Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/_EdimdG_ZczMIQSGx9nrmbsDWhs.roa
File:                     _EdimdG_ZczMIQSGx9nrmbsDWhs.roa (raw, json)
Hash identifier:          pQY3kp1uqshqBm7RFrLLQhg6E+bT67VvlJJzV7Q79X8=
Subject key identifier:   FC:47:62:99:D1:BF:65:CC:CC:21:04:86:C7:D9:EB:99:BB:03:5A:1B
Certificate issuer:       /CN=18f4ee88584d6dfd9e3aa9bc201c50f44e353d9c
Certificate serial:       018CC3490D156DAA884AAF81032013CBB9D0
Authority key identifier: 18:F4:EE:88:58:4D:6D:FD:9E:3A:A9:BC:20:1C:50:F4:4E:35:3D:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GPTuiFhNbf2eOqm8IBxQ9E41PZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/_EdimdG_ZczMIQSGx9nrmbsDWhs.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208723
IP address blocks:        2001:678:a90::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/GPTuiFhNbf2eOqm8IBxQ9E41PZw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/GPTuiFhNbf2eOqm8IBxQ9E41PZw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GPTuiFhNbf2eOqm8IBxQ9E41PZw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0d:15:6d:aa:88:4a:af:81:03:20:13:cb:b9:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18f4ee88584d6dfd9e3aa9bc201c50f44e353d9c
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc476299d1bf65cccc210486c7d9eb99bb035a1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:31:d8:3a:06:b6:16:52:eb:7f:1f:db:46:e4:
                    1a:08:48:2d:4a:ef:fc:3a:5a:97:c3:a8:7c:0b:11:
                    f5:5b:10:93:a2:5a:d6:78:03:1a:04:28:a9:01:13:
                    8f:be:e3:22:2d:a6:71:43:71:3a:98:6e:9f:01:98:
                    50:a7:52:47:96:e7:e7:b5:7a:0b:64:d8:c5:a2:03:
                    26:59:87:ca:86:0d:cb:59:4a:c0:9a:b7:6e:5a:8e:
                    d5:d8:a3:27:62:94:48:63:e1:b9:96:f9:58:6d:1f:
                    00:b7:34:f3:66:61:3d:f6:67:ef:27:42:da:7a:4a:
                    76:e6:1e:ea:b2:0f:33:a0:67:b8:44:3d:49:66:8f:
                    5c:e1:ef:43:6c:52:24:a1:e0:2f:1e:ea:9c:d8:db:
                    ef:9e:2c:85:c8:a4:47:bc:54:c0:54:1d:fe:e0:4e:
                    c3:76:b4:1e:eb:b0:f7:a6:11:4a:32:10:db:7b:e5:
                    23:44:ee:cd:d9:92:3e:a6:8a:0b:f8:b5:df:4f:da:
                    dd:fc:a9:f2:f9:bf:ee:ad:2f:8f:5d:31:57:0e:d7:
                    82:de:a4:41:1d:4e:72:69:c3:a9:89:fc:04:12:ba:
                    e7:51:8b:c2:d2:15:71:b3:71:bd:bf:e0:86:18:00:
                    47:30:4b:85:e1:9e:09:68:87:d9:92:fc:e1:05:b4:
                    bf:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:47:62:99:D1:BF:65:CC:CC:21:04:86:C7:D9:EB:99:BB:03:5A:1B
            X509v3 Authority Key Identifier:
                keyid:18:F4:EE:88:58:4D:6D:FD:9E:3A:A9:BC:20:1C:50:F4:4E:35:3D:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GPTuiFhNbf2eOqm8IBxQ9E41PZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/_EdimdG_ZczMIQSGx9nrmbsDWhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/9f8fbe-b2e8-472d-9ebc-0b9885863ebf/1/GPTuiFhNbf2eOqm8IBxQ9E41PZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:a90::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:f1:2e:75:19:c6:f2:a3:54:d6:1a:f5:0b:8d:6c:9a:43:ec:
         7c:44:da:20:25:e8:e7:0e:8b:fb:db:40:70:b2:7f:d1:fd:f5:
         f3:87:e9:34:fc:78:1b:50:9f:ba:26:3e:52:7d:51:27:28:e1:
         e5:c1:90:f1:f0:eb:1c:a6:02:58:71:b0:0a:61:87:9b:70:62:
         f9:fd:ff:ec:2f:c4:b1:b1:b4:4d:f0:70:87:b7:12:3f:0c:fa:
         41:0d:83:35:37:ef:7d:81:06:6b:4a:1f:89:18:c4:1e:d3:3e:
         03:e3:c9:eb:35:1b:c0:12:ac:4b:c8:56:f7:4a:5c:98:1a:81:
         10:cd:44:44:10:48:9f:fb:a1:c4:1d:99:16:92:8c:d5:b6:e3:
         e2:3d:0d:5d:21:46:dd:e2:28:30:4e:7b:2a:8a:84:e1:23:d6:
         2e:b6:b3:e2:3e:30:9a:4e:42:9c:fc:ab:60:26:db:78:b2:29:
         bb:19:77:da:76:3f:cf:44:f5:87:d2:fa:4f:69:b8:8e:67:8c:
         2d:c1:57:6e:91:8b:86:6c:f1:b5:44:d7:51:bc:03:62:fa:92:
         c8:62:5f:41:e8:2d:47:91:77:07:df:a9:8d:12:64:5e:f0:bd:
         96:95:5f:ac:94:36:48:7a:fb:92:66:dd:93:7c:77:15:64:8b:
         ea:05:30:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSQ0VbaqISq+BAyATy7nQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZjRlZTg4NTg0ZDZkZmQ5ZTNhYTliYzIwMWM1MGY0NGUz
NTNkOWMwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ3NjI5OWQxYmY2NWNjY2MyMTA0ODZjN2Q5ZWI5OWJiMDM1YTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDHYOga2FlLrfx/bRuQaCEgtSu/8
OlqXw6h8CxH1WxCTolrWeAMaBCipAROPvuMiLaZxQ3E6mG6fAZhQp1JHlufntXoL
ZNjFogMmWYfKhg3LWUrAmrduWo7V2KMnYpRIY+G5lvlYbR8AtzTzZmE99mfvJ0La
ekp25h7qsg8zoGe4RD1JZo9c4e9DbFIkoeAvHuqc2NvvniyFyKRHvFTAVB3+4E7D
drQe67D3phFKMhDbe+UjRO7N2ZI+pooL+LXfT9rd/Kny+b/urS+PXTFXDteC3qRB
HU5yacOpifwEErrnUYvC0hVxs3G9v+CGGABHMEuF4Z4JaIfZkvzhBbS/2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPxHYpnRv2XMzCEEhsfZ65m7A1obMB8GA1UdIwQY
MBaAFBj07ohYTW39njqpvCAcUPRONT2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1BUdWlGaE5iZjJlT3FtOElCeFE5RTQxUFp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC85ZjhmYmUtYjJlOC00NzJkLTllYmMt
MGI5ODg1ODYzZWJmLzEvX0VkaW1kR19aY3pNSVFTR3g5bnJtYnNEV2hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC85ZjhmYmUtYjJlOC00NzJkLTllYmMtMGI5ODg1ODYzZWJm
LzEvR1BUdWlGaE5iZjJlT3FtOElCeFE5RTQxUFp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCS8S51Gcbyo1TWGvULjWyaQ+x8RNogJejnDov7
20Bwsn/R/fXzh+k0/HgbUJ+6Jj5SfVEnKOHlwZDx8OscpgJYcbAKYYebcGL5/f/s
L8SxsbRN8HCHtxI/DPpBDYM1N+99gQZrSh+JGMQe0z4D48nrNRvAEqxLyFb3SlyY
GoEQzUREEEif+6HEHZkWkozVtuPiPQ1dIUbd4igwTnsqioThI9YutrPiPjCaTkKc
/KtgJtt4sim7GXfadj/PRPWH0vpPabiOZ4wtwVdukYuGbPG1RNdRvANi+pLIYl9B
6C1HkXcH36mNEmRe8L2WlV+slDZIevuSZt2TfHcVZIvqBTAY
-----END CERTIFICATE-----
Generated at Mon Jun 17 14:52:21 2024 by rpki-client on console-fra.rpki-client.org