Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/8c83fd-52b5-40bb-9963-48873baa69a7/1/bf_Ic-L9OofrWXtNHAmSMOBsS_Y.roa
File:                     bf_Ic-L9OofrWXtNHAmSMOBsS_Y.roa (raw, json)
Hash identifier:          7VsYncI9GJ9Pla4NofVnAxZDZ15RiyBcV0FfXR1sum4=
Subject key identifier:   6D:FF:C8:73:E2:FD:3A:87:EB:59:7B:4D:1C:09:92:30:E0:6C:4B:F6
Certificate issuer:       /CN=881721281ffba5713e9d052af6fe6d1b040a2a39
Certificate serial:       018CC64A5A1F17A2FA01284D064C20F8531A
Authority key identifier: 88:17:21:28:1F:FB:A5:71:3E:9D:05:2A:F6:FE:6D:1B:04:0A:2A:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBchKB_7pXE-nQUq9v5tGwQKKjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/8c83fd-52b5-40bb-9963-48873baa69a7/1/bf_Ic-L9OofrWXtNHAmSMOBsS_Y.roa
Signing time:             Mon 01 Jan 2024 18:30:10 +0000
ROA not before:           Mon 01 Jan 2024 18:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34655
IP address blocks:        2a03:9c40:800::/48 maxlen: 48
                          2a03:9c40:600::/48 maxlen: 48
                          2a03:9c40:400::/48 maxlen: 48
                          2a03:9c40:200::/48 maxlen: 48
                          2a03:9c40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/8c83fd-52b5-40bb-9963-48873baa69a7/1/iBchKB_7pXE-nQUq9v5tGwQKKjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/8c83fd-52b5-40bb-9963-48873baa69a7/1/iBchKB_7pXE-nQUq9v5tGwQKKjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBchKB_7pXE-nQUq9v5tGwQKKjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:5a:1f:17:a2:fa:01:28:4d:06:4c:20:f8:53:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=881721281ffba5713e9d052af6fe6d1b040a2a39
        Validity
            Not Before: Jan  1 18:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dffc873e2fd3a87eb597b4d1c099230e06c4bf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0a:16:38:e1:fc:57:5a:9a:fb:d0:c1:a2:bc:
                    53:db:84:ee:1c:12:d6:10:0f:2a:26:ce:21:12:d4:
                    cb:5b:2d:4b:2c:34:7b:f3:14:13:0e:76:28:b9:e2:
                    d1:9b:8a:98:c2:ef:c8:7a:d2:1b:d7:4a:da:8e:6b:
                    4f:77:83:f6:fd:69:8f:58:72:1b:bc:67:43:9e:0d:
                    fe:c5:95:ed:e5:94:bf:63:b2:bc:5c:cb:af:0c:b5:
                    bf:f8:d3:2f:dc:2c:33:94:5b:bd:61:38:df:fe:c7:
                    c6:83:42:13:7a:b3:61:c1:cd:ca:9f:86:69:b1:3a:
                    4f:ba:bf:a0:2d:cb:23:31:88:53:e2:38:a9:df:9a:
                    d5:3f:d2:c2:61:81:00:f5:cd:78:d8:7e:4e:79:2b:
                    9d:df:a5:db:2c:3a:c8:f1:5a:40:0c:47:2b:65:6e:
                    7e:e3:49:cd:1d:ff:dc:53:8d:f9:aa:0d:a2:5b:d0:
                    02:cd:71:e9:a9:54:df:00:38:51:57:0c:fd:27:d3:
                    e8:f9:42:b2:30:8c:5c:13:ab:c8:7f:a2:c2:fc:73:
                    1d:3d:23:58:a5:50:78:d4:5d:d2:b4:99:c7:65:7c:
                    d9:f8:75:d9:22:10:8a:e8:5b:f2:ec:4e:fc:99:a3:
                    f5:c9:4f:92:84:01:85:55:96:71:ec:53:8f:c6:47:
                    6a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:FF:C8:73:E2:FD:3A:87:EB:59:7B:4D:1C:09:92:30:E0:6C:4B:F6
            X509v3 Authority Key Identifier:
                keyid:88:17:21:28:1F:FB:A5:71:3E:9D:05:2A:F6:FE:6D:1B:04:0A:2A:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBchKB_7pXE-nQUq9v5tGwQKKjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/8c83fd-52b5-40bb-9963-48873baa69a7/1/bf_Ic-L9OofrWXtNHAmSMOBsS_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/8c83fd-52b5-40bb-9963-48873baa69a7/1/iBchKB_7pXE-nQUq9v5tGwQKKjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:9c40::/48
                  2a03:9c40:200::/48
                  2a03:9c40:400::/48
                  2a03:9c40:600::/48
                  2a03:9c40:800::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:11:f8:ad:3f:f4:23:6e:47:47:14:f1:1c:0d:e3:ea:0a:95:
         f3:c8:d0:a8:cf:d9:4f:3c:87:82:0f:18:5b:19:17:af:aa:fc:
         39:c5:fb:ae:96:a7:c8:22:fb:16:84:b6:1c:54:b0:d4:46:3d:
         d7:a0:6b:03:e7:7a:a1:d8:78:cb:68:5e:e9:44:fd:19:68:04:
         fb:aa:6a:08:30:32:cf:40:86:ba:a5:b4:f1:b6:fc:f7:23:15:
         50:43:b6:03:f5:1f:09:34:90:bd:69:25:8b:b8:17:20:49:14:
         e8:6a:04:d5:6a:ca:8a:25:d4:a7:76:72:f1:3b:e2:66:e0:f6:
         58:48:6c:e1:45:a9:fd:b4:84:b6:46:87:4b:3b:de:82:84:b4:
         23:c1:25:1a:46:ac:d0:47:93:e3:b7:8a:e9:a8:8a:02:69:94:
         6d:c3:87:f9:50:ea:b4:42:7e:0e:0f:90:a2:33:e3:cd:5f:c2:
         9d:36:50:b4:42:60:cf:cf:83:fc:90:9e:a9:df:6a:e5:9a:1d:
         ed:31:77:a3:9e:da:b9:36:e3:d7:37:0b:16:7c:8c:79:59:e1:
         b3:55:dc:17:e3:b5:ad:77:3c:6b:88:cd:8a:3a:4b:12:81:f0:
         13:50:48:e1:cb:a9:d6:8f:a9:e7:f6:b4:33:9b:7b:c0:b4:28:
         2c:69:89:79
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzGSlofF6L6AShNBkwg+FMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTcyMTI4MWZmYmE1NzEzZTlkMDUyYWY2ZmU2ZDFiMDQw
YTJhMzkwHhcNMjQwMTAxMTgzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGZmYzg3M2UyZmQzYTg3ZWI1OTdiNGQxYzA5OTIzMGUwNmM0YmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwoWOOH8V1qa+9DBorxT24TuHBLW
EA8qJs4hEtTLWy1LLDR78xQTDnYoueLRm4qYwu/IetIb10rajmtPd4P2/WmPWHIb
vGdDng3+xZXt5ZS/Y7K8XMuvDLW/+NMv3CwzlFu9YTjf/sfGg0ITerNhwc3Kn4Zp
sTpPur+gLcsjMYhT4jip35rVP9LCYYEA9c142H5OeSud36XbLDrI8VpADEcrZW5+
40nNHf/cU435qg2iW9ACzXHpqVTfADhRVwz9J9Po+UKyMIxcE6vIf6LC/HMdPSNY
pVB41F3StJnHZXzZ+HXZIhCK6Fvy7E78maP1yU+ShAGFVZZx7FOPxkdqiwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFG3/yHPi/TqH61l7TRwJkjDgbEv2MB8GA1UdIwQY
MBaAFIgXISgf+6VxPp0FKvb+bRsECio5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJjaEtCXzdwWEUtblFVcTl2NXRHd1FLS2prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84YzgzZmQtNTJiNS00MGJiLTk5NjMt
NDg4NzNiYWE2OWE3LzEvYmZfSWMtTDlPb2ZyV1h0TkhBbVNNT0JzU19ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84YzgzZmQtNTJiNS00MGJiLTk5NjMtNDg4NzNiYWE2OWE3
LzEvaUJjaEtCXzdwWEUtblFVcTl2NXRHd1FLS2prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAAjAtAwcAKgOcQAAA
AwcAKgOcQAIAAwcAKgOcQAQAAwcAKgOcQAYAAwcAKgOcQAgAMA0GCSqGSIb3DQEB
CwUAA4IBAQCeEfitP/QjbkdHFPEcDePqCpXzyNCoz9lPPIeCDxhbGRevqvw5xfuu
lqfIIvsWhLYcVLDURj3XoGsD53qh2HjLaF7pRP0ZaAT7qmoIMDLPQIa6pbTxtvz3
IxVQQ7YD9R8JNJC9aSWLuBcgSRToagTVasqKJdSndnLxO+Jm4PZYSGzhRan9tIS2
RodLO96ChLQjwSUaRqzQR5Pjt4rpqIoCaZRtw4f5UOq0Qn4OD5CiM+PNX8KdNlC0
QmDPz4P8kJ6p32rlmh3tMXejntq5NuPXNwsWfIx5WeGzVdwX47WtdzxriM2KOksS
gfATUEjhy6nWj6nn9rQzm3vAtCgsaYl5
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:24:11 2024 by rpki-client on console-fra.rpki-client.org