Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/eA9hdjYTwO5lNK3NbbS59sWVZWQ.roa
File:                     eA9hdjYTwO5lNK3NbbS59sWVZWQ.roa (raw, json)
Hash identifier:          FExRic7tUzOr3pjRMbiAftlvKQxmD3zIaVMnJhYSWDo=
Subject key identifier:   78:0F:61:76:36:13:C0:EE:65:34:AD:CD:6D:B4:B9:F6:C5:95:65:64
Certificate issuer:       /CN=597a01de87e011803f890ae17749020f995f140c
Certificate serial:       018CC6B934758AF67384550FC1C26FE4027B
Authority key identifier: 59:7A:01:DE:87:E0:11:80:3F:89:0A:E1:77:49:02:0F:99:5F:14:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/eA9hdjYTwO5lNK3NbbS59sWVZWQ.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        164.18.96.0/21 maxlen: 21
                          2a07:b982:c000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:34:75:8a:f6:73:84:55:0f:c1:c2:6f:e4:02:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597a01de87e011803f890ae17749020f995f140c
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=780f61763613c0ee6534adcd6db4b9f6c5956564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f2:fd:cb:9b:33:92:d3:2f:65:05:10:ab:c8:
                    83:a1:81:4c:38:7e:d8:dd:db:b7:d1:24:dc:2d:4f:
                    d1:74:ba:0e:c1:ce:ec:4c:e7:b4:32:08:9f:7c:54:
                    9f:61:e1:b8:94:31:17:e7:88:e2:e4:00:e1:2f:84:
                    de:4d:d4:78:bd:18:11:ec:ee:03:d1:5e:36:e1:90:
                    b5:20:42:5b:a9:9b:a7:e2:a1:0e:1d:a3:26:75:2e:
                    cd:f0:6a:a3:1c:36:39:09:99:50:8f:6f:cc:3f:fb:
                    29:38:27:72:c9:71:df:9a:97:f9:2b:83:b2:77:cd:
                    cf:c4:56:36:cc:f5:d2:c3:6e:1e:f7:21:6c:07:9f:
                    2c:05:d1:b3:ce:24:5c:8d:c7:11:a6:d2:0d:ad:d4:
                    81:c5:7d:35:7d:7e:b1:ad:94:48:1b:6a:ac:f5:3a:
                    c3:83:ce:5e:7e:b5:b8:0c:9c:37:6f:ff:de:2c:b4:
                    70:d9:61:1d:3b:3b:0f:4d:1a:f0:38:31:ce:47:de:
                    a6:62:8a:9d:07:f5:55:b8:8a:7e:01:36:40:b1:b5:
                    e8:c6:3a:d7:ce:ce:41:f5:da:49:5f:d4:91:c8:14:
                    a3:4e:b5:4b:ff:02:d4:ea:be:90:fe:93:25:05:58:
                    96:58:20:49:4f:7c:6b:5d:eb:e7:32:b6:98:0a:85:
                    2c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:0F:61:76:36:13:C0:EE:65:34:AD:CD:6D:B4:B9:F6:C5:95:65:64
            X509v3 Authority Key Identifier:
                keyid:59:7A:01:DE:87:E0:11:80:3F:89:0A:E1:77:49:02:0F:99:5F:14:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/eA9hdjYTwO5lNK3NbbS59sWVZWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.18.96.0/21
                IPv6:
                  2a07:b982:c000::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:92:d5:dc:b7:30:ba:da:c6:34:d8:d9:34:b4:3e:4b:b3:a5:
         c4:ae:cc:92:4a:c9:e9:67:44:2d:e6:60:24:74:16:6e:3e:5f:
         1b:33:15:83:87:af:ee:bf:b1:83:aa:e4:91:e1:2f:74:55:dd:
         cb:c9:fe:06:3b:f1:b2:65:62:89:4d:20:fb:05:dc:d9:5d:b6:
         61:10:75:0f:c0:bb:5f:27:0c:4d:b9:38:7b:57:e1:8c:2e:05:
         2f:43:c3:25:cc:55:29:53:bc:47:17:d8:27:c6:19:80:e2:3c:
         08:c5:85:93:f1:36:b7:01:ea:0b:c4:dd:74:42:2e:f3:c3:00:
         39:0a:9b:9f:01:e3:c1:6a:be:02:30:90:36:03:8e:d5:bc:b1:
         cb:44:83:97:2b:2d:49:ee:56:54:73:6f:34:00:a2:41:e5:45:
         5b:5f:3b:22:a5:6f:c4:88:6e:68:0b:c8:b2:9f:5a:c7:83:ab:
         40:25:59:2d:c2:a1:d9:11:8e:90:dd:b2:d8:f8:33:c1:a4:8c:
         f0:ff:6a:97:0a:87:10:eb:73:e3:28:20:71:aa:62:31:92:d1:
         9d:8e:c6:49:6f:b3:42:87:71:6f:c1:23:be:2b:b8:59:98:98:
         03:f9:be:0c:da:1a:de:74:82:33:05:3b:99:76:42:a5:ca:4e:
         38:29:5c:a9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuTR1ivZzhFUPwcJv5AJ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5N2EwMWRlODdlMDExODAzZjg5MGFlMTc3NDkwMjBmOTk1
ZjE0MGMwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODBmNjE3NjM2MTNjMGVlNjUzNGFkY2Q2ZGI0YjlmNmM1OTU2NTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vL9y5szktMvZQUQq8iDoYFMOH7Y
3du30STcLU/RdLoOwc7sTOe0MgiffFSfYeG4lDEX54ji5ADhL4TeTdR4vRgR7O4D
0V424ZC1IEJbqZun4qEOHaMmdS7N8GqjHDY5CZlQj2/MP/spOCdyyXHfmpf5K4Oy
d83PxFY2zPXSw24e9yFsB58sBdGzziRcjccRptINrdSBxX01fX6xrZRIG2qs9TrD
g85efrW4DJw3b//eLLRw2WEdOzsPTRrwODHOR96mYoqdB/VVuIp+ATZAsbXoxjrX
zs5B9dpJX9SRyBSjTrVL/wLU6r6Q/pMlBViWWCBJT3xrXevnMraYCoUsDQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHgPYXY2E8DuZTStzW20ufbFlWVkMB8GA1UdIwQY
MBaAFFl6Ad6H4BGAP4kK4XdJAg+ZXxQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hvQjNvZmdFWUFfaVFyaGQwa0NENWxmRkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8yM2VkOWEtMWNhNS00NWVhLTliOGMt
NzM1MzNkZTA5OWMzLzEvZUE5aGRqWVR3TzVsTkszTmJiUzU5c1dWWldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8yM2VkOWEtMWNhNS00NWVhLTliOGMtNzM1MzNkZTA5OWMz
LzEvV1hvQjNvZmdFWUFfaVFyaGQwa0NENWxmRkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDpBJgMA8E
AgACMAkDBwAqB7mCwAAwDQYJKoZIhvcNAQELBQADggEBAHSS1dy3MLraxjTY2TS0
PkuzpcSuzJJKyelnRC3mYCR0Fm4+XxszFYOHr+6/sYOq5JHhL3RV3cvJ/gY78bJl
YolNIPsF3NldtmEQdQ/Au18nDE25OHtX4YwuBS9DwyXMVSlTvEcX2CfGGYDiPAjF
hZPxNrcB6gvE3XRCLvPDADkKm58B48FqvgIwkDYDjtW8sctEg5crLUnuVlRzbzQA
okHlRVtfOyKlb8SIbmgLyLKfWseDq0AlWS3CodkRjpDdstj4M8GkjPD/apcKhxDr
c+MoIHGqYjGS0Z2Oxklvs0KHcW/BI74ruFmYmAP5vgzaGt50gjMFO5l2QqXKTjgp
XKk=
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:10:44 2024 by rpki-client on console-fra.rpki-client.org