Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/K9UsIDdEVAoBOMM-6-I5AP9pfWU.roa
File:                     K9UsIDdEVAoBOMM-6-I5AP9pfWU.roa (raw, json)
Hash identifier:          YO6IWzN3V/aA+z+sPgnlXm//PFSSrT4jTeLUOC5r0Ds=
Subject key identifier:   2B:D5:2C:20:37:44:54:0A:01:38:C3:3E:EB:E2:39:00:FF:69:7D:65
Certificate issuer:       /CN=380099a81b346f9abcaf26056f5b77094d1cf113
Certificate serial:       018CCA96E916C677388A4EF0C660DB5B270A
Authority key identifier: 38:00:99:A8:1B:34:6F:9A:BC:AF:26:05:6F:5B:77:09:4D:1C:F1:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/K9UsIDdEVAoBOMM-6-I5AP9pfWU.roa
Signing time:             Tue 02 Jan 2024 14:32:16 +0000
ROA not before:           Tue 02 Jan 2024 14:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43966
IP address blocks:        79.173.66.0/23 maxlen: 24
                          79.173.77.0/24 maxlen: 24
                          79.173.80.0/20 maxlen: 24
                          94.243.192.0/20 maxlen: 24
                          94.243.232.0/21 maxlen: 24
                          79.173.64.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:e9:16:c6:77:38:8a:4e:f0:c6:60:db:5b:27:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380099a81b346f9abcaf26056f5b77094d1cf113
        Validity
            Not Before: Jan  2 14:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bd52c203744540a0138c33eebe23900ff697d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:61:29:a8:7a:dd:f3:de:29:02:a5:2d:8f:56:
                    70:d1:19:a5:fe:fd:65:3d:5d:0c:24:8e:c2:15:f4:
                    1b:e6:b2:7d:62:07:85:cd:09:88:7c:c7:0e:a3:80:
                    10:f6:6d:81:4d:29:37:45:58:9b:8f:08:d5:8b:47:
                    ab:8d:d4:16:89:d7:64:c3:53:66:4c:06:34:d9:7f:
                    de:06:bb:a9:22:13:e1:10:fb:f8:87:2d:b8:ee:d0:
                    d9:ca:c4:6e:4e:38:af:20:cd:e9:c8:2b:1e:a7:65:
                    38:4d:2c:0d:c5:1c:9d:ac:18:be:75:f1:1e:04:80:
                    92:28:14:74:e4:c4:fe:5f:07:17:a9:6c:0c:9f:3d:
                    61:c8:d4:5f:db:4f:e7:68:a9:2f:49:4b:e0:0a:75:
                    c5:e0:51:14:94:68:3b:6c:b9:e6:da:2c:dd:7b:3d:
                    de:f7:53:6e:41:ed:7d:ce:77:32:17:9f:4f:26:0b:
                    ce:7a:09:c8:8b:dc:e1:d5:b2:47:b9:36:b8:69:1c:
                    68:1a:40:00:1e:06:67:e9:b3:c8:57:28:b5:0c:e1:
                    36:87:24:9b:47:5c:d5:33:8a:72:0f:94:47:b7:40:
                    00:d8:66:ba:fb:79:63:81:9a:86:60:13:d8:2a:9f:
                    e9:98:76:f3:78:08:44:ef:21:04:e1:5b:7e:66:8e:
                    3a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D5:2C:20:37:44:54:0A:01:38:C3:3E:EB:E2:39:00:FF:69:7D:65
            X509v3 Authority Key Identifier:
                keyid:38:00:99:A8:1B:34:6F:9A:BC:AF:26:05:6F:5B:77:09:4D:1C:F1:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/K9UsIDdEVAoBOMM-6-I5AP9pfWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.173.64.0/22
                  79.173.77.0/24
                  79.173.80.0/20
                  94.243.192.0/20
                  94.243.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         55:0d:6c:e5:7b:6c:15:c3:0b:d5:e0:2b:f2:43:53:2b:4d:88:
         c6:23:2e:42:bd:27:13:a0:13:a9:e4:ad:bd:79:fe:49:44:5a:
         c9:a0:3c:58:c6:ff:ce:44:d4:59:3a:23:77:65:25:d3:f8:9c:
         69:c7:db:3e:ea:ee:7f:75:23:a2:f6:2a:42:dc:78:6c:b6:94:
         bc:14:ef:ba:d0:be:66:56:be:0e:d2:77:41:3c:7f:65:a8:19:
         af:b5:29:a4:30:bc:d5:76:61:69:ed:28:86:69:bf:e6:4f:92:
         97:f2:6e:12:9b:bf:96:ca:f9:ca:ed:c4:1e:1b:c2:37:f3:00:
         ee:ca:b4:55:79:e6:84:52:96:1e:a4:71:fc:e8:d9:59:76:c9:
         dc:92:74:ad:1f:f9:8c:17:c6:4f:8c:a3:13:d3:ed:a2:16:df:
         fd:f2:44:16:15:8c:85:b8:c9:72:0b:e2:6b:8c:c0:b9:d6:b1:
         48:ac:16:8e:88:96:c3:25:72:81:a1:5c:b7:87:48:7b:e9:f9:
         b7:28:02:fa:fc:d7:41:17:d1:70:94:3b:44:1d:48:39:3c:7a:
         04:75:da:31:be:fa:ce:53:9a:ac:12:21:5e:c2:25:f8:dc:03:
         87:c8:70:b7:70:12:a0:83:b6:a8:6f:45:98:30:4b:9d:44:76:
         57:78:55:48
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzKlukWxnc4ik7wxmDbWycKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MDA5OWE4MWIzNDZmOWFiY2FmMjYwNTZmNWI3NzA5NGQx
Y2YxMTMwHhcNMjQwMTAyMTQzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmQ1MmMyMDM3NDQ1NDBhMDEzOGMzM2VlYmUyMzkwMGZmNjk3ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGEpqHrd894pAqUtj1Zw0Rml/v1l
PV0MJI7CFfQb5rJ9YgeFzQmIfMcOo4AQ9m2BTSk3RVibjwjVi0erjdQWiddkw1Nm
TAY02X/eBrupIhPhEPv4hy247tDZysRuTjivIM3pyCsep2U4TSwNxRydrBi+dfEe
BICSKBR05MT+XwcXqWwMnz1hyNRf20/naKkvSUvgCnXF4FEUlGg7bLnm2izdez3e
91NuQe19zncyF59PJgvOegnIi9zh1bJHuTa4aRxoGkAAHgZn6bPIVyi1DOE2hySb
R1zVM4pyD5RHt0AA2Ga6+3ljgZqGYBPYKp/pmHbzeAhE7yEE4Vt+Zo46KwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCvVLCA3RFQKATjDPuviOQD/aX1lMB8GA1UdIwQY
MBaAFDgAmagbNG+avK8mBW9bdwlNHPETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0FDWnFCczBiNXE4cnlZRmIxdDNDVTBjOFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84ZTUwMWQtYzA4OC00ODk1LWFlZTMt
NDUwZmUzMzU5NWQxLzEvSzlVc0lEZEVWQW9CT01NLTYtSTVBUDlwZldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84ZTUwMWQtYzA4OC00ODk1LWFlZTMtNDUwZmUzMzU5NWQx
LzEvT0FDWnFCczBiNXE4cnlZRmIxdDNDVTBjOFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCT61AAwQA
T61NAwQET61QAwQEXvPAAwQDXvPoMA0GCSqGSIb3DQEBCwUAA4IBAQBVDWzle2wV
wwvV4CvyQ1MrTYjGIy5CvScToBOp5K29ef5JRFrJoDxYxv/ORNRZOiN3ZSXT+Jxp
x9s+6u5/dSOi9ipC3HhstpS8FO+60L5mVr4O0ndBPH9lqBmvtSmkMLzVdmFp7SiG
ab/mT5KX8m4Sm7+WyvnK7cQeG8I38wDuyrRVeeaEUpYepHH86NlZdsncknStH/mM
F8ZPjKMT0+2iFt/98kQWFYyFuMlyC+JrjMC51rFIrBaOiJbDJXKBoVy3h0h76fm3
KAL6/NdBF9FwlDtEHUg5PHoEddoxvvrOU5qsEiFewiX43AOHyHC3cBKgg7aob0WY
MEudRHZXeFVI
-----END CERTIFICATE-----
Generated at Tue Jun 18 06:30:17 2024 by rpki-client on console-fra.rpki-client.org