Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/40746e-74c0-47ca-a23c-9fef0114a2e5/1/rK9Aqot1UylkXKbfNg_Wb-je_ng.roa
File:                     rK9Aqot1UylkXKbfNg_Wb-je_ng.roa (raw, json)
Hash identifier:          262GVOno+YdyFl5zC4dEab/XC3RYDeXxOp4OPb2HQpw=
Subject key identifier:   AC:AF:40:AA:8B:75:53:29:64:5C:A6:DF:36:0F:D6:6F:E8:DE:FE:78
Certificate issuer:       /CN=ce6e1a2208fa3f1b9f3d38fff1f8e2c34d911f36
Certificate serial:       018CCA286A566880490CB48B677F3863A455
Authority key identifier: CE:6E:1A:22:08:FA:3F:1B:9F:3D:38:FF:F1:F8:E2:C3:4D:91:1F:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zm4aIgj6PxufPTj_8fjiw02RHzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/40746e-74c0-47ca-a23c-9fef0114a2e5/1/rK9Aqot1UylkXKbfNg_Wb-je_ng.roa
Signing time:             Tue 02 Jan 2024 12:31:35 +0000
ROA not before:           Tue 02 Jan 2024 12:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203210
IP address blocks:        193.43.100.0/24 maxlen: 24
                          193.43.110.0/24 maxlen: 24
                          193.43.126.0/24 maxlen: 24
                          193.43.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/40746e-74c0-47ca-a23c-9fef0114a2e5/1/zm4aIgj6PxufPTj_8fjiw02RHzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/40746e-74c0-47ca-a23c-9fef0114a2e5/1/zm4aIgj6PxufPTj_8fjiw02RHzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zm4aIgj6PxufPTj_8fjiw02RHzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:6a:56:68:80:49:0c:b4:8b:67:7f:38:63:a4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce6e1a2208fa3f1b9f3d38fff1f8e2c34d911f36
        Validity
            Not Before: Jan  2 12:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acaf40aa8b755329645ca6df360fd66fe8defe78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5a:b6:2b:ac:2e:8e:e8:9b:b3:52:7f:09:cb:
                    e2:4b:e9:e2:38:b4:d4:9e:c9:c9:18:b0:03:0a:f0:
                    fe:a4:a1:2d:7d:39:36:c9:07:01:92:f2:10:8a:4a:
                    f5:e6:02:70:4b:69:38:75:e6:b8:42:5b:f7:0a:48:
                    ea:34:c6:b5:90:50:a3:54:e3:96:ac:f0:a5:8b:cc:
                    24:1f:f5:08:80:19:3a:33:9e:10:91:e4:7d:ea:a0:
                    72:04:c9:2c:af:26:1f:7e:dd:b3:eb:43:c4:f6:4d:
                    44:45:b9:b3:b9:8a:60:4b:61:0a:6d:86:33:ab:08:
                    df:3c:49:96:36:a8:db:7e:5f:9e:f4:20:bf:5c:b6:
                    34:7b:46:e3:e6:5b:ad:70:e2:b5:b3:55:f1:9a:6c:
                    08:13:92:a1:ea:16:a5:82:c5:78:05:4f:7b:87:9f:
                    24:13:c1:ef:bb:77:ba:7a:0d:f5:3d:0d:57:c3:65:
                    b9:80:70:d8:38:a3:67:5e:34:c0:7f:bc:65:42:86:
                    82:92:38:75:d5:11:73:22:8c:15:5d:d1:bd:5c:99:
                    ff:ae:4c:46:5c:bd:17:8a:52:cc:bf:a9:7a:e4:ee:
                    f5:63:32:0e:d5:18:d3:8a:65:6c:78:c0:5b:97:df:
                    5c:36:fe:27:13:58:4a:9e:f9:9b:c4:24:b4:2f:c8:
                    5f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:AF:40:AA:8B:75:53:29:64:5C:A6:DF:36:0F:D6:6F:E8:DE:FE:78
            X509v3 Authority Key Identifier:
                keyid:CE:6E:1A:22:08:FA:3F:1B:9F:3D:38:FF:F1:F8:E2:C3:4D:91:1F:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zm4aIgj6PxufPTj_8fjiw02RHzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/40746e-74c0-47ca-a23c-9fef0114a2e5/1/rK9Aqot1UylkXKbfNg_Wb-je_ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/40746e-74c0-47ca-a23c-9fef0114a2e5/1/zm4aIgj6PxufPTj_8fjiw02RHzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.100.0/24
                  193.43.110.0/24
                  193.43.126.0/24
                  193.43.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:72:de:b7:42:7e:6c:42:8d:4e:e3:39:15:45:61:cb:26:54:
         f4:82:0d:c8:12:1d:3b:a7:b1:d3:0c:6a:7f:57:6e:89:39:80:
         e4:55:cd:60:8f:1a:b7:71:67:da:be:35:cf:34:76:ea:de:32:
         42:43:b4:19:37:72:b8:f1:98:a4:82:4e:a4:8d:91:0f:1b:f0:
         e6:48:82:2e:14:87:db:fe:cb:74:0d:02:95:33:00:c1:56:2a:
         6b:cf:5e:c6:79:8a:97:14:66:a3:02:d8:ad:7a:3d:32:c1:95:
         f2:1e:78:fb:dc:4c:70:63:a9:b5:b2:af:98:42:57:2d:12:ce:
         89:3b:6a:59:58:11:fc:90:7a:bd:bf:a3:35:71:f5:8e:7d:8d:
         81:ee:8e:6c:3d:86:72:3c:75:9a:53:9f:2c:f5:86:21:26:6b:
         08:72:fe:4c:72:13:3c:a0:f7:70:79:c2:99:5a:af:66:3a:9f:
         5c:bf:1a:bd:c6:a2:5e:c3:27:7c:5c:4a:7a:10:a1:72:6e:8c:
         01:a4:95:18:29:7a:09:6b:5e:30:0c:58:92:0b:0e:0b:b2:83:
         9e:fa:d2:5d:b0:35:1d:b2:04:4b:71:c8:cd:66:86:ea:4c:5a:
         d3:98:2a:6a:9c:78:6f:78:d8:9d:58:55:11:e1:03:83:08:68:
         6e:db:3d:8a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzKKGpWaIBJDLSLZ384Y6RVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNmUxYTIyMDhmYTNmMWI5ZjNkMzhmZmYxZjhlMmMzNGQ5
MTFmMzYwHhcNMjQwMTAyMTIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2FmNDBhYThiNzU1MzI5NjQ1Y2E2ZGYzNjBmZDY2ZmU4ZGVmZTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlq2K6wujuibs1J/CcviS+niOLTU
nsnJGLADCvD+pKEtfTk2yQcBkvIQikr15gJwS2k4dea4Qlv3CkjqNMa1kFCjVOOW
rPCli8wkH/UIgBk6M54QkeR96qByBMksryYfft2z60PE9k1ERbmzuYpgS2EKbYYz
qwjfPEmWNqjbfl+e9CC/XLY0e0bj5lutcOK1s1XxmmwIE5Kh6halgsV4BU97h58k
E8Hvu3e6eg31PQ1Xw2W5gHDYOKNnXjTAf7xlQoaCkjh11RFzIowVXdG9XJn/rkxG
XL0XilLMv6l65O71YzIO1RjTimVseMBbl99cNv4nE1hKnvmbxCS0L8hfWwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKyvQKqLdVMpZFym3zYP1m/o3v54MB8GA1UdIwQY
MBaAFM5uGiII+j8bnz04//H44sNNkR82MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem00YUlnajZQeHVmUFRqXzhmaml3MDJSSHpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80MDc0NmUtNzRjMC00N2NhLWEyM2Mt
OWZlZjAxMTRhMmU1LzEvcks5QXFvdDFVeWxrWEtiZk5nX1diLWplX25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80MDc0NmUtNzRjMC00N2NhLWEyM2MtOWZlZjAxMTRhMmU1
LzEvem00YUlnajZQeHVmUFRqXzhmaml3MDJSSHpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwStkAwQA
wStuAwQAwSt+AwQAwSuIMA0GCSqGSIb3DQEBCwUAA4IBAQBUct63Qn5sQo1O4zkV
RWHLJlT0gg3IEh07p7HTDGp/V26JOYDkVc1gjxq3cWfavjXPNHbq3jJCQ7QZN3K4
8Zikgk6kjZEPG/DmSIIuFIfb/st0DQKVMwDBViprz17GeYqXFGajAtitej0ywZXy
Hnj73ExwY6m1sq+YQlctEs6JO2pZWBH8kHq9v6M1cfWOfY2B7o5sPYZyPHWaU58s
9YYhJmsIcv5MchM8oPdwecKZWq9mOp9cvxq9xqJewyd8XEp6EKFybowBpJUYKXoJ
a14wDFiSCw4LsoOe+tJdsDUdsgRLccjNZobqTFrTmCpqnHhveNidWFUR4QODCGhu
2z2K
-----END CERTIFICATE-----
Generated at Sun Jun 16 20:24:48 2024 by rpki-client on console-fra.rpki-client.org