Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/eb301d-ab50-4c3e-8c78-9df37109c81d/1/imMpXqaT4Wso747AZYKI2OixbMU.roa
File:                     imMpXqaT4Wso747AZYKI2OixbMU.roa (raw, json)
Hash identifier:          VtBpI1x8qSbsIKqHCmFj9lRbBSPToluPHbYjIcL7+5w=
Subject key identifier:   8A:63:29:5E:A6:93:E1:6B:28:EF:8E:C0:65:82:88:D8:E8:B1:6C:C5
Certificate issuer:       /CN=9be76ef4aa498c21524dd7edad16de1d3db002e3
Certificate serial:       018CCA29EABC1FF76A937D7AEB717A180EC6
Authority key identifier: 9B:E7:6E:F4:AA:49:8C:21:52:4D:D7:ED:AD:16:DE:1D:3D:B0:02:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-du9KpJjCFSTdftrRbeHT2wAuM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/eb301d-ab50-4c3e-8c78-9df37109c81d/1/imMpXqaT4Wso747AZYKI2OixbMU.roa
Signing time:             Tue 02 Jan 2024 12:33:13 +0000
ROA not before:           Tue 02 Jan 2024 12:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12817
IP address blocks:        194.145.150.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/eb301d-ab50-4c3e-8c78-9df37109c81d/1/m-du9KpJjCFSTdftrRbeHT2wAuM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/eb301d-ab50-4c3e-8c78-9df37109c81d/1/m-du9KpJjCFSTdftrRbeHT2wAuM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-du9KpJjCFSTdftrRbeHT2wAuM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ea:bc:1f:f7:6a:93:7d:7a:eb:71:7a:18:0e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9be76ef4aa498c21524dd7edad16de1d3db002e3
        Validity
            Not Before: Jan  2 12:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a63295ea693e16b28ef8ec0658288d8e8b16cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:69:9a:6b:d1:fd:09:47:12:ad:ba:78:89:b8:
                    78:19:e6:25:d1:fc:39:9b:c6:aa:37:6a:e0:50:51:
                    4d:e0:8f:68:86:fb:7c:81:1b:d3:7b:7d:1e:29:77:
                    8b:b5:ec:5f:71:b3:47:57:c4:42:79:27:ae:06:a5:
                    de:64:aa:f6:88:33:03:20:89:fb:d0:e9:30:77:4c:
                    c1:6f:88:c9:e9:a3:2d:6e:0a:c0:b7:05:e3:f4:ae:
                    ca:1e:d1:e9:30:be:e4:2b:94:ef:4a:12:7a:91:fb:
                    d5:8c:54:18:db:0d:cf:dc:f0:26:a8:b8:3c:63:7a:
                    48:ad:56:20:3e:e4:62:b8:ba:43:f3:28:7a:e4:52:
                    4f:fc:a7:f6:3c:3b:56:d6:69:8d:d0:9e:4a:e0:64:
                    31:2c:5f:76:a8:2b:ab:5e:2f:63:a3:ef:19:5c:1c:
                    70:a3:b7:c6:d2:07:2d:bb:d5:19:9b:7f:e6:cc:bb:
                    71:a7:89:b6:2e:cf:24:fe:35:ad:26:d1:ae:d6:b2:
                    5a:a1:05:1b:48:29:11:6a:6a:55:66:0d:c1:9a:e1:
                    c4:76:91:bd:b3:29:0e:69:44:bc:8d:94:07:fd:93:
                    de:38:99:e1:9c:d1:26:4e:5d:05:cd:2d:49:f5:84:
                    ad:ba:56:0a:52:16:3f:e0:21:85:4b:22:f4:1c:af:
                    48:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:63:29:5E:A6:93:E1:6B:28:EF:8E:C0:65:82:88:D8:E8:B1:6C:C5
            X509v3 Authority Key Identifier:
                keyid:9B:E7:6E:F4:AA:49:8C:21:52:4D:D7:ED:AD:16:DE:1D:3D:B0:02:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-du9KpJjCFSTdftrRbeHT2wAuM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/eb301d-ab50-4c3e-8c78-9df37109c81d/1/imMpXqaT4Wso747AZYKI2OixbMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/eb301d-ab50-4c3e-8c78-9df37109c81d/1/m-du9KpJjCFSTdftrRbeHT2wAuM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:fa:21:e0:74:89:48:db:22:90:89:a8:93:83:ee:ba:4b:2a:
         90:79:22:23:4b:3f:2f:3e:da:a0:39:38:05:67:fa:8b:18:f2:
         e3:92:b8:5a:af:dc:52:bd:9b:88:e0:91:ae:17:6a:24:fe:be:
         41:02:5b:db:37:b9:85:62:5c:db:9b:05:87:a2:df:bf:ce:00:
         93:93:a9:06:07:6c:f5:90:14:77:e4:a6:eb:79:3b:e6:ac:e0:
         11:d9:eb:1b:69:01:45:64:22:6e:47:8e:d4:96:44:b8:0b:15:
         e5:a0:c8:7a:90:7e:0c:48:55:02:79:5b:74:c5:9f:a3:38:b0:
         05:5f:c4:59:a8:8f:35:88:1d:e6:5e:04:d8:3e:58:e6:11:cc:
         b4:75:b9:71:9c:4b:48:a8:bf:35:aa:25:9b:9c:1e:93:83:e0:
         0f:cd:4e:68:9a:4f:60:de:da:16:4d:bc:be:12:2a:a1:84:d8:
         e3:54:d5:4c:75:54:43:01:ed:e2:a8:ef:eb:e6:9c:e5:0a:88:
         96:79:78:5c:7f:9a:b3:54:1d:1c:96:bc:d0:f7:d9:9c:d8:a3:
         ed:32:b6:53:bb:31:6a:b7:83:e7:0a:22:13:53:6a:fa:e9:b2:
         7d:c5:f8:95:d9:b7:91:34:d5:e3:b6:6a:e6:91:3c:8c:ed:c9:
         23:49:c2:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKeq8H/dqk31663F6GA7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZTc2ZWY0YWE0OThjMjE1MjRkZDdlZGFkMTZkZTFkM2Ri
MDAyZTMwHhcNMjQwMTAyMTIzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTYzMjk1ZWE2OTNlMTZiMjhlZjhlYzA2NTgyODhkOGU4YjE2Y2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGmaa9H9CUcSrbp4ibh4GeYl0fw5
m8aqN2rgUFFN4I9ohvt8gRvTe30eKXeLtexfcbNHV8RCeSeuBqXeZKr2iDMDIIn7
0Okwd0zBb4jJ6aMtbgrAtwXj9K7KHtHpML7kK5TvShJ6kfvVjFQY2w3P3PAmqLg8
Y3pIrVYgPuRiuLpD8yh65FJP/Kf2PDtW1mmN0J5K4GQxLF92qCurXi9jo+8ZXBxw
o7fG0gctu9UZm3/mzLtxp4m2Ls8k/jWtJtGu1rJaoQUbSCkRampVZg3BmuHEdpG9
sykOaUS8jZQH/ZPeOJnhnNEmTl0FzS1J9YStulYKUhY/4CGFSyL0HK9IzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpjKV6mk+FrKO+OwGWCiNjosWzFMB8GA1UdIwQY
MBaAFJvnbvSqSYwhUk3X7a0W3h09sALjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS1kdTlLcEpqQ0ZTVGRmdHJSYmVIVDJ3QXVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lYjMwMWQtYWI1MC00YzNlLThjNzgt
OWRmMzcxMDljODFkLzEvaW1NcFhxYVQ0V3NvNzQ3QVpZS0kyT2l4Yk1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lYjMwMWQtYWI1MC00YzNlLThjNzgtOWRmMzcxMDljODFk
LzEvbS1kdTlLcEpqQ0ZTVGRmdHJSYmVIVDJ3QXVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpGWMA0G
CSqGSIb3DQEBCwUAA4IBAQB8+iHgdIlI2yKQiaiTg+66SyqQeSIjSz8vPtqgOTgF
Z/qLGPLjkrhar9xSvZuI4JGuF2ok/r5BAlvbN7mFYlzbmwWHot+/zgCTk6kGB2z1
kBR35KbreTvmrOAR2esbaQFFZCJuR47UlkS4CxXloMh6kH4MSFUCeVt0xZ+jOLAF
X8RZqI81iB3mXgTYPljmEcy0dblxnEtIqL81qiWbnB6Tg+APzU5omk9g3toWTby+
EiqhhNjjVNVMdVRDAe3iqO/r5pzlCoiWeXhcf5qzVB0clrzQ99mc2KPtMrZTuzFq
t4PnCiITU2r66bJ9xfiV2beRNNXjtmrmkTyM7ckjScLq
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:05:54 2024 by rpki-client on console-ams.rpki-client.org