Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/OBJpLP3m08F2VhCyI32J0w-7rjw.roa
File:                     OBJpLP3m08F2VhCyI32J0w-7rjw.roa (raw, json)
Hash identifier:          2kZnutX2VI6Sn8rUsPez2MJLq5m9TSGE8rFjH31rXkM=
Subject key identifier:   38:12:69:2C:FD:E6:D3:C1:76:56:10:B2:23:7D:89:D3:0F:BB:AE:3C
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD6D04F1D7F4A8F5F3988A7A65041
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/OBJpLP3m08F2VhCyI32J0w-7rjw.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60468
IP address blocks:        81.15.206.0/23 maxlen: 23
                          88.220.144.0/22 maxlen: 22
                          81.15.248.0/22 maxlen: 22
                          194.183.44.0/22 maxlen: 22
                          88.220.86.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d6:d0:4f:1d:7f:4a:8f:5f:39:88:a7:a6:50:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3812692cfde6d3c1765610b2237d89d30fbbae3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c4:70:ad:aa:aa:da:17:45:8c:b7:ba:4e:4a:
                    f6:92:ee:7c:c1:e2:d8:4c:64:c2:50:f9:87:83:68:
                    00:e0:98:ac:67:24:77:0c:12:b8:67:bf:04:3f:7e:
                    8e:d2:c7:e0:e3:a7:8e:a8:7d:ca:18:39:71:15:b1:
                    00:4a:37:02:57:e1:f2:d5:50:c0:c1:12:cf:9f:48:
                    10:27:b4:b0:c2:2a:9a:2a:d6:29:c9:b7:65:af:c1:
                    1d:fc:db:cc:2e:93:96:4e:ef:21:b4:62:b4:b4:17:
                    ba:7c:91:80:5b:78:bd:26:63:71:af:c1:ab:6e:d7:
                    4a:08:4b:2b:59:b9:81:68:02:89:e1:d5:80:09:1f:
                    5a:ab:65:7a:55:25:9a:b6:41:53:2b:98:e1:dd:cb:
                    67:57:6b:27:e1:63:8d:68:f3:fc:24:9d:79:d8:82:
                    1b:c5:c2:08:2a:cd:6d:47:5d:b9:15:00:f9:8d:9a:
                    9d:10:19:34:fb:28:98:5e:5c:c5:ac:e7:26:83:76:
                    18:14:16:82:be:6a:f0:54:35:71:3e:c8:78:da:56:
                    ed:95:d3:ef:8e:5e:0f:15:b6:af:29:99:35:88:8f:
                    14:e8:c3:ff:cf:84:9e:3c:ab:bd:5d:15:0c:43:a2:
                    ea:84:da:e4:cc:74:3c:b8:ae:fd:a5:30:db:19:5e:
                    b8:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:12:69:2C:FD:E6:D3:C1:76:56:10:B2:23:7D:89:D3:0F:BB:AE:3C
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/OBJpLP3m08F2VhCyI32J0w-7rjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.206.0/23
                  81.15.248.0/22
                  88.220.86.0/23
                  88.220.144.0/22
                  194.183.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:07:49:a7:ea:5a:01:45:9e:c3:f1:79:8a:64:78:3c:6f:72:
         f8:ba:0f:6f:07:d4:64:be:a9:40:f4:28:45:83:72:a3:56:ab:
         8c:c6:90:e1:72:b7:69:ca:84:9c:65:4c:b0:8e:65:06:9c:97:
         1d:b8:d6:78:16:66:70:8e:ba:52:33:40:65:b8:ad:2c:12:08:
         b6:a3:da:08:91:4f:af:6d:70:14:75:0b:ea:20:ed:ee:61:c2:
         30:42:46:30:9d:a1:23:b2:52:ef:50:2e:9d:2f:93:9a:4b:8c:
         a9:2c:85:d1:65:6e:83:aa:e9:4a:78:bc:9d:ac:b2:c9:6d:c4:
         44:db:3e:ae:ef:1a:8f:22:20:fa:c5:bb:39:2d:eb:ab:27:80:
         38:46:c3:00:28:c7:37:b6:b6:a0:67:57:dc:d5:7f:17:de:3e:
         34:04:63:bb:1e:d9:e0:3b:2f:4c:c5:8d:81:a1:77:79:c0:b8:
         30:c6:05:64:08:c6:42:16:9e:e8:1b:d0:5a:e8:59:b3:da:8d:
         fa:c1:04:f4:84:7b:0a:40:b6:7f:37:3b:10:20:4c:2a:ee:7e:
         5a:bc:11:90:3b:79:9b:75:bc:7f:9f:e9:e5:ec:2b:4a:f7:65:
         f5:0d:58:27:33:b4:7a:6f:0a:42:b8:b9:24:1b:3a:d4:6c:4b:
         f0:5a:ba:69
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzC2tbQTx1/So9fOYinplBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODEyNjkyY2ZkZTZkM2MxNzY1NjEwYjIyMzdkODlkMzBmYmJhZTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncRwraqq2hdFjLe6Tkr2ku58weLY
TGTCUPmHg2gA4JisZyR3DBK4Z78EP36O0sfg46eOqH3KGDlxFbEASjcCV+Hy1VDA
wRLPn0gQJ7SwwiqaKtYpybdlr8Ed/NvMLpOWTu8htGK0tBe6fJGAW3i9JmNxr8Gr
btdKCEsrWbmBaAKJ4dWACR9aq2V6VSWatkFTK5jh3ctnV2sn4WONaPP8JJ152IIb
xcIIKs1tR125FQD5jZqdEBk0+yiYXlzFrOcmg3YYFBaCvmrwVDVxPsh42lbtldPv
jl4PFbavKZk1iI8U6MP/z4SePKu9XRUMQ6LqhNrkzHQ8uK79pTDbGV64rQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDgSaSz95tPBdlYQsiN9idMPu648MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvT0JKcExQM20wOEYyVmhDeUkzMkowdy03cmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBUQ/OAwQC
UQ/4AwQBWNxWAwQCWNyQAwQCwrcsMA0GCSqGSIb3DQEBCwUAA4IBAQCOB0mn6loB
RZ7D8XmKZHg8b3L4ug9vB9RkvqlA9ChFg3KjVquMxpDhcrdpyoScZUywjmUGnJcd
uNZ4FmZwjrpSM0BluK0sEgi2o9oIkU+vbXAUdQvqIO3uYcIwQkYwnaEjslLvUC6d
L5OaS4ypLIXRZW6DqulKeLydrLLJbcRE2z6u7xqPIiD6xbs5LeurJ4A4RsMAKMc3
tragZ1fc1X8X3j40BGO7HtngOy9MxY2BoXd5wLgwxgVkCMZCFp7oG9Ba6Fmz2o36
wQT0hHsKQLZ/NzsQIEwq7n5avBGQO3mbdbx/n+nl7CtK92X1DVgnM7R6bwpCuLkk
GzrUbEvwWrpp
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:14:50 2024 by rpki-client on console-fra.rpki-client.org