Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/13d49f-5e0f-422b-bcf1-e172d6a01e03/1/9ykJEphKAtuM8oVBgtkf9R0XVKA.roa
File:                     9ykJEphKAtuM8oVBgtkf9R0XVKA.roa (raw, json)
Hash identifier:          lf+2RvjH4TQ4tmWT429FDAbRXIFtiS7DYzLDVUFuWlU=
Subject key identifier:   F7:29:09:12:98:4A:02:DB:8C:F2:85:41:82:D9:1F:F5:1D:17:54:A0
Certificate issuer:       /CN=da0b6d9bed7da6d42207b90064d3e13efd3254ac
Certificate serial:       018DCC10C7B313DA58B1F544066DD3CFD3FD
Authority key identifier: DA:0B:6D:9B:ED:7D:A6:D4:22:07:B9:00:64:D3:E1:3E:FD:32:54:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gttm-19ptQiB7kAZNPhPv0yVKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/13d49f-5e0f-422b-bcf1-e172d6a01e03/1/9ykJEphKAtuM8oVBgtkf9R0XVKA.roa
Signing time:             Wed 21 Feb 2024 14:27:48 +0000
ROA not before:           Wed 21 Feb 2024 14:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34762
IP address blocks:        2.59.64.0/22 maxlen: 22
                          2.59.64.0/23 maxlen: 23
                          2a09:e940::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/13d49f-5e0f-422b-bcf1-e172d6a01e03/1/2gttm-19ptQiB7kAZNPhPv0yVKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/13d49f-5e0f-422b-bcf1-e172d6a01e03/1/2gttm-19ptQiB7kAZNPhPv0yVKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gttm-19ptQiB7kAZNPhPv0yVKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cc:10:c7:b3:13:da:58:b1:f5:44:06:6d:d3:cf:d3:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da0b6d9bed7da6d42207b90064d3e13efd3254ac
        Validity
            Not Before: Feb 21 14:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7290912984a02db8cf2854182d91ff51d1754a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5b:aa:31:fa:01:db:00:08:92:4d:12:9a:82:
                    7f:6b:6b:4d:f5:e3:78:4e:0f:02:23:0e:c8:63:f9:
                    80:89:22:18:fb:fc:38:62:70:c6:8d:cf:4f:09:a3:
                    53:d4:f9:2f:5c:fa:51:d7:9b:40:f8:94:1b:68:8f:
                    ab:00:72:50:9b:e4:19:29:b2:4b:1b:20:30:9c:69:
                    cb:16:e3:b2:6c:9d:f0:39:dd:9c:4e:db:c8:13:45:
                    66:91:4b:67:86:c7:79:fc:d5:a5:33:0f:cd:56:17:
                    3f:5a:25:f9:20:2b:3d:8f:90:2c:8c:c4:26:d1:15:
                    1d:dd:9c:aa:76:f1:a9:25:1d:14:24:19:55:10:01:
                    16:4d:1f:ac:3f:a5:5c:21:24:e9:3a:b7:e1:2d:ee:
                    0c:58:6f:e9:bc:65:85:10:4d:22:02:4c:10:48:85:
                    bd:ae:54:68:da:e6:9f:31:57:90:2f:84:bf:71:e8:
                    c1:c5:b3:10:30:7c:67:1e:0a:ba:f4:6d:03:61:0f:
                    22:09:20:4c:d1:07:80:56:c2:c7:b7:59:2d:04:53:
                    f7:1b:8f:46:31:37:44:32:57:06:0e:f4:23:59:51:
                    7d:b8:ef:0b:ad:31:0d:08:f1:22:77:44:03:22:68:
                    0c:39:c6:7d:1e:1e:28:87:2e:e3:52:03:61:a0:ed:
                    5f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:29:09:12:98:4A:02:DB:8C:F2:85:41:82:D9:1F:F5:1D:17:54:A0
            X509v3 Authority Key Identifier:
                keyid:DA:0B:6D:9B:ED:7D:A6:D4:22:07:B9:00:64:D3:E1:3E:FD:32:54:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gttm-19ptQiB7kAZNPhPv0yVKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/13d49f-5e0f-422b-bcf1-e172d6a01e03/1/9ykJEphKAtuM8oVBgtkf9R0XVKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/13d49f-5e0f-422b-bcf1-e172d6a01e03/1/2gttm-19ptQiB7kAZNPhPv0yVKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.64.0/22
                IPv6:
                  2a09:e940::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:40:b1:45:46:9f:1a:1b:96:5f:d3:69:b1:63:d0:27:d1:ff:
         d5:b5:39:45:79:e2:e6:26:67:7f:b9:43:02:70:0e:53:6f:e1:
         aa:ab:2e:d7:c2:0b:93:05:9f:ce:14:f8:ca:27:b8:7c:e8:74:
         95:be:ac:db:12:00:43:ea:89:ac:09:8f:0a:de:4e:a9:bf:99:
         eb:cb:1a:af:87:e8:27:81:c7:c6:e2:4d:80:fc:fb:6d:0e:61:
         04:cf:b1:b2:52:5a:1a:77:94:8a:03:a3:3a:84:fe:a9:52:86:
         38:06:f0:28:37:aa:5e:44:ce:53:7a:c0:cb:70:0b:29:74:db:
         e7:96:c7:86:f8:eb:33:be:17:b4:0f:5d:a2:2b:2a:53:dd:65:
         06:ee:02:6c:d9:f0:3b:a1:f1:89:ad:05:34:cb:51:ef:4d:97:
         95:c4:e6:8c:03:1d:21:c8:09:dc:53:3c:9e:58:a2:ae:d4:a3:
         f6:cc:e4:8d:22:eb:4c:8d:69:50:56:3e:fe:f3:bb:0b:e4:0e:
         35:2a:c4:5d:dd:e0:c6:59:a4:f7:19:88:f8:f9:91:eb:5e:ad:
         6c:c0:79:35:3e:1d:02:3f:ab:70:85:4c:6b:a8:91:da:e5:8e:
         8b:81:68:c5:16:e3:e7:d7:ca:91:a2:fc:0f:93:1e:14:cd:ac:
         8b:68:ea:ad
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3MEMezE9pYsfVEBm3Tz9P9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMGI2ZDliZWQ3ZGE2ZDQyMjA3YjkwMDY0ZDNlMTNlZmQz
MjU0YWMwHhcNMjQwMjIxMTQyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzI5MDkxMjk4NGEwMmRiOGNmMjg1NDE4MmQ5MWZmNTFkMTc1NGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFuqMfoB2wAIkk0SmoJ/a2tN9eN4
Tg8CIw7IY/mAiSIY+/w4YnDGjc9PCaNT1PkvXPpR15tA+JQbaI+rAHJQm+QZKbJL
GyAwnGnLFuOybJ3wOd2cTtvIE0VmkUtnhsd5/NWlMw/NVhc/WiX5ICs9j5AsjMQm
0RUd3ZyqdvGpJR0UJBlVEAEWTR+sP6VcISTpOrfhLe4MWG/pvGWFEE0iAkwQSIW9
rlRo2uafMVeQL4S/cejBxbMQMHxnHgq69G0DYQ8iCSBM0QeAVsLHt1ktBFP3G49G
MTdEMlcGDvQjWVF9uO8LrTENCPEid0QDImgMOcZ9Hh4ohy7jUgNhoO1fvQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPcpCRKYSgLbjPKFQYLZH/UdF1SgMB8GA1UdIwQY
MBaAFNoLbZvtfabUIge5AGTT4T79MlSsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmd0dG0tMTlwdFFpQjdrQVpOUGhQdjB5Vkt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xM2Q0OWYtNWUwZi00MjJiLWJjZjEt
ZTE3MmQ2YTAxZTAzLzEvOXlrSkVwaEtBdHVNOG9WQmd0a2Y5UjBYVktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xM2Q0OWYtNWUwZi00MjJiLWJjZjEtZTE3MmQ2YTAxZTAz
LzEvMmd0dG0tMTlwdFFpQjdrQVpOUGhQdjB5Vkt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCAjtAMA0E
AgACMAcDBQAqCelAMA0GCSqGSIb3DQEBCwUAA4IBAQAOQLFFRp8aG5Zf02mxY9An
0f/VtTlFeeLmJmd/uUMCcA5Tb+Gqqy7XwguTBZ/OFPjKJ7h86HSVvqzbEgBD6oms
CY8K3k6pv5nryxqvh+gngcfG4k2A/PttDmEEz7GyUload5SKA6M6hP6pUoY4BvAo
N6peRM5TesDLcAspdNvnlseG+Oszvhe0D12iKypT3WUG7gJs2fA7ofGJrQU0y1Hv
TZeVxOaMAx0hyAncUzyeWKKu1KP2zOSNIutMjWlQVj7+87sL5A41KsRd3eDGWaT3
GYj4+ZHrXq1swHk1Ph0CP6twhUxrqJHa5Y6LgWjFFuPn18qRovwPkx4UzayLaOqt
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:22:38 2024 by rpki-client on console-fra.rpki-client.org