Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/75b43d-e742-48ea-945a-aa832db7b50a/1/6MGpGNmAc2eKZx3rQxF5WtKufAI.roa
File:                     6MGpGNmAc2eKZx3rQxF5WtKufAI.roa (raw, json)
Hash identifier:          BkrWWXNy+7GTvAguv1jvpPZOTKucu81jxgJRWQ8cbOg=
Subject key identifier:   E8:C1:A9:18:D9:80:73:67:8A:67:1D:EB:43:11:79:5A:D2:AE:7C:02
Certificate issuer:       /CN=9efb56415f35e63fa7403a501fdeddaeecea475a
Certificate serial:       018CC26D4CF55C54541FDDAE8063FEED48EB
Authority key identifier: 9E:FB:56:41:5F:35:E6:3F:A7:40:3A:50:1F:DE:DD:AE:EC:EA:47:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nvtWQV815j-nQDpQH97druzqR1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/75b43d-e742-48ea-945a-aa832db7b50a/1/6MGpGNmAc2eKZx3rQxF5WtKufAI.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9086
IP address blocks:        81.24.192.0/24 maxlen: 24
                          81.24.192.0/20 maxlen: 20
                          81.24.194.0/24 maxlen: 24
                          81.24.198.0/24 maxlen: 24
                          81.24.193.0/24 maxlen: 24
                          81.24.197.0/24 maxlen: 24
                          81.24.199.0/24 maxlen: 24
                          81.24.196.0/24 maxlen: 24
                          81.24.195.0/24 maxlen: 24
                          81.24.201.0/24 maxlen: 24
                          81.24.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/75b43d-e742-48ea-945a-aa832db7b50a/1/nvtWQV815j-nQDpQH97druzqR1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/75b43d-e742-48ea-945a-aa832db7b50a/1/nvtWQV815j-nQDpQH97druzqR1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nvtWQV815j-nQDpQH97druzqR1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4c:f5:5c:54:54:1f:dd:ae:80:63:fe:ed:48:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9efb56415f35e63fa7403a501fdeddaeecea475a
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8c1a918d98073678a671deb4311795ad2ae7c02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:05:d3:c6:af:46:12:45:c3:4c:bc:ce:6d:a7:
                    63:73:33:82:90:37:06:0b:bb:b5:eb:7b:8a:a5:b8:
                    44:be:67:eb:61:4c:b8:3c:94:25:66:3a:1e:73:e0:
                    5b:0f:8f:f9:41:1c:41:84:a0:a8:2b:07:bd:1d:38:
                    bd:31:90:ba:08:db:c6:48:35:61:4c:45:2d:32:5c:
                    07:ac:3a:4b:70:4d:98:8b:b3:56:97:02:2b:3f:e9:
                    5c:c1:d3:6f:86:ed:40:20:c1:5f:66:9c:0d:84:4c:
                    8f:97:ff:88:e3:01:88:5c:7d:25:7d:67:ad:de:aa:
                    c1:66:e3:c5:78:88:30:ac:c3:08:ff:7d:46:e5:cf:
                    48:ee:49:be:16:98:3f:d9:c4:f4:a0:1f:ea:5d:47:
                    53:d0:44:40:d7:7a:80:3d:57:d1:d2:cc:e2:84:58:
                    cc:5e:31:f3:2d:60:24:b1:7e:87:e1:87:f4:6b:7d:
                    d9:75:ea:15:8b:58:4c:52:2d:aa:a8:5f:3a:fa:5c:
                    61:10:98:03:ed:cf:ed:a6:5f:b5:4a:b7:05:e8:b5:
                    4c:03:0d:bf:59:e3:24:5f:6b:f2:90:e7:3f:a4:f7:
                    37:15:ff:08:ab:5c:d6:d0:69:0b:83:f3:bc:59:e5:
                    6e:7d:ef:09:e2:6a:77:e1:48:65:3c:44:b9:82:91:
                    72:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:C1:A9:18:D9:80:73:67:8A:67:1D:EB:43:11:79:5A:D2:AE:7C:02
            X509v3 Authority Key Identifier:
                keyid:9E:FB:56:41:5F:35:E6:3F:A7:40:3A:50:1F:DE:DD:AE:EC:EA:47:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nvtWQV815j-nQDpQH97druzqR1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/75b43d-e742-48ea-945a-aa832db7b50a/1/6MGpGNmAc2eKZx3rQxF5WtKufAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/75b43d-e742-48ea-945a-aa832db7b50a/1/nvtWQV815j-nQDpQH97druzqR1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.24.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8c:42:c7:60:47:7d:2c:8c:fc:aa:67:ab:34:f8:88:42:d0:f4:
         fb:c1:57:67:79:b7:3f:d5:27:8a:ce:d6:4e:6d:b0:59:bc:19:
         6c:17:5e:3c:d9:7d:29:32:83:c7:12:45:1b:7c:4d:c8:04:68:
         8e:77:d5:8d:4a:92:9e:ed:15:e4:a2:51:37:b6:aa:3b:f8:6e:
         65:35:e6:55:62:f5:72:88:7d:a3:69:30:eb:84:18:82:b4:0a:
         a1:71:e7:5a:5f:ac:1c:25:4a:4c:b5:30:fc:ed:1d:23:d3:ac:
         9b:37:d8:47:49:8f:ec:cb:3e:d3:a4:b9:27:95:28:9a:0b:c1:
         dd:37:95:f1:0e:a3:af:53:36:21:7f:73:51:4f:c2:8e:7d:1e:
         17:57:88:90:65:87:d8:53:a0:ce:c9:07:73:b3:31:d2:41:ad:
         5e:53:48:1f:27:5c:b9:e0:b7:37:1c:9e:b0:11:2e:ed:c7:30:
         3e:fc:bf:2d:77:f2:4b:f2:70:22:35:4f:90:d5:0b:49:ea:be:
         74:3e:2d:8e:1b:10:aa:2d:31:d8:e4:ba:43:b3:2f:11:ec:22:
         20:7e:61:73:6e:60:ec:89:ec:6c:2a:35:16:c2:c1:b5:cf:1f:
         c9:f7:e4:fe:e9:bd:cd:b7:6b:8f:e2:63:79:1d:48:5b:4a:53:
         a4:de:00:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUz1XFRUH92ugGP+7UjrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZmI1NjQxNWYzNWU2M2ZhNzQwM2E1MDFmZGVkZGFlZWNl
YTQ3NWEwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGMxYTkxOGQ5ODA3MzY3OGE2NzFkZWI0MzExNzk1YWQyYWU3YzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswXTxq9GEkXDTLzObadjczOCkDcG
C7u163uKpbhEvmfrYUy4PJQlZjoec+BbD4/5QRxBhKCoKwe9HTi9MZC6CNvGSDVh
TEUtMlwHrDpLcE2Yi7NWlwIrP+lcwdNvhu1AIMFfZpwNhEyPl/+I4wGIXH0lfWet
3qrBZuPFeIgwrMMI/31G5c9I7km+Fpg/2cT0oB/qXUdT0ERA13qAPVfR0szihFjM
XjHzLWAksX6H4Yf0a33ZdeoVi1hMUi2qqF86+lxhEJgD7c/tpl+1SrcF6LVMAw2/
WeMkX2vykOc/pPc3Ff8Iq1zW0GkLg/O8WeVufe8J4mp34UhlPES5gpFyjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjBqRjZgHNnimcd60MReVrSrnwCMB8GA1UdIwQY
MBaAFJ77VkFfNeY/p0A6UB/e3a7s6kdaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnZ0V1FWODE1ai1uUURwUUg5N2RydXpxUjFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83NWI0M2QtZTc0Mi00OGVhLTk0NWEt
YWE4MzJkYjdiNTBhLzEvNk1HcEdObUFjMmVLWngzclF4RjVXdEt1ZkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83NWI0M2QtZTc0Mi00OGVhLTk0NWEtYWE4MzJkYjdiNTBh
LzEvbnZ0V1FWODE1ai1uUURwUUg5N2RydXpxUjFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEURjAMA0G
CSqGSIb3DQEBCwUAA4IBAQCMQsdgR30sjPyqZ6s0+IhC0PT7wVdnebc/1SeKztZO
bbBZvBlsF1482X0pMoPHEkUbfE3IBGiOd9WNSpKe7RXkolE3tqo7+G5lNeZVYvVy
iH2jaTDrhBiCtAqhcedaX6wcJUpMtTD87R0j06ybN9hHSY/syz7TpLknlSiaC8Hd
N5XxDqOvUzYhf3NRT8KOfR4XV4iQZYfYU6DOyQdzszHSQa1eU0gfJ1y54Lc3HJ6w
ES7txzA+/L8td/JL8nAiNU+Q1QtJ6r50Pi2OGxCqLTHY5LpDsy8R7CIgfmFzbmDs
iexsKjUWwsG1zx/J9+T+6b3Nt2uP4mN5HUhbSlOk3gDA
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:45:52 2024 by rpki-client on console-fra.rpki-client.org