Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/THRIlSs7-bBDwbJo-g7YuisqRYE.roa
File:                     THRIlSs7-bBDwbJo-g7YuisqRYE.roa (raw, json)
Hash identifier:          ZQNGXrQ+zpXyHUaT1nY0ph9Ghl3G1hB/N3Z10s3KiWU=
Subject key identifier:   4C:74:48:95:2B:3B:F9:B0:43:C1:B2:68:FA:0E:D8:BA:2B:2A:45:81
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B9D90646E92EE45E47DDFD8A8C1D3
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/THRIlSs7-bBDwbJo-g7YuisqRYE.roa
Signing time:             Mon 01 Jan 2024 18:31:33 +0000
ROA not before:           Mon 01 Jan 2024 18:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210997
IP address blocks:        77.65.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:9d:90:64:6e:92:ee:45:e4:7d:df:d8:a8:c1:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c7448952b3bf9b043c1b268fa0ed8ba2b2a4581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b2:a7:62:74:4a:91:93:76:11:8e:a3:c8:d3:
                    b5:60:db:8c:d5:e5:94:8c:2c:e4:88:a5:08:2c:68:
                    7a:8b:4b:b0:d1:24:b9:de:6c:ce:dc:b1:fa:95:4a:
                    b7:c0:c2:4f:e9:8b:51:62:f8:12:d7:46:a8:f9:91:
                    80:23:d8:0f:48:86:e1:18:35:c5:8b:fe:bc:0a:25:
                    e3:cf:95:98:dd:c7:e7:22:5a:aa:01:58:49:37:b4:
                    d5:9c:82:69:27:28:65:8d:e5:37:af:23:8d:95:3d:
                    09:59:d5:06:7d:59:3a:7f:62:50:94:4c:88:57:a6:
                    d1:ee:f6:8f:32:1c:27:57:56:fa:5e:03:dd:bb:ba:
                    7e:44:5b:32:35:70:4f:1a:37:6f:31:6a:be:19:99:
                    76:21:5e:5f:0a:51:b5:dd:dd:13:d8:07:21:ee:31:
                    11:04:72:60:b0:69:d6:6d:cd:ff:16:87:8b:42:e1:
                    21:fe:d1:d8:67:07:c1:1b:ec:a6:93:b0:f4:46:bb:
                    2e:ae:94:26:f3:91:c0:d8:26:ce:9c:8a:b9:8e:58:
                    ba:a3:58:c0:6d:79:67:dc:2c:44:97:f1:c1:e6:03:
                    9f:be:69:af:f5:40:4a:b1:61:f2:be:91:60:a6:3f:
                    ee:32:1a:0e:4b:9f:a7:75:55:9b:fa:c6:7f:76:34:
                    eb:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:74:48:95:2B:3B:F9:B0:43:C1:B2:68:FA:0E:D8:BA:2B:2A:45:81
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/THRIlSs7-bBDwbJo-g7YuisqRYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:1e:00:03:58:46:a7:11:d5:71:5d:12:6d:50:68:f4:e9:c9:
         a1:8c:29:b8:de:a9:d7:51:94:12:76:5a:56:1a:9d:5d:df:77:
         40:0e:e7:84:9a:07:11:8d:3e:2a:4f:8f:f7:7a:2e:e9:dc:b1:
         72:13:49:b6:54:39:cf:ba:83:da:3c:8c:92:94:95:e1:a4:a3:
         7c:9b:bb:da:cd:14:cc:a4:09:38:d5:e6:b0:fd:92:40:fb:f0:
         cf:5e:e1:3f:1e:34:d9:be:db:d0:17:a1:36:17:ca:f5:ce:d4:
         a0:e0:f1:7b:ed:9b:31:d2:82:03:e6:6d:42:82:a4:2d:d7:e0:
         c6:6a:07:c6:eb:d8:ea:a4:7b:99:10:0e:ac:41:72:f5:1e:04:
         4d:d0:22:c3:51:97:82:b0:b8:d6:b5:d2:05:9d:1a:dc:de:7e:
         5c:7a:3b:45:be:57:a2:84:f0:93:4a:e1:64:69:14:e5:93:bd:
         d0:e7:8b:49:4a:da:be:2a:e6:6d:6c:53:c1:a0:a4:38:e1:65:
         b7:5f:68:7a:86:5c:a6:33:a8:75:63:60:9f:cd:49:5c:0f:2e:
         65:95:3d:ed:2a:c7:40:e7:d5:70:74:18:ce:21:ee:8a:87:ed:
         12:f2:46:cf:66:de:a9:51:7d:d9:10:ca:a1:d0:7d:29:68:9f:
         f2:ad:27:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS52QZG6S7kXkfd/YqMHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzc0NDg5NTJiM2JmOWIwNDNjMWIyNjhmYTBlZDhiYTJiMmE0NTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7KnYnRKkZN2EY6jyNO1YNuM1eWU
jCzkiKUILGh6i0uw0SS53mzO3LH6lUq3wMJP6YtRYvgS10ao+ZGAI9gPSIbhGDXF
i/68CiXjz5WY3cfnIlqqAVhJN7TVnIJpJyhljeU3ryONlT0JWdUGfVk6f2JQlEyI
V6bR7vaPMhwnV1b6XgPdu7p+RFsyNXBPGjdvMWq+GZl2IV5fClG13d0T2Ach7jER
BHJgsGnWbc3/FoeLQuEh/tHYZwfBG+ymk7D0RrsurpQm85HA2CbOnIq5jli6o1jA
bXln3CxEl/HB5gOfvmmv9UBKsWHyvpFgpj/uMhoOS5+ndVWb+sZ/djTrmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEx0SJUrO/mwQ8GyaPoO2LorKkWBMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvVEhSSWxTczctYkJEd2JKby1nN1l1aXNxUllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUHZMA0G
CSqGSIb3DQEBCwUAA4IBAQBaHgADWEanEdVxXRJtUGj06cmhjCm43qnXUZQSdlpW
Gp1d33dADueEmgcRjT4qT4/3ei7p3LFyE0m2VDnPuoPaPIySlJXhpKN8m7vazRTM
pAk41eaw/ZJA+/DPXuE/HjTZvtvQF6E2F8r1ztSg4PF77Zsx0oID5m1CgqQt1+DG
agfG69jqpHuZEA6sQXL1HgRN0CLDUZeCsLjWtdIFnRrc3n5cejtFvleihPCTSuFk
aRTlk73Q54tJStq+KuZtbFPBoKQ44WW3X2h6hlymM6h1Y2CfzUlcDy5llT3tKsdA
59VwdBjOIe6Kh+0S8kbPZt6pUX3ZEMqh0H0paJ/yrSfx
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:04:06 2024 by rpki-client on console-ams.rpki-client.org