Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6109d6-0a8a-4bf6-a0e2-e52da3b86754/1/e249lnZKJfrd8xANMbWOM3lvWU0.roa
File:                     e249lnZKJfrd8xANMbWOM3lvWU0.roa (raw, json)
Hash identifier:          PyNbDLTSrWKbh0Jw9bJAfOrcvJwiC+K0jy+DxilTDNA=
Subject key identifier:   7B:6E:3D:96:76:4A:25:FA:DD:F3:10:0D:31:B5:8E:33:79:6F:59:4D
Certificate issuer:       /CN=56e3353d5f423ad4271c3261caa543140530bddb
Certificate serial:       018CC7953E91E75E300C022F2DF3DC3E228E
Authority key identifier: 56:E3:35:3D:5F:42:3A:D4:27:1C:32:61:CA:A5:43:14:05:30:BD:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VuM1PV9COtQnHDJhyqVDFAUwvds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/6109d6-0a8a-4bf6-a0e2-e52da3b86754/1/e249lnZKJfrd8xANMbWOM3lvWU0.roa
Signing time:             Tue 02 Jan 2024 00:31:36 +0000
ROA not before:           Tue 02 Jan 2024 00:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41794
IP address blocks:        5.44.170.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/6109d6-0a8a-4bf6-a0e2-e52da3b86754/1/VuM1PV9COtQnHDJhyqVDFAUwvds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/6109d6-0a8a-4bf6-a0e2-e52da3b86754/1/VuM1PV9COtQnHDJhyqVDFAUwvds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VuM1PV9COtQnHDJhyqVDFAUwvds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3e:91:e7:5e:30:0c:02:2f:2d:f3:dc:3e:22:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56e3353d5f423ad4271c3261caa543140530bddb
        Validity
            Not Before: Jan  2 00:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b6e3d96764a25faddf3100d31b58e33796f594d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f1:e4:12:a1:fe:37:d6:c1:1d:8a:42:5a:3f:
                    46:95:c2:ba:30:51:60:3e:e7:b3:5c:e0:4b:92:11:
                    93:ca:7a:63:6a:23:49:72:ec:ee:e9:d4:e8:f6:20:
                    03:bc:04:26:a0:6c:0f:ef:bd:d9:1f:a0:0f:c7:7d:
                    7c:63:74:7c:c6:44:23:1a:d2:61:e7:cb:f5:53:2c:
                    f7:95:cf:10:15:0b:a4:bd:59:2d:19:dc:42:32:25:
                    ed:78:46:a0:1a:b0:30:f1:b2:f2:7c:6e:42:d6:04:
                    f5:71:1f:97:04:03:ea:4c:02:e5:1e:6c:a8:57:4c:
                    df:78:f2:48:08:66:b9:11:20:ef:a4:25:63:80:1d:
                    50:be:a7:71:68:64:19:62:4e:19:62:15:fe:02:17:
                    75:e9:97:fb:f4:8d:8c:50:c7:7f:f2:e9:a5:4d:df:
                    43:1a:c9:7b:65:c4:7b:3d:fa:51:14:7f:4b:9a:fc:
                    2c:2f:77:53:09:65:b7:f7:6b:8f:92:18:f4:ac:0e:
                    96:09:1d:47:d9:03:e3:75:d1:7e:9b:0e:4e:14:ef:
                    d3:b4:b2:6d:e4:b2:3a:55:ec:5a:9b:ef:1f:0b:b0:
                    fe:ac:d0:73:b6:2d:90:82:04:72:46:f5:a9:2d:68:
                    6b:81:cb:88:a0:19:af:fb:53:98:ce:be:de:13:57:
                    76:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:6E:3D:96:76:4A:25:FA:DD:F3:10:0D:31:B5:8E:33:79:6F:59:4D
            X509v3 Authority Key Identifier:
                keyid:56:E3:35:3D:5F:42:3A:D4:27:1C:32:61:CA:A5:43:14:05:30:BD:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VuM1PV9COtQnHDJhyqVDFAUwvds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6109d6-0a8a-4bf6-a0e2-e52da3b86754/1/e249lnZKJfrd8xANMbWOM3lvWU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6109d6-0a8a-4bf6-a0e2-e52da3b86754/1/VuM1PV9COtQnHDJhyqVDFAUwvds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:2f:30:51:6b:50:ed:3a:37:0f:5b:63:b0:df:da:58:d1:ad:
         5f:a1:37:9c:9c:c7:c9:32:55:23:b0:22:1c:77:0e:db:da:d1:
         0b:3a:09:ea:13:f7:20:f3:e9:ba:6b:7c:cf:04:39:27:7e:f6:
         c6:b3:1e:c1:c0:e0:4c:14:90:3b:f7:8a:77:41:34:9e:9b:ca:
         9d:ac:9b:bf:1d:53:d0:2f:62:66:bf:cd:ee:a8:44:a8:35:8f:
         11:bd:6b:04:72:c7:8f:fe:8a:40:06:ae:75:e4:21:1c:cf:1a:
         39:9d:21:66:9a:24:97:ad:ca:42:9a:51:2a:62:61:d8:59:1f:
         8e:0b:79:b7:1d:b4:c6:28:be:e7:a5:ec:39:ab:02:0d:f5:49:
         3b:70:47:c9:13:81:26:13:41:de:64:f0:0e:6b:79:dc:01:23:
         6f:17:d7:4f:75:82:14:ee:45:e5:74:13:64:6f:15:46:39:5d:
         64:7f:e9:f5:28:3e:98:06:20:42:41:10:ae:9c:b4:6d:8d:7d:
         a7:1b:85:b6:74:72:e2:c6:87:38:51:e9:2e:e4:19:48:85:06:
         8d:3f:26:67:c0:f7:7d:fa:4a:24:8a:6d:ef:08:9e:da:a6:07:
         bf:de:9d:2d:3b:51:8c:25:9b:c5:4b:99:40:db:16:91:06:67:
         90:75:3b:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlT6R514wDAIvLfPcPiKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZTMzNTNkNWY0MjNhZDQyNzFjMzI2MWNhYTU0MzE0MDUz
MGJkZGIwHhcNMjQwMTAyMDAzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjZlM2Q5Njc2NGEyNWZhZGRmMzEwMGQzMWI1OGUzMzc5NmY1OTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvHkEqH+N9bBHYpCWj9GlcK6MFFg
PuezXOBLkhGTynpjaiNJcuzu6dTo9iADvAQmoGwP773ZH6APx318Y3R8xkQjGtJh
58v1Uyz3lc8QFQukvVktGdxCMiXteEagGrAw8bLyfG5C1gT1cR+XBAPqTALlHmyo
V0zfePJICGa5ESDvpCVjgB1QvqdxaGQZYk4ZYhX+Ahd16Zf79I2MUMd/8umlTd9D
Gsl7ZcR7PfpRFH9LmvwsL3dTCWW392uPkhj0rA6WCR1H2QPjddF+mw5OFO/TtLJt
5LI6Vexam+8fC7D+rNBzti2QggRyRvWpLWhrgcuIoBmv+1OYzr7eE1d2TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtuPZZ2SiX63fMQDTG1jjN5b1lNMB8GA1UdIwQY
MBaAFFbjNT1fQjrUJxwyYcqlQxQFML3bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnVNMVBWOUNPdFFuSERKaHlxVkRGQVV3dmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82MTA5ZDYtMGE4YS00YmY2LWEwZTIt
ZTUyZGEzYjg2NzU0LzEvZTI0OWxuWktKZnJkOHhBTk1iV09NM2x2V1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82MTA5ZDYtMGE4YS00YmY2LWEwZTItZTUyZGEzYjg2NzU0
LzEvVnVNMVBWOUNPdFFuSERKaHlxVkRGQVV3dmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBSyqMA0G
CSqGSIb3DQEBCwUAA4IBAQBALzBRa1DtOjcPW2Ow39pY0a1foTecnMfJMlUjsCIc
dw7b2tELOgnqE/cg8+m6a3zPBDknfvbGsx7BwOBMFJA794p3QTSem8qdrJu/HVPQ
L2Jmv83uqESoNY8RvWsEcseP/opABq515CEczxo5nSFmmiSXrcpCmlEqYmHYWR+O
C3m3HbTGKL7npew5qwIN9Uk7cEfJE4EmE0HeZPAOa3ncASNvF9dPdYIU7kXldBNk
bxVGOV1kf+n1KD6YBiBCQRCunLRtjX2nG4W2dHLixoc4Ueku5BlIhQaNPyZnwPd9
+kokim3vCJ7apge/3p0tO1GMJZvFS5lA2xaRBmeQdTtH
-----END CERTIFICATE-----
Generated at Sun Jun 16 21:41:49 2024 by rpki-client on console-fra.rpki-client.org