Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/464260-8d7e-4507-b44b-2864707b2b3f/1/9Q7DqyjLx_e1_5Esw971SdAgQX4.roa
File:                     9Q7DqyjLx_e1_5Esw971SdAgQX4.roa (raw, json)
Hash identifier:          E8XHZhI5pem6EtUIkbpzb7ns+Oqax7Z/8wIv2pzF6Wc=
Subject key identifier:   F5:0E:C3:AB:28:CB:C7:F7:B5:FF:91:2C:C3:DE:F5:49:D0:20:41:7E
Certificate issuer:       /CN=9c721ac807a326f871bbaa184963cd602b5cc2d6
Certificate serial:       018CC802E97BA7A124BAA68CDB4C596FEB0D
Authority key identifier: 9C:72:1A:C8:07:A3:26:F8:71:BB:AA:18:49:63:CD:60:2B:5C:C2:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nHIayAejJvhxu6oYSWPNYCtcwtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/464260-8d7e-4507-b44b-2864707b2b3f/1/9Q7DqyjLx_e1_5Esw971SdAgQX4.roa
Signing time:             Tue 02 Jan 2024 02:31:23 +0000
ROA not before:           Tue 02 Jan 2024 02:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50877
IP address blocks:        159.255.128.0/21 maxlen: 21
                          185.182.208.0/22 maxlen: 22
                          2a0a:f980::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/464260-8d7e-4507-b44b-2864707b2b3f/1/nHIayAejJvhxu6oYSWPNYCtcwtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/464260-8d7e-4507-b44b-2864707b2b3f/1/nHIayAejJvhxu6oYSWPNYCtcwtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nHIayAejJvhxu6oYSWPNYCtcwtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e9:7b:a7:a1:24:ba:a6:8c:db:4c:59:6f:eb:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c721ac807a326f871bbaa184963cd602b5cc2d6
        Validity
            Not Before: Jan  2 02:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f50ec3ab28cbc7f7b5ff912cc3def549d020417e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9c:c1:20:9a:d8:1e:8d:bf:c6:af:5f:f9:d2:
                    10:59:80:55:ac:aa:21:eb:19:80:37:ae:ec:be:04:
                    3d:ee:14:08:d4:c5:ac:59:c1:9f:14:b8:89:f0:c9:
                    fc:91:f5:dd:8a:5f:46:45:dd:76:e6:63:b6:94:5c:
                    14:d2:6a:6d:9d:f9:35:8c:30:46:14:41:28:50:55:
                    96:68:23:47:59:1f:da:0b:c9:45:0b:6f:ae:b2:b6:
                    d3:4a:3a:4d:19:5f:96:84:68:4a:55:52:3a:7a:6a:
                    26:ec:81:35:c8:86:cd:14:26:b6:03:bb:31:79:10:
                    fa:d7:7c:35:16:02:32:12:1e:7b:50:6b:8c:ac:42:
                    f1:bc:f9:86:c4:9f:25:27:be:94:49:b0:57:f8:e8:
                    48:05:a4:3e:68:d7:9d:5f:b8:61:80:66:55:11:c9:
                    36:30:57:d9:ae:19:9a:1f:64:65:07:ce:30:c5:b5:
                    5a:7a:fe:aa:f9:98:9a:0f:19:74:b0:fc:0a:be:e4:
                    d2:04:c7:82:53:0f:61:88:b6:4e:c1:2c:22:e6:7c:
                    39:94:3f:11:0e:4e:16:41:ae:95:92:9f:b3:8e:e7:
                    56:65:8e:a9:24:5d:2b:2c:62:4b:e0:26:3c:86:58:
                    4b:a7:57:25:f3:78:fb:10:6c:bb:40:30:13:4d:a7:
                    df:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:0E:C3:AB:28:CB:C7:F7:B5:FF:91:2C:C3:DE:F5:49:D0:20:41:7E
            X509v3 Authority Key Identifier:
                keyid:9C:72:1A:C8:07:A3:26:F8:71:BB:AA:18:49:63:CD:60:2B:5C:C2:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nHIayAejJvhxu6oYSWPNYCtcwtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/464260-8d7e-4507-b44b-2864707b2b3f/1/9Q7DqyjLx_e1_5Esw971SdAgQX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/464260-8d7e-4507-b44b-2864707b2b3f/1/nHIayAejJvhxu6oYSWPNYCtcwtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.128.0/21
                  185.182.208.0/22
                IPv6:
                  2a0a:f980::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:91:ae:d3:fd:43:bb:5f:a0:57:94:33:96:84:02:5b:bd:31:
         26:4d:05:42:06:d0:05:e3:7e:53:97:9d:b2:c3:b1:4d:24:e0:
         5a:da:5b:b6:c2:56:de:5b:c4:d0:41:c7:65:51:27:9f:22:c1:
         ba:5f:aa:96:8d:1e:9f:f2:de:9a:54:65:e7:08:b0:2c:dd:5a:
         a8:ed:a7:4c:b9:4b:39:55:c1:10:f7:93:6e:9c:f8:4a:bd:28:
         c7:40:8d:7b:53:31:69:89:e2:07:cb:59:cd:57:97:1c:29:9c:
         50:d5:bb:1e:83:14:01:03:dc:d7:a8:4d:a5:34:d7:e0:43:a1:
         76:66:af:c0:e5:05:fb:31:79:05:11:e1:77:ae:25:5f:65:04:
         cc:78:96:31:83:a4:cd:d3:ce:7c:70:4e:94:f1:d2:a1:29:61:
         cd:c5:30:a6:71:e8:e8:71:3c:fe:67:c6:f6:fd:44:64:dd:6d:
         49:56:52:66:eb:dd:f9:1f:6e:71:99:5d:aa:82:2c:ff:ea:a6:
         69:a7:16:ee:01:60:8e:40:22:56:63:df:92:3d:1f:cc:2b:df:
         8c:c4:19:80:bb:a1:34:fe:9a:9f:dc:44:cc:7f:b2:4a:80:6e:
         b3:fe:c5:77:22:da:bb:a4:a9:47:4b:39:3f:18:b7:0e:de:32:
         92:30:97:a1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAul7p6EkuqaM20xZb+sNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNzIxYWM4MDdhMzI2Zjg3MWJiYWExODQ5NjNjZDYwMmI1
Y2MyZDYwHhcNMjQwMTAyMDIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTBlYzNhYjI4Y2JjN2Y3YjVmZjkxMmNjM2RlZjU0OWQwMjA0MTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpzBIJrYHo2/xq9f+dIQWYBVrKoh
6xmAN67svgQ97hQI1MWsWcGfFLiJ8Mn8kfXdil9GRd125mO2lFwU0mptnfk1jDBG
FEEoUFWWaCNHWR/aC8lFC2+usrbTSjpNGV+WhGhKVVI6emom7IE1yIbNFCa2A7sx
eRD613w1FgIyEh57UGuMrELxvPmGxJ8lJ76USbBX+OhIBaQ+aNedX7hhgGZVEck2
MFfZrhmaH2RlB84wxbVaev6q+ZiaDxl0sPwKvuTSBMeCUw9hiLZOwSwi5nw5lD8R
Dk4WQa6Vkp+zjudWZY6pJF0rLGJL4CY8hlhLp1cl83j7EGy7QDATTaff7wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPUOw6soy8f3tf+RLMPe9UnQIEF+MB8GA1UdIwQY
MBaAFJxyGsgHoyb4cbuqGEljzWArXMLWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkhJYXlBZWpKdmh4dTZvWVNXUE5ZQ3Rjd3RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80NjQyNjAtOGQ3ZS00NTA3LWI0NGIt
Mjg2NDcwN2IyYjNmLzEvOVE3RHF5akx4X2UxXzVFc3c5NzFTZEFnUVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80NjQyNjAtOGQ3ZS00NTA3LWI0NGItMjg2NDcwN2IyYjNm
LzEvbkhJYXlBZWpKdmh4dTZvWVNXUE5ZQ3Rjd3RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDn/+AAwQC
ubbQMA0EAgACMAcDBQMqCvmAMA0GCSqGSIb3DQEBCwUAA4IBAQBCka7T/UO7X6BX
lDOWhAJbvTEmTQVCBtAF435Tl52yw7FNJOBa2lu2wlbeW8TQQcdlUSefIsG6X6qW
jR6f8t6aVGXnCLAs3Vqo7adMuUs5VcEQ95NunPhKvSjHQI17UzFpieIHy1nNV5cc
KZxQ1bsegxQBA9zXqE2lNNfgQ6F2Zq/A5QX7MXkFEeF3riVfZQTMeJYxg6TN0858
cE6U8dKhKWHNxTCmcejocTz+Z8b2/URk3W1JVlJm6935H25xmV2qgiz/6qZppxbu
AWCOQCJWY9+SPR/MK9+MxBmAu6E0/pqf3ETMf7JKgG6z/sV3Itq7pKlHSzk/GLcO
3jKSMJeh
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:35:44 2024 by rpki-client on console-fra.rpki-client.org