Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/SzraZw8yXEijBabm06gt0U1MqHs.roa
File:                     SzraZw8yXEijBabm06gt0U1MqHs.roa (raw, json)
Hash identifier:          5PITg8RZas6o9u/nHwlZgcjH0BMLWN+rtlu1K5h9plg=
Subject key identifier:   4B:3A:DA:67:0F:32:5C:48:A3:05:A6:E6:D3:A8:2D:D1:4D:4C:A8:7B
Certificate issuer:       /CN=96e5ad53bfc73840c425711c010453571057dc23
Certificate serial:       018ED1AD0469420C0BA5ABFCD945450C80BA
Authority key identifier: 96:E5:AD:53:BF:C7:38:40:C4:25:71:1C:01:04:53:57:10:57:DC:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/luWtU7_HOEDEJXEcAQRTVxBX3CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/SzraZw8yXEijBabm06gt0U1MqHs.roa
Signing time:             Fri 12 Apr 2024 09:39:20 +0000
ROA not before:           Fri 12 Apr 2024 09:39:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215197
IP address blocks:        2001:67c:e40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/luWtU7_HOEDEJXEcAQRTVxBX3CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/luWtU7_HOEDEJXEcAQRTVxBX3CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/luWtU7_HOEDEJXEcAQRTVxBX3CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:ad:04:69:42:0c:0b:a5:ab:fc:d9:45:45:0c:80:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96e5ad53bfc73840c425711c010453571057dc23
        Validity
            Not Before: Apr 12 09:39:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b3ada670f325c48a305a6e6d3a82dd14d4ca87b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:4f:bf:3c:ca:e3:00:a2:3c:33:7b:88:0d:fd:
                    ae:61:5c:81:e5:89:d3:f1:04:b5:1e:97:5c:f0:51:
                    49:a1:b4:4a:79:5b:ea:dd:43:a0:1a:41:3a:78:03:
                    87:56:fc:57:ce:bd:91:41:41:c8:f7:d0:47:23:76:
                    45:51:b5:23:10:42:49:2d:99:ac:d9:a1:14:a1:f4:
                    05:49:56:a5:4d:06:3b:98:29:37:fe:30:f7:72:45:
                    45:91:da:0c:d2:98:65:cc:df:98:b4:db:49:c4:ea:
                    76:3f:1a:66:fe:aa:8c:f6:a9:f0:6d:85:47:f2:37:
                    5f:d6:cd:d8:cd:e5:6c:db:11:77:c9:f4:55:f8:b2:
                    a5:48:f2:c2:b0:80:37:69:ab:67:4a:80:0f:09:5e:
                    13:9b:dd:39:f1:26:de:12:38:11:5f:bb:31:c6:b4:
                    e3:44:44:6e:5b:55:9a:d1:c8:b9:61:16:f4:56:82:
                    a5:97:01:d3:08:c7:83:37:bc:c8:cd:1c:04:51:7a:
                    4c:d7:d6:e2:de:f1:3d:ec:b4:70:4e:f9:bf:fd:41:
                    c3:e1:03:8b:3b:73:9f:2f:7f:67:9c:cc:a9:f8:22:
                    0b:64:19:5d:8b:f6:e2:8b:83:db:4b:1a:c3:9e:f8:
                    2a:e0:2b:f1:22:c8:50:f3:99:d4:64:91:86:96:a5:
                    9b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:3A:DA:67:0F:32:5C:48:A3:05:A6:E6:D3:A8:2D:D1:4D:4C:A8:7B
            X509v3 Authority Key Identifier:
                keyid:96:E5:AD:53:BF:C7:38:40:C4:25:71:1C:01:04:53:57:10:57:DC:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/luWtU7_HOEDEJXEcAQRTVxBX3CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/SzraZw8yXEijBabm06gt0U1MqHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/2d8e6c-69e2-47cb-bf8d-ef9a584bd113/1/luWtU7_HOEDEJXEcAQRTVxBX3CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e40::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:c1:c6:dc:09:e2:ad:5a:c0:09:55:19:5a:b9:b3:8e:ba:ea:
         4e:e7:74:7d:cd:b8:8d:e1:ac:81:76:45:6c:fe:54:21:99:2c:
         fa:ce:a4:7d:99:5c:a8:66:70:43:d2:4a:ca:51:c0:94:2a:ea:
         c9:ad:61:65:16:13:8c:ff:f3:a3:75:89:bb:a1:f0:19:ba:ed:
         ba:0d:d7:9c:a8:23:d0:5a:6c:d7:1f:b1:f8:74:3d:c4:37:e6:
         49:2f:c0:d7:9d:6c:01:4d:c3:9a:0e:f7:41:48:eb:67:46:ce:
         ce:5f:ea:39:d5:57:cc:77:54:02:cf:a0:d0:a0:23:fe:55:ea:
         4b:ed:28:14:ef:88:9d:70:0b:e1:14:65:f3:ea:bc:15:31:87:
         5c:8a:a2:64:27:cc:76:57:b4:37:b1:b6:1e:cd:ee:cf:7b:cf:
         da:ab:47:ab:0a:10:2c:40:53:d1:64:a3:41:52:d1:b8:48:f5:
         ca:67:4f:30:22:84:bd:5c:0d:85:a2:bf:3b:80:c3:a8:dd:e4:
         3e:8b:8a:7f:98:d7:2f:55:d2:94:d9:0f:bf:0a:e7:b2:81:32:
         b0:d0:f9:ae:ea:94:5d:7d:45:2e:a4:62:9b:e6:95:ee:87:41:
         68:e2:8d:e0:75:13:66:a6:50:56:69:b9:eb:05:5a:ea:b3:64:
         06:88:74:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7RrQRpQgwLpav82UVFDIC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZTVhZDUzYmZjNzM4NDBjNDI1NzExYzAxMDQ1MzU3MTA1
N2RjMjMwHhcNMjQwNDEyMDkzOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjNhZGE2NzBmMzI1YzQ4YTMwNWE2ZTZkM2E4MmRkMTRkNGNhODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgU+/PMrjAKI8M3uIDf2uYVyB5YnT
8QS1Hpdc8FFJobRKeVvq3UOgGkE6eAOHVvxXzr2RQUHI99BHI3ZFUbUjEEJJLZms
2aEUofQFSValTQY7mCk3/jD3ckVFkdoM0phlzN+YtNtJxOp2Pxpm/qqM9qnwbYVH
8jdf1s3YzeVs2xF3yfRV+LKlSPLCsIA3aatnSoAPCV4Tm9058SbeEjgRX7sxxrTj
RERuW1Wa0ci5YRb0VoKllwHTCMeDN7zIzRwEUXpM19bi3vE97LRwTvm//UHD4QOL
O3OfL39nnMyp+CILZBldi/bii4PbSxrDnvgq4CvxIshQ85nUZJGGlqWbPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEs62mcPMlxIowWm5tOoLdFNTKh7MB8GA1UdIwQY
MBaAFJblrVO/xzhAxCVxHAEEU1cQV9wjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHVXdFU3X0hPRURFSlhFY0FRUlRWeEJYM0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8yZDhlNmMtNjllMi00N2NiLWJmOGQt
ZWY5YTU4NGJkMTEzLzEvU3pyYVp3OHlYRWlqQmFibTA2Z3QwVTFNcUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8yZDhlNmMtNjllMi00N2NiLWJmOGQtZWY5YTU4NGJkMTEz
LzEvbHVXdFU3X0hPRURFSlhFY0FRUlRWeEJYM0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA5A
MA0GCSqGSIb3DQEBCwUAA4IBAQBowcbcCeKtWsAJVRlaubOOuupO53R9zbiN4ayB
dkVs/lQhmSz6zqR9mVyoZnBD0krKUcCUKurJrWFlFhOM//OjdYm7ofAZuu26Ddec
qCPQWmzXH7H4dD3EN+ZJL8DXnWwBTcOaDvdBSOtnRs7OX+o51VfMd1QCz6DQoCP+
VepL7SgU74idcAvhFGXz6rwVMYdciqJkJ8x2V7Q3sbYeze7Pe8/aq0erChAsQFPR
ZKNBUtG4SPXKZ08wIoS9XA2For87gMOo3eQ+i4p/mNcvVdKU2Q+/CueygTKw0Pmu
6pRdfUUupGKb5pXuh0Fo4o3gdRNmplBWabnrBVrqs2QGiHSG
-----END CERTIFICATE-----
Generated at Mon Jun 17 08:37:12 2024 by rpki-client on console-fra.rpki-client.org