Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/Zn9ZH3VhlpDzwehpVSjoKX12jqs.roa
File:                     Zn9ZH3VhlpDzwehpVSjoKX12jqs.roa (raw, json)
Hash identifier:          qQZrbFJ2GH/O4uTXOU3tNNpdJ2brKmI6Aj36wzUGVrU=
Subject key identifier:   66:7F:59:1F:75:61:96:90:F3:C1:E8:69:55:28:E8:29:7D:76:8E:AB
Certificate issuer:       /CN=5ac466cc89f9db4e31c5400d2ae7a2bffdb22547
Certificate serial:       018CC3490CAA01424C1B9F892354CB26F277
Authority key identifier: 5A:C4:66:CC:89:F9:DB:4E:31:C5:40:0D:2A:E7:A2:BF:FD:B2:25:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/Zn9ZH3VhlpDzwehpVSjoKX12jqs.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        2a06:6541:1000::/36 maxlen: 36
                          2a06:6541:1440::/48 maxlen: 48
                          2a06:6541:1382::/48 maxlen: 48
                          2a06:6540:1000::/36 maxlen: 36
                          2a06:6540:1440::/48 maxlen: 48
                          2a06:6541:104b::/48 maxlen: 48
                          2a06:6540:1382::/48 maxlen: 48
                          2a06:6541:12c1::/48 maxlen: 48
                          2a06:6541:1241::/48 maxlen: 48
                          2a06:6541:1341::/48 maxlen: 48
                          2a06:6541:13c1::/48 maxlen: 48
                          2a06:6541:1301::/48 maxlen: 48
                          2a06:6541:1281::/48 maxlen: 48
                          2a06:6541:1201::/48 maxlen: 48
                          2a06:6541:11c1::/48 maxlen: 48
                          2a06:6541:4101::/48 maxlen: 48
                          2a06:6541:4181::/48 maxlen: 48
                          2a06:6541:1381::/48 maxlen: 48
                          2a06:6541:1001::/48 maxlen: 48
                          2a06:6540:104b::/48 maxlen: 48
                          2a06:6540:1381::/48 maxlen: 48
                          2a06:6540:1241::/48 maxlen: 48
                          2a06:6540:4101::/48 maxlen: 48
                          2a06:6540:1001::/48 maxlen: 48
                          2a06:6540:4181::/48 maxlen: 48
                          2a06:6540:1281::/48 maxlen: 48
                          2a06:6540:11c1::/48 maxlen: 48
                          2a06:6540:13c1::/48 maxlen: 48
                          2a06:6540:1301::/48 maxlen: 48
                          2a06:6540:1341::/48 maxlen: 48
                          2a06:6540:12c1::/48 maxlen: 48
                          2a06:6540:1201::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0c:aa:01:42:4c:1b:9f:89:23:54:cb:26:f2:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ac466cc89f9db4e31c5400d2ae7a2bffdb22547
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=667f591f75619690f3c1e8695528e8297d768eab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4b:6f:eb:6c:f2:03:cc:ad:78:42:6b:c2:c9:
                    d3:58:01:6c:6b:f3:52:bf:76:df:fc:2c:e3:d8:78:
                    4f:66:8b:29:29:d4:82:b6:66:19:8e:01:f9:aa:d4:
                    c5:a8:a1:47:ec:c1:4c:8c:32:23:19:8e:48:03:13:
                    f6:bf:4b:19:e0:55:1c:72:62:11:61:fc:ae:a3:c0:
                    5c:85:5b:97:8d:f6:3a:df:76:82:36:04:fd:79:97:
                    56:5f:d0:8f:8f:ec:af:2f:48:9e:5f:0f:ac:cb:2b:
                    4a:a6:d9:a0:49:57:ce:f8:e1:03:81:50:b6:49:ec:
                    58:b6:23:3e:2f:04:09:70:81:0a:0d:cb:f2:a7:d6:
                    22:cf:b2:5e:89:28:62:97:f6:e7:55:4b:e5:f8:9c:
                    d7:d5:94:f7:1e:3e:a2:5f:44:88:76:3a:4f:ee:5d:
                    2a:af:e8:b4:b8:35:f3:7a:7b:fa:5a:ed:25:70:34:
                    63:03:f0:cd:03:e7:ac:94:47:86:76:e7:9f:6b:40:
                    6d:da:f0:5b:2f:69:3c:26:53:fd:a9:70:8e:39:9c:
                    3f:5a:e8:75:c1:62:48:29:d6:48:76:2b:9e:d2:02:
                    db:ab:49:d9:20:90:f3:da:2e:80:88:bc:90:7e:c5:
                    bf:e9:81:54:29:ee:a5:03:2b:6f:ff:4f:8f:3b:aa:
                    fb:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:7F:59:1F:75:61:96:90:F3:C1:E8:69:55:28:E8:29:7D:76:8E:AB
            X509v3 Authority Key Identifier:
                keyid:5A:C4:66:CC:89:F9:DB:4E:31:C5:40:0D:2A:E7:A2:BF:FD:B2:25:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/Zn9ZH3VhlpDzwehpVSjoKX12jqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:6540:1000::/36
                  2a06:6540:4101::/48
                  2a06:6540:4181::/48
                  2a06:6541:1000::/36
                  2a06:6541:4101::/48
                  2a06:6541:4181::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:55:26:43:91:6e:6a:3d:81:b0:d6:12:79:08:cf:6f:69:ac:
         80:c1:a1:a3:c7:f0:c0:e6:7f:34:3f:e6:c5:ab:41:b5:7a:3c:
         bc:2e:64:e0:29:f5:32:fe:3f:54:06:46:91:73:84:9f:ea:90:
         1c:c1:55:a0:e8:16:b0:53:6f:8b:20:c7:f2:21:c1:cc:31:fc:
         56:bf:dc:b0:36:9d:ab:ab:40:05:12:1a:75:cf:b5:5f:a5:03:
         3d:f6:61:d2:e1:87:74:04:e2:27:ef:dc:fa:21:28:8d:96:42:
         ba:50:73:0b:27:4a:aa:b6:0b:f9:a7:97:e7:12:fc:9f:73:41:
         04:de:aa:2e:5e:13:79:77:cd:4c:9c:97:76:84:80:fc:b9:e8:
         af:67:72:4c:50:61:0d:f1:73:88:01:1e:3c:e7:2d:f4:1e:fa:
         9d:dd:9b:9b:3c:ca:4e:7a:4b:23:24:10:75:ec:6f:05:1f:c9:
         a4:c1:95:21:64:7d:c9:20:2e:db:9c:95:b3:50:68:3c:5f:b1:
         45:f9:dc:35:55:48:1b:03:b6:c7:73:ac:3d:c8:e1:d1:6d:de:
         28:b6:5b:df:c3:c9:73:82:21:48:0c:14:e7:0d:f5:58:3e:94:
         82:c2:f9:c1:d8:b0:2b:1c:92:09:09:cf:e9:e4:92:27:ec:af:
         13:10:be:5f
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzDSQyqAUJMG5+JI1TLJvJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYzQ2NmNjODlmOWRiNGUzMWM1NDAwZDJhZTdhMmJmZmRi
MjI1NDcwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjdmNTkxZjc1NjE5NjkwZjNjMWU4Njk1NTI4ZTgyOTdkNzY4ZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0tv62zyA8yteEJrwsnTWAFsa/NS
v3bf/Czj2HhPZospKdSCtmYZjgH5qtTFqKFH7MFMjDIjGY5IAxP2v0sZ4FUccmIR
Yfyuo8BchVuXjfY633aCNgT9eZdWX9CPj+yvL0ieXw+syytKptmgSVfO+OEDgVC2
SexYtiM+LwQJcIEKDcvyp9Yiz7JeiShil/bnVUvl+JzX1ZT3Hj6iX0SIdjpP7l0q
r+i0uDXzenv6Wu0lcDRjA/DNA+eslEeGduefa0Bt2vBbL2k8JlP9qXCOOZw/Wuh1
wWJIKdZIdiue0gLbq0nZIJDz2i6AiLyQfsW/6YFUKe6lAytv/0+PO6r7WwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFGZ/WR91YZaQ88HoaVUo6Cl9do6rMB8GA1UdIwQY
MBaAFFrEZsyJ+dtOMcVADSrnor/9siVHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3NSbXpJbjUyMDR4eFVBTkt1ZWl2XzJ5SlVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lMjljODctNDY4My00NDNlLTg4M2Yt
OWFiZDFhYTY0YmUxLzEvWm45WkgzVmhscER6d2VocFZTam9LWDEyanFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lMjljODctNDY4My00NDNlLTg4M2YtOWFiZDFhYTY0YmUx
LzEvV3NSbXpJbjUyMDR4eFVBTkt1ZWl2XzJ5SlVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAAjA0AwYEKgZlQBAD
BwAqBmVAQQEDBwAqBmVAQYEDBgQqBmVBEAMHACoGZUFBAQMHACoGZUFBgTANBgkq
hkiG9w0BAQsFAAOCAQEAgFUmQ5Fuaj2BsNYSeQjPb2msgMGho8fwwOZ/ND/mxatB
tXo8vC5k4Cn1Mv4/VAZGkXOEn+qQHMFVoOgWsFNviyDH8iHBzDH8Vr/csDadq6tA
BRIadc+1X6UDPfZh0uGHdATiJ+/c+iEojZZCulBzCydKqrYL+aeX5xL8n3NBBN6q
Ll4TeXfNTJyXdoSA/Lnor2dyTFBhDfFziAEePOct9B76nd2bmzzKTnpLIyQQdexv
BR/JpMGVIWR9ySAu25yVs1BoPF+xRfncNVVIGwO2x3OsPcjh0W3eKLZb38PJc4Ih
SAwU5w31WD6UgsL5wdiwKxySCQnP6eSSJ+yvExC+Xw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:48:10 2024 by rpki-client on console-fra.rpki-client.org