Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/KdT94Mxx6OgPbUdXnO586zv_Q9Y.roa
File:                     KdT94Mxx6OgPbUdXnO586zv_Q9Y.roa (raw, json)
Hash identifier:          MDtB0wBu1iUcdqO1yVAIjYe1TbJ+APqkT9wrtCcX/CM=
Subject key identifier:   29:D4:FD:E0:CC:71:E8:E8:0F:6D:47:57:9C:EE:7C:EB:3B:FF:43:D6
Certificate issuer:       /CN=6fe561f84c5bab17d503bf93d3c3d325c2a2252e
Certificate serial:       018CC4938E538B4BE7664272387BC8256AB2
Authority key identifier: 6F:E5:61:F8:4C:5B:AB:17:D5:03:BF:93:D3:C3:D3:25:C2:A2:25:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b-Vh-ExbqxfVA7-T08PTJcKiJS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/KdT94Mxx6OgPbUdXnO586zv_Q9Y.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21032
IP address blocks:        185.133.112.0/22 maxlen: 24
                          188.209.160.0/19 maxlen: 24
                          109.226.128.0/18 maxlen: 24
                          2a0d:c80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/b-Vh-ExbqxfVA7-T08PTJcKiJS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/b-Vh-ExbqxfVA7-T08PTJcKiJS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b-Vh-ExbqxfVA7-T08PTJcKiJS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8e:53:8b:4b:e7:66:42:72:38:7b:c8:25:6a:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fe561f84c5bab17d503bf93d3c3d325c2a2252e
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29d4fde0cc71e8e80f6d47579cee7ceb3bff43d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:24:0b:be:ad:3e:d9:cc:e2:58:92:3d:c9:e0:
                    5b:be:f4:d8:35:28:d1:31:0b:9f:a4:2d:ca:d4:86:
                    a1:29:77:eb:9a:82:b8:12:5e:54:5c:6b:50:64:a5:
                    10:83:f5:df:2a:6b:2a:ce:b3:b3:10:7f:28:f5:33:
                    e7:d5:f6:49:22:40:00:43:72:3a:4c:90:34:60:64:
                    9d:52:a7:b9:54:59:94:78:19:60:8d:6f:2e:a1:7f:
                    0b:ce:0a:3f:e8:ad:77:54:d1:61:92:cc:d6:7b:29:
                    db:73:40:6d:ea:ff:74:f9:2c:61:bb:1f:4b:90:88:
                    90:bb:3b:da:e6:b4:a2:b8:0c:9d:33:9e:f5:c3:1e:
                    32:95:c1:ea:2d:be:d9:ad:1e:5d:5a:cd:cf:de:cb:
                    ad:cc:b8:7a:c2:92:51:6a:8b:13:93:c1:73:53:bf:
                    9b:d5:f3:c8:5d:3d:d5:8b:ff:0e:f7:1a:c6:e9:94:
                    a8:d3:f8:5f:3f:aa:12:21:77:07:e2:19:07:da:3d:
                    38:f2:72:c0:6a:2d:5d:7f:8c:1f:f4:9a:cb:7e:27:
                    b5:16:a2:be:0c:36:42:84:6d:67:6a:f0:cf:78:9f:
                    05:b8:d2:29:9c:bf:2a:40:a8:0b:6e:ef:a2:9c:62:
                    5d:03:bf:68:16:e3:a7:3c:30:f9:a3:f5:5f:dd:c5:
                    69:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:D4:FD:E0:CC:71:E8:E8:0F:6D:47:57:9C:EE:7C:EB:3B:FF:43:D6
            X509v3 Authority Key Identifier:
                keyid:6F:E5:61:F8:4C:5B:AB:17:D5:03:BF:93:D3:C3:D3:25:C2:A2:25:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b-Vh-ExbqxfVA7-T08PTJcKiJS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/KdT94Mxx6OgPbUdXnO586zv_Q9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/6266af-ffbb-4462-baa6-5739ed83c691/1/b-Vh-ExbqxfVA7-T08PTJcKiJS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.226.128.0/18
                  185.133.112.0/22
                  188.209.160.0/19
                IPv6:
                  2a0d:c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:26:ed:4a:58:ff:c2:08:aa:c9:cd:09:91:3e:fd:40:49:d2:
         23:2f:fb:05:ad:b8:e3:7d:d2:92:aa:77:18:23:40:7e:21:49:
         8c:1f:e8:ed:84:38:af:eb:b6:4a:14:26:c4:25:55:f4:1e:fd:
         f2:c6:eb:c7:61:b4:0e:84:2c:79:72:48:bd:eb:f5:0f:f0:54:
         d6:e9:7d:9d:e4:61:fe:5c:39:3f:86:e2:8c:fb:99:1c:60:b3:
         72:8a:54:a6:59:27:5d:62:0c:ea:ec:e7:7d:af:d2:ca:18:04:
         f7:bd:7d:f9:59:63:c3:ef:6e:6b:61:8c:0e:b5:e4:3f:2c:7b:
         d6:79:9a:bd:62:4b:51:1f:37:0c:aa:9c:41:41:ea:20:01:24:
         17:01:65:f2:91:b0:51:87:37:44:98:3a:93:f6:d4:ee:61:22:
         53:84:9d:98:44:89:6b:61:e7:f4:5e:b9:d9:14:c1:69:b2:86:
         88:43:c1:fb:c0:a0:7c:f1:5b:35:7e:35:9d:c5:46:b6:11:15:
         8e:92:0d:9d:a9:1a:ee:42:ac:5e:d9:20:eb:5f:6e:12:dc:35:
         46:58:0c:b1:35:64:a4:cd:9a:93:54:f8:fa:04:30:79:37:13:
         1d:2f:3f:7c:f1:f5:5f:df:0a:ea:e8:ba:1e:88:bc:47:4c:31:
         a0:c7:29:67
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzEk45Ti0vnZkJyOHvIJWqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZTU2MWY4NGM1YmFiMTdkNTAzYmY5M2QzYzNkMzI1YzJh
MjI1MmUwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWQ0ZmRlMGNjNzFlOGU4MGY2ZDQ3NTc5Y2VlN2NlYjNiZmY0M2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCQLvq0+2cziWJI9yeBbvvTYNSjR
MQufpC3K1IahKXfrmoK4El5UXGtQZKUQg/XfKmsqzrOzEH8o9TPn1fZJIkAAQ3I6
TJA0YGSdUqe5VFmUeBlgjW8uoX8Lzgo/6K13VNFhkszWeynbc0Bt6v90+Sxhux9L
kIiQuzva5rSiuAydM571wx4ylcHqLb7ZrR5dWs3P3sutzLh6wpJRaosTk8FzU7+b
1fPIXT3Vi/8O9xrG6ZSo0/hfP6oSIXcH4hkH2j048nLAai1df4wf9JrLfie1FqK+
DDZChG1navDPeJ8FuNIpnL8qQKgLbu+inGJdA79oFuOnPDD5o/Vf3cVpNQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCnU/eDMcejoD21HV5zufOs7/0PWMB8GA1UdIwQY
MBaAFG/lYfhMW6sX1QO/k9PD0yXCoiUuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYi1WaC1FeGJxeGZWQTctVDA4UFRKY0tpSlM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC82MjY2YWYtZmZiYi00NDYyLWJhYTYt
NTczOWVkODNjNjkxLzEvS2RUOTRNeHg2T2dQYlVkWG5PNTg2enZfUTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC82MjY2YWYtZmZiYi00NDYyLWJhYTYtNTczOWVkODNjNjkx
LzEvYi1WaC1FeGJxeGZWQTctVDA4UFRKY0tpSlM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQGbeKAAwQC
uYVwAwQFvNGgMA0EAgACMAcDBQMqDQyAMA0GCSqGSIb3DQEBCwUAA4IBAQCrJu1K
WP/CCKrJzQmRPv1ASdIjL/sFrbjjfdKSqncYI0B+IUmMH+jthDiv67ZKFCbEJVX0
Hv3yxuvHYbQOhCx5cki96/UP8FTW6X2d5GH+XDk/huKM+5kcYLNyilSmWSddYgzq
7Od9r9LKGAT3vX35WWPD725rYYwOteQ/LHvWeZq9YktRHzcMqpxBQeogASQXAWXy
kbBRhzdEmDqT9tTuYSJThJ2YRIlrYef0XrnZFMFpsoaIQ8H7wKB88Vs1fjWdxUa2
ERWOkg2dqRruQqxe2SDrX24S3DVGWAyxNWSkzZqTVPj6BDB5NxMdLz988fVf3wrq
6LoeiLxHTDGgxyln
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:13:57 2024 by rpki-client on console-ams.rpki-client.org