Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/Zp_nhKHuGI2KqJSD_eQD18x1sjo.roa
File:                     Zp_nhKHuGI2KqJSD_eQD18x1sjo.roa (raw, json)
Hash identifier:          z6bfbEeTTWCQeg3kgxrqPokHe7CBP9vmecAlHdR5LfE=
Subject key identifier:   66:9F:E7:84:A1:EE:18:8D:8A:A8:94:83:FD:E4:03:D7:CC:75:B2:3A
Certificate issuer:       /CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
Certificate serial:       01906476FF52E40790CC949142FEBA819288
Authority key identifier: DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/Zp_nhKHuGI2KqJSD_eQD18x1sjo.roa
Signing time:             Sat 29 Jun 2024 14:47:18 +0000
ROA not before:           Sat 29 Jun 2024 14:47:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13046
IP address blocks:        89.164.0.0/16 maxlen: 24
                          141.136.128.0/17 maxlen: 24
                          141.138.0.0/18 maxlen: 24
                          213.191.128.0/19 maxlen: 24
                          213.202.64.0/18 maxlen: 24
                          2001:1af0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:64:76:ff:52:e4:07:90:cc:94:91:42:fe:ba:81:92:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
        Validity
            Not Before: Jun 29 14:47:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=669fe784a1ee188d8aa89483fde403d7cc75b23a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:60:de:18:cf:fb:b0:6c:4e:8c:eb:a3:4b:56:
                    9f:de:99:a4:f3:51:6e:4a:99:4a:f0:03:11:8c:ce:
                    6a:ed:03:96:88:25:8e:28:32:22:1d:f3:65:b5:9f:
                    14:23:e9:d4:83:81:24:e1:1f:7f:90:42:d1:4c:bc:
                    5d:18:31:ad:72:77:20:df:b1:b5:e4:58:90:ec:2b:
                    21:95:56:bb:98:1c:e0:95:98:df:8f:00:1e:f6:ac:
                    aa:8f:65:c6:05:5d:15:2e:f5:e9:fe:82:4b:1e:79:
                    61:e7:06:89:b8:a7:9a:15:09:68:eb:2c:9c:4d:f2:
                    e5:aa:33:42:12:51:93:e7:e3:f3:ad:e8:e0:a3:94:
                    48:af:7c:ba:8f:32:b5:74:91:24:97:16:22:71:ff:
                    79:ab:82:65:de:89:4d:cf:74:50:ee:30:a2:90:8e:
                    f4:cd:a7:65:75:c3:63:a3:da:74:50:1e:ca:5f:5d:
                    27:4c:c8:9b:43:ac:e5:67:88:4e:cd:e2:31:c8:4a:
                    0e:03:03:22:a6:0e:02:14:3a:d3:de:3d:5f:bf:38:
                    ac:79:8e:f8:8a:ae:b8:d5:1e:ac:8f:a8:6c:bc:4e:
                    3b:43:cb:41:94:47:db:50:e4:5e:c6:09:69:51:0e:
                    fd:a2:61:a1:02:c2:e2:32:e8:69:fa:1a:b4:46:ff:
                    df:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:9F:E7:84:A1:EE:18:8D:8A:A8:94:83:FD:E4:03:D7:CC:75:B2:3A
            X509v3 Authority Key Identifier:
                keyid:DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/Zp_nhKHuGI2KqJSD_eQD18x1sjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.164.0.0/16
                  141.136.128.0/17
                  141.138.0.0/18
                  213.191.128.0/19
                  213.202.64.0/18
                IPv6:
                  2001:1af0::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:66:29:16:22:47:9f:e2:f6:f5:36:9d:e3:01:3a:64:0f:69:
         c7:77:a2:c6:ab:05:c0:f4:ec:1c:73:89:93:a2:cc:89:11:f3:
         b5:1e:2e:87:b0:b5:0d:0e:6a:41:13:34:a9:4b:b8:24:dc:ba:
         17:2f:28:bc:8f:88:c3:12:21:64:57:69:30:66:5d:df:c4:ed:
         c7:93:f7:bd:fa:40:40:d8:38:62:0c:6d:2c:7c:1f:2f:68:bd:
         df:4e:a6:1d:25:11:68:ff:36:e7:03:0b:08:6b:29:b6:19:83:
         81:41:87:cc:08:ee:30:b2:1f:6f:95:f9:db:82:41:42:83:57:
         79:d5:10:64:17:7b:9c:c8:82:59:a8:17:21:b5:5d:8f:2c:0c:
         d2:66:9f:2c:a9:cd:95:1e:8c:2a:de:d9:a0:61:9d:82:81:f2:
         78:f3:96:ce:d6:19:c8:39:98:07:22:3f:85:73:8a:3d:3d:a5:
         2a:a8:49:91:c9:c5:58:4b:4d:8c:1b:5e:13:f0:ee:5b:34:22:
         fa:59:bb:8e:dd:83:c6:93:69:45:81:9a:93:a2:5e:13:55:6a:
         01:d7:cf:63:4e:15:fb:9e:98:f9:49:c3:3b:c1:a6:ca:a1:41:
         38:77:e3:e8:bd:da:03:ee:b9:4c:b2:54:c9:cc:14:da:9e:81:
         c1:2d:57:8b
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZBkdv9S5AeQzJSRQv66gZKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWM1MzJmM2NkNWUxMWUxOWZlYjE5NjU1ZDRmMTk5MjZm
MDIwMjAwHhcNMjQwNjI5MTQ0NzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjlmZTc4NGExZWUxODhkOGFhODk0ODNmZGU0MDNkN2NjNzViMjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mDeGM/7sGxOjOujS1af3pmk81Fu
SplK8AMRjM5q7QOWiCWOKDIiHfNltZ8UI+nUg4Ek4R9/kELRTLxdGDGtcncg37G1
5FiQ7CshlVa7mBzglZjfjwAe9qyqj2XGBV0VLvXp/oJLHnlh5waJuKeaFQlo6yyc
TfLlqjNCElGT5+Pzrejgo5RIr3y6jzK1dJEklxYicf95q4Jl3olNz3RQ7jCikI70
zadldcNjo9p0UB7KX10nTMibQ6zlZ4hOzeIxyEoOAwMipg4CFDrT3j1fvziseY74
iq641R6sj6hsvE47Q8tBlEfbUORexglpUQ79omGhAsLiMuhp+hq0Rv/f0QIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFGaf54Sh7hiNiqiUg/3kA9fMdbI6MB8GA1UdIwQY
MBaAFNxcUy881eEeGf6xllXU8Zkm8CAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEt
NGI2YzFjZjlmZTRmLzEvWnBfbmhLSHVHSTJLcUpTRF9lUUQxOHgxc2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEtNGI2YzFjZjlmZTRm
LzEvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAjBAIAATAdAwMAWaQDBAeN
iIADBAaNigADBAXVv4ADBAbVykAwDQQCAAIwBwMFAyABGvAwDQYJKoZIhvcNAQEL
BQADggEBADJmKRYiR5/i9vU2neMBOmQPacd3osarBcD07BxziZOizIkR87UeLoew
tQ0OakETNKlLuCTcuhcvKLyPiMMSIWRXaTBmXd/E7ceT9736QEDYOGIMbSx8Hy9o
vd9Oph0lEWj/NucDCwhrKbYZg4FBh8wI7jCyH2+V+duCQUKDV3nVEGQXe5zIglmo
FyG1XY8sDNJmnyypzZUejCre2aBhnYKB8njzls7WGcg5mAciP4Vzij09pSqoSZHJ
xVhLTYwbXhPw7ls0IvpZu47dg8aTaUWBmpOiXhNVagHXz2NOFfuemPlJwzvBpsqh
QTh34+i92gPuuUyyVMnMFNqegcEtV4s=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:07:05 2024 by rpki-client on console-ams.rpki-client.org