Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/L6D6fJYhfuCPMTt5B-P_PPO7x-k.roa
File:                     L6D6fJYhfuCPMTt5B-P_PPO7x-k.roa (raw, json)
Hash identifier:          2g5KI1qdHT65Xc8rvpNetKYQs/TJO+yIMvMNLt+k+0w=
Subject key identifier:   2F:A0:FA:7C:96:21:7E:E0:8F:31:3B:79:07:E3:FF:3C:F3:BB:C7:E9
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018CC794DBD67FFA861F6D42523566242840
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/L6D6fJYhfuCPMTt5B-P_PPO7x-k.roa
Signing time:             Tue 02 Jan 2024 00:31:10 +0000
ROA not before:           Tue 02 Jan 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        89.251.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:db:d6:7f:fa:86:1f:6d:42:52:35:66:24:28:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fa0fa7c96217ee08f313b7907e3ff3cf3bbc7e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:52:1a:f6:5d:88:85:4b:74:33:62:8b:7d:a2:
                    9d:53:c7:46:cc:3e:5a:98:25:71:73:70:1b:8a:70:
                    56:6b:02:b9:5e:63:e3:0c:e0:1e:6c:2f:5e:c9:2e:
                    e5:87:7d:29:9c:e1:5f:b0:27:a8:6a:8d:bf:72:2e:
                    fd:e5:76:1d:99:30:b3:40:dd:ec:74:ee:08:83:5c:
                    15:fb:45:bc:fe:50:f1:5f:be:5e:5d:37:41:9e:6c:
                    72:4f:a0:a7:fa:27:4d:22:05:b5:86:6a:ca:5d:33:
                    64:23:c2:dd:60:71:a6:45:2e:2b:fb:52:1b:4d:a2:
                    94:24:ff:70:9d:ad:d8:31:5f:ce:d7:72:77:25:38:
                    36:7b:6a:90:cd:5f:de:d1:83:c5:14:83:c1:5f:42:
                    f1:25:ca:cd:9f:99:63:35:47:6c:f2:9d:74:e0:f3:
                    7a:2b:70:a3:8a:68:ea:4c:00:39:8b:4a:7a:28:3c:
                    85:f4:64:00:dc:7c:2d:a3:e0:db:1f:ed:3a:2e:27:
                    89:aa:be:28:d4:4a:be:3a:2d:ca:3e:a8:cb:b3:22:
                    0e:ec:4c:38:50:ba:04:45:66:be:95:b5:c8:3f:ff:
                    dd:a2:e3:a0:2f:72:f4:bf:fd:07:e1:44:5d:70:de:
                    5f:e1:04:a0:85:02:e5:51:89:57:1b:d6:83:73:4a:
                    46:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:A0:FA:7C:96:21:7E:E0:8F:31:3B:79:07:E3:FF:3C:F3:BB:C7:E9
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/L6D6fJYhfuCPMTt5B-P_PPO7x-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:7f:1a:eb:73:cf:9c:45:4b:57:87:40:44:a7:19:75:22:8e:
         fb:3a:da:85:1b:91:98:88:46:f4:19:74:8a:9d:b0:c0:49:aa:
         ed:ec:08:55:54:de:47:e2:97:73:98:9d:0d:d1:51:04:3f:c8:
         1c:c3:b1:de:60:65:e7:44:81:00:14:0a:25:db:5e:95:79:5c:
         1a:46:34:63:f1:1a:93:e8:49:ff:fc:52:09:81:fd:85:7e:90:
         55:73:44:c5:e3:b8:54:41:d7:dd:02:1b:d8:ea:9d:f3:c8:8c:
         a2:ee:cf:98:31:29:af:b5:9f:d7:aa:cc:99:ce:a7:7c:e3:de:
         a7:06:97:a9:68:26:a5:0d:cb:f6:e2:9c:c3:cd:d7:0c:ef:52:
         65:59:b6:91:fb:42:07:2f:32:56:22:0b:61:c9:8c:f2:22:ca:
         3d:93:71:64:12:13:b0:6d:4c:07:da:2c:ab:c7:3e:45:20:94:
         26:cc:0c:2a:49:fd:56:78:8e:5d:1d:79:0a:e1:50:fc:ab:68:
         e2:bf:34:1e:81:21:8a:82:88:96:91:0e:2f:62:e0:75:33:7a:
         02:6f:5e:b6:d3:18:97:6d:ec:1f:c7:f4:50:6a:f8:84:e6:71:
         6a:f1:f1:31:b1:de:84:bb:8f:7b:83:d0:4c:05:7b:b6:96:d7:
         01:c5:96:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNvWf/qGH21CUjVmJChAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTAyMDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmEwZmE3Yzk2MjE3ZWUwOGYzMTNiNzkwN2UzZmYzY2YzYmJjN2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylIa9l2IhUt0M2KLfaKdU8dGzD5a
mCVxc3AbinBWawK5XmPjDOAebC9eyS7lh30pnOFfsCeoao2/ci795XYdmTCzQN3s
dO4Ig1wV+0W8/lDxX75eXTdBnmxyT6Cn+idNIgW1hmrKXTNkI8LdYHGmRS4r+1Ib
TaKUJP9wna3YMV/O13J3JTg2e2qQzV/e0YPFFIPBX0LxJcrNn5ljNUds8p104PN6
K3CjimjqTAA5i0p6KDyF9GQA3Hwto+DbH+06LieJqr4o1Eq+Oi3KPqjLsyIO7Ew4
ULoERWa+lbXIP//douOgL3L0v/0H4URdcN5f4QSghQLlUYlXG9aDc0pGzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+g+nyWIX7gjzE7eQfj/zzzu8fpMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvTDZENmZKWWhmdUNQTVR0NUItUF9QUE83eC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsZMA0G
CSqGSIb3DQEBCwUAA4IBAQAgfxrrc8+cRUtXh0BEpxl1Io77OtqFG5GYiEb0GXSK
nbDASart7AhVVN5H4pdzmJ0N0VEEP8gcw7HeYGXnRIEAFAol216VeVwaRjRj8RqT
6En//FIJgf2FfpBVc0TF47hUQdfdAhvY6p3zyIyi7s+YMSmvtZ/XqsyZzqd8496n
BpepaCalDcv24pzDzdcM71JlWbaR+0IHLzJWIgthyYzyIso9k3FkEhOwbUwH2iyr
xz5FIJQmzAwqSf1WeI5dHXkK4VD8q2jivzQegSGKgoiWkQ4vYuB1M3oCb1620xiX
bewfx/RQaviE5nFq8fExsd6Eu497g9BMBXu2ltcBxZab
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:07:36 2024 by rpki-client on console-ams.rpki-client.org