Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/7bbb91-c5b0-4d0b-925b-09be5989d0ac/1/128yRl15fhmpYocW8_CEOsp_Ops.roa
File:                     128yRl15fhmpYocW8_CEOsp_Ops.roa (raw, json)
Hash identifier:          HL3WXkTAq90tiz/lgtHQrMQlLPfEnshDgz0GDy8YLLY=
Subject key identifier:   D7:6F:32:46:5D:79:7E:19:A9:62:87:16:F3:F0:84:3A:CA:7F:3A:9B
Certificate issuer:       /CN=4edc689bb22d09475574f41c0e5d97c045930928
Certificate serial:       018CC26D022E70B7DD6FB2E3EF3C53B4F2C4
Authority key identifier: 4E:DC:68:9B:B2:2D:09:47:55:74:F4:1C:0E:5D:97:C0:45:93:09:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ttxom7ItCUdVdPQcDl2XwEWTCSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/7bbb91-c5b0-4d0b-925b-09be5989d0ac/1/128yRl15fhmpYocW8_CEOsp_Ops.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39884
IP address blocks:        46.31.224.0/21 maxlen: 24
                          185.75.92.0/22 maxlen: 22
                          195.189.172.0/23 maxlen: 23
                          2a03:8e00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/7bbb91-c5b0-4d0b-925b-09be5989d0ac/1/Ttxom7ItCUdVdPQcDl2XwEWTCSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/7bbb91-c5b0-4d0b-925b-09be5989d0ac/1/Ttxom7ItCUdVdPQcDl2XwEWTCSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ttxom7ItCUdVdPQcDl2XwEWTCSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:02:2e:70:b7:dd:6f:b2:e3:ef:3c:53:b4:f2:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4edc689bb22d09475574f41c0e5d97c045930928
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d76f32465d797e19a9628716f3f0843aca7f3a9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a0:9d:e4:c9:52:ad:c9:07:99:e1:d7:75:46:
                    b5:96:53:c8:6c:0f:f4:b2:fb:3f:4b:42:73:eb:7c:
                    df:16:15:66:97:b9:f8:61:3e:39:ac:28:7e:93:6d:
                    84:5e:51:b1:b0:c7:3f:46:c7:a8:82:99:14:2e:ac:
                    dd:e0:01:ab:fd:d5:b9:8a:63:89:1f:45:0c:30:b3:
                    d7:55:d1:89:5c:6b:09:a2:85:a4:05:cc:6b:d9:d7:
                    a5:b1:36:49:d6:fc:56:a2:7c:e2:08:99:fe:73:fb:
                    b7:77:41:1a:c2:dd:9c:cd:30:08:f6:c6:72:f6:43:
                    fa:21:ac:a0:f1:a0:f7:26:92:a5:44:96:df:1a:a4:
                    b9:2d:40:33:b6:3a:e0:fb:c6:ac:f5:52:eb:78:89:
                    63:6f:2d:1d:df:b7:70:03:6b:7f:d2:8b:33:ae:e4:
                    cf:11:c9:84:97:c9:1b:6f:dc:c8:f8:94:c4:33:8e:
                    6f:4f:91:f7:15:29:87:7d:bc:70:a6:e2:ea:7b:e3:
                    af:21:04:49:52:d3:e9:95:3d:7b:3d:ed:64:25:22:
                    c6:9a:d6:dd:71:45:86:68:d3:f3:be:28:b8:cf:04:
                    8a:b5:0a:4a:11:a5:f4:88:1c:d7:f4:5e:1a:3b:ed:
                    a5:55:82:33:a6:2f:b4:77:40:c1:0b:c0:84:98:58:
                    95:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:6F:32:46:5D:79:7E:19:A9:62:87:16:F3:F0:84:3A:CA:7F:3A:9B
            X509v3 Authority Key Identifier:
                keyid:4E:DC:68:9B:B2:2D:09:47:55:74:F4:1C:0E:5D:97:C0:45:93:09:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ttxom7ItCUdVdPQcDl2XwEWTCSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/7bbb91-c5b0-4d0b-925b-09be5989d0ac/1/128yRl15fhmpYocW8_CEOsp_Ops.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/7bbb91-c5b0-4d0b-925b-09be5989d0ac/1/Ttxom7ItCUdVdPQcDl2XwEWTCSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.224.0/21
                  185.75.92.0/22
                  195.189.172.0/23
                IPv6:
                  2a03:8e00::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:2a:61:4b:18:e4:3a:00:f2:ec:98:72:bc:52:2d:eb:bc:51:
         e2:22:f6:b7:b5:47:b1:a0:4e:b9:db:b7:b8:d5:54:e4:a3:06:
         a8:14:c7:96:43:97:c1:2a:6b:03:4a:15:09:12:94:35:89:21:
         ab:24:43:2a:c8:a1:e8:45:79:5a:39:69:8e:22:ca:d9:51:02:
         24:78:6e:9f:6f:f7:d0:61:ad:9a:1d:f7:38:12:51:ac:74:05:
         80:b7:aa:be:2c:1b:b8:3e:55:51:c5:ff:5b:95:d2:e4:40:e4:
         74:d7:aa:3e:b3:80:e5:44:88:11:08:01:56:90:a4:cf:94:fe:
         2a:be:ec:7c:f2:a8:dd:c7:24:d5:d2:a4:87:61:f4:e1:21:18:
         6f:9f:70:63:04:a6:90:54:38:85:04:0a:09:36:c5:ed:e8:e2:
         9f:81:26:ba:f5:19:13:b9:c6:b2:f9:6a:f4:41:bc:53:d8:b8:
         7a:f7:ad:4d:5c:06:10:7c:8d:b6:4c:94:b1:3c:e4:a4:6f:c5:
         a9:00:99:bf:a3:c4:d4:ba:35:e8:bc:28:f3:7c:90:fa:08:a9:
         14:e0:64:7e:c5:e4:94:56:13:75:ac:1d:df:b1:52:61:15:16:
         ef:9a:96:1e:42:09:81:d7:fe:c1:c4:c9:c4:50:61:b3:7b:9c:
         da:e8:55:e0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzCbQIucLfdb7Lj7zxTtPLEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZGM2ODliYjIyZDA5NDc1NTc0ZjQxYzBlNWQ5N2MwNDU5
MzA5MjgwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzZmMzI0NjVkNzk3ZTE5YTk2Mjg3MTZmM2YwODQzYWNhN2YzYTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6Cd5MlSrckHmeHXdUa1llPIbA/0
svs/S0Jz63zfFhVml7n4YT45rCh+k22EXlGxsMc/RseogpkULqzd4AGr/dW5imOJ
H0UMMLPXVdGJXGsJooWkBcxr2delsTZJ1vxWonziCJn+c/u3d0Eawt2czTAI9sZy
9kP6Iayg8aD3JpKlRJbfGqS5LUAztjrg+8as9VLreIljby0d37dwA2t/0oszruTP
EcmEl8kbb9zI+JTEM45vT5H3FSmHfbxwpuLqe+OvIQRJUtPplT17Pe1kJSLGmtbd
cUWGaNPzvii4zwSKtQpKEaX0iBzX9F4aO+2lVYIzpi+0d0DBC8CEmFiV2QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNdvMkZdeX4ZqWKHFvPwhDrKfzqbMB8GA1UdIwQY
MBaAFE7caJuyLQlHVXT0HA5dl8BFkwkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHR4b203SXRDVWRWZFBRY0RsMlh3RVdUQ1NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi83YmJiOTEtYzViMC00ZDBiLTkyNWIt
MDliZTU5ODlkMGFjLzEvMTI4eVJsMTVmaG1wWW9jVzhfQ0VPc3BfT3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi83YmJiOTEtYzViMC00ZDBiLTkyNWItMDliZTU5ODlkMGFj
LzEvVHR4b203SXRDVWRWZFBRY0RsMlh3RVdUQ1NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLh/gAwQC
uUtcAwQBw72sMA0EAgACMAcDBQAqA44AMA0GCSqGSIb3DQEBCwUAA4IBAQBqKmFL
GOQ6APLsmHK8Ui3rvFHiIva3tUexoE6527e41VTkowaoFMeWQ5fBKmsDShUJEpQ1
iSGrJEMqyKHoRXlaOWmOIsrZUQIkeG6fb/fQYa2aHfc4ElGsdAWAt6q+LBu4PlVR
xf9bldLkQOR016o+s4DlRIgRCAFWkKTPlP4qvux88qjdxyTV0qSHYfThIRhvn3Bj
BKaQVDiFBAoJNsXt6OKfgSa69RkTucay+Wr0QbxT2Lh6961NXAYQfI22TJSxPOSk
b8WpAJm/o8TUujXovCjzfJD6CKkU4GR+xeSUVhN1rB3fsVJhFRbvmpYeQgmB1/7B
xMnEUGGze5za6FXg
-----END CERTIFICATE-----
Generated at Mon Jun 17 13:19:43 2024 by rpki-client on console-ams.rpki-client.org