Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/d73fc6-c498-4b20-a91c-656fc7f7023c/1/eZbPS-gTeujJqvQMcVIzKJ42aKA.roa
File:                     eZbPS-gTeujJqvQMcVIzKJ42aKA.roa (raw, json)
Hash identifier:          nwvrHzWTcdk6yGR+fKOkYESMO9kncdiROiLJ2gCgIbI=
Subject key identifier:   79:96:CF:4B:E8:13:7A:E8:C9:AA:F4:0C:71:52:33:28:9E:36:68:A0
Certificate issuer:       /CN=c9da628824cd59b14272b4058a89642e4b47bddc
Certificate serial:       0191560600C00A7FB374665D4F3F7E2FF2E2
Authority key identifier: C9:DA:62:88:24:CD:59:B1:42:72:B4:05:8A:89:64:2E:4B:47:BD:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydpiiCTNWbFCcrQFiolkLktHvdw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/d73fc6-c498-4b20-a91c-656fc7f7023c/1/eZbPS-gTeujJqvQMcVIzKJ42aKA.roa
Signing time:             Thu 15 Aug 2024 12:31:59 +0000
ROA not before:           Thu 15 Aug 2024 12:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        2001:67c:19e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/d73fc6-c498-4b20-a91c-656fc7f7023c/1/ydpiiCTNWbFCcrQFiolkLktHvdw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/d73fc6-c498-4b20-a91c-656fc7f7023c/1/ydpiiCTNWbFCcrQFiolkLktHvdw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydpiiCTNWbFCcrQFiolkLktHvdw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:56:06:00:c0:0a:7f:b3:74:66:5d:4f:3f:7e:2f:f2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9da628824cd59b14272b4058a89642e4b47bddc
        Validity
            Not Before: Aug 15 12:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7996cf4be8137ae8c9aaf40c715233289e3668a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a2:83:30:1c:72:cc:7d:07:10:2a:d3:61:68:
                    8d:2e:3e:d0:df:c0:33:9e:9d:a5:bd:5f:e5:f4:3e:
                    79:11:1f:dd:9a:09:15:72:a4:e3:d2:23:03:d9:aa:
                    4a:a2:6f:cf:6b:69:df:bf:b8:19:52:69:e4:35:16:
                    17:72:67:98:fc:20:22:31:bd:9b:19:c6:4b:43:a9:
                    a1:f1:b9:84:81:14:5f:de:28:25:60:f6:ab:b6:a7:
                    e8:06:94:41:3b:23:54:86:68:26:dc:0f:c5:bc:d5:
                    54:b9:27:a3:2b:2c:31:0e:ad:89:95:86:b2:31:47:
                    70:4c:34:c7:8e:ac:cf:82:b7:a7:06:53:28:e5:31:
                    9d:4a:45:9e:cc:36:ba:7f:97:bf:24:c0:f2:7c:9b:
                    8c:bc:ec:df:72:6a:26:c0:31:ff:3b:12:bf:8f:ce:
                    3c:c8:40:d8:d7:39:a6:75:8d:c7:38:07:3b:75:d7:
                    d9:98:5b:a3:5b:f3:36:56:68:dc:45:15:4f:7e:52:
                    ac:4b:55:19:2d:f7:14:94:b4:d4:ed:49:ef:bc:5b:
                    32:2f:32:54:2d:1d:bc:5a:7b:c4:57:84:6e:91:a4:
                    44:36:06:18:a6:11:f7:55:a7:a1:c3:c0:1a:2e:09:
                    78:12:53:4a:9b:6a:68:85:79:74:ea:13:ca:95:05:
                    2d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:96:CF:4B:E8:13:7A:E8:C9:AA:F4:0C:71:52:33:28:9E:36:68:A0
            X509v3 Authority Key Identifier:
                keyid:C9:DA:62:88:24:CD:59:B1:42:72:B4:05:8A:89:64:2E:4B:47:BD:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydpiiCTNWbFCcrQFiolkLktHvdw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d73fc6-c498-4b20-a91c-656fc7f7023c/1/eZbPS-gTeujJqvQMcVIzKJ42aKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d73fc6-c498-4b20-a91c-656fc7f7023c/1/ydpiiCTNWbFCcrQFiolkLktHvdw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:19e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:9f:08:eb:9e:4c:e4:a7:d6:1e:47:43:63:b4:37:80:3a:02:
         2d:75:cd:58:53:a6:9c:39:63:ce:68:60:aa:cd:4e:33:67:2e:
         95:bc:96:14:a1:4f:6a:cb:57:e3:74:65:99:11:f5:3e:9c:9f:
         50:33:e2:80:a3:6a:0d:6c:3f:de:80:4c:5e:13:81:af:27:f1:
         da:fe:d0:78:5a:70:8d:4e:de:fa:4e:6d:8f:b1:e6:f3:dc:3f:
         d6:ad:e5:be:8b:c7:8e:b7:96:19:b1:14:ec:88:8f:d5:73:20:
         4b:12:83:93:63:74:15:a8:21:b6:67:02:64:24:5b:d9:83:bb:
         bc:b3:1b:27:c6:95:f1:a4:02:e1:a5:14:a6:fe:13:7b:e6:e3:
         3a:a1:d0:fb:f6:62:8d:50:a6:dc:69:65:5e:b1:89:fa:7e:c4:
         a3:d1:7e:85:60:57:22:c2:e3:2e:32:37:ac:9e:a5:ed:62:02:
         98:e7:75:4f:0b:e1:0e:58:16:79:49:3e:0a:30:18:d8:ec:db:
         01:35:6e:77:96:81:df:71:ef:4b:41:0a:11:79:03:5d:da:7b:
         6a:bf:fb:1d:62:d3:73:c1:38:32:35:bb:62:60:b6:dd:d3:e6:
         5e:5c:e3:75:1e:ca:42:63:8b:ae:06:cd:09:e3:2c:1b:93:c8:
         66:4c:37:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFWBgDACn+zdGZdTz9+L/LiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZGE2Mjg4MjRjZDU5YjE0MjcyYjQwNThhODk2NDJlNGI0
N2JkZGMwHhcNMjQwODE1MTIzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTk2Y2Y0YmU4MTM3YWU4YzlhYWY0MGM3MTUyMzMyODllMzY2OGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKKDMBxyzH0HECrTYWiNLj7Q38Az
np2lvV/l9D55ER/dmgkVcqTj0iMD2apKom/Pa2nfv7gZUmnkNRYXcmeY/CAiMb2b
GcZLQ6mh8bmEgRRf3iglYPartqfoBpRBOyNUhmgm3A/FvNVUuSejKywxDq2JlYay
MUdwTDTHjqzPgrenBlMo5TGdSkWezDa6f5e/JMDyfJuMvOzfcmomwDH/OxK/j848
yEDY1zmmdY3HOAc7ddfZmFujW/M2VmjcRRVPflKsS1UZLfcUlLTU7UnvvFsyLzJU
LR28WnvEV4RukaRENgYYphH3Vaehw8AaLgl4ElNKm2pohXl06hPKlQUtdwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHmWz0voE3royar0DHFSMyieNmigMB8GA1UdIwQY
MBaAFMnaYogkzVmxQnK0BYqJZC5LR73cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRwaWlDVE5XYkZDY3JRRmlvbGtMa3RIdmR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9kNzNmYzYtYzQ5OC00YjIwLWE5MWMt
NjU2ZmM3ZjcwMjNjLzEvZVpiUFMtZ1RldWpKcXZRTWNWSXpLSjQyYUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9kNzNmYzYtYzQ5OC00YjIwLWE5MWMtNjU2ZmM3ZjcwMjNj
LzEveWRwaWlDVE5XYkZDY3JRRmlvbGtMa3RIdmR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBng
MA0GCSqGSIb3DQEBCwUAA4IBAQB0nwjrnkzkp9YeR0NjtDeAOgItdc1YU6acOWPO
aGCqzU4zZy6VvJYUoU9qy1fjdGWZEfU+nJ9QM+KAo2oNbD/egExeE4GvJ/Ha/tB4
WnCNTt76Tm2Psebz3D/WreW+i8eOt5YZsRTsiI/VcyBLEoOTY3QVqCG2ZwJkJFvZ
g7u8sxsnxpXxpALhpRSm/hN75uM6odD79mKNUKbcaWVesYn6fsSj0X6FYFciwuMu
MjesnqXtYgKY53VPC+EOWBZ5ST4KMBjY7NsBNW53loHfce9LQQoReQNd2ntqv/sd
YtNzwTgyNbtiYLbd0+ZeXON1HspCY4uuBs0J4ywbk8hmTDdA
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:50:05 2024 by rpki-client on console-fra.rpki-client.org