Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/450b29-40d6-4da3-90b0-929893081866/1/BkbiRb_G_YxQgK5zn3ODjJPbuB0.roa
File:                     BkbiRb_G_YxQgK5zn3ODjJPbuB0.roa (raw, json)
Hash identifier:          ynurRT13WCciU1l3YQlro6G6xkF3wGXKTugqIfAgvNQ=
Subject key identifier:   06:46:E2:45:BF:C6:FD:8C:50:80:AE:73:9F:73:83:8C:93:DB:B8:1D
Certificate issuer:       /CN=0e1dd539525a39d847014e8fea3c641d973cc866
Certificate serial:       018DA7928B6D012353D8C57FA6839048C67D
Authority key identifier: 0E:1D:D5:39:52:5A:39:D8:47:01:4E:8F:EA:3C:64:1D:97:3C:C8:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dh3VOVJaOdhHAU6P6jxkHZc8yGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/450b29-40d6-4da3-90b0-929893081866/1/BkbiRb_G_YxQgK5zn3ODjJPbuB0.roa
Signing time:             Wed 14 Feb 2024 12:23:35 +0000
ROA not before:           Wed 14 Feb 2024 12:23:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42854
IP address blocks:        193.200.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/450b29-40d6-4da3-90b0-929893081866/1/Dh3VOVJaOdhHAU6P6jxkHZc8yGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/450b29-40d6-4da3-90b0-929893081866/1/Dh3VOVJaOdhHAU6P6jxkHZc8yGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dh3VOVJaOdhHAU6P6jxkHZc8yGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:92:8b:6d:01:23:53:d8:c5:7f:a6:83:90:48:c6:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e1dd539525a39d847014e8fea3c641d973cc866
        Validity
            Not Before: Feb 14 12:23:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0646e245bfc6fd8c5080ae739f73838c93dbb81d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:19:20:5a:91:46:9e:68:e1:2c:28:7d:8c:bc:
                    bc:6a:bf:dc:f4:a3:24:0a:c9:7e:a6:b3:85:e9:4e:
                    a4:97:ae:b2:d1:16:25:2a:92:e2:86:43:c8:4f:c0:
                    a2:70:4f:9d:24:40:68:ab:a3:9f:25:00:cd:85:df:
                    86:35:71:8c:f1:7e:b4:96:d5:dd:53:64:bc:d4:36:
                    ac:3f:44:c7:64:d2:14:72:d9:64:2c:dd:2b:6a:4c:
                    04:7a:49:ab:0b:18:9b:f5:df:eb:6c:55:f4:8d:61:
                    09:97:51:10:43:31:76:b1:0a:20:3c:8e:45:97:b7:
                    32:e1:77:ec:f6:0a:7a:c5:a7:d1:5e:d7:5c:5b:81:
                    1f:d7:94:c9:71:51:d7:91:cd:65:f9:5d:c1:59:20:
                    20:91:dc:c9:63:52:48:91:8b:24:51:27:0e:d7:8f:
                    7a:84:46:79:69:74:40:40:54:7b:d5:48:06:c4:90:
                    5f:5e:7f:13:d2:d1:7a:1f:4e:98:a6:c5:0b:8e:13:
                    58:e5:b8:e5:60:94:9a:54:47:79:36:0e:d4:20:63:
                    fb:6d:95:b5:1f:0a:55:a1:e5:a6:f7:a5:cd:a5:39:
                    11:fb:27:da:ce:9f:fa:b8:b2:bc:c7:15:8d:2a:1e:
                    e5:8b:3d:56:27:cd:04:21:c1:f5:d2:a0:ab:b2:54:
                    cb:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:46:E2:45:BF:C6:FD:8C:50:80:AE:73:9F:73:83:8C:93:DB:B8:1D
            X509v3 Authority Key Identifier:
                keyid:0E:1D:D5:39:52:5A:39:D8:47:01:4E:8F:EA:3C:64:1D:97:3C:C8:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dh3VOVJaOdhHAU6P6jxkHZc8yGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/450b29-40d6-4da3-90b0-929893081866/1/BkbiRb_G_YxQgK5zn3ODjJPbuB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/450b29-40d6-4da3-90b0-929893081866/1/Dh3VOVJaOdhHAU6P6jxkHZc8yGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:bc:ae:ed:0b:8d:3e:24:29:8f:05:4b:ee:8e:35:56:00:95:
         0f:76:5d:78:51:44:80:c8:c5:68:98:05:0a:91:51:b3:ba:7b:
         21:50:1c:65:5e:a0:fa:a4:bd:97:27:16:33:20:65:35:86:1d:
         92:a0:e0:fa:5a:a0:13:75:a3:1d:95:14:f8:dd:e9:1e:48:93:
         79:18:ca:9f:0b:88:bb:ba:99:c5:6c:2d:14:9c:87:cf:bc:69:
         51:17:fa:bc:c5:19:36:eb:fa:a2:91:6c:c0:b5:d3:bc:46:34:
         44:44:82:8b:bf:96:1c:b9:fc:93:9d:d7:05:fc:a3:26:9a:4c:
         02:1b:24:68:ed:91:cf:8d:d8:eb:49:eb:83:da:f2:20:fe:41:
         84:a6:12:04:1a:15:12:bf:24:7d:93:bd:a1:a8:b2:b8:77:f7:
         06:25:d4:d8:ba:bf:a5:a0:c2:c0:cb:33:46:30:64:d2:8e:c6:
         b4:86:e3:8e:d8:b1:49:b0:be:04:be:11:7a:bf:cd:83:69:89:
         5f:f6:1a:a5:dd:8b:c8:75:ee:45:ec:c4:ba:63:ea:84:8e:95:
         29:a4:38:94:f6:8e:2d:b2:72:22:05:2e:d8:45:e0:d7:86:cb:
         e0:c3:50:4f:43:5d:60:06:cc:30:50:74:e2:b6:85:55:ae:17:
         b2:c3:1a:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2nkottASNT2MV/poOQSMZ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMWRkNTM5NTI1YTM5ZDg0NzAxNGU4ZmVhM2M2NDFkOTcz
Y2M4NjYwHhcNMjQwMjE0MTIyMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQ2ZTI0NWJmYzZmZDhjNTA4MGFlNzM5ZjczODM4YzkzZGJiODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxkgWpFGnmjhLCh9jLy8ar/c9KMk
Csl+prOF6U6kl66y0RYlKpLihkPIT8CicE+dJEBoq6OfJQDNhd+GNXGM8X60ltXd
U2S81DasP0THZNIUctlkLN0rakwEekmrCxib9d/rbFX0jWEJl1EQQzF2sQogPI5F
l7cy4Xfs9gp6xafRXtdcW4Ef15TJcVHXkc1l+V3BWSAgkdzJY1JIkYskUScO1496
hEZ5aXRAQFR71UgGxJBfXn8T0tF6H06YpsULjhNY5bjlYJSaVEd5Ng7UIGP7bZW1
HwpVoeWm96XNpTkR+yfazp/6uLK8xxWNKh7liz1WJ80EIcH10qCrslTL6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZG4kW/xv2MUICuc59zg4yT27gdMB8GA1UdIwQY
MBaAFA4d1TlSWjnYRwFOj+o8ZB2XPMhmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGgzVk9WSmFPZGhIQVU2UDZqeGtIWmM4eUdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS80NTBiMjktNDBkNi00ZGEzLTkwYjAt
OTI5ODkzMDgxODY2LzEvQmtiaVJiX0dfWXhRZ0s1em4zT0RqSlBidUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS80NTBiMjktNDBkNi00ZGEzLTkwYjAtOTI5ODkzMDgxODY2
LzEvRGgzVk9WSmFPZGhIQVU2UDZqeGtIWmM4eUdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwciIMA0G
CSqGSIb3DQEBCwUAA4IBAQBKvK7tC40+JCmPBUvujjVWAJUPdl14UUSAyMVomAUK
kVGzunshUBxlXqD6pL2XJxYzIGU1hh2SoOD6WqATdaMdlRT43ekeSJN5GMqfC4i7
upnFbC0UnIfPvGlRF/q8xRk26/qikWzAtdO8RjRERIKLv5YcufyTndcF/KMmmkwC
GyRo7ZHPjdjrSeuD2vIg/kGEphIEGhUSvyR9k72hqLK4d/cGJdTYur+loMLAyzNG
MGTSjsa0huOO2LFJsL4EvhF6v82DaYlf9hql3YvIde5F7MS6Y+qEjpUppDiU9o4t
snIiBS7YReDXhsvgw1BPQ11gBswwUHTitoVVrheywxr+
-----END CERTIFICATE-----
Generated at Sun Jun 16 13:04:28 2024 by rpki-client on console-fra.rpki-client.org