Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/0WZ9_a6vUr91kl3GevJ-4ENahak.roa
File:                     0WZ9_a6vUr91kl3GevJ-4ENahak.roa (raw, json)
Hash identifier:          3bX4GdW0zwO2dMFLNuDwzKWah2Ba/YetxHRH020nOlc=
Subject key identifier:   D1:66:7D:FD:AE:AF:52:BF:75:92:5D:C6:7A:F2:7E:E0:43:5A:85:A9
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F974A8D21EF875A10B369ADCFCF6CC9
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/0WZ9_a6vUr91kl3GevJ-4ENahak.roa
Signing time:             Wed 27 Mar 2024 11:06:45 +0000
ROA not before:           Wed 27 Mar 2024 11:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12874
IP address blocks:        2.16.17.0/24 maxlen: 24
                          2.19.179.0/24 maxlen: 24
                          80.67.66.0/24 maxlen: 24
                          84.53.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:97:4a:8d:21:ef:87:5a:10:b3:69:ad:cf:cf:6c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1667dfdaeaf52bf75925dc67af27ee0435a85a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:18:23:07:a0:de:bc:cd:bd:11:2d:cc:67:fb:
                    1b:89:c0:01:38:d1:72:54:d2:c2:6d:a5:72:94:4b:
                    b8:ea:5e:79:ec:51:f7:d8:b4:49:cc:48:19:49:70:
                    a0:b6:df:e4:3b:69:dd:f6:d0:37:48:65:87:25:5a:
                    a9:9e:48:63:d8:e3:e8:19:a1:69:6e:0b:c2:2c:80:
                    88:f9:08:88:14:28:09:17:db:e2:aa:a0:e6:85:d7:
                    9e:47:ae:5c:83:a1:a6:1b:0c:f5:fa:06:c6:97:ef:
                    6e:f4:a5:a9:4c:fe:5c:35:31:f7:96:be:73:15:3b:
                    ac:26:a7:9e:fe:a4:b7:25:4e:3b:22:fd:13:5d:b0:
                    b2:55:08:3c:50:2b:37:49:6e:ce:09:26:18:7c:13:
                    37:a0:73:26:64:dd:ba:5d:f1:49:12:c3:d6:0c:b2:
                    6c:3b:b9:d2:5c:a6:14:21:73:1b:83:7c:cf:86:53:
                    c0:0d:7c:ee:62:cd:7a:bc:ca:d2:31:f7:0c:35:e3:
                    f4:67:5b:e6:bc:75:79:51:79:60:dc:a9:d1:f4:ac:
                    15:78:3f:ed:68:73:9f:37:a6:fc:2c:ea:06:19:63:
                    bf:13:a9:5b:19:24:2a:73:84:9c:88:b7:fe:27:e5:
                    e1:2c:36:2f:13:4a:01:e9:c5:26:f0:07:b3:84:a2:
                    9a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:66:7D:FD:AE:AF:52:BF:75:92:5D:C6:7A:F2:7E:E0:43:5A:85:A9
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/0WZ9_a6vUr91kl3GevJ-4ENahak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.16.17.0/24
                  2.19.179.0/24
                  80.67.66.0/24
                  84.53.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:9e:bc:bd:89:74:b9:63:bb:36:17:da:0d:fe:9f:37:d7:a0:
         c7:72:0b:7d:7a:25:24:5f:57:cc:de:34:2a:6d:b9:3a:c8:dd:
         8f:3c:5b:e5:72:7b:6f:9c:6f:4f:ff:a5:06:f3:63:5c:5a:61:
         bd:7b:be:62:76:54:78:0f:66:73:24:8e:34:da:0d:10:40:3f:
         a4:24:95:5c:19:28:ae:03:85:4f:26:f2:54:87:21:e6:35:4b:
         b4:dc:38:53:89:f7:3d:07:1f:d6:60:40:28:fb:e8:96:4b:a1:
         86:61:62:a8:c5:90:48:94:64:5c:27:0b:ef:59:07:a3:ad:5f:
         54:81:80:4d:1e:6f:89:9f:83:ad:b8:db:f5:d9:b4:22:71:0a:
         fb:1a:6d:b5:aa:24:ea:33:15:a9:aa:7d:bd:ee:23:af:28:12:
         c0:96:4f:7d:88:7d:f5:58:fb:7b:47:c6:ec:d3:b6:1e:5a:53:
         b2:2f:ee:ce:38:ec:2a:ed:12:72:42:f5:93:81:6e:8a:40:b8:
         e4:b7:05:e7:a1:03:bf:23:40:2b:cb:d0:6d:2b:f8:ce:8b:38:
         a1:90:07:9f:61:22:49:89:4b:88:b8:a2:64:64:7e:c5:d0:54:
         c7:70:6f:94:8d:8a:f5:ec:b0:d8:ab:c0:da:54:61:9b:7f:d7:
         e9:45:de:07
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY5/l0qNIe+HWhCzaa3Pz2zJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTY2N2RmZGFlYWY1MmJmNzU5MjVkYzY3YWYyN2VlMDQzNWE4NWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxgjB6DevM29ES3MZ/sbicABONFy
VNLCbaVylEu46l557FH32LRJzEgZSXCgtt/kO2nd9tA3SGWHJVqpnkhj2OPoGaFp
bgvCLICI+QiIFCgJF9viqqDmhdeeR65cg6GmGwz1+gbGl+9u9KWpTP5cNTH3lr5z
FTusJqee/qS3JU47Iv0TXbCyVQg8UCs3SW7OCSYYfBM3oHMmZN26XfFJEsPWDLJs
O7nSXKYUIXMbg3zPhlPADXzuYs16vMrSMfcMNeP0Z1vmvHV5UXlg3KnR9KwVeD/t
aHOfN6b8LOoGGWO/E6lbGSQqc4SciLf+J+XhLDYvE0oB6cUm8AezhKKaRQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNFmff2ur1K/dZJdxnryfuBDWoWpMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvMFdaOV9hNnZVcjkxa2wzR2V2Si00RU5haGFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAAhARAwQA
AhOzAwQAUENCAwQAVDW4MA0GCSqGSIb3DQEBCwUAA4IBAQBynry9iXS5Y7s2F9oN
/p8316DHcgt9eiUkX1fM3jQqbbk6yN2PPFvlcntvnG9P/6UG82NcWmG9e75idlR4
D2ZzJI402g0QQD+kJJVcGSiuA4VPJvJUhyHmNUu03DhTifc9Bx/WYEAo++iWS6GG
YWKoxZBIlGRcJwvvWQejrV9UgYBNHm+Jn4OtuNv12bQicQr7Gm21qiTqMxWpqn29
7iOvKBLAlk99iH31WPt7R8bs07YeWlOyL+7OOOwq7RJyQvWTgW6KQLjktwXnoQO/
I0Ary9BtK/jOizihkAefYSJJiUuIuKJkZH7F0FTHcG+UjYr17LDYq8DaVGGbf9fp
Rd4H
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:51:56 2024 by rpki-client on console-ams.rpki-client.org