Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/8cx6w1beyMlGqZP8KyYcuFzXSEs.roa
File:                     8cx6w1beyMlGqZP8KyYcuFzXSEs.roa (raw, json)
Hash identifier:          J7UJLXdkDNNW0MJQgo/ZZub7MQrmBw5qL5bKcvLJtGI=
Subject key identifier:   F1:CC:7A:C3:56:DE:C8:C9:46:A9:93:FC:2B:26:1C:B8:5C:D7:48:4B
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0196EE0C602CD7C108C99541F4209339ED21
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/8cx6w1beyMlGqZP8KyYcuFzXSEs.roa
Signing time:             Tue 20 May 2025 14:15:10 +0000
ROA not before:           Tue 20 May 2025 14:15:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     263812
IP address blocks:        92.71.6.0/24 maxlen: 24
                          92.71.9.0/24 maxlen: 24
                          92.71.12.0/24 maxlen: 24
                          92.71.18.0/24 maxlen: 24
                          92.71.23.0/24 maxlen: 24
                          92.71.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 15:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ee:0c:60:2c:d7:c1:08:c9:95:41:f4:20:93:39:ed:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: May 20 14:15:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1cc7ac356dec8c946a993fc2b261cb85cd7484b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a8:1a:92:52:53:a1:73:9a:b6:1c:d2:86:9a:
                    fd:9a:6c:cc:1e:fb:da:97:10:5f:35:cf:18:3f:4c:
                    8b:b3:f6:3e:97:c3:c4:5b:e5:ea:c0:ec:98:50:b6:
                    80:e5:50:db:51:c8:30:aa:9f:9d:10:00:24:67:11:
                    40:5e:82:be:3f:6e:7f:6d:e7:0d:a4:dc:be:36:99:
                    19:d0:ff:b9:f6:ad:33:2e:0a:ec:fb:90:0c:f9:d0:
                    5f:84:af:1a:1f:49:f2:8f:ca:f2:6e:a2:00:bc:71:
                    6e:b6:fd:b5:c6:26:dc:71:0b:47:cc:4d:98:34:6b:
                    95:c2:5c:9c:4a:d4:86:5f:c9:84:71:73:91:6c:8f:
                    99:ed:ed:90:9d:1a:68:35:30:6e:09:12:73:5b:e9:
                    d4:f6:86:bd:46:15:a7:7d:43:5a:f7:ab:a0:56:90:
                    7e:3b:44:6d:63:1d:25:35:7f:69:89:0d:3a:20:31:
                    5b:08:cb:89:7d:9e:5e:95:14:f0:16:e2:e1:e6:44:
                    b3:45:9a:d7:25:21:25:7c:15:d8:2b:14:ee:ea:a5:
                    53:c1:c3:15:a5:0f:36:dc:1b:6b:44:56:3a:51:2d:
                    8c:ab:d6:d3:41:77:88:74:ca:1c:10:58:e7:47:d2:
                    e6:a1:63:c1:fb:ae:24:48:89:d1:b6:35:91:e1:51:
                    dd:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:CC:7A:C3:56:DE:C8:C9:46:A9:93:FC:2B:26:1C:B8:5C:D7:48:4B
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/8cx6w1beyMlGqZP8KyYcuFzXSEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.71.6.0/24
                  92.71.9.0/24
                  92.71.12.0/24
                  92.71.18.0/24
                  92.71.23.0/24
                  92.71.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:5b:96:b8:ab:88:8f:f4:ee:cf:32:09:7a:d6:2d:34:79:72:
         af:f2:9c:d3:f7:74:55:92:06:b5:49:e8:21:b4:6b:9b:cc:af:
         8a:4a:f4:83:52:78:00:0f:14:e7:88:c1:03:85:60:b2:69:ef:
         2d:4e:e0:3e:66:45:aa:2a:e1:5e:7d:f0:34:b3:2c:30:55:69:
         07:e1:1e:21:33:e2:8b:df:6a:a7:d2:da:10:51:b6:8f:39:a6:
         a1:c5:98:11:13:0b:40:66:8e:41:3d:1c:e8:9a:0d:db:88:5d:
         b7:03:c9:a4:a2:82:89:bb:94:a7:42:d6:24:ae:23:2d:d7:60:
         c0:23:e2:bf:66:1a:7e:4f:c2:b1:50:6d:74:b3:78:90:74:8c:
         0c:98:d9:8d:d0:25:c7:70:4d:ef:b8:ea:8b:b4:4c:bd:2d:57:
         36:88:0b:ea:3d:ce:7b:3d:d9:44:8e:46:71:8b:7d:5c:c5:4c:
         9c:9a:ed:e0:3c:19:17:a4:f3:ce:c9:70:30:b9:ba:cf:b9:81:
         99:10:dd:66:8d:05:eb:0c:5a:fc:97:c1:6a:03:55:c4:d2:23:
         a6:40:28:35:32:7e:6a:bd:ae:ab:5d:b5:aa:29:ab:db:71:b9:
         48:45:4d:41:6f:60:49:48:56:3c:30:b1:fe:5c:b8:dd:5f:b3:
         c7:cc:2a:0a
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZbuDGAs18EIyZVB9CCTOe0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwNTIwMTQxNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWNjN2FjMzU2ZGVjOGM5NDZhOTkzZmMyYjI2MWNiODVjZDc0ODRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6gaklJToXOathzShpr9mmzMHvva
lxBfNc8YP0yLs/Y+l8PEW+XqwOyYULaA5VDbUcgwqp+dEAAkZxFAXoK+P25/becN
pNy+NpkZ0P+59q0zLgrs+5AM+dBfhK8aH0nyj8rybqIAvHFutv21xibccQtHzE2Y
NGuVwlycStSGX8mEcXORbI+Z7e2QnRpoNTBuCRJzW+nU9oa9RhWnfUNa96ugVpB+
O0RtYx0lNX9piQ06IDFbCMuJfZ5elRTwFuLh5kSzRZrXJSElfBXYKxTu6qVTwcMV
pQ823BtrRFY6US2Mq9bTQXeIdMocEFjnR9LmoWPB+64kSInRtjWR4VHdcwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPHMesNW3sjJRqmT/CsmHLhc10hLMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvOGN4NncxYmV5TWxHcVpQOEt5WWN1RnpYU0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAXEcGAwQA
XEcJAwQAXEcMAwQAXEcSAwQAXEcXAwQAXEc9MA0GCSqGSIb3DQEBCwUAA4IBAQBL
W5a4q4iP9O7PMgl61i00eXKv8pzT93RVkga1SeghtGubzK+KSvSDUngADxTniMED
hWCyae8tTuA+ZkWqKuFeffA0sywwVWkH4R4hM+KL32qn0toQUbaPOaahxZgREwtA
Zo5BPRzomg3biF23A8mkooKJu5SnQtYkriMt12DAI+K/Zhp+T8KxUG10s3iQdIwM
mNmN0CXHcE3vuOqLtEy9LVc2iAvqPc57PdlEjkZxi31cxUycmu3gPBkXpPPOyXAw
ubrPuYGZEN1mjQXrDFr8l8FqA1XE0iOmQCg1Mn5qva6rXbWqKavbcblIRU1Bb2BJ
SFY8MLH+XLjdX7PHzCoK
-----END CERTIFICATE-----
Generated at Wed Jun 11 21:58:30 2025 by rpki-client