Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/LKPzTE1hqqd0Z1Ylu5XHzUGQ154.roa
File:                     LKPzTE1hqqd0Z1Ylu5XHzUGQ154.roa (raw, json)
Hash identifier:          O801WZy6lNWM6flq4HLiuhIaASbT6kqfSPwoJoa3RUg=
Subject key identifier:   2C:A3:F3:4C:4D:61:AA:A7:74:67:56:25:BB:95:C7:CD:41:90:D7:9E
Certificate issuer:       /CN=6c05cf9c327b2fc877be8b561822b065e09690c2
Certificate serial:       018CC9BCF8B4A43B87305E871E717AD0B79A
Authority key identifier: 6C:05:CF:9C:32:7B:2F:C8:77:BE:8B:56:18:22:B0:65:E0:96:90:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAXPnDJ7L8h3votWGCKwZeCWkMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/LKPzTE1hqqd0Z1Ylu5XHzUGQ154.roa
Signing time:             Tue 02 Jan 2024 10:34:13 +0000
ROA not before:           Tue 02 Jan 2024 10:34:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49321
IP address blocks:        194.93.68.0/22 maxlen: 24
                          185.245.56.0/23 maxlen: 24
                          2a0d:140::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/bAXPnDJ7L8h3votWGCKwZeCWkMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/bAXPnDJ7L8h3votWGCKwZeCWkMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAXPnDJ7L8h3votWGCKwZeCWkMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f8:b4:a4:3b:87:30:5e:87:1e:71:7a:d0:b7:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c05cf9c327b2fc877be8b561822b065e09690c2
        Validity
            Not Before: Jan  2 10:34:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ca3f34c4d61aaa774675625bb95c7cd4190d79e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:6d:2b:60:b8:27:63:68:e5:60:8e:73:b6:
                    e2:11:8a:0c:c6:d1:7f:06:0c:4b:93:7d:0e:d2:83:
                    6f:9c:6f:10:e4:a2:66:46:7e:1c:4d:1b:d5:dc:75:
                    e3:eb:4b:42:61:e7:f7:c7:83:8a:19:44:06:d5:ac:
                    26:72:77:bd:be:d8:c5:e1:59:b9:b5:1e:6a:ac:4a:
                    91:1d:02:ac:26:52:b5:11:ff:1e:12:b9:d5:f3:4d:
                    ed:bc:f2:4b:34:c1:31:a2:63:03:50:d8:65:e4:58:
                    ae:d4:cd:c5:a0:84:e8:0c:e3:13:cd:d3:67:b4:7f:
                    43:98:31:0c:fc:f3:b1:bc:95:67:d5:5c:73:e2:5b:
                    62:db:76:18:aa:1c:aa:bc:aa:0d:ee:f2:f5:2d:48:
                    d2:98:8e:c7:a2:96:f8:4e:17:41:19:e1:f3:7b:bc:
                    03:ad:ed:87:fe:2c:ac:2a:92:db:e1:68:7a:42:1d:
                    b0:54:2b:c6:79:0a:e6:c8:13:c3:fc:d0:e0:8f:f5:
                    02:a1:63:ba:04:05:1f:ce:e9:4c:7c:6f:f8:ad:b6:
                    8f:62:fe:ee:5c:56:ee:ef:b9:f6:ac:6d:31:b9:ca:
                    23:84:ef:81:ec:02:e6:7f:e0:23:ac:9a:32:53:0c:
                    0d:ad:4a:e2:ea:01:4d:ad:38:dd:15:9f:e1:2e:e0:
                    e3:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:A3:F3:4C:4D:61:AA:A7:74:67:56:25:BB:95:C7:CD:41:90:D7:9E
            X509v3 Authority Key Identifier:
                keyid:6C:05:CF:9C:32:7B:2F:C8:77:BE:8B:56:18:22:B0:65:E0:96:90:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAXPnDJ7L8h3votWGCKwZeCWkMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/LKPzTE1hqqd0Z1Ylu5XHzUGQ154.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2f5ec7-ac2b-4c66-9364-9a61831869ae/1/bAXPnDJ7L8h3votWGCKwZeCWkMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.56.0/23
                  194.93.68.0/22
                IPv6:
                  2a0d:140::/29

    Signature Algorithm: sha256WithRSAEncryption
         53:e8:74:23:0e:d4:5d:4d:12:08:97:22:00:6e:56:79:3b:e4:
         f2:e0:85:60:42:bb:a2:f9:c6:c3:5d:df:5c:9f:ee:52:7e:34:
         a9:0b:63:03:ca:aa:d9:35:42:fa:63:ab:11:2e:02:fe:f8:ca:
         71:0e:f2:84:85:2c:92:c8:01:76:c6:42:88:59:12:1a:44:33:
         f2:26:a1:1f:d4:71:fc:33:3e:24:16:df:45:55:f9:b3:56:46:
         87:e8:88:e7:1b:cb:b2:a3:5b:d5:54:8f:2b:ff:ef:ae:d3:f6:
         90:af:a3:b9:6a:16:66:d8:24:4e:96:20:79:a4:cf:8c:d2:a8:
         59:60:d4:30:47:81:fa:9c:69:b6:95:7a:24:f8:e3:f9:c7:09:
         b9:37:59:22:ec:ea:7e:65:3d:3d:cf:0f:d8:72:f1:47:15:74:
         90:01:16:f6:67:28:70:b7:4b:36:9f:f2:7b:f8:54:a2:67:77:
         49:28:50:c4:01:9d:dc:dd:5e:3c:b2:01:ec:ee:c2:de:bc:8b:
         e5:c1:f7:88:e4:ab:2b:3d:71:6f:54:49:f3:ed:54:e4:00:9d:
         c2:ed:dc:78:3d:9b:6f:95:aa:46:93:b3:16:1e:75:f3:26:ca:
         3b:d4:18:11:8f:46:62:63:76:d5:0e:10:69:d9:c0:e1:94:ab:
         80:6f:59:1c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvPi0pDuHMF6HHnF60LeaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDVjZjljMzI3YjJmYzg3N2JlOGI1NjE4MjJiMDY1ZTA5
NjkwYzIwHhcNMjQwMTAyMTAzNDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2EzZjM0YzRkNjFhYWE3NzQ2NzU2MjViYjk1YzdjZDQxOTBkNzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiptK2C4J2No5WCOc7biEYoMxtF/
BgxLk30O0oNvnG8Q5KJmRn4cTRvV3HXj60tCYef3x4OKGUQG1awmcne9vtjF4Vm5
tR5qrEqRHQKsJlK1Ef8eErnV803tvPJLNMExomMDUNhl5Fiu1M3FoIToDOMTzdNn
tH9DmDEM/POxvJVn1Vxz4lti23YYqhyqvKoN7vL1LUjSmI7Hopb4ThdBGeHze7wD
re2H/iysKpLb4Wh6Qh2wVCvGeQrmyBPD/NDgj/UCoWO6BAUfzulMfG/4rbaPYv7u
XFbu77n2rG0xucojhO+B7ALmf+AjrJoyUwwNrUri6gFNrTjdFZ/hLuDj5wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCyj80xNYaqndGdWJbuVx81BkNeeMB8GA1UdIwQY
MBaAFGwFz5wyey/Id76LVhgisGXglpDCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFYUG5ESjdMOGgzdm90V0dDS3daZUNXa01JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yZjVlYzctYWMyYi00YzY2LTkzNjQt
OWE2MTgzMTg2OWFlLzEvTEtQelRFMWhxcWQwWjFZbHU1WEh6VUdRMTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yZjVlYzctYWMyYi00YzY2LTkzNjQtOWE2MTgzMTg2OWFl
LzEvYkFYUG5ESjdMOGgzdm90V0dDS3daZUNXa01JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBufU4AwQC
wl1EMA0EAgACMAcDBQMqDQFAMA0GCSqGSIb3DQEBCwUAA4IBAQBT6HQjDtRdTRII
lyIAblZ5O+Ty4IVgQrui+cbDXd9cn+5SfjSpC2MDyqrZNUL6Y6sRLgL++MpxDvKE
hSySyAF2xkKIWRIaRDPyJqEf1HH8Mz4kFt9FVfmzVkaH6IjnG8uyo1vVVI8r/++u
0/aQr6O5ahZm2CROliB5pM+M0qhZYNQwR4H6nGm2lXok+OP5xwm5N1ki7Op+ZT09
zw/YcvFHFXSQARb2Zyhwt0s2n/J7+FSiZ3dJKFDEAZ3c3V48sgHs7sLevIvlwfeI
5KsrPXFvVEnz7VTkAJ3C7dx4PZtvlapGk7MWHnXzJso71BgRj0ZiY3bVDhBp2cDh
lKuAb1kc
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:05:26 2024 by rpki-client on console-fra.rpki-client.org