Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/KXB2quTD6lo1P9QN6Z04InH14Os.roa
File:                     KXB2quTD6lo1P9QN6Z04InH14Os.roa (raw, json)
Hash identifier:          R4UH+TtiL9jQBexB7wNnjwxkWZ+YkfDfqAnNhpv9gSg=
Subject key identifier:   29:70:76:AA:E4:C3:EA:5A:35:3F:D4:0D:E9:9D:38:22:71:F5:E0:EB
Certificate issuer:       /CN=21cb2ac377fc603f95faecc54ac7d590f2cc319d
Certificate serial:       018FA6479E6DA311E80959CF7BA1C1AB5259
Authority key identifier: 21:CB:2A:C3:77:FC:60:3F:95:FA:EC:C5:4A:C7:D5:90:F2:CC:31:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/KXB2quTD6lo1P9QN6Z04InH14Os.roa
Signing time:             Thu 23 May 2024 16:27:42 +0000
ROA not before:           Thu 23 May 2024 16:27:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        91.212.26.0/24 maxlen: 24
                          185.177.44.0/24 maxlen: 24
                          2a0a:2f80::/32 maxlen: 32
                          2a0a:2f81::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a6:47:9e:6d:a3:11:e8:09:59:cf:7b:a1:c1:ab:52:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21cb2ac377fc603f95faecc54ac7d590f2cc319d
        Validity
            Not Before: May 23 16:27:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=297076aae4c3ea5a353fd40de99d382271f5e0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c8:58:e6:37:f8:ec:d3:02:e0:19:7e:d4:ab:
                    5b:74:b2:ce:6f:ee:cc:bf:81:e9:4d:8e:46:28:44:
                    89:61:83:22:ec:79:78:3c:0c:92:11:18:4f:89:b5:
                    9e:c0:0e:a6:e7:92:4b:36:7f:5d:69:a1:11:f3:d2:
                    a2:09:d5:37:93:e4:ea:c2:a8:cc:c4:02:44:81:8f:
                    a8:b2:da:0d:d8:c6:bb:85:34:11:1d:89:78:14:8c:
                    e0:6d:59:f7:1e:cf:1a:39:8b:60:36:e1:2e:d4:1e:
                    c8:18:f2:b4:6e:7c:b5:54:53:f2:0e:d2:fb:35:cd:
                    e1:e2:26:ae:96:3d:96:cf:86:ee:98:a9:47:07:b4:
                    bd:d4:a7:19:23:66:6a:0e:f3:ef:c8:a9:e0:a5:97:
                    95:26:ba:66:62:b9:56:94:a6:03:dc:ae:82:6a:93:
                    9b:b1:0e:84:38:8c:b5:fd:46:91:02:1e:3c:e6:63:
                    d7:4a:9c:54:e5:bc:31:c4:74:24:e1:f9:e9:96:a9:
                    0e:00:10:04:18:df:3e:5c:3b:1f:0f:05:78:65:d7:
                    01:0a:87:93:f4:e2:14:05:5a:be:fb:f1:55:de:81:
                    3a:3a:f3:28:0a:c5:a2:9a:03:5a:f5:f9:54:8d:b6:
                    33:0b:65:40:31:0b:76:dd:92:a6:db:84:b0:62:36:
                    af:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:70:76:AA:E4:C3:EA:5A:35:3F:D4:0D:E9:9D:38:22:71:F5:E0:EB
            X509v3 Authority Key Identifier:
                keyid:21:CB:2A:C3:77:FC:60:3F:95:FA:EC:C5:4A:C7:D5:90:F2:CC:31:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/KXB2quTD6lo1P9QN6Z04InH14Os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/67c21d-0e92-4242-994e-fb40d6da2468/1/Icsqw3f8YD-V-uzFSsfVkPLMMZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.26.0/24
                  185.177.44.0/24
                IPv6:
                  2a0a:2f80::/31

    Signature Algorithm: sha256WithRSAEncryption
         82:a0:86:18:27:5b:c1:d5:ff:17:fb:ca:1f:1f:59:cb:27:52:
         12:79:6b:e8:93:0b:fe:77:4a:5a:ab:b3:c0:0e:d5:26:07:41:
         3e:8f:fd:fe:1a:12:7d:47:e4:48:86:e4:cd:1b:c7:e7:0d:bf:
         8c:5d:ea:fe:84:f4:74:4d:01:c4:48:0f:f1:ed:c8:d0:0d:47:
         d0:62:5b:9d:df:f1:ea:a9:28:30:c3:8b:e5:5e:db:ed:19:2a:
         64:0b:95:f0:59:4d:93:8d:54:8f:8b:71:3f:0b:68:17:67:a8:
         5a:fd:89:89:03:d0:d9:c7:86:4f:00:fc:28:f9:92:85:15:a9:
         03:76:b7:81:bf:c0:08:09:88:85:65:a0:79:dd:ff:4d:21:ad:
         03:bc:86:22:a3:a3:2f:98:72:7c:a6:62:b3:e8:fe:fe:59:3b:
         27:5d:d0:2d:44:84:db:d1:b6:2e:cf:c0:2b:c7:17:2b:a4:07:
         79:c9:b4:a2:48:6a:a1:45:54:0e:b4:01:87:35:da:dd:4b:84:
         2e:2e:dd:aa:11:c7:26:44:bb:89:6d:ca:1c:fd:94:fb:53:e1:
         d1:e5:82:d0:22:b2:cf:9c:4e:a3:cf:2f:24:63:d3:ef:47:3c:
         7a:f2:5b:a3:43:b1:5c:ac:6c:90:f5:41:c2:d4:6d:79:c9:f5:
         7f:70:11:bb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY+mR55toxHoCVnPe6HBq1JZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxY2IyYWMzNzdmYzYwM2Y5NWZhZWNjNTRhYzdkNTkwZjJj
YzMxOWQwHhcNMjQwNTIzMTYyNzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTcwNzZhYWU0YzNlYTVhMzUzZmQ0MGRlOTlkMzgyMjcxZjVlMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMhY5jf47NMC4Bl+1KtbdLLOb+7M
v4HpTY5GKESJYYMi7Hl4PAySERhPibWewA6m55JLNn9daaER89KiCdU3k+TqwqjM
xAJEgY+ostoN2Ma7hTQRHYl4FIzgbVn3Hs8aOYtgNuEu1B7IGPK0bny1VFPyDtL7
Nc3h4iaulj2Wz4bumKlHB7S91KcZI2ZqDvPvyKngpZeVJrpmYrlWlKYD3K6CapOb
sQ6EOIy1/UaRAh485mPXSpxU5bwxxHQk4fnplqkOABAEGN8+XDsfDwV4ZdcBCoeT
9OIUBVq++/FV3oE6OvMoCsWimgNa9flUjbYzC2VAMQt23ZKm24SwYjavjwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFClwdqrkw+paNT/UDemdOCJx9eDrMB8GA1UdIwQY
MBaAFCHLKsN3/GA/lfrsxUrH1ZDyzDGdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWNzcXczZjhZRC1WLXV6RlNzZlZrUExNTVowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy82N2MyMWQtMGU5Mi00MjQyLTk5NGUt
ZmI0MGQ2ZGEyNDY4LzEvS1hCMnF1VEQ2bG8xUDlRTjZaMDRJbkgxNE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy82N2MyMWQtMGU5Mi00MjQyLTk5NGUtZmI0MGQ2ZGEyNDY4
LzEvSWNzcXczZjhZRC1WLXV6RlNzZlZrUExNTVowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9QaAwQA
ubEsMA0EAgACMAcDBQEqCi+AMA0GCSqGSIb3DQEBCwUAA4IBAQCCoIYYJ1vB1f8X
+8ofH1nLJ1ISeWvokwv+d0paq7PADtUmB0E+j/3+GhJ9R+RIhuTNG8fnDb+MXer+
hPR0TQHESA/x7cjQDUfQYlud3/HqqSgww4vlXtvtGSpkC5XwWU2TjVSPi3E/C2gX
Z6ha/YmJA9DZx4ZPAPwo+ZKFFakDdreBv8AICYiFZaB53f9NIa0DvIYio6MvmHJ8
pmKz6P7+WTsnXdAtRITb0bYuz8ArxxcrpAd5ybSiSGqhRVQOtAGHNdrdS4QuLt2q
EccmRLuJbcoc/ZT7U+HR5YLQIrLPnE6jzy8kY9PvRzx68lujQ7FcrGyQ9UHC1G15
yfV/cBG7
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:04:56 2024 by rpki-client on console-ams.rpki-client.org