Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/ecb197-e0f5-438d-8fc5-e4d45971b13d/1/Z-2yti5r6OwLCOpxNJNwlZBM0j4.roa
File:                     Z-2yti5r6OwLCOpxNJNwlZBM0j4.roa (raw, json)
Hash identifier:          p0Oh20FDPmNgJU0ly8q4Dg3A4OWqnOH6AIVm3iaQ47Y=
Subject key identifier:   67:ED:B2:B6:2E:6B:E8:EC:0B:08:EA:71:34:93:70:95:90:4C:D2:3E
Certificate issuer:       /CN=7b827acc680aa29ddac823889d87863e414b2411
Certificate serial:       018CC9BC2E1E3885AF01A50BE71117F2C1F7
Authority key identifier: 7B:82:7A:CC:68:0A:A2:9D:DA:C8:23:88:9D:87:86:3E:41:4B:24:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e4J6zGgKop3ayCOInYeGPkFLJBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/ecb197-e0f5-438d-8fc5-e4d45971b13d/1/Z-2yti5r6OwLCOpxNJNwlZBM0j4.roa
Signing time:             Tue 02 Jan 2024 10:33:22 +0000
ROA not before:           Tue 02 Jan 2024 10:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59752
IP address blocks:        185.95.128.0/22 maxlen: 24
                          164.177.168.0/21 maxlen: 24
                          2a03:2500::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/ecb197-e0f5-438d-8fc5-e4d45971b13d/1/e4J6zGgKop3ayCOInYeGPkFLJBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/ecb197-e0f5-438d-8fc5-e4d45971b13d/1/e4J6zGgKop3ayCOInYeGPkFLJBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e4J6zGgKop3ayCOInYeGPkFLJBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:2e:1e:38:85:af:01:a5:0b:e7:11:17:f2:c1:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b827acc680aa29ddac823889d87863e414b2411
        Validity
            Not Before: Jan  2 10:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67edb2b62e6be8ec0b08ea7134937095904cd23e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:06:e6:ae:d3:c8:bb:1a:5c:44:ef:f0:dd:74:
                    b6:4f:d2:a6:6c:c4:03:60:22:66:b9:e3:a8:1b:02:
                    88:3b:43:40:8c:fc:42:81:f6:b6:ef:d0:8a:31:f5:
                    18:e0:88:3e:2a:9c:75:13:58:85:1f:75:2c:be:39:
                    c0:c9:d5:1c:49:6a:6b:75:1f:39:df:32:b4:41:3b:
                    fd:c5:00:55:6b:98:e5:f3:7c:c5:a3:8a:fc:93:e7:
                    4c:54:e3:b8:9d:98:b4:b2:d2:0e:e0:c3:c7:0c:e3:
                    9c:a7:2b:51:d3:3b:ea:40:3f:9e:93:f5:26:1f:ba:
                    64:08:eb:17:dd:5f:5e:33:a9:f2:e5:7e:57:e2:97:
                    e3:b0:6f:1f:01:cc:2e:cc:07:76:9b:fe:8e:83:22:
                    3e:27:ae:68:6c:19:d7:71:66:46:87:b0:e0:38:ba:
                    9f:46:7e:d6:33:47:75:f5:07:52:b3:23:26:16:80:
                    88:0f:aa:ad:54:51:77:0f:e1:33:7d:37:1a:d9:ab:
                    87:b3:6d:e5:42:0b:7d:f5:94:22:d5:b2:25:38:35:
                    71:ef:2f:02:33:13:32:fa:f4:42:b8:a1:10:db:8b:
                    4e:9f:01:45:53:96:a2:96:47:a2:62:1e:e8:b2:91:
                    b8:bd:2e:c1:1a:c8:0f:e4:0b:da:fb:03:92:6e:a5:
                    25:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:ED:B2:B6:2E:6B:E8:EC:0B:08:EA:71:34:93:70:95:90:4C:D2:3E
            X509v3 Authority Key Identifier:
                keyid:7B:82:7A:CC:68:0A:A2:9D:DA:C8:23:88:9D:87:86:3E:41:4B:24:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4J6zGgKop3ayCOInYeGPkFLJBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/ecb197-e0f5-438d-8fc5-e4d45971b13d/1/Z-2yti5r6OwLCOpxNJNwlZBM0j4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/ecb197-e0f5-438d-8fc5-e4d45971b13d/1/e4J6zGgKop3ayCOInYeGPkFLJBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.177.168.0/21
                  185.95.128.0/22
                IPv6:
                  2a03:2500::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:c2:4a:b8:0e:7c:bc:b7:eb:6f:d8:70:d9:49:b4:ae:d2:4a:
         87:79:42:f3:e6:b9:ed:0f:89:3c:e8:35:bc:3f:da:e1:cd:29:
         e5:f0:9b:95:1a:3d:dd:27:d8:f5:c0:22:91:4c:fd:a8:e8:9a:
         e9:10:6b:77:03:15:08:71:b3:44:99:6a:4e:1d:1f:40:31:97:
         24:92:30:3b:7a:62:64:dd:67:eb:3f:64:7c:22:f0:b8:49:28:
         44:4c:6c:61:b0:0c:f8:b2:9e:0b:4c:7c:a0:9c:4d:50:f7:09:
         0e:60:76:61:c3:be:9f:72:05:36:4e:3a:9b:af:1d:ca:d0:81:
         5f:f7:66:13:9c:0f:3a:3d:57:27:59:6e:f4:df:d9:4c:67:ab:
         e7:b9:18:8d:e9:b1:6b:00:9e:91:07:0d:7b:16:04:cf:6e:52:
         54:5b:1d:c7:4a:6c:4b:9c:21:e3:fd:c6:e4:b9:b3:4d:43:ac:
         27:2a:8f:6f:dc:fa:7c:c3:1e:5c:3b:48:83:bf:69:e6:92:5c:
         2e:cd:1a:1a:87:d6:0d:5a:a1:6d:b4:ab:30:0e:ac:1e:b5:20:
         2f:37:6c:33:66:7b:a3:53:70:28:38:61:72:6a:a5:40:25:f6:
         bd:04:40:26:2f:b6:83:91:f2:12:61:a3:2f:1c:22:82:3e:86:
         cb:00:4f:3f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvC4eOIWvAaUL5xEX8sH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiODI3YWNjNjgwYWEyOWRkYWM4MjM4ODlkODc4NjNlNDE0
YjI0MTEwHhcNMjQwMTAyMTAzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2VkYjJiNjJlNmJlOGVjMGIwOGVhNzEzNDkzNzA5NTkwNGNkMjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgbmrtPIuxpcRO/w3XS2T9KmbMQD
YCJmueOoGwKIO0NAjPxCgfa279CKMfUY4Ig+Kpx1E1iFH3UsvjnAydUcSWprdR85
3zK0QTv9xQBVa5jl83zFo4r8k+dMVOO4nZi0stIO4MPHDOOcpytR0zvqQD+ek/Um
H7pkCOsX3V9eM6ny5X5X4pfjsG8fAcwuzAd2m/6OgyI+J65obBnXcWZGh7DgOLqf
Rn7WM0d19QdSsyMmFoCID6qtVFF3D+EzfTca2auHs23lQgt99ZQi1bIlODVx7y8C
MxMy+vRCuKEQ24tOnwFFU5ailkeiYh7ospG4vS7BGsgP5Ava+wOSbqUlcQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGftsrYua+jsCwjqcTSTcJWQTNI+MB8GA1UdIwQY
MBaAFHuCesxoCqKd2sgjiJ2Hhj5BSyQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTRKNnpHZ0tvcDNheUNPSW5ZZUdQa0ZMSkJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9lY2IxOTctZTBmNS00MzhkLThmYzUt
ZTRkNDU5NzFiMTNkLzEvWi0yeXRpNXI2T3dMQ09weE5KTndsWkJNMGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9lY2IxOTctZTBmNS00MzhkLThmYzUtZTRkNDU5NzFiMTNk
LzEvZTRKNnpHZ0tvcDNheUNPSW5ZZUdQa0ZMSkJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDpLGoAwQC
uV+AMA0EAgACMAcDBQAqAyUAMA0GCSqGSIb3DQEBCwUAA4IBAQBtwkq4Dny8t+tv
2HDZSbSu0kqHeULz5rntD4k86DW8P9rhzSnl8JuVGj3dJ9j1wCKRTP2o6JrpEGt3
AxUIcbNEmWpOHR9AMZckkjA7emJk3WfrP2R8IvC4SShETGxhsAz4sp4LTHygnE1Q
9wkOYHZhw76fcgU2Tjqbrx3K0IFf92YTnA86PVcnWW7039lMZ6vnuRiN6bFrAJ6R
Bw17FgTPblJUWx3HSmxLnCHj/cbkubNNQ6wnKo9v3Pp8wx5cO0iDv2nmklwuzRoa
h9YNWqFttKswDqwetSAvN2wzZnujU3AoOGFyaqVAJfa9BEAmL7aDkfISYaMvHCKC
PobLAE8/
-----END CERTIFICATE-----
Generated at Sat Nov 23 17:37:08 2024 by rpki-client on console-fra.rpki-client.org