Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c6ab94-65b3-471c-b08c-076a750b8541/1/ce6cWT6p_-ZZz0EHOMK65yFcU68.roa
File:                     ce6cWT6p_-ZZz0EHOMK65yFcU68.roa (raw, json)
Hash identifier:          cGVX0rm99cSkHxKQV4uqpQpFraaGQQIieI/X72hPA+c=
Subject key identifier:   71:EE:9C:59:3E:A9:FF:E6:59:CF:41:07:38:C2:BA:E7:21:5C:53:AF
Certificate issuer:       /CN=eee416590585a5d351dbbca1f0b3ca9f62ab785d
Certificate serial:       018CC500D477C340D3566DAB6677093E49DB
Authority key identifier: EE:E4:16:59:05:85:A5:D3:51:DB:BC:A1:F0:B3:CA:9F:62:AB:78:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7uQWWQWFpdNR27yh8LPKn2KreF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/c6ab94-65b3-471c-b08c-076a750b8541/1/ce6cWT6p_-ZZz0EHOMK65yFcU68.roa
Signing time:             Mon 01 Jan 2024 12:30:14 +0000
ROA not before:           Mon 01 Jan 2024 12:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        193.57.123.0/24 maxlen: 24
                          193.57.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/c6ab94-65b3-471c-b08c-076a750b8541/1/7uQWWQWFpdNR27yh8LPKn2KreF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/c6ab94-65b3-471c-b08c-076a750b8541/1/7uQWWQWFpdNR27yh8LPKn2KreF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7uQWWQWFpdNR27yh8LPKn2KreF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d4:77:c3:40:d3:56:6d:ab:66:77:09:3e:49:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eee416590585a5d351dbbca1f0b3ca9f62ab785d
        Validity
            Not Before: Jan  1 12:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71ee9c593ea9ffe659cf410738c2bae7215c53af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3e:5c:95:c2:25:80:14:50:cd:e3:9e:2f:03:
                    cd:26:ac:6c:8d:cc:ce:20:62:c8:6b:e9:9f:13:c1:
                    5d:a2:12:c4:6c:eb:e6:fc:7f:6b:13:75:11:ff:3b:
                    16:c7:1b:60:77:d5:fb:1e:ad:fe:ee:55:fa:95:ef:
                    58:4b:a3:fa:9c:9a:49:2b:91:4f:f9:12:72:06:2f:
                    8a:25:6a:27:18:46:6b:55:b9:c5:9a:f1:9f:9f:4b:
                    1f:72:0c:4b:96:3e:ba:b7:87:72:c0:51:57:ca:11:
                    f8:79:97:95:15:93:72:e7:33:8f:75:50:76:5a:a8:
                    99:aa:d2:34:d1:82:4d:f8:1a:1f:0c:40:55:b3:50:
                    98:2f:e6:e7:f7:d8:e1:71:03:36:b2:13:37:35:5d:
                    85:65:f8:99:8f:2c:9b:15:9b:c9:ff:44:63:21:6f:
                    15:81:42:74:94:75:04:c9:d5:36:f1:a0:1d:81:0f:
                    af:80:f3:22:69:da:42:2d:6b:82:a3:2d:9d:64:b9:
                    40:20:67:05:51:49:9a:9c:81:a4:c2:e7:3d:f1:0f:
                    65:a4:8c:2b:74:f7:72:93:a4:88:f7:92:38:7d:e5:
                    e9:43:32:44:4a:b3:04:28:4c:64:93:b0:65:7f:06:
                    be:4e:52:f5:bf:e7:cc:3d:ea:dd:74:dc:6e:de:8d:
                    4e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:EE:9C:59:3E:A9:FF:E6:59:CF:41:07:38:C2:BA:E7:21:5C:53:AF
            X509v3 Authority Key Identifier:
                keyid:EE:E4:16:59:05:85:A5:D3:51:DB:BC:A1:F0:B3:CA:9F:62:AB:78:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7uQWWQWFpdNR27yh8LPKn2KreF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c6ab94-65b3-471c-b08c-076a750b8541/1/ce6cWT6p_-ZZz0EHOMK65yFcU68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c6ab94-65b3-471c-b08c-076a750b8541/1/7uQWWQWFpdNR27yh8LPKn2KreF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.116.0/24
                  193.57.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:95:fc:50:f4:46:29:36:2e:e9:16:f9:5c:d9:b0:87:30:b2:
         a3:32:ab:39:77:a7:54:9e:81:98:9f:ae:90:a9:38:55:0c:a6:
         d1:2b:69:40:80:c1:cf:bd:02:a8:89:ee:2a:14:ef:46:2a:fa:
         e4:95:a5:07:ee:d4:e9:1a:ba:9c:d2:fe:12:0c:5d:e3:6b:79:
         03:32:0a:ee:a1:07:97:e4:b1:5b:e2:11:73:0f:38:f5:ea:43:
         2a:38:c0:d9:01:53:ae:ec:77:20:89:31:5a:7b:97:33:d0:ee:
         0c:a8:52:44:ee:73:a8:dd:75:1f:13:bb:bf:7c:a4:68:68:67:
         4a:c4:4b:b2:e1:41:ec:16:b1:13:fd:28:c7:89:fc:77:8a:5b:
         53:9e:21:b3:ee:08:2e:41:3a:c0:33:21:e0:77:52:87:7f:a0:
         7e:1b:1a:c5:ed:1a:f4:73:6d:8d:ad:7c:c6:fd:1d:f0:c1:10:
         90:c6:d0:3b:0e:d4:f8:18:15:4d:77:7c:48:96:45:09:2f:bb:
         87:ec:4e:5b:fa:bd:0c:7b:5b:d0:ab:5f:ca:0f:2a:de:3c:35:
         3e:a7:8c:14:af:a5:2f:d3:8d:d3:00:40:10:5e:df:34:e2:d8:
         b7:15:85:12:ce:d4:cc:b8:5d:2a:78:5b:fa:db:7c:22:75:d0:
         f6:b9:ae:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFANR3w0DTVm2rZncJPknbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZTQxNjU5MDU4NWE1ZDM1MWRiYmNhMWYwYjNjYTlmNjJh
Yjc4NWQwHhcNMjQwMTAxMTIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWVlOWM1OTNlYTlmZmU2NTljZjQxMDczOGMyYmFlNzIxNWM1M2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlz5clcIlgBRQzeOeLwPNJqxsjczO
IGLIa+mfE8FdohLEbOvm/H9rE3UR/zsWxxtgd9X7Hq3+7lX6le9YS6P6nJpJK5FP
+RJyBi+KJWonGEZrVbnFmvGfn0sfcgxLlj66t4dywFFXyhH4eZeVFZNy5zOPdVB2
WqiZqtI00YJN+BofDEBVs1CYL+bn99jhcQM2shM3NV2FZfiZjyybFZvJ/0RjIW8V
gUJ0lHUEydU28aAdgQ+vgPMiadpCLWuCoy2dZLlAIGcFUUmanIGkwuc98Q9lpIwr
dPdyk6SI95I4feXpQzJESrMEKExkk7Blfwa+TlL1v+fMPerddNxu3o1O0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHHunFk+qf/mWc9BBzjCuuchXFOvMB8GA1UdIwQY
MBaAFO7kFlkFhaXTUdu8ofCzyp9iq3hdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3VRV1dRV0ZwZE5SMjd5aDhMUEtuMktyZUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jNmFiOTQtNjViMy00NzFjLWIwOGMt
MDc2YTc1MGI4NTQxLzEvY2U2Y1dUNnBfLVpaejBFSE9NSzY1eUZjVTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jNmFiOTQtNjViMy00NzFjLWIwOGMtMDc2YTc1MGI4NTQx
LzEvN3VRV1dRV0ZwZE5SMjd5aDhMUEtuMktyZUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwTl0AwQA
wTl7MA0GCSqGSIb3DQEBCwUAA4IBAQAOlfxQ9EYpNi7pFvlc2bCHMLKjMqs5d6dU
noGYn66QqThVDKbRK2lAgMHPvQKoie4qFO9GKvrklaUH7tTpGrqc0v4SDF3ja3kD
MgruoQeX5LFb4hFzDzj16kMqOMDZAVOu7HcgiTFae5cz0O4MqFJE7nOo3XUfE7u/
fKRoaGdKxEuy4UHsFrET/SjHifx3iltTniGz7gguQTrAMyHgd1KHf6B+GxrF7Rr0
c22NrXzG/R3wwRCQxtA7DtT4GBVNd3xIlkUJL7uH7E5b+r0Me1vQq1/KDyrePDU+
p4wUr6Uv043TAEAQXt804ti3FYUSztTMuF0qeFv623widdD2ua6p
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:43:23 2024 by rpki-client on console-fra.rpki-client.org