Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/_-MRcctfyARGBxH1LYN5u2KhV9k.roa
File:                     _-MRcctfyARGBxH1LYN5u2KhV9k.roa (raw, json)
Hash identifier:          +8c4ryp0aBgzYoY4z2q6/gdn7vE0SvjuZ3RmbBPqW/8=
Subject key identifier:   FF:E3:11:71:CB:5F:C8:04:46:07:11:F5:2D:83:79:BB:62:A1:57:D9
Certificate issuer:       /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial:       018F989DBC0E9237FFC6057F13A5DF8157E6
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/_-MRcctfyARGBxH1LYN5u2KhV9k.roa
Signing time:             Tue 21 May 2024 00:47:04 +0000
ROA not before:           Tue 21 May 2024 00:47:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        217.9.244.0/24 maxlen: 24
                          217.9.245.0/24 maxlen: 24
                          217.9.247.0/24 maxlen: 24
                          217.9.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:98:9d:bc:0e:92:37:ff:c6:05:7f:13:a5:df:81:57:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
        Validity
            Not Before: May 21 00:47:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffe31171cb5fc804460711f52d8379bb62a157d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:8c:50:f5:c3:0d:cb:20:80:4b:2e:54:36:47:
                    c7:74:eb:01:bf:75:96:76:48:78:bb:b1:3a:18:c9:
                    96:07:ef:89:a6:ea:ff:63:7c:fd:7b:2d:96:b7:44:
                    7a:2f:33:74:ec:92:ea:1e:88:e4:1c:89:a1:ed:c9:
                    52:77:8c:e4:50:00:be:16:8b:02:83:20:51:87:6c:
                    6f:b1:7a:51:9b:05:75:d6:9a:d5:aa:99:03:2c:6c:
                    42:ec:42:97:07:05:28:9b:f7:41:b4:49:25:fb:94:
                    9c:64:0c:02:d6:3a:27:4a:ff:6f:2d:07:18:b2:e3:
                    53:26:32:d5:10:49:73:0a:01:86:4b:03:d5:d7:27:
                    a4:b6:f1:e4:74:ae:f0:17:91:ae:be:ea:51:01:bb:
                    a6:5d:16:a0:3e:43:1a:0c:01:cf:8c:6d:ba:f1:db:
                    6e:f3:21:b5:81:a6:82:ac:d0:3e:43:e0:ec:e0:5a:
                    b3:34:d6:a5:08:97:5a:9d:1e:84:d9:0c:4a:4e:6d:
                    7b:b9:db:bb:02:7d:4d:be:7d:e0:4d:d3:5a:9d:b4:
                    2c:9e:c2:a6:4e:4d:56:d8:68:b2:13:7e:a9:8d:a7:
                    8b:54:99:94:90:86:ac:55:5b:85:10:21:55:83:d6:
                    2e:72:66:8d:80:d1:9c:73:58:83:c7:dd:6f:cb:8c:
                    95:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:E3:11:71:CB:5F:C8:04:46:07:11:F5:2D:83:79:BB:62:A1:57:D9
            X509v3 Authority Key Identifier:
                keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/_-MRcctfyARGBxH1LYN5u2KhV9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.244.0/23
                  217.9.247.0/24
                  217.9.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:c7:be:53:04:ae:d8:07:83:bb:8e:d2:e7:00:d5:c0:25:89:
         39:dd:a2:f2:a7:51:cc:53:84:4f:6c:99:e8:32:74:00:b2:8f:
         6d:a6:70:70:bc:eb:a5:e8:0f:15:0f:2d:84:2c:60:47:ec:05:
         e8:a0:46:c3:fc:29:03:b9:08:8b:a3:75:47:ae:3a:16:fc:f0:
         ba:56:24:73:77:da:74:91:77:c8:6e:7d:5c:b0:b6:88:cd:a0:
         ac:1a:b7:15:7f:1c:a2:7a:b8:a9:96:04:78:7e:1b:ac:2a:c0:
         7c:e7:2f:be:25:ee:c3:90:a2:db:34:19:c9:2d:b0:16:93:ba:
         c2:0a:d0:1b:81:42:03:92:ef:ed:b5:8e:51:15:e6:5e:6e:d0:
         e5:08:38:27:bd:5d:20:27:c4:04:05:15:7a:44:e9:f8:a7:8f:
         54:78:fc:aa:11:68:cf:9b:0e:a9:33:c3:ac:05:d2:a0:87:49:
         94:93:ef:72:4f:5d:73:a0:fe:1e:bf:54:80:75:04:d7:d3:32:
         03:dc:2a:fe:78:4d:6d:3f:45:7d:73:d4:64:92:1f:2c:2e:a9:
         fa:f3:aa:5a:50:ac:10:57:50:f4:99:30:43:21:2e:14:01:ab:
         2e:ba:0d:eb:6e:d2:6d:ff:9a:24:ac:ed:cf:97:fa:21:59:48:
         8e:84:36:c3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY+YnbwOkjf/xgV/E6XfgVfmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwNTIxMDA0NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmUzMTE3MWNiNWZjODA0NDYwNzExZjUyZDgzNzliYjYyYTE1N2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIxQ9cMNyyCASy5UNkfHdOsBv3WW
dkh4u7E6GMmWB++Jpur/Y3z9ey2Wt0R6LzN07JLqHojkHImh7clSd4zkUAC+FosC
gyBRh2xvsXpRmwV11prVqpkDLGxC7EKXBwUom/dBtEkl+5ScZAwC1jonSv9vLQcY
suNTJjLVEElzCgGGSwPV1yektvHkdK7wF5GuvupRAbumXRagPkMaDAHPjG268dtu
8yG1gaaCrNA+Q+Ds4FqzNNalCJdanR6E2QxKTm17udu7An1Nvn3gTdNanbQsnsKm
Tk1W2GiyE36pjaeLVJmUkIasVVuFECFVg9YucmaNgNGcc1iDx91vy4yVoQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP/jEXHLX8gERgcR9S2DebtioVfZMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvXy1NUmNjdGZ5QVJHQnhIMUxZTjV1MktoVjlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQB2Qn0AwQA
2Qn3AwQA2Qn6MA0GCSqGSIb3DQEBCwUAA4IBAQCfx75TBK7YB4O7jtLnANXAJYk5
3aLyp1HMU4RPbJnoMnQAso9tpnBwvOul6A8VDy2ELGBH7AXooEbD/CkDuQiLo3VH
rjoW/PC6ViRzd9p0kXfIbn1csLaIzaCsGrcVfxyieriplgR4fhusKsB85y++Je7D
kKLbNBnJLbAWk7rCCtAbgUIDku/ttY5RFeZebtDlCDgnvV0gJ8QEBRV6ROn4p49U
ePyqEWjPmw6pM8OsBdKgh0mUk+9yT11zoP4ev1SAdQTX0zID3Cr+eE1tP0V9c9Rk
kh8sLqn686paUKwQV1D0mTBDIS4UAasuug3rbtJt/5okrO3Pl/ohWUiOhDbD
-----END CERTIFICATE-----
Generated at Mon Jun 17 16:35:28 2024 by rpki-client on console-fra.rpki-client.org