Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/CoKFm945lUG_bPWHhkeUJeGQh84.roa
File:                     CoKFm945lUG_bPWHhkeUJeGQh84.roa (raw, json)
Hash identifier:          g7kJMh9PWX1DRAtA2O58ID9CpSSrTxVcNoT6Jl+9Ub8=
Subject key identifier:   0A:82:85:9B:DE:39:95:41:BF:6C:F5:87:86:47:94:25:E1:90:87:CE
Certificate issuer:       /CN=230340d27e4b24f9124977322edb36942e2d160c
Certificate serial:       018CC7942CD9F9E80EBEE177D5C75A977768
Authority key identifier: 23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/CoKFm945lUG_bPWHhkeUJeGQh84.roa
Signing time:             Tue 02 Jan 2024 00:30:25 +0000
ROA not before:           Tue 02 Jan 2024 00:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24848
IP address blocks:        81.26.0.0/20 maxlen: 20
                          81.6.176.0/21 maxlen: 21
                          81.26.16.0/20 maxlen: 20
                          81.6.184.0/22 maxlen: 22
                          81.6.188.0/22 maxlen: 22
                          2a00:cd80::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2c:d9:f9:e8:0e:be:e1:77:d5:c7:5a:97:77:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230340d27e4b24f9124977322edb36942e2d160c
        Validity
            Not Before: Jan  2 00:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a82859bde399541bf6cf58786479425e19087ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:96:64:6b:9d:f1:7d:b2:cc:fe:d8:ed:7e:ba:
                    0a:4b:aa:7e:2e:7b:ac:a5:ad:e1:ea:7f:60:35:7a:
                    05:ea:f0:93:57:97:e5:15:e0:7c:65:41:67:48:69:
                    df:10:da:d0:c9:83:90:3b:c5:3a:c2:92:56:3c:b3:
                    67:b1:07:83:93:98:76:7b:a6:72:98:7c:b3:1a:a9:
                    aa:8c:f1:2f:69:02:6b:2c:61:4a:a4:ad:db:ed:7d:
                    a5:1b:50:3d:8e:b6:3d:61:76:b2:17:70:1f:a2:30:
                    6a:2e:03:42:b7:49:62:f7:0f:57:26:6c:9d:d4:62:
                    34:09:92:2a:c2:13:5b:0c:8c:a6:d3:18:91:b3:44:
                    5c:ea:b4:6b:b2:75:db:c3:f6:9a:02:bd:9e:c8:c1:
                    e7:83:2a:be:ac:2f:71:07:60:4e:2b:f9:f1:01:6e:
                    c0:61:79:dd:2d:aa:43:13:e3:dd:98:7e:9f:c5:fc:
                    ac:02:89:0a:2e:6e:a3:8a:ea:a9:09:4a:2b:fa:e9:
                    52:53:49:8c:f6:4e:17:f9:f0:3e:e0:bc:c0:92:1f:
                    24:37:d1:ae:7a:c3:4e:3e:74:3b:90:c9:44:a8:8d:
                    be:33:f1:36:10:89:4e:fe:f8:67:9d:4d:89:10:f6:
                    b6:da:70:56:e0:09:d2:fd:b2:32:f6:c3:6f:c6:0f:
                    16:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:82:85:9B:DE:39:95:41:BF:6C:F5:87:86:47:94:25:E1:90:87:CE
            X509v3 Authority Key Identifier:
                keyid:23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/CoKFm945lUG_bPWHhkeUJeGQh84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.6.176.0/20
                  81.26.0.0/19
                IPv6:
                  2a00:cd80::/33

    Signature Algorithm: sha256WithRSAEncryption
         01:23:e3:f8:b4:bb:ce:98:62:ec:db:18:3e:ed:b7:9a:e9:19:
         9b:63:19:44:a7:56:b8:59:aa:07:6b:a9:87:54:27:3e:0b:6b:
         35:df:b9:f4:98:0c:96:dd:a0:d8:08:81:69:d8:dc:8d:ce:40:
         77:2c:9d:ec:7b:83:b0:b6:45:fe:f7:aa:e3:2b:ff:5e:5f:cc:
         0e:d8:bf:ef:b5:0f:09:f3:69:e9:3c:23:fb:35:80:87:22:d6:
         33:98:b1:28:ca:03:62:1c:60:7b:d1:56:5c:76:a1:df:1d:fa:
         56:bb:46:02:49:57:1f:7c:55:38:9f:dc:01:11:8a:58:96:60:
         2d:bf:c3:10:6b:d3:68:f6:7e:25:5a:56:60:92:37:94:cc:34:
         ee:13:f7:53:2e:3a:30:c3:ad:f8:f9:8d:3f:df:53:67:93:30:
         14:40:35:99:77:8e:7a:7e:05:8e:16:e4:ca:87:7a:05:b0:a7:
         44:e7:c0:53:0d:17:bf:5f:d8:98:5b:f4:ca:f5:40:04:e2:f8:
         fa:58:00:63:e2:4a:ca:9d:43:6d:59:d6:40:fe:f7:25:28:c9:
         33:f8:7b:db:88:e2:52:ee:2d:0c:45:a0:f3:23:12:9f:c3:a0:
         38:87:d0:bd:e1:b1:6d:be:d3:6a:ae:f3:2e:21:68:de:9f:d5:
         85:65:95:ee
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzHlCzZ+egOvuF31cdal3doMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMDM0MGQyN2U0YjI0ZjkxMjQ5NzczMjJlZGIzNjk0MmUy
ZDE2MGMwHhcNMjQwMTAyMDAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgyODU5YmRlMzk5NTQxYmY2Y2Y1ODc4NjQ3OTQyNWUxOTA4N2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJZka53xfbLM/tjtfroKS6p+Lnus
pa3h6n9gNXoF6vCTV5flFeB8ZUFnSGnfENrQyYOQO8U6wpJWPLNnsQeDk5h2e6Zy
mHyzGqmqjPEvaQJrLGFKpK3b7X2lG1A9jrY9YXayF3AfojBqLgNCt0li9w9XJmyd
1GI0CZIqwhNbDIym0xiRs0Rc6rRrsnXbw/aaAr2eyMHngyq+rC9xB2BOK/nxAW7A
YXndLapDE+PdmH6fxfysAokKLm6jiuqpCUor+ulSU0mM9k4X+fA+4LzAkh8kN9Gu
esNOPnQ7kMlEqI2+M/E2EIlO/vhnnU2JEPa22nBW4AnS/bIy9sNvxg8WiwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFAqChZveOZVBv2z1h4ZHlCXhkIfOMB8GA1UdIwQY
MBaAFCMDQNJ+SyT5Ekl3Mi7bNpQuLRYMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAt
YjU3MDkwN2I1OWViLzEvQ29LRm05NDVsVUdfYlBXSGhrZVVKZUdRaDg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAtYjU3MDkwN2I1OWVi
LzEvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQEUQawAwQF
URoAMA4EAgACMAgDBgcqAM2AADANBgkqhkiG9w0BAQsFAAOCAQEAASPj+LS7zphi
7NsYPu23mukZm2MZRKdWuFmqB2uph1QnPgtrNd+59JgMlt2g2AiBadjcjc5Adyyd
7HuDsLZF/veq4yv/Xl/MDti/77UPCfNp6Twj+zWAhyLWM5ixKMoDYhxge9FWXHah
3x36VrtGAklXH3xVOJ/cARGKWJZgLb/DEGvTaPZ+JVpWYJI3lMw07hP3Uy46MMOt
+PmNP99TZ5MwFEA1mXeOen4Fjhbkyod6BbCnROfAUw0Xv1/YmFv0yvVABOL4+lgA
Y+JKyp1DbVnWQP73JSjJM/h724jiUu4tDEWg8yMSn8OgOIfQveGxbb7Taq7zLiFo
3p/VhWWV7g==
-----END CERTIFICATE-----
Generated at Sat Nov 23 19:17:26 2024 by rpki-client on console-fra.rpki-client.org