Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/1Cf4exWc9nj_hY-GyzxH7k5sXS0.roa
File:                     1Cf4exWc9nj_hY-GyzxH7k5sXS0.roa (raw, json)
Hash identifier:          39Eo14q8VatdCghn0r2xLXuL6ruGS3IUYI8YNh+Dr5o=
Subject key identifier:   D4:27:F8:7B:15:9C:F6:78:FF:85:8F:86:CB:3C:47:EE:4E:6C:5D:2D
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018FA501023B6A813F63220B1A952CC1357E
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/1Cf4exWc9nj_hY-GyzxH7k5sXS0.roa
Signing time:             Thu 23 May 2024 10:30:57 +0000
ROA not before:           Thu 23 May 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57724
IP address blocks:        217.114.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:09:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:01:02:3b:6a:81:3f:63:22:0b:1a:95:2c:c1:35:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: May 23 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d427f87b159cf678ff858f86cb3c47ee4e6c5d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:46:26:b9:44:a5:66:37:b4:55:62:0f:55:e5:
                    16:75:67:71:9c:de:d0:99:73:73:08:12:c3:77:bb:
                    64:a8:67:6a:10:74:34:bc:07:9c:0c:05:16:b0:e9:
                    4c:15:40:21:31:24:fe:e7:9b:3c:3b:97:8d:74:bf:
                    fe:66:35:2a:3d:a6:23:d3:ff:9e:dd:7d:e6:57:4b:
                    43:c7:95:44:62:59:ef:6a:24:02:3e:44:64:33:29:
                    db:d0:47:ac:c5:cb:34:6f:7b:90:9c:ad:27:5b:b2:
                    fd:4c:92:dc:bc:ee:fc:73:06:0a:7f:12:40:a8:fa:
                    d9:79:ea:9d:af:34:fc:9e:28:27:8b:30:80:6e:e2:
                    95:ab:38:38:46:db:cb:3e:63:e3:5d:5b:24:e2:9f:
                    b5:14:a9:22:6b:9c:d2:b8:4d:c9:6a:94:09:4f:0b:
                    4d:af:14:60:50:ce:57:ff:b0:74:1e:7f:6b:73:02:
                    d1:c9:9c:2d:1b:7f:a0:e9:7a:e9:36:2c:64:31:a9:
                    b9:dd:dc:8e:76:20:f6:3c:de:73:6f:fc:a0:6e:8c:
                    eb:ba:ef:1b:96:e2:b5:ac:4f:a6:b7:be:73:0b:9c:
                    9e:14:c7:c0:b1:72:54:b7:d6:df:f1:ae:a0:38:09:
                    ec:10:29:75:fe:f2:92:64:86:97:2e:8c:46:c9:5d:
                    9b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:27:F8:7B:15:9C:F6:78:FF:85:8F:86:CB:3C:47:EE:4E:6C:5D:2D
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/1Cf4exWc9nj_hY-GyzxH7k5sXS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.114.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:3d:24:65:9e:5d:20:55:29:0f:26:54:b9:be:d4:62:9b:a5:
         2c:d7:0e:e9:94:4f:56:07:8f:00:4f:d0:ff:64:27:b5:a8:25:
         93:2d:dd:5b:f3:5e:7d:22:23:41:ba:0d:bd:49:cf:37:bf:95:
         55:6d:8d:f7:4b:e3:ad:1c:1d:10:92:3a:38:30:cd:f7:6b:0c:
         be:02:bc:9f:41:d1:63:08:f4:05:06:30:cd:e1:4f:5a:ae:a9:
         7f:6b:08:eb:60:4d:fe:8d:13:81:cc:4b:99:f0:fa:2d:e3:53:
         c0:c7:9f:42:aa:65:f5:f4:f1:6e:f0:31:de:e1:1d:64:7a:05:
         b1:2a:70:f3:5f:1c:b9:9e:37:b6:c4:46:b1:31:bd:90:60:07:
         94:e5:6c:14:98:ca:24:5f:8b:47:5d:f6:01:4b:57:5e:cf:b2:
         64:5d:3b:09:c6:7c:9a:e4:c2:16:2f:2a:47:7b:cd:e0:d3:4f:
         75:10:25:e0:ae:d8:c6:0d:0b:fa:f4:3b:42:99:ea:3c:ab:00:
         58:de:e6:c0:45:9f:8f:fa:03:82:e7:d7:7e:cb:06:f3:a2:e7:
         ec:b3:17:79:37:d0:ea:03:0e:6d:76:66:ef:39:9c:d7:b1:ad:
         8d:e6:44:b6:b4:8a:2a:65:17:10:c2:dc:e9:5f:20:1f:98:ca:
         c1:b9:49:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+lAQI7aoE/YyILGpUswTV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNTIzMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDI3Zjg3YjE1OWNmNjc4ZmY4NThmODZjYjNjNDdlZTRlNmM1ZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEYmuUSlZje0VWIPVeUWdWdxnN7Q
mXNzCBLDd7tkqGdqEHQ0vAecDAUWsOlMFUAhMST+55s8O5eNdL/+ZjUqPaYj0/+e
3X3mV0tDx5VEYlnvaiQCPkRkMynb0Eesxcs0b3uQnK0nW7L9TJLcvO78cwYKfxJA
qPrZeeqdrzT8nignizCAbuKVqzg4RtvLPmPjXVsk4p+1FKkia5zSuE3JapQJTwtN
rxRgUM5X/7B0Hn9rcwLRyZwtG3+g6XrpNixkMam53dyOdiD2PN5zb/ygbozruu8b
luK1rE+mt75zC5yeFMfAsXJUt9bf8a6gOAnsECl1/vKSZIaXLoxGyV2buQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQn+HsVnPZ4/4WPhss8R+5ObF0tMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvMUNmNGV4V2M5bmpfaFktR3l6eEg3azVzWFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XIqMA0G
CSqGSIb3DQEBCwUAA4IBAQBwPSRlnl0gVSkPJlS5vtRim6Us1w7plE9WB48AT9D/
ZCe1qCWTLd1b8159IiNBug29Sc83v5VVbY33S+OtHB0Qkjo4MM33awy+AryfQdFj
CPQFBjDN4U9arql/awjrYE3+jROBzEuZ8Pot41PAx59CqmX19PFu8DHe4R1kegWx
KnDzXxy5nje2xEaxMb2QYAeU5WwUmMokX4tHXfYBS1dez7JkXTsJxnya5MIWLypH
e83g0091ECXgrtjGDQv69DtCmeo8qwBY3ubARZ+P+gOC59d+ywbzoufssxd5N9Dq
Aw5tdmbvOZzXsa2N5kS2tIoqZRcQwtzpXyAfmMrBuUkM
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:43:17 2024 by rpki-client on console-fra.rpki-client.org