Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/1d9BHaQ-myy7CuS89YQDwZ-LMJo.roa
File:                     1d9BHaQ-myy7CuS89YQDwZ-LMJo.roa (raw, json)
Hash identifier:          pibdFFTFh4mBZEbknn62syGN/d9AbJkN6HE8Kk6fWP4=
Subject key identifier:   D5:DF:41:1D:A4:3E:9B:2C:BB:0A:E4:BC:F5:84:03:C1:9F:8B:30:9A
Certificate issuer:       /CN=f826ffe96cdc41efaa8bfb3125862d6594be9827
Certificate serial:       018CC34930927AADD6A2B3FB19A07BC2150E
Authority key identifier: F8:26:FF:E9:6C:DC:41:EF:AA:8B:FB:31:25:86:2D:65:94:BE:98:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/1d9BHaQ-myy7CuS89YQDwZ-LMJo.roa
Signing time:             Mon 01 Jan 2024 04:30:02 +0000
ROA not before:           Mon 01 Jan 2024 04:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        134.76.0.0/16 maxlen: 16
                          195.12.38.0/24 maxlen: 24
                          2a06:93c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:30:92:7a:ad:d6:a2:b3:fb:19:a0:7b:c2:15:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f826ffe96cdc41efaa8bfb3125862d6594be9827
        Validity
            Not Before: Jan  1 04:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5df411da43e9b2cbb0ae4bcf58403c19f8b309a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:40:0d:d4:0e:2b:4b:29:35:57:b9:35:95:1b:
                    c0:d2:69:f2:14:68:fd:08:dc:1f:e5:f9:4c:38:31:
                    9d:f7:41:cb:bf:1b:c0:9c:70:c4:96:e7:9d:f8:4c:
                    e6:d8:7d:8d:ee:ea:7a:c9:77:37:fb:2d:04:68:a1:
                    2e:5b:93:a1:9f:23:8d:42:68:31:2c:32:f3:83:8b:
                    75:ee:38:49:fe:6b:94:e9:d2:41:97:d2:06:75:c1:
                    e7:bf:c7:7e:7f:83:fb:70:5a:66:db:71:b1:8e:e3:
                    ba:01:6a:f1:f8:25:13:90:7a:52:4c:6d:d2:45:35:
                    48:16:3e:c4:a9:2e:75:2b:dd:00:2f:ed:93:f0:03:
                    36:1a:76:30:50:bd:24:e1:f4:54:d0:cb:ae:55:cb:
                    99:f8:7c:00:77:c4:97:ed:ae:a5:1c:6f:1c:1f:52:
                    52:2d:6d:0f:cf:1d:ea:98:7f:f0:96:b0:8f:40:a5:
                    b0:81:ba:cb:a4:94:04:cd:dd:6b:e4:54:c7:10:42:
                    dd:09:2c:09:ca:3e:d2:ef:63:8f:b1:cd:7d:b3:4a:
                    0b:ac:88:c3:1a:f3:3c:5a:e5:67:84:f4:3b:e0:81:
                    b3:3d:82:59:e2:92:05:76:de:68:6c:3d:dd:83:ed:
                    00:7d:e8:c3:4b:14:b0:78:72:d5:12:58:cc:e4:55:
                    c8:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:DF:41:1D:A4:3E:9B:2C:BB:0A:E4:BC:F5:84:03:C1:9F:8B:30:9A
            X509v3 Authority Key Identifier:
                keyid:F8:26:FF:E9:6C:DC:41:EF:AA:8B:FB:31:25:86:2D:65:94:BE:98:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/1d9BHaQ-myy7CuS89YQDwZ-LMJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6f6826-1aad-4c3c-bd91-cca37e2f2729/1/1-Cb_6WzcQe-qi_sxJYYtZZS-mCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.76.0.0/16
                  195.12.38.0/24
                IPv6:
                  2a06:93c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:3e:8b:87:c4:51:0f:04:5c:d3:4e:76:9b:57:70:a5:f8:50:
         78:f0:57:fe:56:44:24:39:67:bb:d3:e5:58:0e:52:58:53:29:
         89:e0:0d:66:a3:86:51:3e:8a:a1:2d:12:f5:09:ad:69:ba:d4:
         0d:44:a3:5f:c3:b2:3c:a5:fe:67:63:61:ca:46:07:1c:76:e6:
         a2:d5:fa:7c:09:be:26:9e:3f:02:b2:69:fb:ff:16:6b:4b:ba:
         df:ff:6a:ee:f6:d2:87:6e:f0:1d:2f:79:48:d6:01:1c:8f:90:
         6b:8a:bb:ac:ed:e5:5e:47:02:35:d5:07:eb:da:50:99:81:aa:
         d1:cb:00:e7:57:14:58:28:9f:39:cc:6a:34:86:0d:5a:e2:a8:
         98:86:75:f0:7c:6b:60:e3:09:5f:ed:77:bc:78:fc:97:e9:e1:
         e6:1b:73:a0:d3:b7:14:fb:81:15:3c:4f:27:91:5a:e2:10:00:
         b8:ac:b8:c9:7f:49:51:a3:e2:25:47:4a:c8:be:ab:fd:11:b5:
         f1:c0:6c:9e:13:1c:02:be:4e:d6:98:ee:3a:64:fd:35:fe:b0:
         fd:2d:1a:13:8e:8e:d7:80:7b:90:f5:61:77:a6:50:1b:66:af:
         cf:85:a7:f0:3f:73:7c:57:92:91:4c:bf:49:2d:1a:9a:57:ee:
         cb:a3:9a:07
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzDSTCSeq3WorP7GaB7whUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjZmZmU5NmNkYzQxZWZhYThiZmIzMTI1ODYyZDY1OTRi
ZTk4MjcwHhcNMjQwMTAxMDQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWRmNDExZGE0M2U5YjJjYmIwYWU0YmNmNTg0MDNjMTlmOGIzMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0AN1A4rSyk1V7k1lRvA0mnyFGj9
CNwf5flMODGd90HLvxvAnHDElued+Ezm2H2N7up6yXc3+y0EaKEuW5OhnyONQmgx
LDLzg4t17jhJ/muU6dJBl9IGdcHnv8d+f4P7cFpm23GxjuO6AWrx+CUTkHpSTG3S
RTVIFj7EqS51K90AL+2T8AM2GnYwUL0k4fRU0MuuVcuZ+HwAd8SX7a6lHG8cH1JS
LW0Pzx3qmH/wlrCPQKWwgbrLpJQEzd1r5FTHEELdCSwJyj7S72OPsc19s0oLrIjD
GvM8WuVnhPQ74IGzPYJZ4pIFdt5obD3dg+0AfejDSxSweHLVEljM5FXIGQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFNXfQR2kPpssuwrkvPWEA8GfizCaMB8GA1UdIwQY
MBaAFPgm/+ls3EHvqov7MSWGLWWUvpgnMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DYl82V3pjUWUtcWlfc3hKWVl0WlpTLW1DYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIvNmY2ODI2LTFhYWQtNGMzYy1iZDkx
LWNjYTM3ZTJmMjcyOS8xLzFkOUJIYVEtbXl5N0N1Uzg5WVFEd1otTE1Kby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvNmY2ODI2LTFhYWQtNGMzYy1iZDkxLWNjYTM3ZTJmMjcy
OS8xLzEtQ2JfNld6Y1FlLXFpX3N4SllZdFpaUy1tQ2MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMwYIKwYBBQUHAQcBAf8EJDAiMBEEAgABMAsDAwCGTAME
AMMMJjANBAIAAjAHAwUDKgaTwDANBgkqhkiG9w0BAQsFAAOCAQEArj6Lh8RRDwRc
0052m1dwpfhQePBX/lZEJDlnu9PlWA5SWFMpieANZqOGUT6KoS0S9QmtabrUDUSj
X8OyPKX+Z2NhykYHHHbmotX6fAm+Jp4/ArJp+/8Wa0u63/9q7vbSh27wHS95SNYB
HI+Qa4q7rO3lXkcCNdUH69pQmYGq0csA51cUWCifOcxqNIYNWuKomIZ18HxrYOMJ
X+13vHj8l+nh5htzoNO3FPuBFTxPJ5Fa4hAAuKy4yX9JUaPiJUdKyL6r/RG18cBs
nhMcAr5O1pjuOmT9Nf6w/S0aE46O14B7kPVhd6ZQG2avz4Wn8D9zfFeSkUy/SS0a
mlfuy6OaBw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:22:44 2024 by rpki-client on console-fra.rpki-client.org