdiOTQ5NThiNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknKy/eVGLm0DbFfxOxHF5hZI2Cyu
ZKSUeNWUeUpLPGcENbR5RnEdOUxCr/jO74tPfAz3dei2wMyG9GMKN8fXmO2Msp/K
tYxbJrZ56eShCtYmvKxcSE+oVwOhtZSMy6NUMRZokLksAAxJvvR+i1C8J+g1vkAb
D1cPsOKaNxWZgizXNrp0ZF4xw0od3nwwCJrmaT8sa/WHptMt0r8V/9fwdBgyxqQg
04znYMYpBa2DbJgjuz2XC7zkwIAgxsOlyuMcB/+X4Xnd5COyMZuD11uHhqKD+HM4
VDAzfXDUCA2a/cbe7apZJzbTfxpzv+mVdxHXZa/WMPvS9v1u4QjiSnv4WQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOooXU2DpS5uQQY+RrqOp7lJWLViMB8GA1UdIwQY
MBaAFA/46T80cupr5Y8/63RJVHAJWhd9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9qcFB6Unk2bXZsanpfcmRFbFVjQWxhRjMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84YjkzYTQtODY4ZC00ZjMwLWI0NGYt
ZmNlM2Q1OTBjNmRiLzEvNmloZFRZT2xMbTVCQmo1R3VvNm51VWxZdFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84YjkzYTQtODY4ZC00ZjMwLWI0NGYtZmNlM2Q1OTBjNmRi
LzEvRF9qcFB6Unk2bXZsanpfcmRFbFVjQWxhRjMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCixyYMA0E
AgACMAcDBQMqExRAMA0GCSqGSIb3DQEBCwUAA4IBAQCYtK9nJULuCOPyLg2HHDoe
QeejI+iXn5zBmuXY7b/YLvHojpKxxQHfCte2rDJswxUATGzufnRgodsBFUtVVfwh
P/ua6LIlOzlnwe1bk2slwthjKCVEwvlajQ7nKHNiURdKK0fCdcVelKKrT3PeyolH
R/UBJqAT7z8fpkfg/QZY9JlnhVaaw+XIcPuuqlB3y+LWhPfYxeh+T/JszOYhPKq/
bYMqirMUxdMf+HxXsDMGWc+wnHwYW4VDD3CT7I+7cORFY6wHgTZkib4vjbH88a9g
yhM5O0ZgC0H/h14hSZXzvyRj/Lo3vXdD6/DnH0m3T6hIL0oVD2yUYNfHWhz0V2Yr
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:59:33 2024 by rpki-client on console-ams.rpki-client.org