Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/PAiCNnAV6u6mkf1J0HF8F8NI5iY.roa
File:                     PAiCNnAV6u6mkf1J0HF8F8NI5iY.roa (raw, json)
Hash identifier:          ERaCKtBJ93GmlLidz6FpGTZn5SzSEX/hj2FcCEGNfyk=
Subject key identifier:   3C:08:82:36:70:15:EA:EE:A6:91:FD:49:D0:71:7C:17:C3:48:E6:26
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       018CC4938D862D38FEF6EE708761278B7A32
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/PAiCNnAV6u6mkf1J0HF8F8NI5iY.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29001
IP address blocks:        217.170.16.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8d:86:2d:38:fe:f6:ee:70:87:61:27:8b:7a:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c0882367015eaeea691fd49d0717c17c348e626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:97:11:54:1f:89:92:98:3e:1b:e9:f1:0d:cf:
                    16:3b:7e:5d:b1:4d:44:5b:95:97:7a:c5:bb:27:ac:
                    77:cc:4d:f2:4e:4b:c1:7a:46:97:8b:47:29:e4:47:
                    84:78:97:27:ab:55:ea:29:a0:c1:e0:71:5f:c8:18:
                    a5:b8:5f:33:3e:b1:1a:27:e7:54:a8:a1:2a:9d:51:
                    6f:a3:dc:76:65:eb:14:1d:a9:e2:a5:ca:59:cd:73:
                    98:ba:c1:90:f4:93:a8:d7:04:c5:e8:7c:7f:a1:9a:
                    37:b0:6a:64:ef:1f:d5:89:58:dc:e8:83:13:bc:be:
                    8c:5c:ec:67:7b:d8:f3:64:f7:56:f2:52:12:ae:3e:
                    e0:b1:3a:08:8c:10:60:3a:2a:56:06:14:c1:bd:1d:
                    08:f7:22:fc:7b:02:13:c7:e4:29:8f:aa:6f:24:81:
                    c4:50:37:55:14:c2:e9:44:67:28:d8:9c:c8:36:7f:
                    b9:c5:d3:5e:3b:b9:19:6e:a9:a4:3a:28:51:78:bb:
                    c0:6e:35:92:92:f7:15:ab:5b:8b:16:a1:fb:67:54:
                    b7:38:29:4d:3a:a0:6e:2b:05:2f:ae:56:a0:b1:f7:
                    ab:09:9c:75:c5:68:8c:dd:f5:7b:fa:60:c3:e2:3e:
                    4b:d7:53:07:7d:f9:6e:0f:31:ff:0d:3c:1d:3d:2b:
                    5c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:08:82:36:70:15:EA:EE:A6:91:FD:49:D0:71:7C:17:C3:48:E6:26
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/PAiCNnAV6u6mkf1J0HF8F8NI5iY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.170.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:81:30:80:c5:76:19:11:f1:89:76:79:85:ae:f7:78:80:07:
         cc:e5:16:08:5b:da:3c:09:2c:1f:40:53:df:1c:36:89:63:b3:
         01:0e:81:21:0e:11:61:98:f8:47:2d:94:b6:56:15:a4:5a:46:
         6d:fd:78:c0:42:10:69:2c:e3:8e:67:7a:ef:7e:93:45:d8:33:
         b8:54:72:5b:23:e3:9c:a0:42:b3:fb:ed:88:e4:61:59:f4:f3:
         5f:9c:f2:0c:49:59:65:6a:d6:08:63:51:fc:19:da:ae:87:d1:
         dc:08:0a:0b:b6:75:72:4d:f9:bb:86:e2:84:0f:2c:be:ec:9d:
         6c:89:37:85:f9:c1:e9:52:dc:9b:86:31:37:70:33:6a:d5:77:
         6b:79:b9:d2:21:33:26:2f:ea:18:b1:b3:ec:8e:36:ba:b1:90:
         fd:d3:71:e9:d4:cf:b9:24:2e:a9:05:cf:5f:91:e7:f9:03:0f:
         ea:4d:2a:19:65:6b:d8:42:ce:76:9f:78:32:76:c7:b4:7f:fc:
         e4:05:50:03:8f:ac:a1:d0:95:b8:a5:05:3b:30:05:cd:9a:ed:
         38:07:26:ca:2e:0f:ce:c9:63:e8:81:66:5f:67:3b:2e:cb:3d:
         6d:8b:8c:93:b7:b7:68:02:22:5c:17:2b:ec:26:97:ae:d9:59:
         d8:c4:f3:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk42GLTj+9u5wh2Eni3oyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzA4ODIzNjcwMTVlYWVlYTY5MWZkNDlkMDcxN2MxN2MzNDhlNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZcRVB+Jkpg+G+nxDc8WO35dsU1E
W5WXesW7J6x3zE3yTkvBekaXi0cp5EeEeJcnq1XqKaDB4HFfyBiluF8zPrEaJ+dU
qKEqnVFvo9x2ZesUHanipcpZzXOYusGQ9JOo1wTF6Hx/oZo3sGpk7x/ViVjc6IMT
vL6MXOxne9jzZPdW8lISrj7gsToIjBBgOipWBhTBvR0I9yL8ewITx+Qpj6pvJIHE
UDdVFMLpRGco2JzINn+5xdNeO7kZbqmkOihReLvAbjWSkvcVq1uLFqH7Z1S3OClN
OqBuKwUvrlagsferCZx1xWiM3fV7+mDD4j5L11MHffluDzH/DTwdPStcowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwIgjZwFeruppH9SdBxfBfDSOYmMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvUEFpQ05uQVY2dTZta2YxSjBIRjhGOE5JNWlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2aoQMA0G
CSqGSIb3DQEBCwUAA4IBAQBsgTCAxXYZEfGJdnmFrvd4gAfM5RYIW9o8CSwfQFPf
HDaJY7MBDoEhDhFhmPhHLZS2VhWkWkZt/XjAQhBpLOOOZ3rvfpNF2DO4VHJbI+Oc
oEKz++2I5GFZ9PNfnPIMSVllatYIY1H8Gdquh9HcCAoLtnVyTfm7huKEDyy+7J1s
iTeF+cHpUtybhjE3cDNq1XdrebnSITMmL+oYsbPsjja6sZD903Hp1M+5JC6pBc9f
kef5Aw/qTSoZZWvYQs52n3gydse0f/zkBVADj6yh0JW4pQU7MAXNmu04BybKLg/O
yWPogWZfZzsuyz1ti4yTt7doAiJcFyvsJpeu2VnYxPMA
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:48:18 2024 by rpki-client on console-ams.rpki-client.org