Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Z609qW5B5CPcGG79C_Ndf9PHCd0.roa
File:                     Z609qW5B5CPcGG79C_Ndf9PHCd0.roa (raw, json)
Hash identifier:          +iu9cNAY/5Yt2JTqT+oPOlmsy4k1DrZ6kyUJ3z670w4=
Subject key identifier:   67:AD:3D:A9:6E:41:E4:23:DC:18:6E:FD:0B:F3:5D:7F:D3:C7:09:DD
Certificate issuer:       /CN=5e1d4060fd501ebae93ed44da6b7a79e66705b2f
Certificate serial:       018CCA99889C9837BC74D4ADD58751FE477A
Authority key identifier: 5E:1D:40:60:FD:50:1E:BA:E9:3E:D4:4D:A6:B7:A7:9E:66:70:5B:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xh1AYP1QHrrpPtRNprennmZwWy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Z609qW5B5CPcGG79C_Ndf9PHCd0.roa
Signing time:             Tue 02 Jan 2024 14:35:08 +0000
ROA not before:           Tue 02 Jan 2024 14:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209834
IP address blocks:        176.53.188.0/22 maxlen: 24
                          2a09:e100::/29 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Xh1AYP1QHrrpPtRNprennmZwWy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Xh1AYP1QHrrpPtRNprennmZwWy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xh1AYP1QHrrpPtRNprennmZwWy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:88:9c:98:37:bc:74:d4:ad:d5:87:51:fe:47:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e1d4060fd501ebae93ed44da6b7a79e66705b2f
        Validity
            Not Before: Jan  2 14:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67ad3da96e41e423dc186efd0bf35d7fd3c709dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2e:56:2e:de:46:78:ac:ac:c6:ba:56:cf:d7:
                    ba:c4:d1:61:0c:7c:0f:68:c8:e8:23:aa:89:2a:83:
                    f3:a2:bb:36:2f:81:c8:d8:2c:d9:0c:46:fd:85:c6:
                    f9:fc:36:b9:82:0c:fe:7f:bf:2c:57:ab:12:2d:0b:
                    73:4b:39:83:57:84:1a:bb:e0:b0:ad:66:52:e8:16:
                    b8:b2:50:37:90:61:79:fe:88:d9:c1:29:c2:8f:d4:
                    47:02:fc:17:10:8a:31:71:24:d1:c1:c8:73:b2:0b:
                    28:87:43:c4:bd:f3:06:03:e6:97:29:dc:68:58:0d:
                    b1:91:4e:c3:5e:27:16:da:57:76:ee:45:e5:4b:24:
                    7f:4f:02:69:bf:b5:9d:1c:7a:a9:81:a0:5d:62:f7:
                    28:e0:0b:d0:74:c7:4d:65:72:f1:1a:38:9f:8a:e1:
                    b9:ae:56:05:4c:eb:03:2e:6a:bd:3f:7c:ba:85:20:
                    b5:e4:02:cb:e7:bb:50:6b:a0:52:bd:39:ab:91:34:
                    f3:17:5b:e2:50:0e:ba:09:8a:d9:2a:18:b4:fb:0c:
                    47:63:e7:f0:16:34:3b:c6:5f:77:35:98:d2:1b:9f:
                    a3:c3:d1:31:8d:5f:c2:98:81:18:9c:d5:1c:fe:ba:
                    8a:33:26:b9:11:ac:63:d0:8f:63:52:35:ff:2a:a0:
                    d9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:AD:3D:A9:6E:41:E4:23:DC:18:6E:FD:0B:F3:5D:7F:D3:C7:09:DD
            X509v3 Authority Key Identifier:
                keyid:5E:1D:40:60:FD:50:1E:BA:E9:3E:D4:4D:A6:B7:A7:9E:66:70:5B:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xh1AYP1QHrrpPtRNprennmZwWy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Z609qW5B5CPcGG79C_Ndf9PHCd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Xh1AYP1QHrrpPtRNprennmZwWy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.53.188.0/22
                IPv6:
                  2a09:e100::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:31:20:62:32:ad:bf:d4:90:72:be:de:20:e6:12:e1:2b:76:
         92:8b:58:65:ee:bc:ce:c4:57:ae:8c:c1:15:80:15:52:c5:53:
         34:28:85:5e:81:de:35:cd:bc:a1:08:cd:18:0c:e2:f1:90:89:
         c6:08:63:fc:05:f2:8d:cb:e2:5e:ad:dd:a8:47:13:83:01:fb:
         9c:bf:8b:6c:7a:8d:1e:a8:6b:f5:fe:77:21:b0:c2:cb:22:96:
         74:15:46:fe:11:98:8a:56:03:8f:c4:ed:93:56:ee:4b:09:df:
         e5:2d:6d:92:e2:e1:17:69:f2:90:e7:e4:3e:31:55:97:1b:8a:
         2a:da:d4:c8:b8:d3:18:c0:a7:6f:7d:61:e4:86:58:49:7f:84:
         09:c9:d7:dc:2a:5e:72:ca:fb:1e:33:02:d2:8d:b8:40:a9:6c:
         1a:46:4b:42:22:04:fb:ca:70:83:f6:57:bd:62:15:6b:a0:fd:
         29:7f:62:4f:aa:a8:36:f2:0c:7a:32:ab:a6:55:fb:81:85:cb:
         c5:65:a6:e6:f5:05:4e:c4:17:1e:b9:3c:63:f4:61:1e:f1:e8:
         98:b8:fc:4f:44:27:11:9d:58:8e:51:26:26:16:77:9c:05:78:
         cb:fe:89:ec:e0:8e:2f:fb:8c:a0:21:67:12:8c:0a:98:81:e2:
         89:e9:d1:68
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmYicmDe8dNSt1YdR/kd6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMWQ0MDYwZmQ1MDFlYmFlOTNlZDQ0ZGE2YjdhNzllNjY3
MDViMmYwHhcNMjQwMTAyMTQzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2FkM2RhOTZlNDFlNDIzZGMxODZlZmQwYmYzNWQ3ZmQzYzcwOWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoy5WLt5GeKysxrpWz9e6xNFhDHwP
aMjoI6qJKoPzors2L4HI2CzZDEb9hcb5/Da5ggz+f78sV6sSLQtzSzmDV4Qau+Cw
rWZS6Ba4slA3kGF5/ojZwSnCj9RHAvwXEIoxcSTRwchzsgsoh0PEvfMGA+aXKdxo
WA2xkU7DXicW2ld27kXlSyR/TwJpv7WdHHqpgaBdYvco4AvQdMdNZXLxGjifiuG5
rlYFTOsDLmq9P3y6hSC15ALL57tQa6BSvTmrkTTzF1viUA66CYrZKhi0+wxHY+fw
FjQ7xl93NZjSG5+jw9ExjV/CmIEYnNUc/rqKMya5Eaxj0I9jUjX/KqDZ4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGetPaluQeQj3Bhu/QvzXX/TxwndMB8GA1UdIwQY
MBaAFF4dQGD9UB666T7UTaa3p55mcFsvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGgxQVlQMVFIcnJwUHRSTnByZW5ubVp3V3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hNzBhODQtZjU1Mi00MzU0LWExMDQt
MGUxZGI5OGFkMjMxLzEvWjYwOXFXNUI1Q1BjR0c3OUNfTmRmOVBIQ2QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hNzBhODQtZjU1Mi00MzU0LWExMDQtMGUxZGI5OGFkMjMx
LzEvWGgxQVlQMVFIcnJwUHRSTnByZW5ubVp3V3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCsDW8MA0E
AgACMAcDBQMqCeEAMA0GCSqGSIb3DQEBCwUAA4IBAQBiMSBiMq2/1JByvt4g5hLh
K3aSi1hl7rzOxFeujMEVgBVSxVM0KIVegd41zbyhCM0YDOLxkInGCGP8BfKNy+Je
rd2oRxODAfucv4tseo0eqGv1/nchsMLLIpZ0FUb+EZiKVgOPxO2TVu5LCd/lLW2S
4uEXafKQ5+Q+MVWXG4oq2tTIuNMYwKdvfWHkhlhJf4QJydfcKl5yyvseMwLSjbhA
qWwaRktCIgT7ynCD9le9YhVroP0pf2JPqqg28gx6MqumVfuBhcvFZabm9QVOxBce
uTxj9GEe8eiYuPxPRCcRnViOUSYmFnecBXjL/ons4I4v+4ygIWcSjAqYgeKJ6dFo
-----END CERTIFICATE-----
Generated at Sun Jun 16 11:06:21 2024 by rpki-client on console-fra.rpki-client.org