Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/30d69e-f0e7-46f3-9759-ed32c5612840/1/aglq9I0g630_CdbhbJjlpOENYFk.roa
File:                     aglq9I0g630_CdbhbJjlpOENYFk.roa (raw, json)
Hash identifier:          lPWjCAyTG33FG/AmgW1+PdR+T5F2XfXvNUb/6sKbgLg=
Subject key identifier:   6A:09:6A:F4:8D:20:EB:7D:3F:09:D6:E1:6C:98:E5:A4:E1:0D:60:59
Certificate issuer:       /CN=2528b71f1e7ca69531dd5df2559513598db1c7f3
Certificate serial:       018CC86F20912A154A948227ACD4572A6CF0
Authority key identifier: 25:28:B7:1F:1E:7C:A6:95:31:DD:5D:F2:55:95:13:59:8D:B1:C7:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSi3Hx58ppUx3V3yVZUTWY2xx_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/30d69e-f0e7-46f3-9759-ed32c5612840/1/aglq9I0g630_CdbhbJjlpOENYFk.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205376
IP address blocks:        193.141.67.0/24 maxlen: 24
                          194.120.16.0/23 maxlen: 23
                          2001:67c:2e58::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/30d69e-f0e7-46f3-9759-ed32c5612840/1/JSi3Hx58ppUx3V3yVZUTWY2xx_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/30d69e-f0e7-46f3-9759-ed32c5612840/1/JSi3Hx58ppUx3V3yVZUTWY2xx_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JSi3Hx58ppUx3V3yVZUTWY2xx_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:20:91:2a:15:4a:94:82:27:ac:d4:57:2a:6c:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2528b71f1e7ca69531dd5df2559513598db1c7f3
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a096af48d20eb7d3f09d6e16c98e5a4e10d6059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:58:c3:f7:b8:55:ea:0b:22:82:84:50:3f:32:
                    70:4b:70:29:61:93:f4:d7:ab:57:7b:d7:d0:36:0d:
                    84:41:7f:38:21:9f:c5:08:56:97:4c:fe:a4:39:14:
                    75:ef:c3:ec:33:1a:b7:da:ca:20:2f:13:8f:35:43:
                    e0:4b:5d:ce:1f:55:0a:40:db:07:34:ad:db:c2:d0:
                    0c:73:9f:e7:78:eb:5c:a3:a0:f0:e6:02:4d:f8:da:
                    a3:1f:cc:26:04:5e:56:0e:5b:91:99:91:25:9f:69:
                    fa:16:86:c8:9c:e8:97:00:60:8c:13:c2:c3:ea:61:
                    39:e7:ff:36:38:4c:64:37:49:b5:31:f3:e1:f6:80:
                    ac:53:3b:99:4c:c5:2e:d4:87:f5:6e:d8:d6:c5:33:
                    9e:59:c6:47:df:49:29:8a:f0:6a:32:6f:9c:fa:ff:
                    27:85:e4:55:3e:bf:b4:ee:3a:49:ee:f7:95:4f:b0:
                    4a:ec:a5:a4:02:0b:2f:e2:7a:16:cb:ac:75:02:94:
                    ad:78:7a:29:8b:e3:4a:2f:03:17:be:a0:56:74:9b:
                    37:b9:7d:d8:15:8c:de:dd:ca:b6:0d:90:f0:69:bf:
                    6c:ad:ae:f7:2d:6c:5a:8e:1d:13:f1:e2:fa:c6:14:
                    22:58:66:41:2f:59:2f:7a:e3:07:8c:9e:ab:aa:48:
                    30:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:09:6A:F4:8D:20:EB:7D:3F:09:D6:E1:6C:98:E5:A4:E1:0D:60:59
            X509v3 Authority Key Identifier:
                keyid:25:28:B7:1F:1E:7C:A6:95:31:DD:5D:F2:55:95:13:59:8D:B1:C7:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSi3Hx58ppUx3V3yVZUTWY2xx_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/30d69e-f0e7-46f3-9759-ed32c5612840/1/aglq9I0g630_CdbhbJjlpOENYFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/30d69e-f0e7-46f3-9759-ed32c5612840/1/JSi3Hx58ppUx3V3yVZUTWY2xx_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.67.0/24
                  194.120.16.0/23
                IPv6:
                  2001:67c:2e58::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:16:27:6f:61:8b:7e:47:49:1b:ce:dc:61:46:9a:bc:f8:c6:
         ea:9d:6f:d7:fa:f2:b7:f0:8b:66:c8:27:b7:8d:a7:3d:5e:72:
         4e:e3:04:88:1a:80:b8:6e:d8:9b:50:2f:e7:d7:14:91:f6:f3:
         d1:09:ab:c4:6c:0c:e8:b2:21:00:ca:39:69:55:f2:a0:88:d2:
         d0:42:e6:3e:d0:c8:9b:82:f1:dc:60:2c:bd:fc:a6:75:e0:dd:
         7a:db:7e:95:7a:f0:c8:8f:81:a2:18:4d:e9:de:92:bc:93:22:
         b8:bc:cb:8f:8c:d1:9a:a6:d1:99:81:90:e3:05:b2:a6:d9:73:
         fa:b5:44:d9:84:21:04:ea:fe:ff:26:19:29:11:b5:ce:38:ec:
         9d:35:db:aa:da:d4:a9:65:e6:93:86:89:b1:42:81:33:de:72:
         0c:94:d7:18:0e:37:37:a2:c4:10:af:55:e4:d3:4b:a5:38:df:
         32:93:94:87:fd:98:2a:c1:db:07:f0:62:a9:53:40:04:fc:2c:
         bc:fc:1d:3b:7d:5b:41:f5:33:56:f1:1c:17:e4:98:64:b0:ab:
         ea:2d:fa:42:79:38:f9:5d:93:55:73:ed:f6:5e:85:cf:2c:b8:
         63:67:7c:a1:39:90:0f:66:6f:d8:b5:e3:83:a2:4f:46:d6:1c:
         47:12:d9:38
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzIbyCRKhVKlIInrNRXKmzwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MjhiNzFmMWU3Y2E2OTUzMWRkNWRmMjU1OTUxMzU5OGRi
MWM3ZjMwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTA5NmFmNDhkMjBlYjdkM2YwOWQ2ZTE2Yzk4ZTVhNGUxMGQ2MDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFjD97hV6gsigoRQPzJwS3ApYZP0
16tXe9fQNg2EQX84IZ/FCFaXTP6kORR178PsMxq32sogLxOPNUPgS13OH1UKQNsH
NK3bwtAMc5/neOtco6Dw5gJN+NqjH8wmBF5WDluRmZEln2n6FobInOiXAGCME8LD
6mE55/82OExkN0m1MfPh9oCsUzuZTMUu1If1btjWxTOeWcZH30kpivBqMm+c+v8n
heRVPr+07jpJ7veVT7BK7KWkAgsv4noWy6x1ApSteHopi+NKLwMXvqBWdJs3uX3Y
FYze3cq2DZDwab9sra73LWxajh0T8eL6xhQiWGZBL1kveuMHjJ6rqkgwGwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGoJavSNIOt9PwnW4WyY5aThDWBZMB8GA1UdIwQY
MBaAFCUotx8efKaVMd1d8lWVE1mNscfzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlNpM0h4NThwcFV4M1YzeVZaVVRXWTJ4eF9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8zMGQ2OWUtZjBlNy00NmYzLTk3NTkt
ZWQzMmM1NjEyODQwLzEvYWdscTlJMGc2MzBfQ2RiaGJKamxwT0VOWUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8zMGQ2OWUtZjBlNy00NmYzLTk3NTktZWQzMmM1NjEyODQw
LzEvSlNpM0h4NThwcFV4M1YzeVZaVVRXWTJ4eF9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwY1DAwQB
wngQMA8EAgACMAkDBwAgAQZ8LlgwDQYJKoZIhvcNAQELBQADggEBAGQWJ29hi35H
SRvO3GFGmrz4xuqdb9f68rfwi2bIJ7eNpz1eck7jBIgagLhu2JtQL+fXFJH289EJ
q8RsDOiyIQDKOWlV8qCI0tBC5j7QyJuC8dxgLL38pnXg3XrbfpV68MiPgaIYTene
kryTIri8y4+M0Zqm0ZmBkOMFsqbZc/q1RNmEIQTq/v8mGSkRtc447J0126ra1Kll
5pOGibFCgTPecgyU1xgONzeixBCvVeTTS6U43zKTlIf9mCrB2wfwYqlTQAT8LLz8
HTt9W0H1M1bxHBfkmGSwq+ot+kJ5OPldk1Vz7fZehc8suGNnfKE5kA9mb9i144Oi
T0bWHEcS2Tg=
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:40:09 2024 by rpki-client on console-fra.rpki-client.org