Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/GJ6D7IdhImxAS760lw97jW9N5_Y.roa
File:                     GJ6D7IdhImxAS760lw97jW9N5_Y.roa (raw, json)
Hash identifier:          Z61UUJybRakTRFb3p8aReVyrJZOaI+DB2dlf35lnWS0=
Subject key identifier:   18:9E:83:EC:87:61:22:6C:40:4B:BE:B4:97:0F:7B:8D:6F:4D:E7:F6
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018E9F1DA683C0B769EF8F3130A9A3286D47
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/GJ6D7IdhImxAS760lw97jW9N5_Y.roa
Signing time:             Tue 02 Apr 2024 14:01:44 +0000
ROA not before:           Tue 02 Apr 2024 14:01:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42694
IP address blocks:        193.163.74.0/24 maxlen: 24
                          193.163.101.0/24 maxlen: 24
                          193.221.211.0/24 maxlen: 24
                          2a13:5800::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:1d:a6:83:c0:b7:69:ef:8f:31:30:a9:a3:28:6d:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Apr  2 14:01:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=189e83ec8761226c404bbeb4970f7b8d6f4de7f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:54:03:04:bc:1d:60:b7:b7:b1:61:d4:e4:be:
                    76:59:0e:ce:d8:16:4d:2c:d6:5f:00:d4:a6:9d:a6:
                    61:25:14:75:ce:10:d1:c6:4e:49:d0:02:4e:e6:97:
                    bc:50:c8:ee:e8:5a:33:e6:87:91:2e:0c:6d:81:56:
                    72:6b:6f:06:8d:e7:be:5b:64:93:53:90:40:9f:85:
                    a9:5d:1a:0e:6b:f1:0a:9d:4a:d0:11:8c:34:e4:a7:
                    2a:06:cf:24:d1:01:5d:52:8e:bb:e0:d0:47:f4:eb:
                    dc:50:67:7f:b4:84:48:1e:1a:1b:d7:bf:4d:03:8c:
                    38:17:bf:c2:6e:a8:f5:79:71:9f:02:5b:d4:02:de:
                    88:fd:0b:99:c1:4e:0a:8a:a3:65:90:03:22:41:ad:
                    a9:a1:4b:2b:5f:39:8d:ac:d0:61:70:21:f5:be:30:
                    2d:23:9b:b8:bf:d4:96:ff:8c:ba:34:8e:91:6a:85:
                    33:2b:07:71:b8:6a:32:d6:e5:cb:c1:65:29:e6:f2:
                    77:11:14:0e:5b:2c:8c:6d:00:04:90:6b:a5:c2:2c:
                    65:1d:86:bc:e5:b0:32:2e:6d:00:86:df:06:6d:3b:
                    9e:80:9d:91:47:cd:6a:71:37:ad:35:44:bf:03:d4:
                    09:77:ff:66:af:f4:22:a3:a4:6f:9f:ee:88:6a:17:
                    0c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:9E:83:EC:87:61:22:6C:40:4B:BE:B4:97:0F:7B:8D:6F:4D:E7:F6
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/GJ6D7IdhImxAS760lw97jW9N5_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.74.0/24
                  193.163.101.0/24
                  193.221.211.0/24
                IPv6:
                  2a13:5800::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:68:ed:d1:0d:9e:fc:65:9a:54:c2:3d:38:4c:d7:0f:78:f8:
         aa:c6:9a:ee:32:b2:d9:e7:08:30:63:ec:e5:6e:8d:10:80:0e:
         92:91:54:5c:c2:ef:d8:9e:c6:6c:36:53:3b:49:85:af:c0:b9:
         fc:9e:87:d8:6d:d6:7d:8a:42:b5:53:68:95:97:67:63:2c:c7:
         35:bc:e4:02:ca:0a:2d:f2:29:71:7f:34:24:f6:8b:5e:36:dc:
         22:82:75:1f:30:5d:1a:19:9c:c4:45:c6:b8:83:de:13:89:87:
         31:da:2f:6c:0c:31:b3:03:0e:93:6c:38:d1:e7:86:2a:e0:39:
         4e:21:3f:76:30:9a:2b:25:ed:a5:fa:bf:8f:ba:ad:29:03:04:
         24:0e:f1:26:0f:5d:cb:2f:0a:16:6a:ad:01:66:47:ec:8f:71:
         ff:be:5f:87:99:05:60:7f:02:96:ca:0f:1e:95:0e:91:42:ad:
         0b:20:a5:83:11:14:0a:ca:09:30:e1:96:2b:2e:50:83:ea:2a:
         b2:df:35:c6:f2:03:1b:ed:9c:16:d1:d0:46:03:56:73:21:55:
         49:01:0b:71:b7:00:01:cd:79:b2:35:65:41:27:3c:5f:13:8a:
         a7:66:f4:1a:0f:d7:68:56:c3:6b:04:28:69:67:05:74:86:e5:
         54:6f:7a:5b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY6fHaaDwLdp748xMKmjKG1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNDAyMTQwMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODllODNlYzg3NjEyMjZjNDA0YmJlYjQ5NzBmN2I4ZDZmNGRlN2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFQDBLwdYLe3sWHU5L52WQ7O2BZN
LNZfANSmnaZhJRR1zhDRxk5J0AJO5pe8UMju6Foz5oeRLgxtgVZya28Gjee+W2ST
U5BAn4WpXRoOa/EKnUrQEYw05KcqBs8k0QFdUo674NBH9OvcUGd/tIRIHhob179N
A4w4F7/Cbqj1eXGfAlvUAt6I/QuZwU4KiqNlkAMiQa2poUsrXzmNrNBhcCH1vjAt
I5u4v9SW/4y6NI6RaoUzKwdxuGoy1uXLwWUp5vJ3ERQOWyyMbQAEkGulwixlHYa8
5bAyLm0Aht8GbTuegJ2RR81qcTetNUS/A9QJd/9mr/Qio6Rvn+6IahcMUwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBieg+yHYSJsQEu+tJcPe41vTef2MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvR0o2RDdJZGhJbXhBUzc2MGx3OTdqVzlONV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAwaNKAwQA
waNlAwQAwd3TMA0EAgACMAcDBQMqE1gAMA0GCSqGSIb3DQEBCwUAA4IBAQB2aO3R
DZ78ZZpUwj04TNcPePiqxpruMrLZ5wgwY+zlbo0QgA6SkVRcwu/YnsZsNlM7SYWv
wLn8nofYbdZ9ikK1U2iVl2djLMc1vOQCygot8ilxfzQk9oteNtwignUfMF0aGZzE
Rca4g94TiYcx2i9sDDGzAw6TbDjR54Yq4DlOIT92MJorJe2l+r+Puq0pAwQkDvEm
D13LLwoWaq0BZkfsj3H/vl+HmQVgfwKWyg8elQ6RQq0LIKWDERQKygkw4ZYrLlCD
6iqy3zXG8gMb7ZwW0dBGA1ZzIVVJAQtxtwABzXmyNWVBJzxfE4qnZvQaD9doVsNr
BChpZwV0huVUb3pb
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:49:16 2024 by rpki-client on console-fra.rpki-client.org