Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/dpUN2g0FR4gM63y3UnF9NEB9XmQ.roa
File:                     dpUN2g0FR4gM63y3UnF9NEB9XmQ.roa (raw, json)
Hash identifier:          O6ADjBqmL2OgYA5tEc52BXHd83lLr6j4Hzf3F+miubg=
Subject key identifier:   76:95:0D:DA:0D:05:47:88:0C:EB:7C:B7:52:71:7D:34:40:7D:5E:64
Certificate issuer:       /CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
Certificate serial:       018DCB6A187C85E2580FEAC54C4959A2794F
Authority key identifier: C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/dpUN2g0FR4gM63y3UnF9NEB9XmQ.roa
Signing time:             Wed 21 Feb 2024 11:25:44 +0000
ROA not before:           Wed 21 Feb 2024 11:25:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1820
IP address blocks:        31.223.224.0/21 maxlen: 32
                          91.226.1.0/24 maxlen: 32
                          185.16.228.0/22 maxlen: 32
                          185.45.244.0/22 maxlen: 32
                          185.170.192.0/22 maxlen: 32
                          193.16.47.0/24 maxlen: 32
                          193.104.182.0/24 maxlen: 32
                          195.66.93.0/24 maxlen: 32
                          195.177.72.0/22 maxlen: 32
                          2a00:6180::/29 maxlen: 128
                          2a13:8800::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:6a:18:7c:85:e2:58:0f:ea:c5:4c:49:59:a2:79:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
        Validity
            Not Before: Feb 21 11:25:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76950dda0d0547880ceb7cb752717d34407d5e64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:96:c3:38:49:59:24:41:dc:28:1f:2b:fe:ba:
                    00:25:89:e4:4f:67:a3:55:9b:0f:30:47:ce:43:2e:
                    14:a0:2c:58:7e:7a:6c:b9:fd:fc:e6:47:bc:b4:91:
                    6b:a9:74:22:4a:39:d7:27:e5:a3:e9:ae:33:14:3e:
                    6b:2c:4d:55:a8:ba:7e:3a:1b:c8:d9:2b:fd:8f:e4:
                    d5:94:3e:56:d6:4e:3c:5f:83:2d:87:64:3b:7f:1c:
                    a5:97:88:86:6b:4d:72:d2:e0:24:fc:f7:f9:56:d5:
                    7d:85:bf:fa:7f:35:6a:e2:bc:16:f0:a4:56:d0:dd:
                    3d:ee:68:db:de:0d:69:e3:90:aa:24:1e:77:fb:0c:
                    1d:b2:26:5a:1b:46:03:2d:31:fe:e3:d1:c2:ac:9b:
                    33:d1:8d:b6:9e:8e:f7:77:f6:34:53:7f:12:13:a4:
                    09:96:2a:cc:a1:d9:e4:8a:e0:7a:06:2d:26:64:dc:
                    fd:50:3f:fc:fd:b5:54:98:bf:c2:05:4b:05:ff:21:
                    40:ba:58:5e:0e:ce:03:df:01:e2:71:10:ee:a9:31:
                    85:a8:e0:b2:6a:2c:fd:8c:24:5f:e8:8a:f4:33:06:
                    75:db:b4:f5:aa:0e:a8:2a:16:2a:43:23:5f:df:8c:
                    b1:de:a7:bb:f3:1a:53:ee:ff:5f:1f:d6:b5:19:65:
                    57:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:95:0D:DA:0D:05:47:88:0C:EB:7C:B7:52:71:7D:34:40:7D:5E:64
            X509v3 Authority Key Identifier:
                keyid:C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/dpUN2g0FR4gM63y3UnF9NEB9XmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.223.224.0/21
                  91.226.1.0/24
                  185.16.228.0/22
                  185.45.244.0/22
                  185.170.192.0/22
                  193.16.47.0/24
                  193.104.182.0/24
                  195.66.93.0/24
                  195.177.72.0/22
                IPv6:
                  2a00:6180::/29
                  2a13:8800::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:11:6f:bb:ca:80:cf:e4:27:33:73:f5:ab:8c:71:d5:5e:a6:
         3b:7f:48:28:df:9d:75:63:8d:26:cf:20:d9:f2:54:b0:41:6a:
         13:7e:19:c9:cb:7c:9a:71:87:33:78:aa:79:27:68:cb:43:5c:
         25:3b:f3:6e:2b:02:7e:38:b2:87:80:83:fc:a5:1f:f3:b1:7c:
         82:93:15:95:17:db:31:5a:27:ce:b9:96:43:09:1b:18:7e:f4:
         8e:e9:ea:16:c8:39:6e:bb:cf:cc:42:31:be:eb:78:6c:09:4f:
         8c:27:f3:47:b2:9d:1d:1f:40:b7:cb:05:8d:99:00:ae:23:a4:
         d8:08:09:11:37:f2:e6:a8:e2:e2:aa:b0:b5:56:a3:ba:69:6c:
         f9:fb:f3:ad:c6:f9:03:f9:eb:42:60:5f:c3:6f:e9:6a:5b:f5:
         94:f5:61:36:9c:b2:a1:93:c6:ea:38:e3:5b:42:d9:4a:df:e0:
         95:05:8b:d5:14:a3:7d:9a:bc:cf:0b:fb:05:3d:e0:4a:cd:29:
         8d:6d:f9:e1:19:f5:67:a0:df:dc:6c:df:f3:24:bc:0a:49:22:
         9c:80:7f:aa:3a:64:02:6f:bf:04:66:ce:2d:5f:c7:2a:f3:06:
         75:00:4a:81:56:6b:cf:3f:72:9c:ba:1c:d7:bd:0a:93:4a:33:
         09:82:8f:fc
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAY3Lahh8heJYD+rFTElZonlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTk1M2MwODk4MGFkYzk0ZjJmYTNhM2MxYmE5NWM0MGQy
MWU3ZDMwHhcNMjQwMjIxMTEyNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njk1MGRkYTBkMDU0Nzg4MGNlYjdjYjc1MjcxN2QzNDQwN2Q1ZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpbDOElZJEHcKB8r/roAJYnkT2ej
VZsPMEfOQy4UoCxYfnpsuf385ke8tJFrqXQiSjnXJ+Wj6a4zFD5rLE1VqLp+OhvI
2Sv9j+TVlD5W1k48X4Mth2Q7fxyll4iGa01y0uAk/Pf5VtV9hb/6fzVq4rwW8KRW
0N097mjb3g1p45CqJB53+wwdsiZaG0YDLTH+49HCrJsz0Y22no73d/Y0U38SE6QJ
lirModnkiuB6Bi0mZNz9UD/8/bVUmL/CBUsF/yFAulheDs4D3wHicRDuqTGFqOCy
aiz9jCRf6Ir0MwZ127T1qg6oKhYqQyNf34yx3qe78xpT7v9fH9a1GWVX8wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFHaVDdoNBUeIDOt8t1JxfTRAfV5kMB8GA1UdIwQY
MBaAFMYZU8CJgK3JTy+jo8G6lcQNIefTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYt
NjI1MjQ1YTAwYWJmLzEvZHBVTjJnMEZSNGdNNjN5M1VuRjlORUI5WG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYtNjI1MjQ1YTAwYWJm
LzEveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDH9/gAwQA
W+IBAwQCuRDkAwQCuS30AwQCuarAAwQAwRAvAwQAwWi2AwQAw0JdAwQCw7FIMBQE
AgACMA4DBQMqAGGAAwUDKhOIADANBgkqhkiG9w0BAQsFAAOCAQEAORFvu8qAz+Qn
M3P1q4xx1V6mO39IKN+ddWONJs8g2fJUsEFqE34Zyct8mnGHM3iqeSdoy0NcJTvz
bisCfjiyh4CD/KUf87F8gpMVlRfbMVonzrmWQwkbGH70junqFsg5brvPzEIxvut4
bAlPjCfzR7KdHR9At8sFjZkAriOk2AgJETfy5qji4qqwtVajumls+fvzrcb5A/nr
QmBfw2/palv1lPVhNpyyoZPG6jjjW0LZSt/glQWL1RSjfZq8zwv7BT3gSs0pjW35
4Rn1Z6Df3Gzf8yS8CkkinIB/qjpkAm+/BGbOLV/HKvMGdQBKgVZrzz9ynLoc170K
k0ozCYKP/A==
-----END CERTIFICATE-----
Generated at Sat Jun 15 13:25:21 2024 by rpki-client on console-fra.rpki-client.org