Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/1-K4xMuq3Av_Pi1yAPf-ekvbrrpk.roa
File:                     1-K4xMuq3Av_Pi1yAPf-ekvbrrpk.roa (raw, json)
Hash identifier:          iMVRJlRMZidsgaF1bQIzWrl1Z8M1GOm7jo/InA9K6Co=
Subject key identifier:   F8:AE:31:32:EA:B7:02:FF:CF:8B:5C:80:3D:FF:9E:92:F6:EB:AE:99
Certificate issuer:       /CN=9ce94757ac3f70b40f369307d365ebc9657bab69
Certificate serial:       018CC3B712F5B00093680EBA4204ABD7B1DD
Authority key identifier: 9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/1-K4xMuq3Av_Pi1yAPf-ekvbrrpk.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3215
IP address blocks:        156.28.6.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:12:f5:b0:00:93:68:0e:ba:42:04:ab:d7:b1:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ce94757ac3f70b40f369307d365ebc9657bab69
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8ae3132eab702ffcf8b5c803dff9e92f6ebae99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:50:a0:7d:ea:9b:28:15:ca:d8:8e:ea:a9:ed:
                    67:36:1d:87:48:06:cb:8c:b0:58:6d:56:62:39:cc:
                    a4:51:32:ab:e6:4e:fc:e5:58:56:64:31:94:f9:c1:
                    79:ce:b0:77:d5:46:b1:8b:6a:e7:77:3a:e2:97:59:
                    c7:73:0f:c1:58:4d:f6:5e:4c:ee:78:bb:e6:8e:ad:
                    72:80:98:dc:ba:da:39:e6:cd:ee:35:07:8b:f5:df:
                    1b:29:10:0b:69:1a:0b:f8:b1:63:b4:bc:ac:a6:02:
                    b2:c7:c8:fa:c7:94:e9:f6:22:a2:ea:62:e8:19:a6:
                    f8:14:1e:d9:ca:30:00:8a:66:e3:25:0a:f1:ac:ac:
                    ef:1d:97:bd:f7:06:76:be:dd:c1:d9:ec:28:07:c2:
                    be:07:8d:6f:8f:b7:11:31:f2:cb:1e:13:35:8d:aa:
                    58:02:91:36:82:b3:92:da:88:d3:ec:7c:ce:77:25:
                    f6:cf:45:ac:c4:ed:37:2d:10:5b:1a:62:5a:3b:7d:
                    4f:88:e3:66:6a:98:c7:ed:54:30:9e:df:8f:01:60:
                    1d:d3:77:29:89:81:7c:ed:d0:45:0c:ff:90:94:25:
                    f2:76:37:48:63:74:94:5c:23:69:3c:f8:d9:96:ab:
                    eb:ba:12:85:ad:68:5f:1b:cc:3a:8f:34:37:55:52:
                    94:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:AE:31:32:EA:B7:02:FF:CF:8B:5C:80:3D:FF:9E:92:F6:EB:AE:99
            X509v3 Authority Key Identifier:
                keyid:9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/1-K4xMuq3Av_Pi1yAPf-ekvbrrpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.28.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e9:4f:82:fd:70:c3:89:91:b1:af:05:0e:59:9b:3f:8f:0f:26:
         8e:18:66:92:a8:70:ce:7b:28:48:d1:c9:bc:e1:97:53:9d:74:
         1b:eb:7d:30:5e:86:00:00:d0:5a:6d:81:54:e8:ec:92:bf:ac:
         84:9a:e5:94:30:ec:8b:e6:98:4e:f0:70:98:e9:72:ba:ab:5f:
         b3:26:f9:b2:b2:70:3b:98:9c:9d:dc:98:09:13:7b:a9:94:20:
         8b:5a:e1:38:14:fa:78:f1:6d:c5:6a:da:75:48:a7:9e:98:cc:
         8f:00:e9:d8:45:18:33:f9:44:c6:3f:c5:16:85:9e:28:0f:a3:
         de:26:3b:93:4d:21:0a:81:18:9b:c3:4a:a9:5f:bf:35:66:45:
         dd:87:90:d0:37:98:55:9e:7c:7f:47:55:b0:f7:a8:46:12:6f:
         d1:97:fa:fe:63:9f:e5:88:a8:b2:66:60:6b:79:aa:8d:e9:62:
         5e:68:35:70:02:31:16:99:9e:d1:e7:1d:05:30:e8:03:dc:23:
         b2:6c:cb:1a:2e:06:04:14:54:9a:7a:d2:7e:c1:5e:ba:4e:52:
         53:3a:81:0a:94:3f:28:80:cc:2a:8a:a6:6c:41:7e:37:51:ba:
         9b:72:7d:5f:49:fd:0b:c2:59:38:45:e5:36:e3:ba:24:47:c3:
         93:3f:f3:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtxL1sACTaA66QgSr17HdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZTk0NzU3YWMzZjcwYjQwZjM2OTMwN2QzNjVlYmM5NjU3
YmFiNjkwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGFlMzEzMmVhYjcwMmZmY2Y4YjVjODAzZGZmOWU5MmY2ZWJhZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFCgfeqbKBXK2I7qqe1nNh2HSAbL
jLBYbVZiOcykUTKr5k785VhWZDGU+cF5zrB31Uaxi2rndzril1nHcw/BWE32Xkzu
eLvmjq1ygJjcuto55s3uNQeL9d8bKRALaRoL+LFjtLyspgKyx8j6x5Tp9iKi6mLo
Gab4FB7ZyjAAimbjJQrxrKzvHZe99wZ2vt3B2ewoB8K+B41vj7cRMfLLHhM1japY
ApE2grOS2ojT7HzOdyX2z0WsxO03LRBbGmJaO31PiONmapjH7VQwnt+PAWAd03cp
iYF87dBFDP+QlCXydjdIY3SUXCNpPPjZlqvruhKFrWhfG8w6jzQ3VVKU6QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPiuMTLqtwL/z4tcgD3/npL2666ZMB8GA1UdIwQY
MBaAFJzpR1esP3C0DzaTB9Nl68lle6tpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk9sSFY2d19jTFFQTnBNSDAyWHJ5V1Y3cTJrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80ODEyNjktZGJkYi00MjVlLTk2NDIt
ZTFlYTQxYzlhMmU2LzEvMS1LNHhNdXEzQXZfUGkxeUFQZi1la3ZicnJway5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjUvNDgxMjY5LWRiZGItNDI1ZS05NjQyLWUxZWE0MWM5YTJl
Ni8xL25PbEhWNndfY0xRUE5wTUgwMlhyeVdWN3Eyay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZwcBjAN
BgkqhkiG9w0BAQsFAAOCAQEA6U+C/XDDiZGxrwUOWZs/jw8mjhhmkqhwznsoSNHJ
vOGXU510G+t9MF6GAADQWm2BVOjskr+shJrllDDsi+aYTvBwmOlyuqtfsyb5srJw
O5icndyYCRN7qZQgi1rhOBT6ePFtxWradUinnpjMjwDp2EUYM/lExj/FFoWeKA+j
3iY7k00hCoEYm8NKqV+/NWZF3YeQ0DeYVZ58f0dVsPeoRhJv0Zf6/mOf5YiosmZg
a3mqjeliXmg1cAIxFpme0ecdBTDoA9wjsmzLGi4GBBRUmnrSfsFeuk5SUzqBCpQ/
KIDMKoqmbEF+N1G6m3J9X0n9C8JZOEXlNuO6JEfDkz/zlw==
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:29:42 2024 by rpki-client on console-fra.rpki-client.org