Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/IsR6AxRNJVbai8dQvQEhi2WQgyk.roa
File:                     IsR6AxRNJVbai8dQvQEhi2WQgyk.roa (raw, json)
Hash identifier:          i318CLfx+k865BL4D7cjGQFKhTmzqD1b6rRbxR48gK4=
Subject key identifier:   22:C4:7A:03:14:4D:25:56:DA:8B:C7:50:BD:01:21:8B:65:90:83:29
Certificate issuer:       /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial:       018CC42471815E3B929C2C274F0ABF963A79
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/IsR6AxRNJVbai8dQvQEhi2WQgyk.roa
Signing time:             Mon 01 Jan 2024 08:29:31 +0000
ROA not before:           Mon 01 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205727
IP address blocks:        176.107.128.0/20 maxlen: 24
                          80.211.240.0/20 maxlen: 24
                          2a00:6d47::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:71:81:5e:3b:92:9c:2c:27:4f:0a:bf:96:3a:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
        Validity
            Not Before: Jan  1 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22c47a03144d2556da8bc750bd01218b65908329
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3e:19:77:46:11:82:e9:47:69:7b:71:34:99:
                    fb:db:d6:e2:4c:c8:51:2e:c4:2f:e7:20:95:55:9b:
                    94:33:0d:a0:64:ac:9c:27:1a:98:5e:fb:5a:35:3a:
                    d8:91:8b:d1:cb:89:b6:69:6a:96:a2:16:80:4b:05:
                    0f:07:8f:6a:a8:0e:90:83:d9:f0:8e:44:53:ab:7e:
                    b7:ac:63:67:bf:a0:37:57:d4:f1:30:91:dd:96:3e:
                    40:f0:ba:0c:10:df:85:a0:3a:04:4a:c3:37:e0:7a:
                    fc:1c:f2:f4:2e:9e:88:e3:7e:c6:7f:38:e2:2f:72:
                    f2:86:55:ec:45:25:6f:1e:a9:69:d5:1d:4a:08:c6:
                    17:ab:57:0b:4b:ab:06:08:87:ef:17:6a:fe:96:5e:
                    2b:f5:70:ec:84:df:08:f6:8c:77:17:97:54:e4:27:
                    eb:c4:00:bb:a3:a4:44:2b:78:e3:3e:ec:95:a6:82:
                    a8:6b:d6:58:88:91:73:cc:93:b3:75:5d:cd:5b:c8:
                    f4:5b:bb:cb:1d:77:d4:bf:96:19:05:05:24:8e:9e:
                    38:cf:c0:6e:9f:44:f8:24:99:50:96:11:c7:72:b8:
                    c8:f9:59:eb:a3:3a:37:5d:19:30:b6:58:d3:8b:70:
                    b6:0c:60:c2:50:aa:67:15:f2:9b:16:62:31:4b:b6:
                    a6:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C4:7A:03:14:4D:25:56:DA:8B:C7:50:BD:01:21:8B:65:90:83:29
            X509v3 Authority Key Identifier:
                keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/IsR6AxRNJVbai8dQvQEhi2WQgyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.211.240.0/20
                  176.107.128.0/20
                IPv6:
                  2a00:6d47::/36

    Signature Algorithm: sha256WithRSAEncryption
         ac:93:2a:1f:a4:32:52:8f:31:7e:a8:25:b6:55:1d:29:25:cd:
         3b:3e:a1:5c:3b:d8:0a:6f:65:35:16:69:47:ee:10:5f:06:bc:
         25:f7:45:47:a9:d7:2d:41:99:b9:4d:dd:dd:28:30:28:b4:d8:
         e8:4e:6e:e4:27:33:9d:32:e1:a1:e2:29:1c:f7:d6:a3:9b:c2:
         8d:06:de:dd:c7:2d:7c:7b:dd:c5:ba:c8:2c:cc:0d:e6:a9:e5:
         f9:3b:61:19:49:a8:08:59:e8:9f:ae:d3:34:d2:a5:c0:94:9f:
         18:fe:07:30:d1:fd:cc:23:92:1b:32:12:66:bf:ec:c8:fd:41:
         8a:5c:32:2e:fe:59:79:0f:70:77:0b:12:be:e0:b0:71:4b:91:
         98:f4:ee:01:cf:78:00:c7:56:54:b9:85:d8:2c:03:a0:4b:cb:
         3b:5e:25:74:c9:f5:16:b8:49:a5:d4:ee:b8:e9:09:ce:78:cd:
         b5:91:f7:97:ee:3b:44:30:7c:52:00:52:6b:ca:d0:6b:42:98:
         f3:79:28:42:eb:78:d0:f9:1d:30:fa:8e:d8:ba:e0:48:33:df:
         fe:d0:c8:93:96:fb:c2:51:41:95:a4:92:11:5c:37:54:25:20:
         c2:35:ad:32:3c:71:7d:c0:19:73:41:57:34:8e:69:d8:de:64:
         49:21:64:e2
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzEJHGBXjuSnCwnTwq/ljp5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmM0N2EwMzE0NGQyNTU2ZGE4YmM3NTBiZDAxMjE4YjY1OTA4MzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoz4Zd0YRgulHaXtxNJn729biTMhR
LsQv5yCVVZuUMw2gZKycJxqYXvtaNTrYkYvRy4m2aWqWohaASwUPB49qqA6Qg9nw
jkRTq363rGNnv6A3V9TxMJHdlj5A8LoMEN+FoDoESsM34Hr8HPL0Lp6I437Gfzji
L3LyhlXsRSVvHqlp1R1KCMYXq1cLS6sGCIfvF2r+ll4r9XDshN8I9ox3F5dU5Cfr
xAC7o6REK3jjPuyVpoKoa9ZYiJFzzJOzdV3NW8j0W7vLHXfUv5YZBQUkjp44z8Bu
n0T4JJlQlhHHcrjI+Vnrozo3XRkwtljTi3C2DGDCUKpnFfKbFmIxS7amwwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCLEegMUTSVW2ovHUL0BIYtlkIMpMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvSXNSNkF4Uk5KVmJhaThkUXZRRWhpMldRZ3lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQEUNPwAwQE
sGuAMA4EAgACMAgDBgQqAG1HADANBgkqhkiG9w0BAQsFAAOCAQEArJMqH6QyUo8x
fqgltlUdKSXNOz6hXDvYCm9lNRZpR+4QXwa8JfdFR6nXLUGZuU3d3SgwKLTY6E5u
5CcznTLhoeIpHPfWo5vCjQbe3cctfHvdxbrILMwN5qnl+TthGUmoCFnon67TNNKl
wJSfGP4HMNH9zCOSGzISZr/syP1BilwyLv5ZeQ9wdwsSvuCwcUuRmPTuAc94AMdW
VLmF2CwDoEvLO14ldMn1FrhJpdTuuOkJznjNtZH3l+47RDB8UgBSa8rQa0KY83ko
Qut40PkdMPqO2LrgSDPf/tDIk5b7wlFBlaSSEVw3VCUgwjWtMjxxfcAZc0FXNI5p
2N5kSSFk4g==
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:14 2024 by rpki-client on console-ams.rpki-client.org