Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/MKC-PwTuuMLdugPlxIzteNmxkWU.roa
File:                     MKC-PwTuuMLdugPlxIzteNmxkWU.roa (raw, json)
Hash identifier:          dpWBPHw1roNJPMJ4aeYo7B4udRj0hryl/1X0HcD6f3k=
Subject key identifier:   30:A0:BE:3F:04:EE:B8:C2:DD:BA:03:E5:C4:8C:ED:78:D9:B1:91:65
Certificate issuer:       /CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Certificate serial:       018CC492E318CD37F91200F69DDC7F085EC3
Authority key identifier: 3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/MKC-PwTuuMLdugPlxIzteNmxkWU.roa
Signing time:             Mon 01 Jan 2024 10:30:09 +0000
ROA not before:           Mon 01 Jan 2024 10:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1759
IP address blocks:        2001:2000:6000::/40 maxlen: 40
                          2001:2062::/32 maxlen: 32
                          2001:2003::/32 maxlen: 32
                          2001:2061::/32 maxlen: 32
                          2001:2001:6000::/40 maxlen: 40
                          2001:2060::/27 maxlen: 27
                          2001:2060::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e3:18:cd:37:f9:12:00:f6:9d:dc:7f:08:5e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
        Validity
            Not Before: Jan  1 10:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30a0be3f04eeb8c2ddba03e5c48ced78d9b19165
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:bd:f5:91:16:4d:d1:9b:f0:15:92:f2:5c:54:
                    33:47:76:b1:00:cf:f7:b0:e3:14:72:c6:6a:f8:ba:
                    d8:0e:33:75:cb:c8:09:19:b5:0d:0a:94:cf:0b:9d:
                    1e:7f:2f:0d:20:2f:76:89:2c:da:38:0f:c2:84:33:
                    f8:32:9b:9e:14:a0:54:11:5d:be:38:d3:04:d6:a0:
                    08:ab:bc:98:96:b8:bc:fe:b0:da:aa:1d:47:86:3c:
                    c4:30:ce:fb:20:65:1f:06:64:16:ae:7c:92:e6:23:
                    52:fc:50:47:e9:f6:ae:47:a6:ab:58:e5:db:3b:cb:
                    92:80:80:a5:5c:e9:d8:87:6a:ed:98:20:f5:c6:04:
                    5b:50:4b:bd:03:dc:fa:9a:f1:bc:5a:30:25:00:e5:
                    52:19:93:db:ed:e3:83:94:4a:9b:98:f2:97:dd:c4:
                    cd:c7:42:54:17:3f:ed:5d:e4:d0:88:52:19:96:7e:
                    31:68:1f:8a:6a:36:f0:02:b6:9f:96:32:90:62:5f:
                    86:54:23:9c:14:71:46:7e:8e:d4:d7:20:a0:6a:90:
                    2b:d7:36:74:ce:17:92:c9:df:27:48:89:e9:8a:4a:
                    4d:b3:ee:2d:55:0e:23:73:2c:89:48:20:82:6f:f6:
                    fb:8b:d3:be:e8:08:19:58:0b:e8:65:81:23:9c:76:
                    46:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A0:BE:3F:04:EE:B8:C2:DD:BA:03:E5:C4:8C:ED:78:D9:B1:91:65
            X509v3 Authority Key Identifier:
                keyid:3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/MKC-PwTuuMLdugPlxIzteNmxkWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:2000:6000::/40
                  2001:2001:6000::/40
                  2001:2003::/32
                  2001:2060::/27

    Signature Algorithm: sha256WithRSAEncryption
         10:55:bf:78:99:f0:9c:14:d5:dd:ec:59:f5:11:0e:bb:86:c4:
         6f:b7:b4:53:a2:88:22:b2:73:38:5f:fe:f3:ff:8c:4f:4a:cf:
         20:eb:02:90:fc:65:3f:53:7e:24:56:c6:ee:32:a2:93:36:27:
         e7:df:ac:68:03:b0:87:a8:6d:84:48:88:c3:9d:8e:be:0e:3f:
         60:a1:42:72:e1:d7:00:80:40:dc:5d:07:94:69:70:61:cf:7f:
         79:4a:62:25:e7:29:ff:dd:e0:65:f4:17:bf:4e:0c:b5:81:ba:
         f9:c5:95:a7:76:b5:c7:17:d5:20:6a:51:33:f5:fd:d3:3b:89:
         48:0f:cc:6d:d1:be:3b:ad:43:1e:c1:c7:92:45:9b:d2:82:fd:
         ec:1c:85:71:1e:35:20:24:b6:f7:ee:20:3e:f7:5f:fa:46:a9:
         d1:bf:59:de:a1:6f:8b:10:c9:66:3c:20:12:de:63:89:78:c7:
         a0:d7:7c:e0:60:f8:ae:34:6b:d4:81:fb:c3:bf:97:1f:32:25:
         90:a9:82:85:bc:77:bd:ab:e1:23:2e:8e:79:26:1a:a1:00:a6:
         ab:02:5c:81:b6:63:d9:4b:d8:72:d8:4d:4e:ee:7f:04:aa:4e:
         ef:d4:11:5a:09:f4:2d:77:6c:ba:f3:90:b6:79:08:2c:9d:b1:
         fb:df:c4:8f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzEkuMYzTf5EgD2ndx/CF7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTViMWMwOWFhMzFmNjcxM2M2MWIzMmU1NTgxMDllNDc5
NjZkNDIwHhcNMjQwMTAxMTAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGEwYmUzZjA0ZWViOGMyZGRiYTAzZTVjNDhjZWQ3OGQ5YjE5MTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh731kRZN0ZvwFZLyXFQzR3axAM/3
sOMUcsZq+LrYDjN1y8gJGbUNCpTPC50efy8NIC92iSzaOA/ChDP4MpueFKBUEV2+
ONME1qAIq7yYlri8/rDaqh1HhjzEMM77IGUfBmQWrnyS5iNS/FBH6fauR6arWOXb
O8uSgIClXOnYh2rtmCD1xgRbUEu9A9z6mvG8WjAlAOVSGZPb7eODlEqbmPKX3cTN
x0JUFz/tXeTQiFIZln4xaB+KajbwArafljKQYl+GVCOcFHFGfo7U1yCgapAr1zZ0
zheSyd8nSInpikpNs+4tVQ4jcyyJSCCCb/b7i9O+6AgZWAvoZYEjnHZGtwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDCgvj8E7rjC3boD5cSM7XjZsZFlMB8GA1UdIwQY
MBaAFDulscCaox9nE8YbMuVYEJ5Hlm1CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQt
NDY2ZTljYWI3ODY0LzEvTUtDLVB3VHV1TUxkdWdQbHhJenRlTm14a1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQtNDY2ZTljYWI3ODY0
LzEvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAAjAeAwYAIAEgAGAD
BgAgASABYAMFACABIAMDBQUgASBgMA0GCSqGSIb3DQEBCwUAA4IBAQAQVb94mfCc
FNXd7Fn1EQ67hsRvt7RToogisnM4X/7z/4xPSs8g6wKQ/GU/U34kVsbuMqKTNifn
36xoA7CHqG2ESIjDnY6+Dj9goUJy4dcAgEDcXQeUaXBhz395SmIl5yn/3eBl9Be/
Tgy1gbr5xZWndrXHF9UgalEz9f3TO4lID8xt0b47rUMewceSRZvSgv3sHIVxHjUg
JLb37iA+91/6RqnRv1neoW+LEMlmPCAS3mOJeMeg13zgYPiuNGvUgfvDv5cfMiWQ
qYKFvHe9q+EjLo55JhqhAKarAlyBtmPZS9hy2E1O7n8Eqk7v1BFaCfQtd2y685C2
eQgsnbH738SP
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:01:43 2024 by rpki-client on console-ams.rpki-client.org