Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/9nbp14pWIitdzaC_l-w60DRWGN8.roa
File:                     9nbp14pWIitdzaC_l-w60DRWGN8.roa (raw, json)
Hash identifier:          MzeXGssLBU5zgCbSlzIrTVRKpWFq7HvzOOWMMEYWkcI=
Subject key identifier:   F6:76:E9:D7:8A:56:22:2B:5D:CD:A0:BF:97:EC:3A:D0:34:56:18:DF
Certificate issuer:       /CN=49fe8c72aa32de957b24cf9f73f8a7fb1acf0b71
Certificate serial:       018DEFA9F12AA8F068A5FB39C3CAC26FB047
Authority key identifier: 49:FE:8C:72:AA:32:DE:95:7B:24:CF:9F:73:F8:A7:FB:1A:CF:0B:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/9nbp14pWIitdzaC_l-w60DRWGN8.roa
Signing time:             Wed 28 Feb 2024 12:21:48 +0000
ROA not before:           Wed 28 Feb 2024 12:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31543
IP address blocks:        5.133.32.0/21 maxlen: 24
                          31.216.128.0/22 maxlen: 24
                          45.65.120.0/22 maxlen: 24
                          89.44.116.0/23 maxlen: 24
                          89.44.148.0/23 maxlen: 24
                          95.214.252.0/22 maxlen: 24
                          185.112.184.0/22 maxlen: 24
                          185.121.100.0/22 maxlen: 24
                          185.123.176.0/22 maxlen: 24
                          185.154.64.0/22 maxlen: 24
                          185.187.220.0/22 maxlen: 24
                          185.224.204.0/22 maxlen: 24
                          2a06:9d40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:a9:f1:2a:a8:f0:68:a5:fb:39:c3:ca:c2:6f:b0:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49fe8c72aa32de957b24cf9f73f8a7fb1acf0b71
        Validity
            Not Before: Feb 28 12:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f676e9d78a56222b5dcda0bf97ec3ad0345618df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:33:0c:eb:12:00:23:7e:71:29:a7:60:af:63:
                    7b:d6:ba:ae:15:7a:8d:d2:ab:61:42:1b:c9:ae:03:
                    ea:f6:6c:3f:7e:23:fe:f8:b3:09:1a:b5:d6:2e:ee:
                    b3:78:5a:40:19:df:f4:60:df:46:f8:07:35:a9:cc:
                    4c:82:f0:d9:6a:c8:db:b3:af:ac:0c:de:61:1c:e4:
                    02:2f:f1:a5:77:b8:0c:84:5a:3d:56:69:2d:d5:41:
                    f0:b9:dc:60:69:b1:f2:25:ab:2d:2c:52:62:21:b6:
                    f0:e9:6a:1e:61:8e:82:57:09:7f:b7:14:4b:fb:e5:
                    11:33:8d:a9:a3:3d:83:49:e1:77:31:57:6d:93:5e:
                    9d:46:b0:b3:91:62:1a:47:a9:01:f3:b9:70:15:b6:
                    6e:d4:eb:f9:f4:19:a8:0a:44:e7:aa:7f:e3:05:f7:
                    d2:95:7d:74:75:bf:b3:4a:56:74:46:0f:bb:59:db:
                    c0:f9:44:42:2e:25:ee:b3:3e:62:86:aa:71:cf:70:
                    f9:aa:92:e3:a2:04:62:74:62:ef:63:93:26:30:f7:
                    d7:5c:c8:1a:a1:f1:93:f9:c4:d2:29:17:c8:52:40:
                    9f:9b:fb:8e:e5:42:e9:84:13:ac:2f:6e:0c:42:8c:
                    93:d4:08:25:99:ab:b2:dd:85:72:50:a1:05:5c:0e:
                    24:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:76:E9:D7:8A:56:22:2B:5D:CD:A0:BF:97:EC:3A:D0:34:56:18:DF
            X509v3 Authority Key Identifier:
                keyid:49:FE:8C:72:AA:32:DE:95:7B:24:CF:9F:73:F8:A7:FB:1A:CF:0B:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/9nbp14pWIitdzaC_l-w60DRWGN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.32.0/21
                  31.216.128.0/22
                  45.65.120.0/22
                  89.44.116.0/23
                  89.44.148.0/23
                  95.214.252.0/22
                  185.112.184.0/22
                  185.121.100.0/22
                  185.123.176.0/22
                  185.154.64.0/22
                  185.187.220.0/22
                  185.224.204.0/22
                IPv6:
                  2a06:9d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:9b:88:19:47:31:f8:dd:43:d0:74:1f:80:ea:c8:8e:fe:e2:
         b4:ec:80:a3:38:62:94:21:6e:16:62:3f:1e:04:88:9c:5a:8d:
         49:b8:d3:aa:66:50:a4:fc:e5:32:e4:7b:82:35:84:31:71:ef:
         7e:fb:9e:81:9f:e1:ea:12:d5:d4:37:2c:87:94:d5:dd:5e:7c:
         0e:1b:70:9c:95:e5:fa:47:4a:4d:7c:50:4f:b1:f5:49:fe:be:
         39:fc:00:74:0a:fd:8a:8a:8e:b6:89:25:9f:91:b9:8b:2a:26:
         b6:52:ed:57:be:08:65:c3:ec:30:13:70:77:fe:1b:e4:cc:ca:
         9a:80:b0:6c:ab:e7:7b:c1:a9:0d:b5:0b:58:9b:ce:61:59:94:
         15:23:21:aa:81:93:11:af:1a:50:6c:1c:89:7f:4c:6f:7c:39:
         94:9f:36:e2:fe:da:65:5c:52:a2:19:f4:89:4c:27:45:a3:d2:
         c9:e4:fa:a5:90:21:d1:e3:67:29:97:ba:e0:82:c6:c4:fe:55:
         f0:75:de:b1:dd:b9:cb:6e:f7:02:1f:3f:ba:1b:2d:3b:3a:f0:
         0c:2f:be:48:4a:88:14:29:e0:5a:1f:98:20:e6:60:dd:53:a9:
         5c:5a:fe:5d:ee:61:45:80:db:53:a8:03:a8:3b:56:77:22:28:
         cc:f6:37:67
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAY3vqfEqqPBopfs5w8rCb7BHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZmU4YzcyYWEzMmRlOTU3YjI0Y2Y5ZjczZjhhN2ZiMWFj
ZjBiNzEwHhcNMjQwMjI4MTIyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjc2ZTlkNzhhNTYyMjJiNWRjZGEwYmY5N2VjM2FkMDM0NTYxOGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTMM6xIAI35xKadgr2N71rquFXqN
0qthQhvJrgPq9mw/fiP++LMJGrXWLu6zeFpAGd/0YN9G+Ac1qcxMgvDZasjbs6+s
DN5hHOQCL/Gld7gMhFo9Vmkt1UHwudxgabHyJastLFJiIbbw6WoeYY6CVwl/txRL
++URM42poz2DSeF3MVdtk16dRrCzkWIaR6kB87lwFbZu1Ov59BmoCkTnqn/jBffS
lX10db+zSlZ0Rg+7WdvA+URCLiXusz5ihqpxz3D5qpLjogRidGLvY5MmMPfXXMga
ofGT+cTSKRfIUkCfm/uO5ULphBOsL24MQoyT1Aglmauy3YVyUKEFXA4k/QIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFPZ26deKViIrXc2gv5fsOtA0VhjfMB8GA1UdIwQY
MBaAFEn+jHKqMt6VeyTPn3P4p/sazwtxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2Y2TWNxb3kzcFY3Sk0tZmNfaW4teHJQQzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy80MTE0YTctMzEyMi00ODY0LTg1YWUt
NDI5N2U1NzI2MTdlLzEvOW5icDE0cFdJaXRkemFDX2wtdzYwRFJXR044LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy80MTE0YTctMzEyMi00ODY0LTg1YWUtNDI5N2U1NzI2MTdl
LzEvU2Y2TWNxb3kzcFY3Sk0tZmNfaW4teHJQQzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDBYUgAwQC
H9iAAwQCLUF4AwQBWSx0AwQBWSyUAwQCX9b8AwQCuXC4AwQCuXlkAwQCuXuwAwQC
uZpAAwQCubvcAwQCueDMMA0EAgACMAcDBQMqBp1AMA0GCSqGSIb3DQEBCwUAA4IB
AQAjm4gZRzH43UPQdB+A6siO/uK07ICjOGKUIW4WYj8eBIicWo1JuNOqZlCk/OUy
5HuCNYQxce9++56Bn+HqEtXUNyyHlNXdXnwOG3CcleX6R0pNfFBPsfVJ/r45/AB0
Cv2Kio62iSWfkbmLKia2Uu1Xvghlw+wwE3B3/hvkzMqagLBsq+d7wakNtQtYm85h
WZQVIyGqgZMRrxpQbByJf0xvfDmUnzbi/tplXFKiGfSJTCdFo9LJ5PqlkCHR42cp
l7rggsbE/lXwdd6x3bnLbvcCHz+6Gy07OvAML75ISogUKeBaH5gg5mDdU6lcWv5d
7mFFgNtTqAOoO1Z3IijM9jdn
-----END CERTIFICATE-----
Generated at Sat Nov 23 01:57:07 2024 by rpki-client on console-ams.rpki-client.org