Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/6KY2tKOtbOO3bzYPKAsae60uSJ8.roa
File:                     6KY2tKOtbOO3bzYPKAsae60uSJ8.roa (raw, json)
Hash identifier:          Cjxm2tB/HTkk/55VKMzqqVjLp4M3aecg7ytR7JamQqY=
Subject key identifier:   E8:A6:36:B4:A3:AD:6C:E3:B7:6F:36:0F:28:0B:1A:7B:AD:2E:48:9F
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018D6A1A2B79E40E152CCE88F98EC1B4DB29
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/6KY2tKOtbOO3bzYPKAsae60uSJ8.roa
Signing time:             Fri 02 Feb 2024 13:55:16 +0000
ROA not before:           Fri 02 Feb 2024 13:55:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39083
IP address blocks:        5.252.232.0/22 maxlen: 24
                          80.78.132.0/22 maxlen: 24
                          194.120.126.0/24 maxlen: 24
                          2a07:6f40::/29 maxlen: 48
                          2a0d:2140::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6a:1a:2b:79:e4:0e:15:2c:ce:88:f9:8e:c1:b4:db:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Feb  2 13:55:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8a636b4a3ad6ce3b76f360f280b1a7bad2e489f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:28:69:23:28:a5:28:e3:f2:a2:8f:a5:b0:b8:
                    de:99:95:15:09:1d:d7:fd:a5:c4:23:a8:d7:2d:fd:
                    4b:22:49:10:6c:60:da:49:c5:04:07:77:0e:7f:8f:
                    7b:42:5e:2d:3b:a5:0f:aa:ac:02:5c:5f:c7:bc:90:
                    d7:22:42:0d:79:66:54:49:ef:ad:76:81:33:0f:61:
                    06:f1:b6:7f:4a:d4:6b:df:9e:18:d5:33:e2:a5:65:
                    a8:b9:65:8d:d7:29:c7:91:39:f8:8d:56:e4:ec:0f:
                    15:43:c4:2d:c0:e1:7f:64:7f:ad:e9:f2:1b:df:d3:
                    c4:a6:2a:f9:fa:65:9a:4c:97:0f:0b:1b:62:29:f1:
                    cd:0d:cb:a5:d9:f2:65:28:65:72:5e:88:cb:d5:55:
                    55:61:e2:82:6f:d6:6b:d9:2c:01:65:ba:fe:de:23:
                    89:30:45:57:e8:e4:eb:01:92:a6:20:c1:29:69:b7:
                    5f:cd:35:76:8e:b4:dc:e5:22:b7:63:91:6b:13:74:
                    03:fc:b4:79:d2:96:c0:ea:af:1b:4f:1b:1f:a7:f3:
                    cb:75:6e:67:97:aa:c7:a7:cd:11:0f:c3:7c:80:39:
                    97:5b:c6:f1:17:90:04:88:09:6b:76:51:6b:f8:8f:
                    79:d1:dc:c5:f7:35:8f:a6:3d:4c:1e:71:f9:bd:aa:
                    5a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A6:36:B4:A3:AD:6C:E3:B7:6F:36:0F:28:0B:1A:7B:AD:2E:48:9F
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/6KY2tKOtbOO3bzYPKAsae60uSJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.232.0/22
                  80.78.132.0/22
                  194.120.126.0/24
                IPv6:
                  2a07:6f40::/29
                  2a0d:2140::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:d2:4c:4b:c3:f9:4e:94:71:0f:32:f7:3d:ab:54:d0:35:a8:
         21:19:b3:e7:53:70:6f:17:e1:1b:1e:cb:46:ad:92:70:55:fa:
         6f:b2:9d:18:47:1a:7b:1b:a0:46:1f:40:f4:8b:0b:6c:5f:f5:
         c3:ae:e9:54:08:b1:ce:a1:f5:45:a1:de:cd:d0:a1:68:a1:5e:
         81:6d:b1:8b:6f:98:38:dd:21:a8:11:ac:b2:65:03:d9:ff:5f:
         ff:f0:a3:37:84:55:34:9f:ed:ca:c2:25:f9:a4:4b:30:d1:38:
         21:ad:bc:b8:b8:cb:eb:9f:5a:2c:71:67:0f:62:de:39:08:14:
         37:8e:90:9b:6a:da:a6:29:8b:ad:c7:bd:26:6a:d9:8c:23:68:
         b1:6c:a1:f0:07:4f:d2:e3:ba:db:04:99:ff:3c:fc:3a:10:08:
         dc:68:a9:c8:37:fb:eb:ce:45:59:dc:57:3b:9e:fc:c2:d8:70:
         00:40:ca:71:1f:67:3c:9b:32:f7:c3:6a:bb:67:09:7b:86:b9:
         57:3f:1c:a0:18:18:a3:48:f7:53:88:c9:38:45:00:ec:d0:83:
         10:96:78:fd:93:5e:61:16:14:01:95:e0:5a:ef:61:b3:2a:2a:
         4b:e0:0d:1b:5d:4a:52:28:44:e6:cc:42:f6:41:81:a8:d2:e0:
         18:7a:14:b9
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAY1qGit55A4VLM6I+Y7BtNspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwMjAyMTM1NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGE2MzZiNGEzYWQ2Y2UzYjc2ZjM2MGYyODBiMWE3YmFkMmU0ODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtChpIyilKOPyoo+lsLjemZUVCR3X
/aXEI6jXLf1LIkkQbGDaScUEB3cOf497Ql4tO6UPqqwCXF/HvJDXIkINeWZUSe+t
doEzD2EG8bZ/StRr354Y1TPipWWouWWN1ynHkTn4jVbk7A8VQ8QtwOF/ZH+t6fIb
39PEpir5+mWaTJcPCxtiKfHNDcul2fJlKGVyXojL1VVVYeKCb9Zr2SwBZbr+3iOJ
MEVX6OTrAZKmIMEpabdfzTV2jrTc5SK3Y5FrE3QD/LR50pbA6q8bTxsfp/PLdW5n
l6rHp80RD8N8gDmXW8bxF5AEiAlrdlFr+I950dzF9zWPpj1MHnH5vapasQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFOimNrSjrWzjt282DygLGnutLkifMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvNktZMnRLT3RiT08zYnpZUEtBc2FlNjB1U0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCBfzoAwQC
UE6EAwQAwnh+MBQEAgACMA4DBQMqB29AAwUDKg0hQDANBgkqhkiG9w0BAQsFAAOC
AQEAcNJMS8P5TpRxDzL3PatU0DWoIRmz51NwbxfhGx7LRq2ScFX6b7KdGEcaexug
Rh9A9IsLbF/1w67pVAixzqH1RaHezdChaKFegW2xi2+YON0hqBGssmUD2f9f//Cj
N4RVNJ/tysIl+aRLMNE4Ia28uLjL659aLHFnD2LeOQgUN46Qm2rapimLrce9JmrZ
jCNosWyh8AdP0uO62wSZ/zz8OhAI3GipyDf7685FWdxXO578wthwAEDKcR9nPJsy
98Nqu2cJe4a5Vz8coBgYo0j3U4jJOEUA7NCDEJZ4/ZNeYRYUAZXgWu9hsyoqS+AN
G11KUihE5sxC9kGBqNLgGHoUuQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:13:38 2024 by rpki-client on console-fra.rpki-client.org