Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/6Kqs7OicgE2IrHEDzqncNXq0CzY.roa
File:                     6Kqs7OicgE2IrHEDzqncNXq0CzY.roa (raw, json)
Hash identifier:          zo1EXRBt3clq37VrLcrRd+IyydSgdtr3uvYnDd9oHcM=
Subject key identifier:   E8:AA:AC:EC:E8:9C:80:4D:88:AC:71:03:CE:A9:DC:35:7A:B4:0B:36
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       018CC348E0BB7337A40A6B91367F15EF9455
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/6Kqs7OicgE2IrHEDzqncNXq0CzY.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41081
IP address blocks:        5.153.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e0:bb:73:37:a4:0a:6b:91:36:7f:15:ef:94:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8aaacece89c804d88ac7103cea9dc357ab40b36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:90:d7:b3:09:61:15:d7:63:b1:4b:da:39:be:
                    ac:07:70:7a:2c:e8:05:50:18:db:99:a7:56:b4:f6:
                    38:d7:78:35:d0:2b:f0:3b:c1:64:4b:64:bc:eb:39:
                    86:7c:1e:16:5c:9d:85:29:81:05:7d:ba:a1:51:c4:
                    bd:5b:ea:fe:76:0e:79:f2:f0:2f:ad:76:1b:b5:14:
                    b1:73:f8:40:91:60:2a:9c:0a:b2:9e:fe:be:f0:ce:
                    1a:28:bc:1e:0e:24:a1:f0:a3:2d:fc:fb:f8:e3:36:
                    ca:14:44:5c:9c:47:2c:12:e8:55:7d:15:41:49:1d:
                    48:2a:f9:87:d4:27:eb:5d:52:3f:ec:76:9e:52:05:
                    79:6d:45:8e:1e:19:7a:92:47:6c:f4:86:5a:76:dc:
                    6c:86:59:4e:f1:a4:b4:12:7c:00:6b:9b:7c:bb:d1:
                    e5:12:73:2d:0b:73:6b:fe:49:57:b6:03:74:5b:96:
                    08:ac:db:ba:ec:2f:28:34:cc:65:b7:b3:80:7a:97:
                    48:f7:d0:f8:11:1f:61:1a:13:ad:e3:62:b9:7b:d0:
                    a9:c1:ad:63:18:32:c0:42:a8:ff:45:e7:38:a0:a1:
                    c4:42:7f:59:9e:bb:c5:0f:ae:3f:9b:44:89:25:da:
                    8b:6a:3d:21:09:6f:ee:d8:6e:69:38:cc:06:26:47:
                    0e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:AA:AC:EC:E8:9C:80:4D:88:AC:71:03:CE:A9:DC:35:7A:B4:0B:36
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/6Kqs7OicgE2IrHEDzqncNXq0CzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.153.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:48:3a:cb:ee:76:74:6a:70:e4:13:62:17:97:a4:8d:7d:2e:
         6c:b4:86:19:b1:c1:86:df:1d:f7:77:cf:4d:c5:90:ca:a0:9c:
         77:59:5d:36:b6:2a:83:91:70:ce:0b:4b:cb:a8:4a:51:b6:83:
         21:08:f8:e5:11:50:58:1a:44:5c:17:02:52:6b:80:55:e9:af:
         76:1c:67:0d:41:9c:3e:ea:2d:24:02:64:b5:27:c7:28:73:65:
         82:1f:c6:65:5b:94:e5:18:b5:e4:3f:00:2f:07:09:62:3c:1c:
         82:60:1e:27:5a:bd:0e:3d:d5:71:f5:e9:d7:75:24:dd:30:0c:
         e3:28:87:51:ea:38:2b:51:63:15:5a:6f:12:ea:4e:84:81:b3:
         94:14:ee:15:fa:56:f3:c3:94:76:3e:3c:4e:13:7a:a9:26:94:
         6f:87:38:3e:ac:2d:99:7e:6d:38:37:c8:55:98:17:07:fc:88:
         e3:1c:47:84:b5:d0:93:99:36:b1:0e:74:0e:c2:0a:78:cc:c6:
         aa:46:66:2a:58:90:ff:16:e0:e4:4e:07:e8:c2:c1:3a:4c:46:
         f2:41:3b:aa:81:9d:00:6f:76:ba:85:a8:2a:92:58:3a:95:5f:
         4b:f1:c6:37:39:ec:b1:ee:b1:43:b5:0a:13:8d:0d:ac:11:52:
         e8:d7:48:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOC7czekCmuRNn8V75RVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGFhYWNlY2U4OWM4MDRkODhhYzcxMDNjZWE5ZGMzNTdhYjQwYjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZDXswlhFddjsUvaOb6sB3B6LOgF
UBjbmadWtPY413g10CvwO8FkS2S86zmGfB4WXJ2FKYEFfbqhUcS9W+r+dg558vAv
rXYbtRSxc/hAkWAqnAqynv6+8M4aKLweDiSh8KMt/Pv44zbKFERcnEcsEuhVfRVB
SR1IKvmH1CfrXVI/7HaeUgV5bUWOHhl6kkds9IZadtxshllO8aS0EnwAa5t8u9Hl
EnMtC3Nr/klXtgN0W5YIrNu67C8oNMxlt7OAepdI99D4ER9hGhOt42K5e9Cpwa1j
GDLAQqj/Rec4oKHEQn9ZnrvFD64/m0SJJdqLaj0hCW/u2G5pOMwGJkcOeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiqrOzonIBNiKxxA86p3DV6tAs2MB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvNktxczdPaWNnRTJJckhFRHpxbmNOWHEwQ3pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBZm2MA0G
CSqGSIb3DQEBCwUAA4IBAQBESDrL7nZ0anDkE2IXl6SNfS5stIYZscGG3x33d89N
xZDKoJx3WV02tiqDkXDOC0vLqEpRtoMhCPjlEVBYGkRcFwJSa4BV6a92HGcNQZw+
6i0kAmS1J8coc2WCH8ZlW5TlGLXkPwAvBwliPByCYB4nWr0OPdVx9enXdSTdMAzj
KIdR6jgrUWMVWm8S6k6EgbOUFO4V+lbzw5R2PjxOE3qpJpRvhzg+rC2Zfm04N8hV
mBcH/IjjHEeEtdCTmTaxDnQOwgp4zMaqRmYqWJD/FuDkTgfowsE6TEbyQTuqgZ0A
b3a6hagqklg6lV9L8cY3Oeyx7rFDtQoTjQ2sEVLo10iq
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:41:24 2024 by rpki-client on console-ams.rpki-client.org