Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/6ONkRqMxejl1OP_d_w8aRkw4Siw.roa
File:                     6ONkRqMxejl1OP_d_w8aRkw4Siw.roa (raw, json)
Hash identifier:          efap0rPU5i7k7kJd6rcr4u/bs38whZfmPDGU0/XYr4c=
Subject key identifier:   E8:E3:64:46:A3:31:7A:39:75:38:FF:DD:FF:0F:1A:46:4C:38:4A:2C
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB6855E298E4BDBE843D2A851C9AC1
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/6ONkRqMxejl1OP_d_w8aRkw4Siw.roa
Signing time:             Mon 01 Jan 2024 02:30:08 +0000
ROA not before:           Mon 01 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        2.59.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:68:55:e2:98:e4:bd:be:84:3d:2a:85:1c:9a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8e36446a3317a397538ffddff0f1a464c384a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:50:01:b2:c6:d3:f8:1a:3b:6d:fb:5d:aa:66:
                    c2:54:d2:43:3e:2c:7c:44:6b:8a:89:9a:f1:a3:d7:
                    cc:6d:aa:91:13:15:40:23:82:51:83:23:1a:b5:91:
                    08:db:88:c9:16:f3:aa:81:ba:94:7d:3c:de:31:79:
                    2b:f7:17:d6:b0:ce:b9:ea:de:1b:a6:46:50:70:d7:
                    60:6d:18:77:7e:2f:07:36:88:54:99:4f:bf:75:bf:
                    1e:a7:0f:e5:24:0f:7c:b4:d2:02:21:23:9f:bf:53:
                    bb:4d:69:15:2a:11:4d:64:d0:9a:92:35:fb:59:ba:
                    7c:32:3b:f4:ac:35:c7:87:7a:cb:4c:13:f0:6d:15:
                    88:38:66:a7:16:74:67:c1:4e:19:f0:f7:a7:0b:3f:
                    11:2a:1e:fc:b5:53:f6:1a:91:6b:d9:39:21:9e:6c:
                    0b:29:3e:3b:05:bf:a7:5b:d3:0b:5c:17:2b:dd:a2:
                    f5:b4:6c:01:83:20:9b:7d:36:fe:85:37:19:07:1d:
                    76:4e:1e:da:3b:36:8c:4b:e6:30:94:56:1f:c6:31:
                    9d:4d:1b:54:e0:04:59:21:26:7e:77:ff:66:ad:eb:
                    9d:cd:64:af:19:53:c4:fe:82:40:f8:8b:3e:ee:a9:
                    3a:3b:be:06:69:3a:71:ed:2b:54:15:3a:80:2a:eb:
                    b8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:E3:64:46:A3:31:7A:39:75:38:FF:DD:FF:0F:1A:46:4C:38:4A:2C
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/6ONkRqMxejl1OP_d_w8aRkw4Siw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:e3:bf:08:24:27:de:e8:6f:04:b4:d0:67:d6:c3:0d:97:01:
         ac:6b:06:1c:fe:87:11:c3:73:2d:ac:24:ab:c5:1c:d3:0f:75:
         de:68:32:62:63:57:4a:68:1c:85:4b:82:de:ee:69:75:3e:3a:
         4f:c8:d9:d8:f3:10:d1:87:3a:aa:81:be:a4:a9:a1:75:77:b4:
         d1:28:46:3d:fb:60:12:f4:6f:4d:30:21:d1:9b:ec:f6:0f:78:
         fc:10:ba:1d:9c:92:a8:5e:58:c5:6b:d6:06:00:b3:16:78:b1:
         4c:ba:90:9b:c1:ce:94:76:69:60:9e:e0:38:94:4d:b2:8c:3a:
         17:a8:77:f7:68:7c:08:d7:70:d7:51:c5:7d:ce:df:f5:fe:49:
         51:93:e9:ab:05:cf:78:be:83:e1:ec:22:8e:74:af:b8:cf:1b:
         8b:f0:98:47:bd:14:6d:3b:a8:72:98:b5:94:22:04:21:ac:d8:
         3d:db:28:ca:d7:b7:66:d1:47:6d:17:a8:0a:a3:15:85:e1:26:
         bb:bf:24:05:78:45:21:3b:ed:d2:59:4d:69:de:c5:d0:93:93:
         0d:32:d6:7a:79:33:8d:5b:1a:16:2f:ba:6a:12:2d:40:92:fd:
         70:d2:76:ab:65:58:9f:84:b3:6c:57:e2:93:58:db:79:83:0d:
         e0:66:56:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22hV4pjkvb6EPSqFHJrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGUzNjQ0NmEzMzE3YTM5NzUzOGZmZGRmZjBmMWE0NjRjMzg0YTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1ABssbT+Bo7bftdqmbCVNJDPix8
RGuKiZrxo9fMbaqRExVAI4JRgyMatZEI24jJFvOqgbqUfTzeMXkr9xfWsM656t4b
pkZQcNdgbRh3fi8HNohUmU+/db8epw/lJA98tNICISOfv1O7TWkVKhFNZNCakjX7
Wbp8Mjv0rDXHh3rLTBPwbRWIOGanFnRnwU4Z8PenCz8RKh78tVP2GpFr2TkhnmwL
KT47Bb+nW9MLXBcr3aL1tGwBgyCbfTb+hTcZBx12Th7aOzaMS+YwlFYfxjGdTRtU
4ARZISZ+d/9mreudzWSvGVPE/oJA+Is+7qk6O74GaTpx7StUFTqAKuu4awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjjZEajMXo5dTj/3f8PGkZMOEosMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvNk9Oa1JxTXhlamwxT1BfZF93OGFSa3c0U2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjvUMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ478IJCfe6G8EtNBn1sMNlwGsawYc/ocRw3MtrCSr
xRzTD3XeaDJiY1dKaByFS4Le7ml1PjpPyNnY8xDRhzqqgb6kqaF1d7TRKEY9+2AS
9G9NMCHRm+z2D3j8ELodnJKoXljFa9YGALMWeLFMupCbwc6UdmlgnuA4lE2yjDoX
qHf3aHwI13DXUcV9zt/1/klRk+mrBc94voPh7CKOdK+4zxuL8JhHvRRtO6hymLWU
IgQhrNg92yjK17dm0UdtF6gKoxWF4Sa7vyQFeEUhO+3SWU1p3sXQk5MNMtZ6eTON
WxoWL7pqEi1Akv1w0narZVifhLNsV+KTWNt5gw3gZlbe
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:08:17 2024 by rpki-client on console-fra.rpki-client.org