Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/2f5269-d433-47ed-bf1b-ab6fc4e0f1e0/1/6kO7gNE3kBxHP4oIeMa3yug13hw.roa
File:                     6kO7gNE3kBxHP4oIeMa3yug13hw.roa (raw, json)
Hash identifier:          7DTvEYnZ4THK3lHJuJVf7OYkpMGBejURrWb4wINYaj0=
Subject key identifier:   EA:43:BB:80:D1:37:90:1C:47:3F:8A:08:78:C6:B7:CA:E8:35:DE:1C
Certificate issuer:       /CN=686d6f569500c25070b6124f1b86f60952677a93
Certificate serial:       018CC5DBEC12ECFAEB8C7C0DA1359024D31A
Authority key identifier: 68:6D:6F:56:95:00:C2:50:70:B6:12:4F:1B:86:F6:09:52:67:7A:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aG1vVpUAwlBwthJPG4b2CVJnepM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/2f5269-d433-47ed-bf1b-ab6fc4e0f1e0/1/6kO7gNE3kBxHP4oIeMa3yug13hw.roa
Signing time:             Mon 01 Jan 2024 16:29:33 +0000
ROA not before:           Mon 01 Jan 2024 16:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207881
IP address blocks:        91.237.208.0/24 maxlen: 24
                          91.237.215.0/24 maxlen: 24
                          91.238.1.0/24 maxlen: 24
                          91.238.18.0/24 maxlen: 24
                          2a0f:6940::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/2f5269-d433-47ed-bf1b-ab6fc4e0f1e0/1/aG1vVpUAwlBwthJPG4b2CVJnepM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/2f5269-d433-47ed-bf1b-ab6fc4e0f1e0/1/aG1vVpUAwlBwthJPG4b2CVJnepM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aG1vVpUAwlBwthJPG4b2CVJnepM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 08:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ec:12:ec:fa:eb:8c:7c:0d:a1:35:90:24:d3:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=686d6f569500c25070b6124f1b86f60952677a93
        Validity
            Not Before: Jan  1 16:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea43bb80d137901c473f8a0878c6b7cae835de1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2a:29:7c:df:ed:e2:79:9b:1b:cb:b5:2a:d5:
                    7f:f8:33:9c:42:bc:56:1c:42:67:2b:52:16:da:a9:
                    f2:a0:5a:95:84:17:23:9d:6e:55:24:62:80:f9:30:
                    1b:6e:37:67:3a:d9:ea:37:33:07:b1:f1:ee:cc:86:
                    5d:3a:34:88:72:ba:75:7e:e8:6c:3d:7b:62:1e:a0:
                    77:6a:e7:dd:c2:93:bb:e6:5a:f2:36:53:85:80:a6:
                    1e:e5:bf:b0:25:3f:c6:aa:3c:6a:9d:97:57:fa:4e:
                    40:57:17:ac:c2:bb:46:29:20:db:55:37:16:98:ce:
                    28:e6:ee:c4:20:a5:d1:f5:7e:57:e3:d9:9e:b7:0b:
                    05:16:1e:84:6f:f5:64:49:37:cf:c4:e3:1f:81:0e:
                    2d:eb:c1:3e:80:25:b0:5d:7b:fd:20:ae:07:c4:28:
                    e9:49:30:ce:1b:d9:40:3b:74:ca:53:e0:c0:1c:0b:
                    ca:38:d2:81:e4:ee:2e:cf:81:2a:65:16:38:7c:88:
                    c8:6d:d8:d1:99:21:c7:30:37:21:88:ab:38:1b:c5:
                    3c:5a:7f:cc:8f:29:fa:e4:91:c1:e0:29:97:c1:29:
                    92:3c:04:17:24:f8:55:d2:96:63:68:5b:cb:1e:b7:
                    82:33:63:e3:39:43:79:6d:53:2c:6c:e9:ec:0e:db:
                    34:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:43:BB:80:D1:37:90:1C:47:3F:8A:08:78:C6:B7:CA:E8:35:DE:1C
            X509v3 Authority Key Identifier:
                keyid:68:6D:6F:56:95:00:C2:50:70:B6:12:4F:1B:86:F6:09:52:67:7A:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aG1vVpUAwlBwthJPG4b2CVJnepM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/2f5269-d433-47ed-bf1b-ab6fc4e0f1e0/1/6kO7gNE3kBxHP4oIeMa3yug13hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/2f5269-d433-47ed-bf1b-ab6fc4e0f1e0/1/aG1vVpUAwlBwthJPG4b2CVJnepM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.208.0/24
                  91.237.215.0/24
                  91.238.1.0/24
                  91.238.18.0/24
                IPv6:
                  2a0f:6940::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:39:ff:20:0d:47:78:76:68:bf:5a:56:6f:79:29:42:25:0c:
         0a:3e:1c:3a:19:21:89:bc:e5:db:8a:b0:00:26:8f:5a:19:84:
         70:c2:71:0f:57:55:ca:67:22:b7:41:36:bf:ea:bc:78:5f:a3:
         01:2b:1f:ae:cb:78:93:8f:5a:2c:2a:27:3e:3d:cb:f3:d6:fc:
         e5:e5:84:95:da:5c:dc:03:e7:ef:8b:da:f9:b8:e3:08:83:66:
         60:78:55:9f:f7:15:11:f9:92:d6:9c:b5:c3:6b:36:c1:13:44:
         5d:41:42:71:ea:ba:c3:75:59:58:27:7b:08:9c:ff:1c:9d:b2:
         56:55:7c:eb:89:b2:24:bd:ca:70:a7:43:21:4a:c3:e8:c4:63:
         41:eb:5a:e5:0e:cc:de:39:34:78:52:51:09:e1:22:bb:50:e6:
         7c:95:5e:63:57:40:51:83:2c:d5:5b:7f:26:0a:b4:58:cb:2c:
         eb:5c:b0:5e:99:e7:9d:67:cc:30:0d:b2:e3:e4:e0:f2:ca:13:
         b6:db:a6:88:bb:4f:c0:f5:b5:2d:2d:ac:0f:91:18:99:96:5b:
         ea:e6:e7:b6:2e:17:15:ce:cd:af:f8:b6:97:59:49:d4:b4:c9:
         ed:47:06:64:ab:f6:0c:bd:95:2c:a1:ea:7f:b2:f9:a4:4a:ca:
         e2:75:0d:33
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzF2+wS7PrrjHwNoTWQJNMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NmQ2ZjU2OTUwMGMyNTA3MGI2MTI0ZjFiODZmNjA5NTI2
NzdhOTMwHhcNMjQwMTAxMTYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQzYmI4MGQxMzc5MDFjNDczZjhhMDg3OGM2YjdjYWU4MzVkZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiopfN/t4nmbG8u1KtV/+DOcQrxW
HEJnK1IW2qnyoFqVhBcjnW5VJGKA+TAbbjdnOtnqNzMHsfHuzIZdOjSIcrp1fuhs
PXtiHqB3aufdwpO75lryNlOFgKYe5b+wJT/GqjxqnZdX+k5AVxeswrtGKSDbVTcW
mM4o5u7EIKXR9X5X49metwsFFh6Eb/VkSTfPxOMfgQ4t68E+gCWwXXv9IK4HxCjp
STDOG9lAO3TKU+DAHAvKONKB5O4uz4EqZRY4fIjIbdjRmSHHMDchiKs4G8U8Wn/M
jyn65JHB4CmXwSmSPAQXJPhV0pZjaFvLHreCM2PjOUN5bVMsbOnsDts0ZwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFOpDu4DRN5AcRz+KCHjGt8roNd4cMB8GA1UdIwQY
MBaAFGhtb1aVAMJQcLYSTxuG9glSZ3qTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUcxdlZwVUF3bEJ3dGhKUEc0YjJDVkpuZXBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8yZjUyNjktZDQzMy00N2VkLWJmMWIt
YWI2ZmM0ZTBmMWUwLzEvNmtPN2dORTNrQnhIUDRvSWVNYTN5dWcxM2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8yZjUyNjktZDQzMy00N2VkLWJmMWItYWI2ZmM0ZTBmMWUw
LzEvYUcxdlZwVUF3bEJ3dGhKUEc0YjJDVkpuZXBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAW+3QAwQA
W+3XAwQAW+4BAwQAW+4SMA0EAgACMAcDBQAqD2lAMA0GCSqGSIb3DQEBCwUAA4IB
AQBmOf8gDUd4dmi/WlZveSlCJQwKPhw6GSGJvOXbirAAJo9aGYRwwnEPV1XKZyK3
QTa/6rx4X6MBKx+uy3iTj1osKic+Pcvz1vzl5YSV2lzcA+fvi9r5uOMIg2ZgeFWf
9xUR+ZLWnLXDazbBE0RdQUJx6rrDdVlYJ3sInP8cnbJWVXzribIkvcpwp0MhSsPo
xGNB61rlDszeOTR4UlEJ4SK7UOZ8lV5jV0BRgyzVW38mCrRYyyzrXLBemeedZ8ww
DbLj5ODyyhO226aIu0/A9bUtLawPkRiZllvq5ue2LhcVzs2v+LaXWUnUtMntRwZk
q/YMvZUsoep/svmkSsridQ0z
-----END CERTIFICATE-----
Generated at Wed Nov 27 12:33:32 2024 by rpki-client on console-fra.rpki-client.org