Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/erDNj8C186V3CJ476Q-nS2L6t0c.roa
File:                     erDNj8C186V3CJ476Q-nS2L6t0c.roa (raw, json)
Hash identifier:          jv1LwF0ZiibVBXp6x1qpI7//tKfPe461vp5815tkHSk=
Subject key identifier:   7A:B0:CD:8F:C0:B5:F3:A5:77:08:9E:3B:E9:0F:A7:4B:62:FA:B7:47
Certificate issuer:       /CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
Certificate serial:       018E32EB4C675962E3D54EDB5D0A351581F3
Authority key identifier: 53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/erDNj8C186V3CJ476Q-nS2L6t0c.roa
Signing time:             Tue 12 Mar 2024 13:47:45 +0000
ROA not before:           Tue 12 Mar 2024 13:47:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34686
IP address blocks:        80.254.231.0/24 maxlen: 24
                          91.216.32.0/24 maxlen: 24
                          2001:67c:1084::/48 maxlen: 48
                          2a13:5240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 19:09:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:eb:4c:67:59:62:e3:d5:4e:db:5d:0a:35:15:81:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
        Validity
            Not Before: Mar 12 13:47:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ab0cd8fc0b5f3a577089e3be90fa74b62fab747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:9d:51:6b:f0:d3:d3:97:ec:37:aa:d3:b4:70:
                    4a:7e:bd:25:04:e5:04:63:ac:b3:30:63:ce:40:33:
                    a5:c3:ab:e3:0a:36:f3:61:b0:0b:8b:9d:30:d8:eb:
                    e4:72:ea:39:0f:4f:77:06:45:de:b5:f0:81:d7:10:
                    4c:c3:cb:90:4f:db:7d:39:6f:d5:2d:4e:f0:bf:d9:
                    50:c3:15:2c:17:b7:77:4e:2e:a3:16:87:2a:98:e1:
                    4e:6f:cf:4e:9e:39:a7:02:27:fe:46:8c:57:69:8c:
                    4d:63:7e:30:1d:b7:79:a4:3d:37:7f:df:48:30:0b:
                    4c:ec:92:cc:9e:40:f4:15:4f:17:46:52:ef:ca:60:
                    b8:a8:61:05:27:7b:9d:bf:8a:93:04:24:e9:a2:5a:
                    d9:a3:43:68:e2:62:68:0b:32:14:8b:a6:38:1f:28:
                    4a:34:27:51:4b:d0:7c:67:21:a9:70:12:98:48:51:
                    09:7d:43:ed:aa:af:f0:3e:9b:f6:2d:a3:69:11:f8:
                    62:4a:bc:9f:e2:61:49:07:ea:81:14:b5:77:f3:95:
                    2a:ce:4d:b6:ec:4a:db:dc:0f:c0:c9:53:bf:03:69:
                    50:4d:6b:d4:71:32:97:d4:81:de:bb:86:09:48:87:
                    71:8c:08:54:65:d4:85:63:38:86:4c:51:19:75:05:
                    0f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B0:CD:8F:C0:B5:F3:A5:77:08:9E:3B:E9:0F:A7:4B:62:FA:B7:47
            X509v3 Authority Key Identifier:
                keyid:53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/erDNj8C186V3CJ476Q-nS2L6t0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.254.231.0/24
                  91.216.32.0/24
                IPv6:
                  2001:67c:1084::/48
                  2a13:5240::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:ca:12:32:8c:e6:06:7d:b0:d2:41:27:39:f2:a8:17:67:91:
         57:a1:c6:54:a3:02:61:82:a2:5e:62:b8:43:5d:8f:a4:76:1f:
         bc:39:5f:fb:bd:89:35:69:e9:02:18:ef:f1:2d:c6:17:d8:02:
         e1:cb:a5:30:e8:d3:27:d0:0e:85:d9:24:e9:09:43:a3:3e:83:
         84:99:89:03:23:3a:c9:ca:af:c1:a2:fa:ae:56:f4:3b:32:20:
         4c:7f:4e:72:ff:58:ff:c7:26:2d:29:02:05:cf:10:9a:01:32:
         8a:eb:f7:7e:c5:11:0c:3a:cd:bd:33:fa:9c:5c:eb:57:51:b4:
         9c:bc:71:2f:5e:d7:4d:d4:1c:1a:b9:54:0d:92:ba:81:d6:e3:
         c3:a2:6e:60:fa:e2:88:ed:25:1e:79:0c:7a:b4:da:ea:e8:c4:
         88:cf:86:a4:0b:c6:e8:f2:70:e6:1d:fd:f9:1b:58:95:8b:10:
         6f:67:5c:e1:a0:eb:7a:65:9a:f4:95:96:4e:2c:93:2c:36:b1:
         12:f2:56:c1:b0:c8:5d:ef:64:ba:46:c7:50:03:b3:c8:c3:fa:
         d6:7e:31:7d:fa:c4:b6:86:7a:02:3a:21:c3:af:1f:e2:94:a2:
         d7:84:9a:3f:01:52:7d:c0:41:ec:9a:93:97:55:10:04:30:8e:
         20:25:8d:54
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY4y60xnWWLj1U7bXQo1FYHzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjQ2YWI3OWI5ZmM1OGY1ZGM0Y2YyOWQ3MmRjNTI2N2Vj
M2VkZGUwHhcNMjQwMzEyMTM0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWIwY2Q4ZmMwYjVmM2E1NzcwODllM2JlOTBmYTc0YjYyZmFiNzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJ1Ra/DT05fsN6rTtHBKfr0lBOUE
Y6yzMGPOQDOlw6vjCjbzYbALi50w2Ovkcuo5D093BkXetfCB1xBMw8uQT9t9OW/V
LU7wv9lQwxUsF7d3Ti6jFocqmOFOb89OnjmnAif+RoxXaYxNY34wHbd5pD03f99I
MAtM7JLMnkD0FU8XRlLvymC4qGEFJ3udv4qTBCTpolrZo0No4mJoCzIUi6Y4HyhK
NCdRS9B8ZyGpcBKYSFEJfUPtqq/wPpv2LaNpEfhiSryf4mFJB+qBFLV385Uqzk22
7Erb3A/AyVO/A2lQTWvUcTKX1IHeu4YJSIdxjAhUZdSFYziGTFEZdQUPFQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHqwzY/AtfOldwieO+kPp0ti+rdHMB8GA1UdIwQY
MBaAFFO0arebn8WPXcTPKdctxSZ+w+3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQt
MDYwYTQ3MzgwOTFkLzEvZXJETmo4QzE4NlYzQ0o0NzZRLW5TMkw2dDBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQtMDYwYTQ3MzgwOTFk
LzEvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQAUP7nAwQA
W9ggMBYEAgACMBADBwAgAQZ8EIQDBQAqE1JAMA0GCSqGSIb3DQEBCwUAA4IBAQB7
yhIyjOYGfbDSQSc58qgXZ5FXocZUowJhgqJeYrhDXY+kdh+8OV/7vYk1aekCGO/x
LcYX2ALhy6Uw6NMn0A6F2STpCUOjPoOEmYkDIzrJyq/BovquVvQ7MiBMf05y/1j/
xyYtKQIFzxCaATKK6/d+xREMOs29M/qcXOtXUbScvHEvXtdN1BwauVQNkrqB1uPD
om5g+uKI7SUeeQx6tNrq6MSIz4akC8bo8nDmHf35G1iVixBvZ1zhoOt6ZZr0lZZO
LJMsNrES8lbBsMhd72S6RsdQA7PIw/rWfjF9+sS2hnoCOiHDrx/ilKLXhJo/AVJ9
wEHsmpOXVRAEMI4gJY1U
-----END CERTIFICATE-----
Generated at Sun Jun 16 02:00:47 2024 by rpki-client on console-fra.rpki-client.org