Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/6aPj84O_XRT7QLm_N4SKBBU3fVE.roa
File:                     6aPj84O_XRT7QLm_N4SKBBU3fVE.roa (raw, json)
Hash identifier:          uFL/n4F4/ANq4fCQ401D7erQJKxUXmBJK802Bs9mmRQ=
Subject key identifier:   E9:A3:E3:F3:83:BF:5D:14:FB:40:B9:BF:37:84:8A:04:15:37:7D:51
Certificate issuer:       /CN=9d210f2259093aaf45285922a588e9a661aba9fa
Certificate serial:       018CC2DB233520F1EBE5F1CB6214B042CA02
Authority key identifier: 9D:21:0F:22:59:09:3A:AF:45:28:59:22:A5:88:E9:A6:61:AB:A9:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSEPIlkJOq9FKFkipYjppmGrqfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/6aPj84O_XRT7QLm_N4SKBBU3fVE.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41798
IP address blocks:        217.196.16.0/20 maxlen: 20
                          77.245.96.0/20 maxlen: 20
                          93.185.64.0/20 maxlen: 20
                          95.141.128.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/nSEPIlkJOq9FKFkipYjppmGrqfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/nSEPIlkJOq9FKFkipYjppmGrqfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSEPIlkJOq9FKFkipYjppmGrqfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:23:35:20:f1:eb:e5:f1:cb:62:14:b0:42:ca:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d210f2259093aaf45285922a588e9a661aba9fa
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9a3e3f383bf5d14fb40b9bf37848a0415377d51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:c9:92:53:80:d6:23:54:4d:c9:41:f3:f3:f3:
                    ed:a3:f6:bc:1f:bc:b7:07:93:ed:14:22:ab:78:32:
                    84:b6:ac:5f:63:ed:dd:69:63:e0:a6:5b:29:31:47:
                    c8:ed:22:db:23:5a:b9:80:10:67:57:e8:04:2e:22:
                    18:79:d9:68:05:5f:bf:f0:dd:72:fb:cc:1a:98:a6:
                    d8:06:b0:1f:7c:b7:8b:df:d4:49:6f:95:06:cd:b1:
                    3a:54:74:3f:f8:0f:c1:a1:b8:1e:85:0b:16:a1:57:
                    51:e4:6b:f4:bf:eb:87:70:ea:b8:da:e9:77:ab:f2:
                    69:d0:22:a6:d4:1d:1f:2e:8a:4e:99:3f:c3:be:71:
                    48:4d:eb:23:d5:6f:78:87:3f:6d:5f:61:d2:e9:89:
                    5a:c9:69:df:2f:b0:71:09:ea:ac:aa:ee:d4:ff:df:
                    58:0f:ef:8e:2d:80:08:ca:15:7d:91:af:c1:92:6f:
                    24:d2:53:e7:70:11:1b:5a:48:4f:38:04:f8:86:85:
                    41:f2:fd:8d:6b:5a:a9:98:4d:d1:5a:bc:61:af:f5:
                    4a:29:ae:ee:70:3e:4a:17:d5:9a:7f:24:00:30:4c:
                    78:ac:78:7b:6c:f7:d8:1a:4e:f1:b1:86:76:e6:e2:
                    7d:29:6a:e9:7b:67:2e:a8:1d:4c:6a:8a:9f:d4:f5:
                    25:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A3:E3:F3:83:BF:5D:14:FB:40:B9:BF:37:84:8A:04:15:37:7D:51
            X509v3 Authority Key Identifier:
                keyid:9D:21:0F:22:59:09:3A:AF:45:28:59:22:A5:88:E9:A6:61:AB:A9:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSEPIlkJOq9FKFkipYjppmGrqfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/6aPj84O_XRT7QLm_N4SKBBU3fVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/nSEPIlkJOq9FKFkipYjppmGrqfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.245.96.0/20
                  93.185.64.0/20
                  95.141.128.0/20
                  217.196.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         05:36:99:4d:71:3f:7d:b2:14:3e:38:f5:8e:b8:62:7d:e8:f6:
         93:e0:15:da:48:e2:54:2a:01:d8:d7:81:84:64:a1:36:20:de:
         56:c3:ee:d3:d8:f7:9a:3e:a3:9c:50:aa:a8:a0:0f:76:33:96:
         0f:e0:45:7c:ae:13:f5:de:f4:a9:93:5e:ee:bc:14:5b:bb:ff:
         df:f8:40:28:0c:9d:d9:ec:60:d0:a8:33:49:e8:d5:c8:48:2f:
         58:4e:91:35:c4:52:c4:b2:c2:be:de:b8:e1:0b:03:f7:34:c3:
         ac:84:d1:3c:19:cf:2d:33:15:17:66:56:6f:20:cc:05:eb:2d:
         2a:e9:a9:9a:43:00:9f:78:96:ff:0a:aa:b1:8d:4c:44:e2:d1:
         ef:90:25:ad:cc:65:3c:a0:4d:a7:94:bc:d9:13:f7:14:68:d4:
         fa:31:2d:95:4e:85:c3:51:fa:bf:7a:1e:31:b1:6a:64:76:b6:
         5a:af:e0:2d:3f:51:81:34:51:5b:6f:c7:f6:48:71:e8:3e:5f:
         5f:40:a9:0e:00:53:90:e8:b3:6d:57:b4:4b:e7:bb:a0:7d:e7:
         14:ae:ec:d5:9d:7f:fd:77:b7:8a:80:7a:d2:da:68:5d:af:54:
         ae:2e:60:fc:5d:6e:1d:ea:30:7d:8f:4e:bf:d6:d1:e7:3f:ff:
         6b:8a:d3:98
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzC2yM1IPHr5fHLYhSwQsoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjEwZjIyNTkwOTNhYWY0NTI4NTkyMmE1ODhlOWE2NjFh
YmE5ZmEwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWEzZTNmMzgzYmY1ZDE0ZmI0MGI5YmYzNzg0OGEwNDE1Mzc3ZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5smSU4DWI1RNyUHz8/Pto/a8H7y3
B5PtFCKreDKEtqxfY+3daWPgplspMUfI7SLbI1q5gBBnV+gELiIYedloBV+/8N1y
+8wamKbYBrAffLeL39RJb5UGzbE6VHQ/+A/BobgehQsWoVdR5Gv0v+uHcOq42ul3
q/Jp0CKm1B0fLopOmT/DvnFITesj1W94hz9tX2HS6YlayWnfL7BxCeqsqu7U/99Y
D++OLYAIyhV9ka/Bkm8k0lPncBEbWkhPOAT4hoVB8v2Na1qpmE3RWrxhr/VKKa7u
cD5KF9WafyQAMEx4rHh7bPfYGk7xsYZ25uJ9KWrpe2cuqB1Maoqf1PUlhwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOmj4/ODv10U+0C5vzeEigQVN31RMB8GA1UdIwQY
MBaAFJ0hDyJZCTqvRShZIqWI6aZhq6n6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNFUElsa0pPcTlGS0ZraXBZanBwbUdycWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS85MzY4NmQtMTFmNS00ZTNlLWI1YzQt
NDM4NDNjMmU5NDNiLzEvNmFQajg0T19YUlQ3UUxtX040U0tCQlUzZlZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS85MzY4NmQtMTFmNS00ZTNlLWI1YzQtNDM4NDNjMmU5NDNi
LzEvblNFUElsa0pPcTlGS0ZraXBZanBwbUdycWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQETfVgAwQE
XblAAwQEX42AAwQE2cQQMA0GCSqGSIb3DQEBCwUAA4IBAQAFNplNcT99shQ+OPWO
uGJ96PaT4BXaSOJUKgHY14GEZKE2IN5Ww+7T2PeaPqOcUKqooA92M5YP4EV8rhP1
3vSpk17uvBRbu//f+EAoDJ3Z7GDQqDNJ6NXISC9YTpE1xFLEssK+3rjhCwP3NMOs
hNE8Gc8tMxUXZlZvIMwF6y0q6amaQwCfeJb/CqqxjUxE4tHvkCWtzGU8oE2nlLzZ
E/cUaNT6MS2VToXDUfq/eh4xsWpkdrZar+AtP1GBNFFbb8f2SHHoPl9fQKkOAFOQ
6LNtV7RL57ugfecUruzVnX/9d7eKgHrS2mhdr1SuLmD8XW4d6jB9j06/1tHnP/9r
itOY
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:14:32 2024 by rpki-client on console-fra.rpki-client.org