Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/kgfC2MhvKjPAmPquecec_xdJBmY.roa
File:                     kgfC2MhvKjPAmPquecec_xdJBmY.roa (raw, json)
Hash identifier:          fhbVNacdrQDLqhAwFfpiMJUfLRz+7XmpoUMdy+v5L74=
Subject key identifier:   92:07:C2:D8:C8:6F:2A:33:C0:98:FA:AE:79:C7:9C:FF:17:49:06:66
Certificate issuer:       /CN=c09fc8a067fa6d2476bdce24afffad17131d9e86
Certificate serial:       018CC5DC182FB5CDE9EFF2B8317E2FE45F12
Authority key identifier: C0:9F:C8:A0:67:FA:6D:24:76:BD:CE:24:AF:FF:AD:17:13:1D:9E:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/kgfC2MhvKjPAmPquecec_xdJBmY.roa
Signing time:             Mon 01 Jan 2024 16:29:44 +0000
ROA not before:           Mon 01 Jan 2024 16:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211607
IP address blocks:        195.230.103.0/24 maxlen: 24
                          2a10:b640:3000::/36 maxlen: 48
                          2001:678:e70::/48 maxlen: 48
                          2a10:b641::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:18:2f:b5:cd:e9:ef:f2:b8:31:7e:2f:e4:5f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c09fc8a067fa6d2476bdce24afffad17131d9e86
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9207c2d8c86f2a33c098faae79c79cff17490666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:dc:b9:fd:e1:22:e1:42:44:9c:94:eb:08:d0:
                    9d:64:fa:3a:82:ae:08:d8:1e:59:b0:0c:e3:95:d0:
                    b6:79:50:e1:c6:d3:e2:40:0d:f5:1e:dc:1a:1f:e6:
                    bf:8f:ce:13:d3:8c:07:4d:2e:96:70:9f:a7:2f:9c:
                    9e:6b:82:a0:b6:72:ab:4f:e8:1d:fd:c4:ec:38:1c:
                    e8:c7:d6:7d:11:af:df:0f:d5:58:44:38:3e:6c:34:
                    11:05:b3:0f:a7:2a:f6:ff:69:3b:9e:aa:18:ac:05:
                    3b:2c:0c:20:d3:f9:88:b8:68:27:55:5b:40:c7:6e:
                    3e:3e:a1:6f:33:4f:5d:e9:82:a3:78:59:78:a5:58:
                    63:e4:8a:57:4f:ea:29:0f:c9:a9:97:76:43:5f:57:
                    0e:4d:20:9a:f4:58:ea:6c:c9:84:6d:f0:f1:14:14:
                    e4:6a:9b:f2:1e:57:d1:5b:e1:ba:ef:2a:bb:68:9e:
                    eb:d9:a7:53:11:4e:4e:26:26:e7:c3:b8:7f:99:62:
                    c2:fe:d5:8f:8e:80:f4:28:04:b6:e9:5d:bf:e9:02:
                    2a:b5:fb:8d:df:46:b2:57:b2:5f:9c:1d:9f:86:58:
                    47:38:43:af:a9:c0:85:ef:41:06:13:35:a7:57:11:
                    25:bf:b4:0e:96:3c:af:95:7a:05:4a:9d:df:29:30:
                    b7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:07:C2:D8:C8:6F:2A:33:C0:98:FA:AE:79:C7:9C:FF:17:49:06:66
            X509v3 Authority Key Identifier:
                keyid:C0:9F:C8:A0:67:FA:6D:24:76:BD:CE:24:AF:FF:AD:17:13:1D:9E:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/kgfC2MhvKjPAmPquecec_xdJBmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a733bc-68f8-499f-850f-8e924ffbe584/1/wJ_IoGf6bSR2vc4kr_-tFxMdnoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.103.0/24
                IPv6:
                  2001:678:e70::/48
                  2a10:b640:3000::/36
                  2a10:b641::/36

    Signature Algorithm: sha256WithRSAEncryption
         08:68:2f:26:36:53:e3:e5:38:84:e3:5f:e8:6d:63:c1:cd:5a:
         42:ff:b3:15:cb:2b:e7:86:8f:10:04:75:b2:7b:cb:96:f9:18:
         f2:ef:8b:38:12:de:1b:ef:d9:1d:5a:04:37:67:13:ac:0d:e6:
         ec:51:4f:26:6d:e0:fb:47:b5:48:01:2d:f9:74:6a:30:40:b0:
         1c:c8:cf:7e:19:72:8e:ae:0e:a1:ea:43:91:75:37:72:54:83:
         f6:9a:54:09:95:63:1b:11:42:30:54:d7:e7:88:80:9e:a9:ce:
         61:e3:a7:82:68:12:e7:64:e9:0f:e3:e2:7d:91:50:8b:08:11:
         24:6c:85:bb:6e:2f:97:80:90:15:58:9e:11:1c:93:84:dd:bf:
         5a:93:20:20:6a:33:ed:76:e9:76:ab:66:63:df:96:25:0d:3d:
         ae:0b:23:e8:c1:ee:75:4e:b1:a1:1d:cb:0b:f4:ee:c7:cf:25:
         69:3c:19:91:b1:d9:be:cb:fe:aa:13:43:a3:b2:99:88:eb:26:
         3e:d9:ce:e2:d3:c3:87:39:53:ec:96:f1:17:bc:40:a3:c7:33:
         63:60:c4:2c:91:4a:1f:fa:89:6f:b1:9e:83:c2:c7:1c:3d:3d:
         48:de:53:b6:b5:3f:e2:47:fa:ac:f3:1b:03:7d:85:c7:0c:a4:
         62:0f:df:23
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzF3Bgvtc3p7/K4MX4v5F8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwOWZjOGEwNjdmYTZkMjQ3NmJkY2UyNGFmZmZhZDE3MTMx
ZDllODYwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjA3YzJkOGM4NmYyYTMzYzA5OGZhYWU3OWM3OWNmZjE3NDkwNjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldy5/eEi4UJEnJTrCNCdZPo6gq4I
2B5ZsAzjldC2eVDhxtPiQA31HtwaH+a/j84T04wHTS6WcJ+nL5yea4KgtnKrT+gd
/cTsOBzox9Z9Ea/fD9VYRDg+bDQRBbMPpyr2/2k7nqoYrAU7LAwg0/mIuGgnVVtA
x24+PqFvM09d6YKjeFl4pVhj5IpXT+opD8mpl3ZDX1cOTSCa9FjqbMmEbfDxFBTk
apvyHlfRW+G67yq7aJ7r2adTEU5OJibnw7h/mWLC/tWPjoD0KAS26V2/6QIqtfuN
30ayV7JfnB2fhlhHOEOvqcCF70EGEzWnVxElv7QOljyvlXoFSp3fKTC3mQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJIHwtjIbyozwJj6rnnHnP8XSQZmMB8GA1UdIwQY
MBaAFMCfyKBn+m0kdr3OJK//rRcTHZ6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0pfSW9HZjZiU1IydmM0a3JfLXRGeE1kbm9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9hNzMzYmMtNjhmOC00OTlmLTg1MGYt
OGU5MjRmZmJlNTg0LzEva2dmQzJNaHZLalBBbVBxdWVjZWNfeGRKQm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9hNzMzYmMtNjhmOC00OTlmLTg1MGYtOGU5MjRmZmJlNTg0
LzEvd0pfSW9HZjZiU1IydmM0a3JfLXRGeE1kbm9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAMBAIAATAGAwQAw+ZnMB8E
AgACMBkDBwAgAQZ4DnADBgQqELZAMAMGBCoQtkEAMA0GCSqGSIb3DQEBCwUAA4IB
AQAIaC8mNlPj5TiE41/obWPBzVpC/7MVyyvnho8QBHWye8uW+Rjy74s4Et4b79kd
WgQ3ZxOsDebsUU8mbeD7R7VIAS35dGowQLAcyM9+GXKOrg6h6kORdTdyVIP2mlQJ
lWMbEUIwVNfniICeqc5h46eCaBLnZOkP4+J9kVCLCBEkbIW7bi+XgJAVWJ4RHJOE
3b9akyAgajPtdul2q2Zj35YlDT2uCyPowe51TrGhHcsL9O7HzyVpPBmRsdm+y/6q
E0OjspmI6yY+2c7i08OHOVPslvEXvECjxzNjYMQskUof+olvsZ6DwsccPT1I3lO2
tT/iR/qs8xsDfYXHDKRiD98j
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:39:25 2024 by rpki-client on console-fra.rpki-client.org