Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/809da0-e395-4f80-ab17-3d4da8d12806/1/zHIjUOUlLwVKCWcUnjdPw6fYKcs.roa
File:                     zHIjUOUlLwVKCWcUnjdPw6fYKcs.roa (raw, json)
Hash identifier:          l/K0aRwblL6EhPlKXVV/sxOdByhdqzWrLirpIBYjqhw=
Subject key identifier:   CC:72:23:50:E5:25:2F:05:4A:09:67:14:9E:37:4F:C3:A7:D8:29:CB
Certificate issuer:       /CN=6e046aeb6a01ca48a49750d881b79f7a78d51089
Certificate serial:       018CC424E01FE467D85172D28AE90AD93456
Authority key identifier: 6E:04:6A:EB:6A:01:CA:48:A4:97:50:D8:81:B7:9F:7A:78:D5:10:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bgRq62oBykikl1DYgbefenjVEIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/809da0-e395-4f80-ab17-3d4da8d12806/1/zHIjUOUlLwVKCWcUnjdPw6fYKcs.roa
Signing time:             Mon 01 Jan 2024 08:30:00 +0000
ROA not before:           Mon 01 Jan 2024 08:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56534
IP address blocks:        176.53.192.0/24 maxlen: 24
                          176.53.197.0/24 maxlen: 24
                          176.53.196.0/24 maxlen: 24
                          176.53.198.0/23 maxlen: 24
                          176.53.200.0/22 maxlen: 24
                          176.53.204.0/22 maxlen: 22
                          176.53.208.0/24 maxlen: 24
                          176.53.211.0/24 maxlen: 24
                          176.53.212.0/22 maxlen: 22
                          176.53.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/809da0-e395-4f80-ab17-3d4da8d12806/1/bgRq62oBykikl1DYgbefenjVEIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/809da0-e395-4f80-ab17-3d4da8d12806/1/bgRq62oBykikl1DYgbefenjVEIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bgRq62oBykikl1DYgbefenjVEIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e0:1f:e4:67:d8:51:72:d2:8a:e9:0a:d9:34:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e046aeb6a01ca48a49750d881b79f7a78d51089
        Validity
            Not Before: Jan  1 08:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc722350e5252f054a0967149e374fc3a7d829cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a9:2e:93:17:9f:39:42:8b:6a:fc:3f:ae:62:
                    d0:d0:ae:75:6a:51:a9:ea:5e:6a:ca:a3:79:ca:ff:
                    79:20:cd:0e:4b:19:84:fd:ca:a9:e8:05:4c:d8:7e:
                    9c:78:d6:9b:21:78:3a:d1:3f:98:71:54:53:2d:32:
                    fc:da:99:e8:b6:c8:ac:d0:a0:5b:26:6e:6b:57:41:
                    e6:1d:28:b9:33:e8:55:cd:52:71:53:1b:a3:20:7b:
                    1d:b2:49:08:8b:cc:e1:1f:41:96:c2:3b:f3:aa:0f:
                    d8:31:29:0b:c7:c6:83:24:b0:5a:36:42:9f:0a:6a:
                    af:63:3e:88:89:31:dd:8d:c8:aa:42:62:03:c7:bb:
                    32:d0:36:88:b8:a4:ac:f2:ac:08:16:8a:fd:07:75:
                    dd:ac:8a:c5:9b:c5:46:67:4b:5d:48:23:3d:f4:26:
                    72:41:9f:b6:63:c5:82:47:34:42:75:2d:bc:87:c0:
                    38:1d:c8:9d:8b:a2:6c:e3:a0:9d:74:aa:1c:5c:20:
                    71:d7:dc:6c:8c:46:8a:27:26:39:12:83:e6:d6:36:
                    c5:30:32:9a:ef:6d:2a:af:fe:38:82:ac:50:07:ba:
                    d5:d3:b6:58:e7:06:8f:e8:3b:1b:68:9f:9e:74:c2:
                    e9:ec:00:06:06:c8:a0:ca:5f:3a:47:14:e7:18:5a:
                    28:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:72:23:50:E5:25:2F:05:4A:09:67:14:9E:37:4F:C3:A7:D8:29:CB
            X509v3 Authority Key Identifier:
                keyid:6E:04:6A:EB:6A:01:CA:48:A4:97:50:D8:81:B7:9F:7A:78:D5:10:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bgRq62oBykikl1DYgbefenjVEIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/809da0-e395-4f80-ab17-3d4da8d12806/1/zHIjUOUlLwVKCWcUnjdPw6fYKcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/809da0-e395-4f80-ab17-3d4da8d12806/1/bgRq62oBykikl1DYgbefenjVEIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.53.192.0/24
                  176.53.196.0-176.53.208.255
                  176.53.211.0-176.53.215.255

    Signature Algorithm: sha256WithRSAEncryption
         9d:64:33:87:55:9c:08:ac:d4:7b:36:f3:ea:87:05:2c:78:e0:
         d6:af:57:b9:7b:27:35:a4:d8:76:fe:01:9c:e2:96:04:90:a6:
         07:85:2f:7e:f7:e0:fc:39:52:f6:bc:fc:14:89:83:df:55:83:
         b4:d6:e6:39:ea:04:78:db:77:2d:52:1f:6f:2c:1b:65:bf:cf:
         c3:ca:dd:6b:fd:33:fa:22:9a:77:f2:2c:5b:84:58:7e:2c:fc:
         59:20:cc:da:55:09:2a:ab:21:7e:72:d8:4d:bf:3a:a2:52:26:
         06:1a:fd:b6:19:fa:33:45:f6:96:7c:0d:2f:e7:68:b6:20:a3:
         5d:fa:78:64:69:70:06:9c:ea:78:46:4f:72:b0:c3:36:d8:21:
         8f:0a:f5:f2:92:4e:de:54:98:a3:5f:94:87:bf:2a:72:b1:c7:
         bc:1b:81:b6:2d:e2:ed:48:75:4f:67:a7:4a:c1:d7:3d:06:b7:
         a5:fd:48:e9:48:f3:0e:a7:4b:74:f6:9f:5b:b1:53:53:a4:06:
         1a:df:b3:5d:c3:c7:a7:05:99:ef:5e:59:8d:ac:69:3b:20:37:
         70:04:93:d1:2a:a9:f3:46:7c:94:16:4e:f3:0d:0f:47:08:6f:
         cf:5c:be:4d:42:7e:5f:98:4b:28:62:db:8a:46:f7:bd:4d:e9:
         f6:b3:f7:fb
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzEJOAf5GfYUXLSiukK2TRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlMDQ2YWViNmEwMWNhNDhhNDk3NTBkODgxYjc5ZjdhNzhk
NTEwODkwHhcNMjQwMTAxMDgzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzcyMjM1MGU1MjUyZjA1NGEwOTY3MTQ5ZTM3NGZjM2E3ZDgyOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKkukxefOUKLavw/rmLQ0K51alGp
6l5qyqN5yv95IM0OSxmE/cqp6AVM2H6ceNabIXg60T+YcVRTLTL82pnotsis0KBb
Jm5rV0HmHSi5M+hVzVJxUxujIHsdskkIi8zhH0GWwjvzqg/YMSkLx8aDJLBaNkKf
CmqvYz6IiTHdjciqQmIDx7sy0DaIuKSs8qwIFor9B3XdrIrFm8VGZ0tdSCM99CZy
QZ+2Y8WCRzRCdS28h8A4Hcidi6Js46CddKocXCBx19xsjEaKJyY5EoPm1jbFMDKa
720qr/44gqxQB7rV07ZY5waP6DsbaJ+edMLp7AAGBsigyl86RxTnGFooPwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFMxyI1DlJS8FSglnFJ43T8On2CnLMB8GA1UdIwQY
MBaAFG4EautqAcpIpJdQ2IG3n3p41RCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmdScTYyb0J5a2lrbDFEWWdiZWZlbmpWRUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi84MDlkYTAtZTM5NS00ZjgwLWFiMTct
M2Q0ZGE4ZDEyODA2LzEvekhJalVPVWxMd1ZLQ1djVW5qZFB3NmZZS2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi84MDlkYTAtZTM5NS00ZjgwLWFiMTctM2Q0ZGE4ZDEyODA2
LzEvYmdScTYyb0J5a2lrbDFEWWdiZWZlbmpWRUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQAsDXAMAwD
BAKwNcQDBACwNdAwDAMEALA10wMEA7A10DANBgkqhkiG9w0BAQsFAAOCAQEAnWQz
h1WcCKzUezbz6ocFLHjg1q9XuXsnNaTYdv4BnOKWBJCmB4Uvfvfg/DlS9rz8FImD
31WDtNbmOeoEeNt3LVIfbywbZb/Pw8rda/0z+iKad/IsW4RYfiz8WSDM2lUJKqsh
fnLYTb86olImBhr9thn6M0X2lnwNL+dotiCjXfp4ZGlwBpzqeEZPcrDDNtghjwr1
8pJO3lSYo1+Uh78qcrHHvBuBti3i7Uh1T2enSsHXPQa3pf1I6UjzDqdLdPafW7FT
U6QGGt+zXcPHpwWZ715ZjaxpOyA3cAST0Sqp80Z8lBZO8w0PRwhvz1y+TUJ+X5hL
KGLbikb3vU3p9rP3+w==
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:24:49 2024 by rpki-client on console-fra.rpki-client.org