Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/25e079-fcbc-418d-bec1-1f3b5b056dfc/1/m9COSkNEnhcaG7Ntn6mY8sI0eMQ.roa
File:                     m9COSkNEnhcaG7Ntn6mY8sI0eMQ.roa (raw, json)
Hash identifier:          IVaCn1GyxeXya5hn+fN10DYDWdF0aOA3i7ia5M+j4eM=
Subject key identifier:   9B:D0:8E:4A:43:44:9E:17:1A:1B:B3:6D:9F:A9:98:F2:C2:34:78:C4
Certificate issuer:       /CN=c7dd297d0898fffde28d7696795bdbd5223f8a66
Certificate serial:       018CCA2B3EE292155235DC9393BFF1D58DC1
Authority key identifier: C7:DD:29:7D:08:98:FF:FD:E2:8D:76:96:79:5B:DB:D5:22:3F:8A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x90pfQiY__3ijXaWeVvb1SI_imY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/25e079-fcbc-418d-bec1-1f3b5b056dfc/1/m9COSkNEnhcaG7Ntn6mY8sI0eMQ.roa
Signing time:             Tue 02 Jan 2024 12:34:40 +0000
ROA not before:           Tue 02 Jan 2024 12:34:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48083
IP address blocks:        94.127.96.0/21 maxlen: 24
                          193.53.99.0/24 maxlen: 24
                          193.53.100.0/24 maxlen: 24
                          193.116.160.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/25e079-fcbc-418d-bec1-1f3b5b056dfc/1/x90pfQiY__3ijXaWeVvb1SI_imY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/25e079-fcbc-418d-bec1-1f3b5b056dfc/1/x90pfQiY__3ijXaWeVvb1SI_imY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x90pfQiY__3ijXaWeVvb1SI_imY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:3e:e2:92:15:52:35:dc:93:93:bf:f1:d5:8d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7dd297d0898fffde28d7696795bdbd5223f8a66
        Validity
            Not Before: Jan  2 12:34:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bd08e4a43449e171a1bb36d9fa998f2c23478c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a8:87:f4:1b:8e:3f:c1:5e:d7:15:8f:02:49:
                    10:ca:f3:a8:53:b7:0e:7b:28:fb:ce:c4:10:f4:9f:
                    80:fa:af:67:5e:91:df:2d:b6:bd:10:c8:73:98:59:
                    4d:7f:8e:04:c4:81:0f:23:b3:d0:c4:3a:b4:40:8b:
                    4b:f5:68:66:75:25:e2:d1:76:c6:73:cc:05:63:e0:
                    02:6b:6d:05:44:9b:59:01:e3:82:3c:c5:5f:48:c6:
                    d0:13:54:d1:11:f3:b5:f3:40:72:42:02:67:f5:d8:
                    99:41:c1:77:e8:82:1e:ff:f2:87:ca:6f:33:3f:5c:
                    f3:e5:08:6a:5e:60:01:29:b3:bb:7e:28:e8:80:17:
                    c8:e6:bf:c5:2d:61:32:18:a6:46:da:77:8a:ac:c6:
                    f4:b7:b9:85:5f:17:66:94:fb:3f:cf:b5:bc:c1:37:
                    a6:de:ea:ae:aa:c9:33:69:70:f5:bb:2e:38:e3:ef:
                    e0:0b:4d:6a:de:bb:01:be:cd:7e:5f:09:f6:e9:9e:
                    33:08:25:fc:7d:6c:ed:41:8d:0e:3b:c0:9a:49:5d:
                    52:db:35:d8:db:f0:6a:9b:d7:99:2c:88:aa:35:17:
                    4a:01:36:dd:75:9f:37:49:24:3e:4c:51:a1:75:88:
                    45:db:9e:67:aa:b0:ac:70:22:53:e1:79:51:14:2a:
                    1a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:D0:8E:4A:43:44:9E:17:1A:1B:B3:6D:9F:A9:98:F2:C2:34:78:C4
            X509v3 Authority Key Identifier:
                keyid:C7:DD:29:7D:08:98:FF:FD:E2:8D:76:96:79:5B:DB:D5:22:3F:8A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x90pfQiY__3ijXaWeVvb1SI_imY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/25e079-fcbc-418d-bec1-1f3b5b056dfc/1/m9COSkNEnhcaG7Ntn6mY8sI0eMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/25e079-fcbc-418d-bec1-1f3b5b056dfc/1/x90pfQiY__3ijXaWeVvb1SI_imY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.127.96.0/21
                  193.53.99.0-193.53.100.255
                  193.116.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         19:da:06:ce:8a:7f:f6:6a:6d:59:f5:84:19:11:54:10:51:cd:
         5e:74:0a:3b:99:ee:d7:15:f9:84:89:e7:94:3a:97:79:17:a9:
         9f:91:24:43:1a:39:e7:b3:fe:55:6c:2f:12:3c:2a:42:f1:ff:
         05:c4:14:67:6c:ea:33:1f:1b:f1:d5:3b:f8:69:26:e9:b0:7c:
         80:df:da:9b:42:4e:22:0f:da:d2:b0:23:ba:fd:af:aa:ef:09:
         46:39:a0:2b:9a:39:e3:0d:ce:1e:6b:03:bd:47:ff:56:47:20:
         e7:f6:ef:2e:3a:18:e4:3c:b4:1b:93:7b:b6:92:88:a0:37:95:
         6e:e9:cb:f3:4d:cd:41:74:be:04:75:9f:05:2b:87:b7:49:a6:
         76:75:df:24:ed:e9:d7:67:cc:33:23:59:09:a9:af:6b:14:c8:
         0d:36:13:f2:fe:49:5d:6f:f8:db:45:cd:3d:b6:15:88:75:ae:
         1b:bc:15:8d:81:87:68:67:e0:a3:33:69:c7:6b:a9:f8:a4:ed:
         b8:a7:94:25:aa:f3:a3:be:6e:99:5d:d1:01:27:c7:c9:f0:a4:
         35:7e:7c:2b:7a:50:2a:26:7d:78:29:c2:f2:9a:f6:e2:82:14:
         ff:64:a2:34:bd:3e:63:a6:1c:26:5e:ff:5b:6f:ee:35:e5:69:
         d3:33:7e:4e
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzKKz7ikhVSNdyTk7/x1Y3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZGQyOTdkMDg5OGZmZmRlMjhkNzY5Njc5NWJkYmQ1MjIz
ZjhhNjYwHhcNMjQwMTAyMTIzNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmQwOGU0YTQzNDQ5ZTE3MWExYmIzNmQ5ZmE5OThmMmMyMzQ3OGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6iH9BuOP8Fe1xWPAkkQyvOoU7cO
eyj7zsQQ9J+A+q9nXpHfLba9EMhzmFlNf44ExIEPI7PQxDq0QItL9WhmdSXi0XbG
c8wFY+ACa20FRJtZAeOCPMVfSMbQE1TREfO180ByQgJn9diZQcF36IIe//KHym8z
P1zz5QhqXmABKbO7fijogBfI5r/FLWEyGKZG2neKrMb0t7mFXxdmlPs/z7W8wTem
3uquqskzaXD1uy444+/gC01q3rsBvs1+Xwn26Z4zCCX8fWztQY0OO8CaSV1S2zXY
2/Bqm9eZLIiqNRdKATbddZ83SSQ+TFGhdYhF255nqrCscCJT4XlRFCoaZwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJvQjkpDRJ4XGhuzbZ+pmPLCNHjEMB8GA1UdIwQY
MBaAFMfdKX0ImP/94o12lnlb29UiP4pmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDkwcGZRaVlfXzNpalhhV2VWdmIxU0lfaW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8yNWUwNzktZmNiYy00MThkLWJlYzEt
MWYzYjViMDU2ZGZjLzEvbTlDT1NrTkVuaGNhRzdOdG42bVk4c0kwZU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8yNWUwNzktZmNiYy00MThkLWJlYzEtMWYzYjViMDU2ZGZj
LzEveDkwcGZRaVlfXzNpalhhV2VWdmIxU0lfaW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQDXn9gMAwD
BADBNWMDBADBNWQDBAXBdKAwDQYJKoZIhvcNAQELBQADggEBABnaBs6Kf/ZqbVn1
hBkRVBBRzV50CjuZ7tcV+YSJ55Q6l3kXqZ+RJEMaOeez/lVsLxI8KkLx/wXEFGds
6jMfG/HVO/hpJumwfIDf2ptCTiIP2tKwI7r9r6rvCUY5oCuaOeMNzh5rA71H/1ZH
IOf27y46GOQ8tBuTe7aSiKA3lW7py/NNzUF0vgR1nwUrh7dJpnZ13yTt6ddnzDMj
WQmpr2sUyA02E/L+SV1v+NtFzT22FYh1rhu8FY2Bh2hn4KMzacdrqfik7binlCWq
86O+bpld0QEnx8nwpDV+fCt6UComfXgpwvKa9uKCFP9kojS9PmOmHCZe/1tv7jXl
adMzfk4=
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:48:08 2024 by rpki-client on console-fra.rpki-client.org