Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/SHlmlWsL61f_bdKeG9Ge6wSLgXE.roa
File:                     SHlmlWsL61f_bdKeG9Ge6wSLgXE.roa (raw, json)
Hash identifier:          mFn+3FViwmKsfgwCD3DOuCo0ro7nVWN//TKI6dWnypg=
Subject key identifier:   48:79:66:95:6B:0B:EB:57:FF:6D:D2:9E:1B:D1:9E:EB:04:8B:81:71
Certificate issuer:       /CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Certificate serial:       018DDA713382752E3C39995BC27EE48713BE
Authority key identifier: AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/SHlmlWsL61f_bdKeG9Ge6wSLgXE.roa
Signing time:             Sat 24 Feb 2024 09:27:48 +0000
ROA not before:           Sat 24 Feb 2024 09:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6712
IP address blocks:        82.117.240.0/24 maxlen: 24
                          82.117.246.0/24 maxlen: 24
                          91.250.0.0/19 maxlen: 24
                          91.250.32.0/19 maxlen: 24
                          2a00:1210:ffff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:da:71:33:82:75:2e:3c:39:99:5b:c2:7e:e4:87:13:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
        Validity
            Not Before: Feb 24 09:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=487966956b0beb57ff6dd29e1bd19eeb048b8171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:21:ee:e5:a6:b8:07:c7:a4:e4:bf:ab:0e:06:
                    21:9b:30:21:18:85:70:e3:66:a7:34:be:31:3d:b6:
                    97:e7:db:c6:48:36:ef:1c:b8:1c:27:c9:e2:26:98:
                    15:81:a6:51:ac:94:8a:92:ff:95:eb:59:a5:20:77:
                    51:87:08:e6:8c:29:4c:11:80:15:a4:94:2e:b3:83:
                    dd:f8:85:71:b9:d9:f6:ba:80:f3:0c:7b:2b:44:e6:
                    7b:cd:1f:02:2d:a0:e7:5e:be:8e:8e:d2:f3:9e:6a:
                    0f:4e:f0:8f:92:c4:2c:c5:a5:84:70:ab:ba:75:91:
                    63:44:fb:5f:1b:31:51:6b:06:a5:9e:6c:52:1b:c2:
                    47:9a:aa:cb:c3:e0:c8:54:cb:2a:1e:5c:1d:b5:00:
                    a0:a4:29:0c:43:a4:1a:85:3e:b0:dd:e7:c2:96:75:
                    35:50:f5:71:9a:4d:1b:6c:f3:28:e8:15:29:d8:5f:
                    5c:69:26:e1:ee:69:f3:5b:35:76:8e:9b:00:5c:05:
                    34:b9:15:44:07:85:cc:67:54:ad:df:32:fa:38:4a:
                    c0:88:e9:2a:4f:0d:bd:b9:db:3e:65:b0:f8:16:5f:
                    63:9d:64:4b:09:b7:31:79:0d:14:42:75:8c:45:b7:
                    ed:67:2f:d7:47:f6:9a:47:b8:17:8f:12:7e:58:de:
                    31:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:79:66:95:6B:0B:EB:57:FF:6D:D2:9E:1B:D1:9E:EB:04:8B:81:71
            X509v3 Authority Key Identifier:
                keyid:AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/SHlmlWsL61f_bdKeG9Ge6wSLgXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.117.240.0/24
                  82.117.246.0/24
                  91.250.0.0/18
                IPv6:
                  2a00:1210:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:ef:cd:0e:5c:cf:5c:e7:76:9b:22:55:fc:cc:44:8b:69:93:
         5a:67:46:3f:2b:2a:8e:0d:54:9e:5b:32:ef:09:4d:af:89:20:
         58:70:5c:02:9f:bb:d4:1f:80:d5:42:d5:de:7c:a4:83:da:4c:
         98:aa:63:c6:e3:bf:a0:c3:23:42:ae:f6:17:ef:28:a2:be:16:
         3a:59:11:e5:7f:78:f4:22:92:8b:2c:48:0a:9a:d9:24:e1:f3:
         a7:18:5f:c6:1a:c8:a7:30:7c:61:38:82:cc:c9:a5:02:4d:d7:
         f8:b3:ad:11:67:aa:62:03:fc:32:64:c3:0b:b9:e9:4f:fc:31:
         bc:60:03:42:21:95:4f:fb:e0:bd:08:6b:ff:63:20:13:40:7f:
         0d:44:95:4f:be:22:f2:b2:84:e8:95:b1:e8:8a:11:b9:5f:08:
         78:3b:4a:da:24:e7:f4:aa:fa:31:1e:9a:34:60:a5:bc:70:fe:
         4a:fe:de:7e:34:cb:bb:bf:ce:7a:cd:f5:f7:23:74:5a:f7:6d:
         09:b7:9d:f4:cd:c4:30:b9:e7:c4:9a:89:c7:ce:26:16:ee:75:
         72:0d:c1:31:5b:36:0d:0e:4c:9c:1a:bd:dd:21:91:5d:bc:04:
         bf:93:10:a9:10:9b:04:a7:35:20:73:9b:af:5d:42:c1:64:57:
         ca:b1:45:fb
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAY3acTOCdS48OZlbwn7khxO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2E5YjE3NDVhNWE3MGMzYmY3YmNjMmMyZWUxNjY0NjBh
ZmY3YTgwHhcNMjQwMjI0MDkyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODc5NjY5NTZiMGJlYjU3ZmY2ZGQyOWUxYmQxOWVlYjA0OGI4MTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSHu5aa4B8ek5L+rDgYhmzAhGIVw
42anNL4xPbaX59vGSDbvHLgcJ8niJpgVgaZRrJSKkv+V61mlIHdRhwjmjClMEYAV
pJQus4Pd+IVxudn2uoDzDHsrROZ7zR8CLaDnXr6OjtLznmoPTvCPksQsxaWEcKu6
dZFjRPtfGzFRawalnmxSG8JHmqrLw+DIVMsqHlwdtQCgpCkMQ6QahT6w3efClnU1
UPVxmk0bbPMo6BUp2F9caSbh7mnzWzV2jpsAXAU0uRVEB4XMZ1St3zL6OErAiOkq
Tw29uds+ZbD4Fl9jnWRLCbcxeQ0UQnWMRbftZy/XR/aaR7gXjxJ+WN4xwwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFEh5ZpVrC+tX/23SnhvRnusEi4FxMB8GA1UdIwQY
MBaAFK56mxdFpacMO/e8wsLuFmRgr/eoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMt
Y2M5YTc1OGM5OTE2LzEvU0hsbWxXc0w2MWZfYmRLZUc5R2U2d1NMZ1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMtY2M5YTc1OGM5OTE2
LzEvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAUnXwAwQA
UnX2AwQGW/oAMA8EAgACMAkDBwAqABIQ//8wDQYJKoZIhvcNAQELBQADggEBABXv
zQ5cz1zndpsiVfzMRItpk1pnRj8rKo4NVJ5bMu8JTa+JIFhwXAKfu9QfgNVC1d58
pIPaTJiqY8bjv6DDI0Ku9hfvKKK+FjpZEeV/ePQikossSAqa2STh86cYX8YayKcw
fGE4gszJpQJN1/izrRFnqmID/DJkwwu56U/8MbxgA0IhlU/74L0Ia/9jIBNAfw1E
lU++IvKyhOiVseiKEblfCHg7Stok5/Sq+jEemjRgpbxw/kr+3n40y7u/znrN9fcj
dFr3bQm3nfTNxDC558SaicfOJhbudXINwTFbNg0OTJwavd0hkV28BL+TEKkQmwSn
NSBzm69dQsFkV8qxRfs=
-----END CERTIFICATE-----
Generated at Sun Jun 16 06:46:02 2024 by rpki-client on console-fra.rpki-client.org