Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/d6qJL2e6GhWheL3pQLHktbiT_t0.roa
File:                     d6qJL2e6GhWheL3pQLHktbiT_t0.roa (raw, json)
Hash identifier:          S8jtpon3AzveFcImakBk6u8fH44XPkQDFwYlgkXEvOY=
Subject key identifier:   77:AA:89:2F:67:BA:1A:15:A1:78:BD:E9:40:B1:E4:B5:B8:93:FE:DD
Certificate issuer:       /CN=2dd596c1ea7ecbb1be1777fc0d38ed06ca40eabe
Certificate serial:       018CC801650570E12B93222C686D489144F4
Authority key identifier: 2D:D5:96:C1:EA:7E:CB:B1:BE:17:77:FC:0D:38:ED:06:CA:40:EA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LdWWwep-y7G-F3f8DTjtBspA6r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/d6qJL2e6GhWheL3pQLHktbiT_t0.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60571
IP address blocks:        194.104.148.0/24 maxlen: 24
                          2a06:1c4::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/LdWWwep-y7G-F3f8DTjtBspA6r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/LdWWwep-y7G-F3f8DTjtBspA6r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LdWWwep-y7G-F3f8DTjtBspA6r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:65:05:70:e1:2b:93:22:2c:68:6d:48:91:44:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dd596c1ea7ecbb1be1777fc0d38ed06ca40eabe
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77aa892f67ba1a15a178bde940b1e4b5b893fedd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:30:2a:44:a4:6c:05:22:11:49:a7:d3:eb:51:
                    f7:c2:8b:09:a2:3f:e4:51:32:35:c6:d0:88:e8:bd:
                    d9:29:0a:f7:1d:ae:d3:26:e0:20:43:be:db:40:2e:
                    30:35:d9:28:bf:b1:75:65:f8:9c:97:4e:f5:ae:15:
                    c8:f6:66:fe:00:99:bc:0b:5e:99:d7:f1:d0:32:db:
                    c3:e4:40:02:7f:f7:f9:55:22:a7:3b:ae:40:f0:ce:
                    4b:e1:44:4c:ba:3a:ed:a8:2d:f4:d1:94:70:e2:60:
                    d2:69:16:e1:cc:5f:75:9d:e8:a4:4a:33:c0:17:4b:
                    61:2b:23:3f:86:07:e8:48:89:4c:07:6b:dd:5d:57:
                    10:2f:0c:c4:ad:2f:00:8c:0a:c6:c0:94:16:4a:7a:
                    2d:a8:c3:c3:d7:81:31:67:32:c5:67:64:70:4b:64:
                    65:79:8f:78:50:95:e3:71:66:db:d8:8f:09:e8:b9:
                    c0:7b:f8:ce:25:d9:d4:f5:48:0b:4b:77:3f:de:3c:
                    10:2b:12:74:a5:f1:f2:69:7e:ac:8f:f3:06:66:10:
                    69:12:c6:a7:03:f2:9d:5e:08:22:40:b8:02:d8:44:
                    2d:f8:bb:c2:39:e4:69:82:0b:dc:c4:dd:d9:0e:3f:
                    5b:f4:e7:ad:e6:2c:0c:94:d0:29:bb:f7:9e:83:ba:
                    52:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:AA:89:2F:67:BA:1A:15:A1:78:BD:E9:40:B1:E4:B5:B8:93:FE:DD
            X509v3 Authority Key Identifier:
                keyid:2D:D5:96:C1:EA:7E:CB:B1:BE:17:77:FC:0D:38:ED:06:CA:40:EA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LdWWwep-y7G-F3f8DTjtBspA6r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/d6qJL2e6GhWheL3pQLHktbiT_t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/363ecc-2aa1-4281-95b1-8b0fc07858d6/1/LdWWwep-y7G-F3f8DTjtBspA6r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.148.0/24
                IPv6:
                  2a06:1c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:e4:44:da:f5:8b:84:9e:f6:07:dd:de:37:b1:01:38:32:75:
         f1:ac:fc:f3:61:a8:ce:f7:23:17:cf:2d:43:45:7e:ff:e8:35:
         3b:1c:0a:e4:85:0a:92:09:cf:f1:76:54:48:c2:41:c3:e1:91:
         69:44:f0:1a:b9:cb:e4:b0:1f:bb:41:57:3d:6f:8c:e9:95:73:
         a9:9b:64:2b:a3:3e:5e:f1:3c:0a:a2:ed:13:fe:bb:85:af:53:
         78:65:c1:a8:a2:37:dc:66:8d:a6:56:70:23:5c:53:9b:73:dc:
         3c:f2:7e:31:2b:8c:b2:35:69:c9:8b:c8:7c:16:73:47:a4:8d:
         7b:b4:ce:03:a4:d8:ee:f9:27:5e:c7:78:96:85:df:be:6a:47:
         c3:65:c7:c0:94:64:9e:c7:11:f7:12:41:75:d7:b9:df:97:3e:
         c8:72:e0:a8:d9:32:ab:fe:9a:3a:44:07:41:68:2a:f2:24:8d:
         a1:bc:df:94:bd:aa:45:9b:c2:f4:9f:ce:dc:d3:f4:b1:f3:2c:
         0d:77:62:3e:b7:35:31:a5:09:8e:fd:0e:4c:c4:7c:c2:5d:65:
         d9:5d:be:96:dc:3b:0e:90:ac:c3:47:27:c2:df:5b:a5:28:a3:
         53:7f:09:0d:a5:50:6d:7a:e4:e4:ff:26:05:23:16:a8:ef:db:
         3d:42:1f:11
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAWUFcOErkyIsaG1IkUT0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZDU5NmMxZWE3ZWNiYjFiZTE3NzdmYzBkMzhlZDA2Y2E0
MGVhYmUwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2FhODkyZjY3YmExYTE1YTE3OGJkZTk0MGIxZTRiNWI4OTNmZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDAqRKRsBSIRSafT61H3wosJoj/k
UTI1xtCI6L3ZKQr3Ha7TJuAgQ77bQC4wNdkov7F1Zficl071rhXI9mb+AJm8C16Z
1/HQMtvD5EACf/f5VSKnO65A8M5L4URMujrtqC300ZRw4mDSaRbhzF91neikSjPA
F0thKyM/hgfoSIlMB2vdXVcQLwzErS8AjArGwJQWSnotqMPD14ExZzLFZ2RwS2Rl
eY94UJXjcWbb2I8J6LnAe/jOJdnU9UgLS3c/3jwQKxJ0pfHyaX6sj/MGZhBpEsan
A/KdXggiQLgC2EQt+LvCOeRpggvcxN3ZDj9b9Oet5iwMlNApu/eeg7pSiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHeqiS9nuhoVoXi96UCx5LW4k/7dMB8GA1UdIwQY
MBaAFC3VlsHqfsuxvhd3/A047QbKQOq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGRXV3dlcC15N0ctRjNmOERUanRCc3BBNnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zNjNlY2MtMmFhMS00MjgxLTk1YjEt
OGIwZmMwNzg1OGQ2LzEvZDZxSkwyZTZHaFdoZUwzcFFMSGt0YmlUX3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zNjNlY2MtMmFhMS00MjgxLTk1YjEtOGIwZmMwNzg1OGQ2
LzEvTGRXV3dlcC15N0ctRjNmOERUanRCc3BBNnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwmiUMA0E
AgACMAcDBQAqBgHEMA0GCSqGSIb3DQEBCwUAA4IBAQAq5ETa9YuEnvYH3d43sQE4
MnXxrPzzYajO9yMXzy1DRX7/6DU7HArkhQqSCc/xdlRIwkHD4ZFpRPAaucvksB+7
QVc9b4zplXOpm2Qroz5e8TwKou0T/ruFr1N4ZcGoojfcZo2mVnAjXFObc9w88n4x
K4yyNWnJi8h8FnNHpI17tM4DpNju+Sdex3iWhd++akfDZcfAlGSexxH3EkF117nf
lz7IcuCo2TKr/po6RAdBaCryJI2hvN+UvapFm8L0n87c0/Sx8ywNd2I+tzUxpQmO
/Q5MxHzCXWXZXb6W3DsOkKzDRyfC31ulKKNTfwkNpVBteuTk/yYFIxao79s9Qh8R
-----END CERTIFICATE-----
Generated at Sat Nov 23 07:35:48 2024 by rpki-client on console-fra.rpki-client.org