Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/f84198-2bdb-447d-8722-d8869311499a/1/LcEF17YjhIHEcYBwcY7Ja5znrGc.roa
File:                     LcEF17YjhIHEcYBwcY7Ja5znrGc.roa (raw, json)
Hash identifier:          9tzxAz9s9LKYFlS94CLzeFvOSTZxrIXqbwmTOs0q0Zc=
Subject key identifier:   2D:C1:05:D7:B6:23:84:81:C4:71:80:70:71:8E:C9:6B:9C:E7:AC:67
Certificate issuer:       /CN=6e489fe1c7e20a0b0c63842c45c16c57631785d3
Certificate serial:       018CC5DC23BABA606AC6379C2EE8FD23FEF6
Authority key identifier: 6E:48:9F:E1:C7:E2:0A:0B:0C:63:84:2C:45:C1:6C:57:63:17:85:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bkif4cfiCgsMY4QsRcFsV2MXhdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/f84198-2bdb-447d-8722-d8869311499a/1/LcEF17YjhIHEcYBwcY7Ja5znrGc.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34958
IP address blocks:        193.43.215.0/24 maxlen: 24
                          193.189.147.0/24 maxlen: 24
                          2001:67c:25e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/f84198-2bdb-447d-8722-d8869311499a/1/bkif4cfiCgsMY4QsRcFsV2MXhdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/f84198-2bdb-447d-8722-d8869311499a/1/bkif4cfiCgsMY4QsRcFsV2MXhdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bkif4cfiCgsMY4QsRcFsV2MXhdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:23:ba:ba:60:6a:c6:37:9c:2e:e8:fd:23:fe:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e489fe1c7e20a0b0c63842c45c16c57631785d3
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dc105d7b6238481c4718070718ec96b9ce7ac67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:18:23:94:67:5a:c9:2c:50:e0:69:ce:65:ae:
                    cc:2e:08:89:25:b6:19:4c:d2:7c:60:5a:99:7e:bd:
                    06:e3:65:c0:45:18:be:b0:39:40:a4:a6:c1:04:9d:
                    c0:69:a3:a0:07:21:07:4a:ff:06:af:5d:d6:0e:4b:
                    c2:0a:fd:f1:c9:06:e3:59:37:58:4f:a7:8d:79:82:
                    d9:45:53:d1:7d:69:fa:9c:6a:14:a2:ac:d5:e4:1b:
                    12:08:fc:76:25:31:b6:44:fc:fd:14:c4:c8:fa:3d:
                    8a:0c:86:56:96:56:ff:0d:2e:c5:de:fc:50:43:a7:
                    28:ad:f0:d3:a2:f2:88:69:51:df:3b:d5:cb:7b:1b:
                    69:65:17:b7:03:57:de:ee:6f:61:11:bc:67:a9:99:
                    51:f1:a0:6a:5f:61:93:2c:08:9f:54:73:71:2c:5c:
                    99:31:5d:89:cb:30:b2:14:cc:75:41:e3:05:b1:c4:
                    22:ae:fc:a7:b5:42:69:1d:39:a1:a2:2a:05:80:a1:
                    68:5b:7b:b7:d0:3e:12:7e:a2:b2:22:42:1d:67:f7:
                    14:85:de:e3:df:0f:15:56:4b:91:f7:68:85:6f:06:
                    77:be:d3:5c:9e:25:9b:fe:2f:aa:ba:6f:ec:46:c1:
                    97:f2:cf:b0:c2:b0:dd:2c:98:b2:90:3e:a8:a3:13:
                    e8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:C1:05:D7:B6:23:84:81:C4:71:80:70:71:8E:C9:6B:9C:E7:AC:67
            X509v3 Authority Key Identifier:
                keyid:6E:48:9F:E1:C7:E2:0A:0B:0C:63:84:2C:45:C1:6C:57:63:17:85:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bkif4cfiCgsMY4QsRcFsV2MXhdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/f84198-2bdb-447d-8722-d8869311499a/1/LcEF17YjhIHEcYBwcY7Ja5znrGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/f84198-2bdb-447d-8722-d8869311499a/1/bkif4cfiCgsMY4QsRcFsV2MXhdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.215.0/24
                  193.189.147.0/24
                IPv6:
                  2001:67c:25e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:c7:15:98:67:0c:56:57:17:ac:72:9f:3c:1e:52:c0:2e:38:
         04:46:16:5f:08:d0:c0:56:50:fa:fc:be:4c:18:1d:ec:23:2a:
         cc:5b:be:52:e9:e2:27:da:2a:36:1f:0e:d2:bf:19:4f:dd:77:
         aa:64:d3:61:11:09:06:58:11:c0:06:5e:3d:ab:02:b9:53:a6:
         86:24:58:e0:f4:cf:60:8b:2e:67:65:9d:23:56:ef:9e:a8:a3:
         6b:ef:41:61:a2:da:3c:d4:96:f9:5b:a4:e6:79:3e:05:36:04:
         d3:dd:80:af:dc:01:da:bc:6f:c9:df:d0:26:37:d8:66:9c:ea:
         a2:4e:8c:42:8c:5e:93:8e:41:64:f0:9d:e5:cf:fa:fb:fa:62:
         d7:80:7b:9d:63:5f:a6:5b:3f:d4:30:e1:b9:1b:b9:36:a1:b9:
         b8:72:3b:cf:ea:9a:af:98:91:17:7a:2d:08:6f:d2:84:ca:5a:
         75:eb:46:82:bd:95:82:40:48:14:fd:4e:90:8a:10:db:58:01:
         f3:7f:78:83:08:c8:d1:cb:cb:8f:91:89:24:b6:83:fd:ff:62:
         19:83:f7:46:8a:6f:53:82:f0:b2:d6:df:67:da:e7:a7:a6:96:
         f9:8a:58:b7:1b:9c:82:15:40:8f:7b:44:04:5f:15:e8:59:83:
         12:a2:bc:01
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzF3CO6umBqxjecLuj9I/72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNDg5ZmUxYzdlMjBhMGIwYzYzODQyYzQ1YzE2YzU3NjMx
Nzg1ZDMwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGMxMDVkN2I2MjM4NDgxYzQ3MTgwNzA3MThlYzk2YjljZTdhYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxgjlGdaySxQ4GnOZa7MLgiJJbYZ
TNJ8YFqZfr0G42XARRi+sDlApKbBBJ3AaaOgByEHSv8Gr13WDkvCCv3xyQbjWTdY
T6eNeYLZRVPRfWn6nGoUoqzV5BsSCPx2JTG2RPz9FMTI+j2KDIZWllb/DS7F3vxQ
Q6corfDTovKIaVHfO9XLextpZRe3A1fe7m9hEbxnqZlR8aBqX2GTLAifVHNxLFyZ
MV2JyzCyFMx1QeMFscQirvyntUJpHTmhoioFgKFoW3u30D4SfqKyIkIdZ/cUhd7j
3w8VVkuR92iFbwZ3vtNcniWb/i+qum/sRsGX8s+wwrDdLJiykD6ooxPoNQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFC3BBde2I4SBxHGAcHGOyWuc56xnMB8GA1UdIwQY
MBaAFG5In+HH4goLDGOELEXBbFdjF4XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmtpZjRjZmlDZ3NNWTRRc1JjRnNWMk1YaGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9mODQxOTgtMmJkYi00NDdkLTg3MjIt
ZDg4NjkzMTE0OTlhLzEvTGNFRjE3WWpoSUhFY1lCd2NZN0phNXpuckdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9mODQxOTgtMmJkYi00NDdkLTg3MjItZDg4NjkzMTE0OTlh
LzEvYmtpZjRjZmlDZ3NNWTRRc1JjRnNWMk1YaGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwSvXAwQA
wb2TMA8EAgACMAkDBwAgAQZ8JegwDQYJKoZIhvcNAQELBQADggEBAH7HFZhnDFZX
F6xynzweUsAuOARGFl8I0MBWUPr8vkwYHewjKsxbvlLp4ifaKjYfDtK/GU/dd6pk
02ERCQZYEcAGXj2rArlTpoYkWOD0z2CLLmdlnSNW756oo2vvQWGi2jzUlvlbpOZ5
PgU2BNPdgK/cAdq8b8nf0CY32Gac6qJOjEKMXpOOQWTwneXP+vv6YteAe51jX6Zb
P9Qw4bkbuTahubhyO8/qmq+YkRd6LQhv0oTKWnXrRoK9lYJASBT9TpCKENtYAfN/
eIMIyNHLy4+RiSS2g/3/YhmD90aKb1OC8LLW32fa56emlvmKWLcbnIIVQI97RARf
FehZgxKivAE=
-----END CERTIFICATE-----
Generated at Sat Jun 15 14:55:48 2024 by rpki-client on console-ams.rpki-client.org