Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/b1e6b0-f3a0-4f5f-bf25-812d45265186/1/gtDuQXDRKcb5Kll3ddNpMfojGc8.roa
File:                     gtDuQXDRKcb5Kll3ddNpMfojGc8.roa (raw, json)
Hash identifier:          6oYV5PFgXG9WY2bNkapEWoiMZ1pHhB7pOINQg3asBqs=
Subject key identifier:   82:D0:EE:41:70:D1:29:C6:F9:2A:59:77:75:D3:69:31:FA:23:19:CF
Certificate issuer:       /CN=7b221dacc6c3e371f5f0bb276c9fe588c5ee5fdc
Certificate serial:       018CC8014C7A4E0412133D29CBB7EE4C3633
Authority key identifier: 7B:22:1D:AC:C6:C3:E3:71:F5:F0:BB:27:6C:9F:E5:88:C5:EE:5F:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eyIdrMbD43H18LsnbJ_liMXuX9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/b1e6b0-f3a0-4f5f-bf25-812d45265186/1/gtDuQXDRKcb5Kll3ddNpMfojGc8.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207146
IP address blocks:        81.161.232.0/22 maxlen: 24
                          162.33.208.0/21 maxlen: 21
                          2a0d:2c40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/b1e6b0-f3a0-4f5f-bf25-812d45265186/1/eyIdrMbD43H18LsnbJ_liMXuX9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/b1e6b0-f3a0-4f5f-bf25-812d45265186/1/eyIdrMbD43H18LsnbJ_liMXuX9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eyIdrMbD43H18LsnbJ_liMXuX9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:03:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4c:7a:4e:04:12:13:3d:29:cb:b7:ee:4c:36:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b221dacc6c3e371f5f0bb276c9fe588c5ee5fdc
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82d0ee4170d129c6f92a597775d36931fa2319cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:5a:ec:79:13:2b:e7:dc:5c:ef:61:d7:f1:ba:
                    60:30:4c:72:32:a5:1f:b0:78:77:23:7c:9e:2e:a1:
                    57:c8:00:9b:3d:b9:86:5f:f5:60:b7:bc:e1:64:e3:
                    fa:94:2e:d9:03:94:1a:34:1e:83:89:6d:52:6c:fe:
                    3c:65:40:10:26:21:2d:ad:c4:10:fc:60:3c:b6:8a:
                    05:57:d4:4c:b3:1c:d8:19:f2:51:90:72:9c:3b:b3:
                    52:94:6c:a2:c6:eb:7b:90:cc:1c:27:07:29:13:62:
                    f0:1c:07:e1:fb:7b:ff:52:45:dd:bf:8d:84:af:ca:
                    f4:ed:6a:75:2f:6d:45:c3:27:22:8e:4d:f6:d4:f1:
                    f5:c2:8c:49:aa:c0:77:f9:ab:8a:36:32:bd:db:5b:
                    6f:fb:44:e2:9d:99:60:6d:d7:4d:5f:ee:91:a1:f6:
                    4c:02:7b:b2:b2:bf:d1:4f:aa:0e:2e:32:a0:62:66:
                    07:84:ba:ea:24:69:ff:ac:3b:4e:bf:97:ea:ec:e7:
                    6e:da:53:33:65:aa:f6:f0:37:c7:19:11:34:5a:62:
                    54:b2:91:39:9f:4d:7d:a5:30:aa:26:00:86:ed:f4:
                    22:d4:2f:ab:bd:2d:0a:d1:31:36:c0:76:37:37:81:
                    99:6c:40:0b:24:d6:61:53:8d:bd:18:07:48:67:a1:
                    2c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:D0:EE:41:70:D1:29:C6:F9:2A:59:77:75:D3:69:31:FA:23:19:CF
            X509v3 Authority Key Identifier:
                keyid:7B:22:1D:AC:C6:C3:E3:71:F5:F0:BB:27:6C:9F:E5:88:C5:EE:5F:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eyIdrMbD43H18LsnbJ_liMXuX9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/b1e6b0-f3a0-4f5f-bf25-812d45265186/1/gtDuQXDRKcb5Kll3ddNpMfojGc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/b1e6b0-f3a0-4f5f-bf25-812d45265186/1/eyIdrMbD43H18LsnbJ_liMXuX9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.232.0/22
                  162.33.208.0/21
                IPv6:
                  2a0d:2c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:34:c4:5b:1a:5a:4c:03:66:d1:88:51:b0:72:10:5e:5b:c2:
         cd:b6:6b:f3:8f:95:9b:c2:8a:ff:6e:f2:99:a1:43:df:32:ab:
         f7:66:69:42:44:c6:1e:0f:31:83:d1:d3:15:5d:e4:d4:7e:a9:
         ef:5c:a2:b5:1a:9e:f9:f8:5c:81:f5:49:3d:49:d2:e4:02:bf:
         0a:fc:a4:1d:bf:78:62:10:f9:36:c1:b3:c1:80:90:cc:c1:17:
         a5:d9:30:68:c8:00:2d:bd:1a:17:e8:db:55:8d:0f:d1:ce:51:
         84:b9:46:e9:c1:c1:8b:6d:23:ef:a4:61:f9:c4:cd:e9:13:61:
         63:9e:f5:59:a4:b4:22:a2:50:8d:ab:bb:5b:40:95:aa:8c:15:
         30:e7:a3:d0:94:d5:90:3f:ac:f1:aa:20:50:6f:b5:e5:e8:93:
         c1:e2:3d:01:01:a3:e7:a6:52:f6:16:29:3f:0e:5a:c1:26:fc:
         89:06:61:93:da:81:97:7a:95:d0:13:17:23:bd:5a:93:17:b7:
         a0:1d:01:0f:de:7d:c9:3f:70:59:4e:da:e3:5e:0d:59:c9:34:
         f1:7f:33:81:8f:47:e3:5b:df:93:c9:89:eb:76:1f:42:46:97:
         ba:65:cf:53:10:60:0e:a1:1d:0d:de:af:f2:97:6e:75:51:bd:
         c2:6f:09:d4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAUx6TgQSEz0py7fuTDYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMjIxZGFjYzZjM2UzNzFmNWYwYmIyNzZjOWZlNTg4YzVl
ZTVmZGMwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmQwZWU0MTcwZDEyOWM2ZjkyYTU5Nzc3NWQzNjkzMWZhMjMxOWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lrseRMr59xc72HX8bpgMExyMqUf
sHh3I3yeLqFXyACbPbmGX/Vgt7zhZOP6lC7ZA5QaNB6DiW1SbP48ZUAQJiEtrcQQ
/GA8tooFV9RMsxzYGfJRkHKcO7NSlGyixut7kMwcJwcpE2LwHAfh+3v/UkXdv42E
r8r07Wp1L21Fwycijk321PH1woxJqsB3+auKNjK921tv+0TinZlgbddNX+6RofZM
Anuysr/RT6oOLjKgYmYHhLrqJGn/rDtOv5fq7Odu2lMzZar28DfHGRE0WmJUspE5
n019pTCqJgCG7fQi1C+rvS0K0TE2wHY3N4GZbEALJNZhU429GAdIZ6EsHwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFILQ7kFw0SnG+SpZd3XTaTH6IxnPMB8GA1UdIwQY
MBaAFHsiHazGw+Nx9fC7J2yf5YjF7l/cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXlJZHJNYkQ0M0gxOExzbmJKX2xpTVh1WDl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iMWU2YjAtZjNhMC00ZjVmLWJmMjUt
ODEyZDQ1MjY1MTg2LzEvZ3REdVFYRFJLY2I1S2xsM2RkTnBNZm9qR2M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iMWU2YjAtZjNhMC00ZjVmLWJmMjUtODEyZDQ1MjY1MTg2
LzEvZXlJZHJNYkQ0M0gxOExzbmJKX2xpTVh1WDl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCUaHoAwQD
oiHQMA0EAgACMAcDBQMqDSxAMA0GCSqGSIb3DQEBCwUAA4IBAQBvNMRbGlpMA2bR
iFGwchBeW8LNtmvzj5Wbwor/bvKZoUPfMqv3ZmlCRMYeDzGD0dMVXeTUfqnvXKK1
Gp75+FyB9Uk9SdLkAr8K/KQdv3hiEPk2wbPBgJDMwRel2TBoyAAtvRoX6NtVjQ/R
zlGEuUbpwcGLbSPvpGH5xM3pE2FjnvVZpLQiolCNq7tbQJWqjBUw56PQlNWQP6zx
qiBQb7Xl6JPB4j0BAaPnplL2Fik/DlrBJvyJBmGT2oGXepXQExcjvVqTF7egHQEP
3n3JP3BZTtrjXg1ZyTTxfzOBj0fjW9+TyYnrdh9CRpe6Zc9TEGAOoR0N3q/yl251
Ub3CbwnU
-----END CERTIFICATE-----
Generated at Sun Jun 16 11:22:59 2024 by rpki-client on console-fra.rpki-client.org