Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/zAxwOaJ6Tj4pwZgrEweoyWcZv6o.roa
File:                     zAxwOaJ6Tj4pwZgrEweoyWcZv6o.roa (raw, json)
Hash identifier:          1B84Uc6i1uje0IUsyXRgood4kf8BJ4ak9JLHIO0RD6E=
Subject key identifier:   CC:0C:70:39:A2:7A:4E:3E:29:C1:98:2B:13:07:A8:C9:67:19:BF:AA
Certificate issuer:       /CN=0f92c52f86009879c177092f7cd83418b4df8cab
Certificate serial:       018CC3494CBA25A1D8435865EE47B64F9550
Authority key identifier: 0F:92:C5:2F:86:00:98:79:C1:77:09:2F:7C:D8:34:18:B4:DF:8C:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D5LFL4YAmHnBdwkvfNg0GLTfjKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/zAxwOaJ6Tj4pwZgrEweoyWcZv6o.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        81.28.112.0/20 maxlen: 24
                          188.123.160.0/19 maxlen: 24
                          185.175.248.0/22 maxlen: 24
                          82.212.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/D5LFL4YAmHnBdwkvfNg0GLTfjKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/D5LFL4YAmHnBdwkvfNg0GLTfjKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D5LFL4YAmHnBdwkvfNg0GLTfjKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4c:ba:25:a1:d8:43:58:65:ee:47:b6:4f:95:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f92c52f86009879c177092f7cd83418b4df8cab
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc0c7039a27a4e3e29c1982b1307a8c96719bfaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:45:9b:7e:03:36:1e:b4:6e:9a:3a:2c:ed:ee:
                    54:a1:2f:65:f0:08:bb:41:f1:b6:e1:3d:bb:11:ca:
                    a7:ef:ad:58:ae:43:d2:d7:78:9d:3b:fd:e3:60:aa:
                    2c:d0:93:f3:90:9f:03:3b:b8:ce:4b:72:54:61:89:
                    98:9d:b6:83:ce:6e:f5:a6:bc:12:7b:94:ae:b1:f5:
                    88:c4:db:ec:19:41:48:8c:a8:1e:0f:b4:19:7d:f8:
                    87:15:e4:83:9b:08:9d:d9:a8:1d:11:f0:af:d9:ef:
                    7b:cd:b6:14:fb:d8:8f:92:f6:e2:b9:0a:14:74:d3:
                    86:f0:c5:6a:81:ee:0a:a1:92:d0:d0:6f:6c:82:6f:
                    6f:18:46:34:ee:ce:0a:23:bd:5d:37:97:af:65:4d:
                    94:87:86:6f:59:ac:52:cd:99:84:e5:54:8c:12:c7:
                    13:0f:8f:83:c2:d1:c5:e6:c5:c4:ea:41:65:70:06:
                    64:eb:48:57:f4:dd:4f:96:0d:a2:cb:68:23:37:ae:
                    4e:23:22:ac:3f:a2:28:8e:5f:cd:6c:f4:e9:ee:5e:
                    e6:00:c5:b7:f6:86:88:7a:91:e3:cf:52:d1:93:71:
                    c3:5f:e4:39:b7:53:34:e7:a0:74:a5:e2:1a:b3:7a:
                    67:fd:b9:5b:c9:ee:06:ad:b1:97:cc:7c:a6:fa:76:
                    39:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:0C:70:39:A2:7A:4E:3E:29:C1:98:2B:13:07:A8:C9:67:19:BF:AA
            X509v3 Authority Key Identifier:
                keyid:0F:92:C5:2F:86:00:98:79:C1:77:09:2F:7C:D8:34:18:B4:DF:8C:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D5LFL4YAmHnBdwkvfNg0GLTfjKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/zAxwOaJ6Tj4pwZgrEweoyWcZv6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e8c287-f049-4595-86eb-0be209ffbaec/1/D5LFL4YAmHnBdwkvfNg0GLTfjKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.28.112.0/20
                  82.212.64.0/18
                  185.175.248.0/22
                  188.123.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2f:4b:e3:0f:1d:48:94:55:29:b0:07:f1:ae:11:b1:e7:04:d8:
         b2:b5:f9:e1:32:8b:2b:75:0e:84:b3:c3:75:bb:fe:d4:6c:b9:
         38:71:e1:2e:af:63:a7:08:a7:66:1b:fc:eb:bf:52:fb:b4:3b:
         79:b9:22:0b:eb:3f:af:46:72:52:87:cc:cd:88:64:24:b4:66:
         f0:01:c4:14:31:da:d8:c9:f4:d2:82:2b:72:a5:6e:72:c2:b1:
         e0:0b:cb:18:11:cf:35:9f:1a:4f:c6:94:4e:b2:60:e5:4d:71:
         a3:02:22:75:33:00:a9:40:83:bd:14:e2:e0:9b:13:a5:fb:5b:
         10:48:5c:a1:6b:bb:f9:79:56:29:ee:2a:1a:c8:f9:68:e8:48:
         22:3f:f2:23:5f:0d:e1:54:db:db:e0:fd:ea:34:75:89:34:ba:
         da:6d:be:19:94:b7:6b:76:1d:30:20:72:88:2c:d0:63:dc:d5:
         8f:e7:9f:14:cf:73:1f:58:af:da:d6:7e:c7:5a:6c:54:80:95:
         b9:4c:c1:a6:ee:1c:8e:01:16:5e:4e:d1:74:aa:7f:33:4e:82:
         b7:b9:59:3b:f7:a0:c3:f0:9b:24:f7:4a:fa:5f:ba:27:75:bd:
         b4:d6:09:85:7c:02:d9:fc:89:53:43:d7:a2:eb:bf:5b:65:32:
         0c:8c:ab:a9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzDSUy6JaHYQ1hl7ke2T5VQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmOTJjNTJmODYwMDk4NzljMTc3MDkyZjdjZDgzNDE4YjRk
ZjhjYWIwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzBjNzAzOWEyN2E0ZTNlMjljMTk4MmIxMzA3YThjOTY3MTliZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkWbfgM2HrRumjos7e5UoS9l8Ai7
QfG24T27Ecqn761YrkPS13idO/3jYKos0JPzkJ8DO7jOS3JUYYmYnbaDzm71prwS
e5SusfWIxNvsGUFIjKgeD7QZffiHFeSDmwid2agdEfCv2e97zbYU+9iPkvbiuQoU
dNOG8MVqge4KoZLQ0G9sgm9vGEY07s4KI71dN5evZU2Uh4ZvWaxSzZmE5VSMEscT
D4+DwtHF5sXE6kFlcAZk60hX9N1Plg2iy2gjN65OIyKsP6Iojl/NbPTp7l7mAMW3
9oaIepHjz1LRk3HDX+Q5t1M056B0peIas3pn/blbye4GrbGXzHym+nY5nwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMwMcDmiek4+KcGYKxMHqMlnGb+qMB8GA1UdIwQY
MBaAFA+SxS+GAJh5wXcJL3zYNBi034yrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDVMRkw0WUFtSG5CZHdrdmZOZzBHTFRmaktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lOGMyODctZjA0OS00NTk1LTg2ZWIt
MGJlMjA5ZmZiYWVjLzEvekF4d09hSjZUajRwd1pnckV3ZW95V2NadjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lOGMyODctZjA0OS00NTk1LTg2ZWItMGJlMjA5ZmZiYWVj
LzEvRDVMRkw0WUFtSG5CZHdrdmZOZzBHTFRmaktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQEURxwAwQG
UtRAAwQCua/4AwQFvHugMA0GCSqGSIb3DQEBCwUAA4IBAQAvS+MPHUiUVSmwB/Gu
EbHnBNiytfnhMosrdQ6Es8N1u/7UbLk4ceEur2OnCKdmG/zrv1L7tDt5uSIL6z+v
RnJSh8zNiGQktGbwAcQUMdrYyfTSgitypW5ywrHgC8sYEc81nxpPxpROsmDlTXGj
AiJ1MwCpQIO9FOLgmxOl+1sQSFyha7v5eVYp7ioayPlo6EgiP/IjXw3hVNvb4P3q
NHWJNLrabb4ZlLdrdh0wIHKILNBj3NWP558Uz3MfWK/a1n7HWmxUgJW5TMGm7hyO
ARZeTtF0qn8zToK3uVk796DD8Jsk90r6X7ondb201gmFfALZ/IlTQ9ei679bZTIM
jKup
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:05:27 2024 by rpki-client on console-fra.rpki-client.org