Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/sMjren0IMoprvYYhl88BbJMKuFc.roa
File:                     sMjren0IMoprvYYhl88BbJMKuFc.roa (raw, json)
Hash identifier:          XPNcR3X+KZIZ5XTlZmVhg+rLluDwOhR35Y7IH2iDr/o=
Subject key identifier:   B0:C8:EB:7A:7D:08:32:8A:6B:BD:86:21:97:CF:01:6C:93:0A:B8:57
Certificate issuer:       /CN=230340d27e4b24f9124977322edb36942e2d160c
Certificate serial:       018CC7942D53F3E63A5C70D90333204D562F
Authority key identifier: 23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/sMjren0IMoprvYYhl88BbJMKuFc.roa
Signing time:             Tue 02 Jan 2024 00:30:26 +0000
ROA not before:           Tue 02 Jan 2024 00:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30778
IP address blocks:        81.6.138.0/24 maxlen: 24
                          81.6.136.0/23 maxlen: 23
                          81.6.140.0/22 maxlen: 22
                          81.6.128.0/21 maxlen: 21
                          2a00:cd80:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2d:53:f3:e6:3a:5c:70:d9:03:33:20:4d:56:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230340d27e4b24f9124977322edb36942e2d160c
        Validity
            Not Before: Jan  2 00:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0c8eb7a7d08328a6bbd862197cf016c930ab857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bf:7f:5e:6f:3d:7d:da:86:ba:ce:51:68:6d:
                    86:35:9d:07:c6:46:19:df:eb:b0:14:df:11:e7:c5:
                    93:ee:5f:3b:4a:52:b7:21:99:7e:4d:60:6d:15:a5:
                    f6:dc:c2:79:cf:a9:8c:ff:6f:5d:c6:c6:65:b8:73:
                    6b:fd:48:d1:23:6b:3e:e3:d1:84:57:52:21:90:11:
                    cb:75:52:3a:45:25:8a:0b:eb:8a:e3:6b:1e:ef:65:
                    e8:1c:80:13:7e:fa:0c:b0:d2:b0:0f:3e:2e:5e:f8:
                    b9:9d:40:04:fe:52:d5:67:eb:62:88:3c:14:84:26:
                    d1:65:32:66:c8:46:ee:a2:e2:54:0e:00:83:c3:29:
                    76:bb:13:9d:02:93:54:b1:57:db:d5:a3:67:4b:a6:
                    86:02:25:3b:c5:6f:54:51:85:90:71:49:62:37:c6:
                    08:8f:aa:b9:2f:c5:e9:1d:14:0c:24:a8:42:de:dc:
                    47:16:f1:cf:95:18:bf:80:f9:bb:b5:0a:25:d7:10:
                    61:ed:16:42:6a:d8:58:66:7c:ef:df:30:1f:cf:aa:
                    b2:4b:1c:73:3d:71:f8:cb:93:3f:bb:4b:e6:b0:00:
                    32:c3:fe:6a:17:d3:3b:cd:4c:2f:f4:48:bd:fc:e0:
                    b9:c8:27:82:de:66:ed:86:c5:9d:d1:95:d8:9e:29:
                    95:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C8:EB:7A:7D:08:32:8A:6B:BD:86:21:97:CF:01:6C:93:0A:B8:57
            X509v3 Authority Key Identifier:
                keyid:23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/sMjren0IMoprvYYhl88BbJMKuFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.6.128.0-81.6.138.255
                  81.6.140.0/22
                IPv6:
                  2a00:cd80:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         3e:04:7a:b3:e1:eb:53:f5:c5:d3:47:de:08:ea:be:25:48:5f:
         12:fc:d3:fa:86:10:f4:c9:2c:0a:6d:b5:32:a8:43:2c:4b:4b:
         91:99:98:35:32:e5:07:25:a4:a4:80:4c:d5:57:32:90:b9:64:
         c8:09:78:59:4c:24:07:84:60:6c:c0:63:92:34:94:27:8b:f4:
         74:4f:c1:b3:90:71:fe:f0:93:5a:a5:0c:a8:6d:09:bd:c4:91:
         a3:08:0c:84:ed:45:35:12:d8:31:96:ed:5a:25:c4:4b:ba:bc:
         ca:8a:88:0f:eb:f4:ab:e2:64:15:12:5e:0c:6b:13:c5:9a:53:
         80:d6:b0:b2:02:09:8f:0b:7e:db:d8:e6:38:b4:b2:2e:ca:bb:
         d4:ce:4c:aa:90:94:33:fd:a3:32:26:5e:86:b2:47:70:20:d9:
         49:59:e6:4c:58:a9:cc:18:c0:78:49:5f:e8:a8:8c:3c:5e:58:
         8a:11:cf:7e:41:0b:ec:f7:c5:9e:7e:60:46:87:2e:1e:71:a8:
         42:9d:d4:de:08:e2:6b:74:1d:44:e3:60:db:ac:91:2e:e5:42:
         be:05:14:15:df:04:16:db:a8:44:af:68:41:10:01:17:d8:d4:
         31:a8:d5:db:6f:e4:47:81:a7:06:38:7d:ea:b4:12:25:c3:4c:
         c6:cc:30:ba
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzHlC1T8+Y6XHDZAzMgTVYvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMDM0MGQyN2U0YjI0ZjkxMjQ5NzczMjJlZGIzNjk0MmUy
ZDE2MGMwHhcNMjQwMTAyMDAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGM4ZWI3YTdkMDgzMjhhNmJiZDg2MjE5N2NmMDE2YzkzMGFiODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg79/Xm89fdqGus5RaG2GNZ0HxkYZ
3+uwFN8R58WT7l87SlK3IZl+TWBtFaX23MJ5z6mM/29dxsZluHNr/UjRI2s+49GE
V1IhkBHLdVI6RSWKC+uK42se72XoHIATfvoMsNKwDz4uXvi5nUAE/lLVZ+tiiDwU
hCbRZTJmyEbuouJUDgCDwyl2uxOdApNUsVfb1aNnS6aGAiU7xW9UUYWQcUliN8YI
j6q5L8XpHRQMJKhC3txHFvHPlRi/gPm7tQol1xBh7RZCathYZnzv3zAfz6qySxxz
PXH4y5M/u0vmsAAyw/5qF9M7zUwv9Ei9/OC5yCeC3mbthsWd0ZXYnimVJQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLDI63p9CDKKa72GIZfPAWyTCrhXMB8GA1UdIwQY
MBaAFCMDQNJ+SyT5Ekl3Mi7bNpQuLRYMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAt
YjU3MDkwN2I1OWViLzEvc01qcmVuMElNb3BydllZaGw4OEJiSk1LdUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAtYjU3MDkwN2I1OWVi
LzEvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAaBAIAATAUMAwDBAdRBoAD
BABRBooDBAJRBowwDgQCAAIwCAMGByoAzYCAMA0GCSqGSIb3DQEBCwUAA4IBAQA+
BHqz4etT9cXTR94I6r4lSF8S/NP6hhD0ySwKbbUyqEMsS0uRmZg1MuUHJaSkgEzV
VzKQuWTICXhZTCQHhGBswGOSNJQni/R0T8GzkHH+8JNapQyobQm9xJGjCAyE7UU1
Etgxlu1aJcRLurzKiogP6/Sr4mQVEl4MaxPFmlOA1rCyAgmPC37b2OY4tLIuyrvU
zkyqkJQz/aMyJl6GskdwINlJWeZMWKnMGMB4SV/oqIw8XliKEc9+QQvs98WefmBG
hy4ecahCndTeCOJrdB1E42DbrJEu5UK+BRQV3wQW26hEr2hBEAEX2NQxqNXbb+RH
gacGOH3qtBIlw0zGzDC6
-----END CERTIFICATE-----
Generated at Sat Nov 23 19:17:26 2024 by rpki-client on console-fra.rpki-client.org