Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/zk2XEPlE2kCvAT3nlw_0e6_uVI0.roa
File:                     zk2XEPlE2kCvAT3nlw_0e6_uVI0.roa (raw, json)
Hash identifier:          Uv+z0PwQexJ64IhUw8YtdOMUSDtkQoKqM3r/kA2uplU=
Subject key identifier:   CE:4D:97:10:F9:44:DA:40:AF:01:3D:E7:97:0F:F4:7B:AF:EE:54:8D
Certificate issuer:       /CN=31828c99d35cb92e2d53daf128e497e841b63ab0
Certificate serial:       018CC801EEF593FA738B6CA6B02308A61355
Authority key identifier: 31:82:8C:99:D3:5C:B9:2E:2D:53:DA:F1:28:E4:97:E8:41:B6:3A:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYKMmdNcuS4tU9rxKOSX6EG2OrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/zk2XEPlE2kCvAT3nlw_0e6_uVI0.roa
Signing time:             Tue 02 Jan 2024 02:30:19 +0000
ROA not before:           Tue 02 Jan 2024 02:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41898
IP address blocks:        91.135.16.0/20 maxlen: 20
                          95.130.32.0/21 maxlen: 21
                          158.255.56.0/21 maxlen: 21
                          158.255.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/MYKMmdNcuS4tU9rxKOSX6EG2OrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/MYKMmdNcuS4tU9rxKOSX6EG2OrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYKMmdNcuS4tU9rxKOSX6EG2OrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ee:f5:93:fa:73:8b:6c:a6:b0:23:08:a6:13:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31828c99d35cb92e2d53daf128e497e841b63ab0
        Validity
            Not Before: Jan  2 02:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce4d9710f944da40af013de7970ff47bafee548d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:69:99:74:1f:00:a4:f0:a8:6d:28:78:55:7f:
                    7b:fc:56:ed:5f:66:f5:74:21:7c:26:ea:91:18:f5:
                    ea:43:28:db:9b:98:cc:be:fb:3c:74:87:bb:06:b5:
                    dd:52:85:a6:db:10:5e:b8:74:f1:3d:99:04:13:e7:
                    82:8c:71:7a:84:ba:a7:86:21:75:fa:bc:49:1f:e1:
                    92:45:ae:d9:a8:77:7b:fb:6d:a0:51:51:7e:4b:cd:
                    d0:03:f7:89:89:80:0c:3d:31:b0:2f:07:3a:25:b2:
                    90:cf:94:78:ee:70:2c:9f:1c:d9:01:ab:2f:88:0f:
                    6a:7b:ef:b4:a2:da:38:f3:62:3b:71:4d:8b:b5:3c:
                    a2:44:94:2c:02:b6:3a:83:70:83:12:1e:ea:ed:f4:
                    e4:1d:45:a5:83:d2:8b:7e:e8:e7:d1:f8:56:0c:20:
                    1f:07:e3:7e:80:51:c8:b7:e0:eb:f9:46:3b:92:6e:
                    17:f3:c3:a0:ea:88:c5:5d:6a:da:17:98:30:25:67:
                    02:f4:72:94:75:d2:f3:45:9b:df:0b:20:10:38:ef:
                    7b:da:54:46:d7:d3:d5:23:e3:f6:c7:39:cd:ad:a7:
                    83:c7:e1:99:4c:38:5e:04:8d:d7:55:cb:67:a0:8d:
                    f7:a3:05:83:c4:36:0f:a6:99:42:f9:37:a5:c9:b3:
                    5f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:4D:97:10:F9:44:DA:40:AF:01:3D:E7:97:0F:F4:7B:AF:EE:54:8D
            X509v3 Authority Key Identifier:
                keyid:31:82:8C:99:D3:5C:B9:2E:2D:53:DA:F1:28:E4:97:E8:41:B6:3A:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYKMmdNcuS4tU9rxKOSX6EG2OrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/zk2XEPlE2kCvAT3nlw_0e6_uVI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/MYKMmdNcuS4tU9rxKOSX6EG2OrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.135.16.0/20
                  95.130.32.0/21
                  158.255.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9c:95:74:d5:98:4c:2a:98:bc:18:35:35:d5:c4:c1:e6:15:bd:
         72:d9:b0:4f:ad:b4:33:1e:e6:fa:a1:8d:c1:8e:e4:10:7b:56:
         1c:68:be:96:85:4f:a1:6c:4b:03:4c:05:09:b3:6e:46:b4:30:
         53:33:aa:b1:64:1c:ba:08:b0:36:05:10:fd:f5:86:08:90:04:
         5d:7f:0b:e6:1a:b4:83:86:cd:fc:92:ec:3c:ec:5e:15:a5:58:
         0c:ca:c0:35:38:0c:ba:08:ec:7f:9c:0f:5b:14:19:fb:cb:44:
         a2:07:24:c2:73:bf:b6:94:8d:b6:b4:ee:91:a7:bd:80:62:7e:
         39:cf:ae:7d:d7:45:f9:25:51:11:bf:0d:37:8e:e4:7d:7a:c1:
         80:bc:3e:38:59:94:40:cf:8d:70:f2:9e:3f:06:58:cb:d3:58:
         8d:71:18:64:b3:b8:0b:73:ed:c2:0c:20:f1:30:6e:5f:e0:06:
         33:ac:f8:55:d2:73:19:59:7a:5b:b2:4d:f4:5f:d0:41:19:90:
         d5:e0:62:75:15:a5:59:1e:4f:2e:50:7c:4a:42:8d:21:2a:30:
         17:83:ff:4c:7c:90:ba:bd:cb:2c:d5:3c:b7:6e:13:d1:ad:16:
         95:6a:a5:56:36:20:0c:fd:07:10:d3:3a:bb:ff:e7:35:d8:b3:
         f4:bf:52:11
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAe71k/pzi2ymsCMIphNVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODI4Yzk5ZDM1Y2I5MmUyZDUzZGFmMTI4ZTQ5N2U4NDFi
NjNhYjAwHhcNMjQwMTAyMDIzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTRkOTcxMGY5NDRkYTQwYWYwMTNkZTc5NzBmZjQ3YmFmZWU1NDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWmZdB8ApPCobSh4VX97/FbtX2b1
dCF8JuqRGPXqQyjbm5jMvvs8dIe7BrXdUoWm2xBeuHTxPZkEE+eCjHF6hLqnhiF1
+rxJH+GSRa7ZqHd7+22gUVF+S83QA/eJiYAMPTGwLwc6JbKQz5R47nAsnxzZAasv
iA9qe++0oto482I7cU2LtTyiRJQsArY6g3CDEh7q7fTkHUWlg9KLfujn0fhWDCAf
B+N+gFHIt+Dr+UY7km4X88Og6ojFXWraF5gwJWcC9HKUddLzRZvfCyAQOO972lRG
19PVI+P2xznNraeDx+GZTDheBI3XVctnoI33owWDxDYPpplC+TelybNfpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM5NlxD5RNpArwE955cP9Huv7lSNMB8GA1UdIwQY
MBaAFDGCjJnTXLkuLVPa8Sjkl+hBtjqwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlLTW1kTmN1UzR0VTlyeEtPU1g2RUcyT3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS82Y2JhMWEtNWY0ZC00MzA4LWJmNDYt
ZWIzN2E4NWE4MmM1LzEvemsyWEVQbEUya0N2QVQzbmx3XzBlNl91VkkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS82Y2JhMWEtNWY0ZC00MzA4LWJmNDYtZWIzN2E4NWE4MmM1
LzEvTVlLTW1kTmN1UzR0VTlyeEtPU1g2RUcyT3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEW4cQAwQD
X4IgAwQDnv84MA0GCSqGSIb3DQEBCwUAA4IBAQCclXTVmEwqmLwYNTXVxMHmFb1y
2bBPrbQzHub6oY3BjuQQe1YcaL6WhU+hbEsDTAUJs25GtDBTM6qxZBy6CLA2BRD9
9YYIkARdfwvmGrSDhs38kuw87F4VpVgMysA1OAy6COx/nA9bFBn7y0SiByTCc7+2
lI22tO6Rp72AYn45z65910X5JVERvw03juR9esGAvD44WZRAz41w8p4/BljL01iN
cRhks7gLc+3CDCDxMG5f4AYzrPhV0nMZWXpbsk30X9BBGZDV4GJ1FaVZHk8uUHxK
Qo0hKjAXg/9MfJC6vcss1Ty3bhPRrRaVaqVWNiAM/QcQ0zq7/+c12LP0v1IR
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:01:09 2024 by rpki-client on console-fra.rpki-client.org