Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/A-R9o5MjO1MB-9IoZuCaOUnrsFw.roa
File:                     A-R9o5MjO1MB-9IoZuCaOUnrsFw.roa (raw, json)
Hash identifier:          FC7UgYDp+rT/b+xFm6MMd1NzJFKYZ+XASr6GFfvO0OU=
Subject key identifier:   03:E4:7D:A3:93:23:3B:53:01:FB:D2:28:66:E0:9A:39:49:EB:B0:5C
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       018CCA2BCCBCFE4959E0D62D2AF2C5B4C9F6
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/A-R9o5MjO1MB-9IoZuCaOUnrsFw.roa
Signing time:             Tue 02 Jan 2024 12:35:17 +0000
ROA not before:           Tue 02 Jan 2024 12:35:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1271
IP address blocks:        192.166.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:cc:bc:fe:49:59:e0:d6:2d:2a:f2:c5:b4:c9:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan  2 12:35:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03e47da393233b5301fbd22866e09a3949ebb05c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a8:86:f6:c0:95:ac:06:91:f6:2e:61:6c:41:
                    eb:32:e0:06:ab:2c:85:92:69:55:af:e7:80:93:86:
                    59:c6:10:6e:49:32:69:d0:28:13:78:a0:54:72:25:
                    06:87:67:ed:2e:ba:f8:3a:f9:56:35:24:fc:63:fd:
                    07:2c:00:e0:da:d4:52:9c:6b:a4:4b:f5:a3:1f:cd:
                    0f:8b:41:03:6a:63:b9:7e:65:c7:f9:96:fb:17:f5:
                    f7:d5:75:0c:04:74:e7:ee:8a:29:2a:ba:9d:5b:28:
                    e0:10:14:01:9b:36:3c:3b:db:fe:c9:b9:9c:7a:ad:
                    f5:19:45:2a:22:39:26:e0:96:d8:d8:8c:fc:84:0e:
                    51:25:7f:29:f4:5f:d5:3b:21:24:95:b2:55:1f:13:
                    6d:61:93:f4:59:45:8b:72:83:06:f8:13:7d:2c:8c:
                    0b:27:c2:74:c9:f2:90:27:b2:7a:76:53:fa:46:4e:
                    54:f6:7a:0c:1b:01:f2:ca:c4:91:52:aa:3f:22:f9:
                    71:d2:1c:dd:63:06:22:52:7e:e4:02:cb:95:ea:4b:
                    db:f5:87:ed:12:d3:14:84:1d:6d:f2:64:63:a6:b7:
                    5e:55:2b:d6:b5:64:bc:f5:65:92:a8:70:89:19:26:
                    b4:88:d1:56:02:07:b7:4a:1e:50:ff:23:19:23:f6:
                    e6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E4:7D:A3:93:23:3B:53:01:FB:D2:28:66:E0:9A:39:49:EB:B0:5C
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/A-R9o5MjO1MB-9IoZuCaOUnrsFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:c6:58:5e:3d:a6:35:ac:47:7a:b9:24:0f:24:77:e5:34:c3:
         9b:cd:2e:fb:c1:4a:1d:a7:26:0f:b4:05:f8:b9:7e:3c:17:74:
         c3:aa:b8:48:13:59:74:08:00:f1:9a:6d:bb:6c:44:34:4d:87:
         e5:f5:b9:38:ff:b1:12:5d:c5:38:5c:af:5a:14:8f:5a:8a:b0:
         3f:df:f6:33:b1:f1:55:e5:29:97:a7:3a:e4:5f:52:4f:06:9f:
         13:ee:60:53:0a:3b:49:18:a7:56:5d:d0:74:1a:a9:6d:98:f4:
         66:d6:1a:46:2d:83:af:9d:e2:e0:13:59:a2:fd:f0:f7:c3:4c:
         d6:85:50:8f:04:3f:44:1a:28:ef:0c:79:d9:bc:ce:eb:cd:9a:
         25:4d:ad:46:ae:83:a4:64:a1:fe:f8:30:88:25:ce:6d:f7:33:
         03:3b:23:d9:71:df:14:57:09:06:6f:5f:e7:d2:ee:74:6f:6e:
         bd:be:22:24:0e:ee:95:12:52:27:82:6c:8d:a0:36:85:a0:00:
         72:0f:a4:be:05:03:63:b5:57:ca:37:f3:f4:b2:65:58:00:6f:
         d1:62:8d:c3:9a:22:5d:43:11:44:d4:57:50:f7:ff:82:fb:b7:
         c6:36:c5:80:cc:0a:9c:f8:71:4f:c2:cd:17:81:fc:17:c7:43:
         2c:4c:ff:a0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKK8y8/klZ4NYtKvLFtMn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDcxMDBlNzdlZDkxMTlkNjZlMjMyMWJiNjcxMWQ3ZTc2
MDk4MmIwHhcNMjQwMTAyMTIzNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2U0N2RhMzkzMjMzYjUzMDFmYmQyMjg2NmUwOWEzOTQ5ZWJiMDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKiG9sCVrAaR9i5hbEHrMuAGqyyF
kmlVr+eAk4ZZxhBuSTJp0CgTeKBUciUGh2ftLrr4OvlWNST8Y/0HLADg2tRSnGuk
S/WjH80Pi0EDamO5fmXH+Zb7F/X31XUMBHTn7oopKrqdWyjgEBQBmzY8O9v+ybmc
eq31GUUqIjkm4JbY2Iz8hA5RJX8p9F/VOyEklbJVHxNtYZP0WUWLcoMG+BN9LIwL
J8J0yfKQJ7J6dlP6Rk5U9noMGwHyysSRUqo/Ivlx0hzdYwYiUn7kAsuV6kvb9Yft
EtMUhB1t8mRjprdeVSvWtWS89WWSqHCJGSa0iNFWAge3Sh5Q/yMZI/bm/QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAPkfaOTIztTAfvSKGbgmjlJ67BcMB8GA1UdIwQY
MBaAFPrXEA537ZEZ1m4jIbtnEdfnYJgrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10Y1FEbmZ0a1JuV2JpTWh1MmNSMS1kZ21Dcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUy
LTc2YjBkZGEyYmYzZS8xL0EtUjlvNU1qTzFNQi05SW9adUNhT1VucnNGdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUyLTc2YjBkZGEyYmYz
ZS8xLzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADApjAw
DQYJKoZIhvcNAQELBQADggEBAFjGWF49pjWsR3q5JA8kd+U0w5vNLvvBSh2nJg+0
Bfi5fjwXdMOquEgTWXQIAPGabbtsRDRNh+X1uTj/sRJdxThcr1oUj1qKsD/f9jOx
8VXlKZenOuRfUk8GnxPuYFMKO0kYp1Zd0HQaqW2Y9GbWGkYtg6+d4uATWaL98PfD
TNaFUI8EP0QaKO8Medm8zuvNmiVNrUaug6Rkof74MIglzm33MwM7I9lx3xRXCQZv
X+fS7nRvbr2+IiQO7pUSUieCbI2gNoWgAHIPpL4FA2O1V8o38/SyZVgAb9FijcOa
Il1DEUTUV1D3/4L7t8Y2xYDMCpz4cU/CzReB/BfHQyxM/6A=
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:50:45 2024 by rpki-client on console-fra.rpki-client.org