Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/rIJf35B2nQs5l3Rg7XQpSiFlB8k.roa
File:                     rIJf35B2nQs5l3Rg7XQpSiFlB8k.roa (raw, json)
Hash identifier:          1dhDE92rGSfJ3ppakpxVc1t4WlD1d+516A2f6aS8FiM=
Subject key identifier:   AC:82:5F:DF:90:76:9D:0B:39:97:74:60:ED:74:29:4A:21:65:07:C9
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018CC4939771D0D88F1EA9BCFF316C565D98
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/rIJf35B2nQs5l3Rg7XQpSiFlB8k.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        217.67.78.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:97:71:d0:d8:8f:1e:a9:bc:ff:31:6c:56:5d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac825fdf90769d0b39977460ed74294a216507c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:98:bb:ba:0a:aa:bc:5e:5e:f5:cf:26:51:5b:
                    0d:a1:4c:6d:96:bd:4e:0f:42:70:82:85:aa:c9:07:
                    4e:ef:69:86:8e:ce:0d:cd:14:0c:f8:a6:3e:d6:ef:
                    f4:6e:45:3b:ea:4b:40:c0:9a:4f:fe:f5:4b:81:a3:
                    10:8c:0e:43:ad:d7:30:3c:bb:68:5b:0a:87:d1:35:
                    c9:62:46:9e:0f:77:bb:a9:7a:0a:d7:4b:12:d2:f3:
                    8c:94:c0:cb:09:5a:be:72:1d:c6:dd:64:08:d6:7c:
                    ae:4e:52:0a:55:8a:95:51:96:72:de:97:5a:20:02:
                    f7:f0:24:de:20:85:e9:07:14:26:82:17:29:19:ed:
                    b2:d6:2e:8f:0f:0a:fd:72:f3:d2:00:e8:61:23:8a:
                    42:69:e1:5e:91:30:aa:51:9c:d0:c3:fc:61:b5:63:
                    bd:81:5d:b3:6d:07:0a:8d:99:44:e3:6c:0b:b0:d4:
                    18:16:6b:59:0c:b0:33:96:42:23:d7:d1:de:68:a6:
                    1d:e7:f4:2b:de:e3:0e:1f:d1:e7:44:15:bf:9c:49:
                    e6:cf:9f:ad:21:8f:52:14:3b:bf:3d:a6:cd:cc:f8:
                    d4:ef:4f:d0:cc:4c:9b:d3:f5:fc:9e:6e:e6:55:74:
                    7d:eb:5b:ee:81:75:12:40:0a:35:77:1c:97:bb:a8:
                    f7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:82:5F:DF:90:76:9D:0B:39:97:74:60:ED:74:29:4A:21:65:07:C9
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/rIJf35B2nQs5l3Rg7XQpSiFlB8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.67.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:3f:84:5f:39:0a:01:11:34:d2:de:ab:eb:8f:01:fc:a1:3e:
         e6:55:a4:f6:91:0b:a0:5e:05:86:00:ca:09:7f:4a:a0:e2:32:
         a7:0e:4b:60:19:97:67:e8:fc:9d:fb:15:a5:80:6f:72:ca:24:
         4f:39:33:b9:41:8d:97:8d:42:68:71:f7:c7:9c:55:f9:4c:e3:
         63:5e:3b:e3:8e:43:a2:65:80:14:54:d6:14:e8:e8:6d:36:eb:
         21:26:ae:1a:93:0a:e1:0c:42:59:e6:b9:aa:0e:88:9c:8f:a9:
         24:23:9e:94:cf:54:8a:3e:2c:5f:d8:0d:07:d6:c8:43:c7:d7:
         60:46:a1:1e:a8:88:4e:9c:19:43:01:aa:0c:28:32:46:9f:2d:
         73:12:a1:85:b7:f1:cb:3d:1e:8d:cf:28:ac:3b:14:93:7e:81:
         b0:ef:49:e3:47:29:28:ed:a0:c9:0d:bf:a0:d5:09:1b:b9:67:
         6e:89:63:52:7f:e5:d8:09:c1:6b:58:9e:24:ab:42:5e:e1:a0:
         be:c0:31:28:e1:65:97:65:92:ed:fe:8f:5c:64:82:33:33:ae:
         94:c4:61:12:e9:61:59:ed:52:14:70:b0:5d:29:7d:63:65:28:
         b9:c5:34:61:5a:ba:dc:38:ff:1d:e6:f3:47:27:30:27:16:e3:
         b3:a2:74:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5dx0NiPHqm8/zFsVl2YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzgyNWZkZjkwNzY5ZDBiMzk5Nzc0NjBlZDc0Mjk0YTIxNjUwN2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5i7ugqqvF5e9c8mUVsNoUxtlr1O
D0JwgoWqyQdO72mGjs4NzRQM+KY+1u/0bkU76ktAwJpP/vVLgaMQjA5DrdcwPLto
WwqH0TXJYkaeD3e7qXoK10sS0vOMlMDLCVq+ch3G3WQI1nyuTlIKVYqVUZZy3pda
IAL38CTeIIXpBxQmghcpGe2y1i6PDwr9cvPSAOhhI4pCaeFekTCqUZzQw/xhtWO9
gV2zbQcKjZlE42wLsNQYFmtZDLAzlkIj19HeaKYd5/Qr3uMOH9HnRBW/nEnmz5+t
IY9SFDu/PabNzPjU70/QzEyb0/X8nm7mVXR961vugXUSQAo1dxyXu6j3HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyCX9+Qdp0LOZd0YO10KUohZQfJMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvcklKZjM1QjJuUXM1bDNSZzdYUXBTaUZsQjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2UNOMA0G
CSqGSIb3DQEBCwUAA4IBAQBdP4RfOQoBETTS3qvrjwH8oT7mVaT2kQugXgWGAMoJ
f0qg4jKnDktgGZdn6Pyd+xWlgG9yyiRPOTO5QY2XjUJocffHnFX5TONjXjvjjkOi
ZYAUVNYU6OhtNushJq4akwrhDEJZ5rmqDoicj6kkI56Uz1SKPixf2A0H1shDx9dg
RqEeqIhOnBlDAaoMKDJGny1zEqGFt/HLPR6NzyisOxSTfoGw70njRyko7aDJDb+g
1QkbuWduiWNSf+XYCcFrWJ4kq0Je4aC+wDEo4WWXZZLt/o9cZIIzM66UxGES6WFZ
7VIUcLBdKX1jZSi5xTRhWrrcOP8d5vNHJzAnFuOzonQl
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:11:01 2024 by rpki-client on console-ams.rpki-client.org