Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/936915-213a-40d9-978b-7f7bab83bda0/1/BKamLT6J3W3jMfhFJIrTkjKxg4Q.roa
File:                     BKamLT6J3W3jMfhFJIrTkjKxg4Q.roa (raw, json)
Hash identifier:          QFlXkpDyyLpeETj+1uj4l9CiHACkyE5O+uGAWPDQk40=
Subject key identifier:   04:A6:A6:2D:3E:89:DD:6D:E3:31:F8:45:24:8A:D3:92:32:B1:83:84
Certificate issuer:       /CN=d19178bb4a6114eab98be00478cc7f13b0ad202a
Certificate serial:       018CC8DE6517DF15B24C02258390552D08DE
Authority key identifier: D1:91:78:BB:4A:61:14:EA:B9:8B:E0:04:78:CC:7F:13:B0:AD:20:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0ZF4u0phFOq5i-AEeMx_E7CtICo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/936915-213a-40d9-978b-7f7bab83bda0/1/BKamLT6J3W3jMfhFJIrTkjKxg4Q.roa
Signing time:             Tue 02 Jan 2024 06:31:07 +0000
ROA not before:           Tue 02 Jan 2024 06:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39360
IP address blocks:        213.226.80.0/22 maxlen: 22
                          213.226.80.0/24 maxlen: 24
                          2a09:4980::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/936915-213a-40d9-978b-7f7bab83bda0/1/0ZF4u0phFOq5i-AEeMx_E7CtICo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/936915-213a-40d9-978b-7f7bab83bda0/1/0ZF4u0phFOq5i-AEeMx_E7CtICo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0ZF4u0phFOq5i-AEeMx_E7CtICo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:65:17:df:15:b2:4c:02:25:83:90:55:2d:08:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d19178bb4a6114eab98be00478cc7f13b0ad202a
        Validity
            Not Before: Jan  2 06:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04a6a62d3e89dd6de331f845248ad39232b18384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ca:4d:9f:d1:92:5b:62:74:75:79:49:44:92:
                    f1:45:37:1d:40:36:f1:77:c9:a1:fd:2f:98:63:27:
                    8b:52:90:84:c9:d6:9b:e8:50:90:a1:3a:59:21:7a:
                    c7:c6:e3:7c:cd:97:78:34:7e:aa:3a:b3:b6:e9:57:
                    15:23:dd:51:c0:81:b0:7b:cc:16:41:c5:e6:80:78:
                    df:f6:89:7b:87:b0:41:5a:78:23:69:35:e2:41:f3:
                    f5:80:32:e5:7b:51:b8:97:22:f7:f0:0f:31:08:0e:
                    55:02:16:13:f2:0c:2d:81:61:90:ce:5c:74:23:6e:
                    ba:ff:3d:c6:4f:36:11:ca:2a:1d:84:49:3a:b9:78:
                    6c:de:59:14:6b:29:78:13:12:f2:0a:fd:1b:a8:58:
                    be:e6:23:6f:92:3b:34:80:94:fb:5f:bb:0f:4d:d9:
                    b9:4e:c4:13:63:de:c2:35:1c:c9:1b:b6:a1:e9:6a:
                    19:c5:89:0e:16:5e:08:e4:01:7a:d7:d4:dc:85:de:
                    88:7a:8d:b2:d4:06:1d:7d:e8:3a:c2:82:23:ed:18:
                    8b:1f:e1:0a:72:0c:02:7e:67:34:28:b9:ee:62:8c:
                    35:49:8a:41:6f:96:bb:0a:bf:61:b6:f3:a5:ae:aa:
                    52:a1:c0:aa:37:fa:5f:ac:1d:67:dd:42:82:d8:5c:
                    d6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:A6:A6:2D:3E:89:DD:6D:E3:31:F8:45:24:8A:D3:92:32:B1:83:84
            X509v3 Authority Key Identifier:
                keyid:D1:91:78:BB:4A:61:14:EA:B9:8B:E0:04:78:CC:7F:13:B0:AD:20:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0ZF4u0phFOq5i-AEeMx_E7CtICo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/936915-213a-40d9-978b-7f7bab83bda0/1/BKamLT6J3W3jMfhFJIrTkjKxg4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/936915-213a-40d9-978b-7f7bab83bda0/1/0ZF4u0phFOq5i-AEeMx_E7CtICo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.226.80.0/22
                IPv6:
                  2a09:4980::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:8c:af:80:fc:4e:8d:e8:3f:96:ca:51:97:9d:93:d0:f8:93:
         6d:8e:e5:c7:41:ed:d0:92:a4:ae:c5:31:fc:b1:47:bf:6d:c4:
         aa:41:bf:3c:0d:a2:99:7a:1b:3d:72:cd:bc:74:c8:99:4c:90:
         af:fc:7e:3b:e8:07:83:3e:49:01:64:1f:df:5a:aa:f2:e7:02:
         92:38:f9:8b:78:00:9b:9f:a7:76:1f:2d:c7:d9:11:07:3a:88:
         45:ed:4b:b3:94:e4:7f:0f:e5:d0:61:60:9f:e4:9f:bf:5e:eb:
         30:51:c3:82:85:14:d9:05:1c:78:2f:44:97:95:db:9a:9b:0f:
         44:66:c3:4c:b9:9b:b5:3a:fa:b8:49:7e:d4:87:0c:58:75:06:
         fe:4c:72:aa:e1:db:96:6b:ef:10:5c:19:a0:50:7e:95:de:b1:
         8a:56:08:39:88:97:f8:53:8a:64:7c:11:2c:f9:a2:13:4d:05:
         8f:ea:5d:51:e8:7e:2c:b1:6c:74:6e:24:4a:46:70:02:53:4b:
         8a:8e:2e:21:0d:d1:be:d0:70:76:93:a9:99:cd:fe:0a:0b:b1:
         35:07:e2:25:98:b5:ea:46:3d:5f:1e:39:0c:f9:4d:c0:3a:94:
         62:4f:c5:a0:93:61:db:32:42:fa:15:60:84:3f:bd:34:05:ae:
         57:6e:d7:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3mUX3xWyTAIlg5BVLQjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxOTE3OGJiNGE2MTE0ZWFiOThiZTAwNDc4Y2M3ZjEzYjBh
ZDIwMmEwHhcNMjQwMTAyMDYzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGE2YTYyZDNlODlkZDZkZTMzMWY4NDUyNDhhZDM5MjMyYjE4Mzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMpNn9GSW2J0dXlJRJLxRTcdQDbx
d8mh/S+YYyeLUpCEydab6FCQoTpZIXrHxuN8zZd4NH6qOrO26VcVI91RwIGwe8wW
QcXmgHjf9ol7h7BBWngjaTXiQfP1gDLle1G4lyL38A8xCA5VAhYT8gwtgWGQzlx0
I266/z3GTzYRyiodhEk6uXhs3lkUayl4ExLyCv0bqFi+5iNvkjs0gJT7X7sPTdm5
TsQTY97CNRzJG7ah6WoZxYkOFl4I5AF619Tchd6Ieo2y1AYdfeg6woIj7RiLH+EK
cgwCfmc0KLnuYow1SYpBb5a7Cr9htvOlrqpSocCqN/pfrB1n3UKC2FzWgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFASmpi0+id1t4zH4RSSK05IysYOEMB8GA1UdIwQY
MBaAFNGReLtKYRTquYvgBHjMfxOwrSAqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFpGNHUwcGhGT3E1aS1BRWVNeF9FN0N0SUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85MzY5MTUtMjEzYS00MGQ5LTk3OGIt
N2Y3YmFiODNiZGEwLzEvQkthbUxUNkozVzNqTWZoRkpJclRrakt4ZzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85MzY5MTUtMjEzYS00MGQ5LTk3OGItN2Y3YmFiODNiZGEw
LzEvMFpGNHUwcGhGT3E1aS1BRWVNeF9FN0N0SUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQC1eJQMA0E
AgACMAcDBQAqCUmAMA0GCSqGSIb3DQEBCwUAA4IBAQAzjK+A/E6N6D+WylGXnZPQ
+JNtjuXHQe3QkqSuxTH8sUe/bcSqQb88DaKZehs9cs28dMiZTJCv/H476AeDPkkB
ZB/fWqry5wKSOPmLeACbn6d2Hy3H2REHOohF7UuzlOR/D+XQYWCf5J+/XuswUcOC
hRTZBRx4L0SXlduamw9EZsNMuZu1Ovq4SX7UhwxYdQb+THKq4duWa+8QXBmgUH6V
3rGKVgg5iJf4U4pkfBEs+aITTQWP6l1R6H4ssWx0biRKRnACU0uKji4hDdG+0HB2
k6mZzf4KC7E1B+IlmLXqRj1fHjkM+U3AOpRiT8Wgk2HbMkL6FWCEP700Ba5Xbtcz
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:55:38 2024 by rpki-client on console-ams.rpki-client.org