Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/a_Z8EnjS_G5a9KFaFWs02IsBBdU.roa
File:                     a_Z8EnjS_G5a9KFaFWs02IsBBdU.roa (raw, json)
Hash identifier:          3TpBuxOUM819kyiH2DBv9VtLnCigtbeLxT2DXAkSCjE=
Subject key identifier:   6B:F6:7C:12:78:D2:FC:6E:5A:F4:A1:5A:15:6B:34:D8:8B:01:05:D5
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E08A416EF4773A661559EE118C20
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/a_Z8EnjS_G5a9KFaFWs02IsBBdU.roa
Signing time:             Mon 01 Jan 2024 10:30:09 +0000
ROA not before:           Mon 01 Jan 2024 10:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61176
IP address blocks:        5.160.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e0:8a:41:6e:f4:77:3a:66:15:59:ee:11:8c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bf67c1278d2fc6e5af4a15a156b34d88b0105d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6b:29:5b:78:18:8c:b4:00:62:5d:fd:d4:60:
                    7a:b0:03:dd:d2:b5:13:70:6c:3d:91:88:1a:2e:f6:
                    8a:93:af:bb:5d:29:81:00:45:5e:d5:d3:f9:a0:f1:
                    08:25:00:d4:24:0d:76:59:de:33:76:71:85:be:5e:
                    33:9c:54:e0:75:78:2d:ec:57:7c:24:90:3c:c3:23:
                    c6:a6:38:b3:71:19:65:42:65:ec:2e:7a:39:22:11:
                    a0:88:3b:ab:74:d8:b3:e6:6a:92:a5:c5:4d:50:b5:
                    24:aa:1c:18:36:d7:e8:89:08:ea:47:d4:c1:60:e6:
                    8c:38:63:a3:e1:9a:65:af:17:d8:6e:f0:71:85:ff:
                    28:59:2b:69:13:81:79:2c:03:f0:33:7a:92:c3:c6:
                    a9:df:9f:17:14:3b:30:6b:01:b9:18:27:e7:ad:15:
                    3e:d2:27:28:e1:53:e3:37:fe:d4:46:29:41:87:3d:
                    6c:bb:fa:53:e5:90:92:9a:fd:b9:68:c5:ac:3a:3d:
                    5a:9a:9d:7f:0a:36:fb:2e:3a:98:46:7b:7e:15:ea:
                    2a:28:c5:6b:91:db:5b:00:4a:92:d3:a9:fb:1e:42:
                    e5:c4:37:59:0b:62:e2:c0:b1:0c:d7:87:fa:44:ea:
                    03:8c:e1:39:0d:8b:48:f9:ca:53:ad:15:39:a6:b4:
                    27:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F6:7C:12:78:D2:FC:6E:5A:F4:A1:5A:15:6B:34:D8:8B:01:05:D5
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/a_Z8EnjS_G5a9KFaFWs02IsBBdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:78:b3:12:4f:50:a9:fb:0e:16:ab:1e:b7:96:f8:48:6b:b9:
         53:c6:3f:2b:39:29:66:1d:ca:52:c3:f6:7f:7e:f0:53:b9:18:
         63:ba:47:23:8a:06:de:75:b6:5b:01:8e:03:f0:87:c1:72:5e:
         2d:8d:30:96:50:7f:e9:63:eb:6c:5d:79:0e:1d:21:00:95:23:
         6f:45:45:cf:1b:94:d9:63:03:a0:bf:ac:4c:f4:f4:cf:c9:b7:
         3d:3c:3f:4d:18:07:18:e7:53:fa:4a:b8:ef:28:a6:8d:e0:f7:
         8b:0f:7b:02:e5:70:42:47:41:1f:78:5e:ed:77:de:8a:70:06:
         c8:a9:a0:69:56:92:99:b9:b5:2f:8e:44:05:9a:35:ea:0b:63:
         65:9a:59:fd:6c:9a:ee:50:57:70:79:01:42:84:9a:93:9f:c8:
         66:3e:b1:99:4d:62:b7:63:df:14:79:f6:e0:a6:58:79:92:7b:
         75:88:f7:db:87:7c:ca:71:ed:5a:8d:fc:fe:08:47:43:0c:cf:
         d2:39:70:1d:46:63:4b:3b:12:5c:74:89:8e:a8:54:27:b1:bf:
         f5:82:38:04:d3:06:90:0a:48:66:12:28:45:49:ae:f0:3d:0e:
         ef:08:df:ca:c4:ab:14:e9:83:c6:0d:05:0b:8f:fe:29:11:96:
         c6:00:47:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuCKQW70dzpmFVnuEYwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmY2N2MxMjc4ZDJmYzZlNWFmNGExNWExNTZiMzRkODhiMDEwNWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmspW3gYjLQAYl391GB6sAPd0rUT
cGw9kYgaLvaKk6+7XSmBAEVe1dP5oPEIJQDUJA12Wd4zdnGFvl4znFTgdXgt7Fd8
JJA8wyPGpjizcRllQmXsLno5IhGgiDurdNiz5mqSpcVNULUkqhwYNtfoiQjqR9TB
YOaMOGOj4ZplrxfYbvBxhf8oWStpE4F5LAPwM3qSw8ap358XFDswawG5GCfnrRU+
0ico4VPjN/7URilBhz1su/pT5ZCSmv25aMWsOj1amp1/Cjb7LjqYRnt+FeoqKMVr
kdtbAEqS06n7HkLlxDdZC2LiwLEM14f6ROoDjOE5DYtI+cpTrRU5prQn6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGv2fBJ40vxuWvShWhVrNNiLAQXVMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvYV9aOEVualNfRzVhOUtGYUZXczAySXNCQmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaAPMA0G
CSqGSIb3DQEBCwUAA4IBAQBteLMST1Cp+w4Wqx63lvhIa7lTxj8rOSlmHcpSw/Z/
fvBTuRhjukcjigbedbZbAY4D8IfBcl4tjTCWUH/pY+tsXXkOHSEAlSNvRUXPG5TZ
YwOgv6xM9PTPybc9PD9NGAcY51P6SrjvKKaN4PeLD3sC5XBCR0EfeF7td96KcAbI
qaBpVpKZubUvjkQFmjXqC2Nlmln9bJruUFdweQFChJqTn8hmPrGZTWK3Y98Uefbg
plh5knt1iPfbh3zKce1ajfz+CEdDDM/SOXAdRmNLOxJcdImOqFQnsb/1gjgE0waQ
CkhmEihFSa7wPQ7vCN/KxKsU6YPGDQULj/4pEZbGAEcz
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:05:22 2024 by rpki-client on console-fra.rpki-client.org