Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/0l4ruX6uZtj-7dLPfGTBmWODvkc.roa
File:                     0l4ruX6uZtj-7dLPfGTBmWODvkc.roa (raw, json)
Hash identifier:          nLRQClEkrTrCqrVrQ+PW0/0zYwvrJP+92hCY48ErSo0=
Subject key identifier:   D2:5E:2B:B9:7E:AE:66:D8:FE:ED:D2:CF:7C:64:C1:99:63:83:BE:47
Certificate issuer:       /CN=7373c1ff55403d4792346493f769f8d033bef02c
Certificate serial:       018CC7950CC782B4C9AFE381D1836EBE256C
Authority key identifier: 73:73:C1:FF:55:40:3D:47:92:34:64:93:F7:69:F8:D0:33:BE:F0:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3PB_1VAPUeSNGST92n40DO-8Cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/0l4ruX6uZtj-7dLPfGTBmWODvkc.roa
Signing time:             Tue 02 Jan 2024 00:31:23 +0000
ROA not before:           Tue 02 Jan 2024 00:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        213.230.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/c3PB_1VAPUeSNGST92n40DO-8Cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/c3PB_1VAPUeSNGST92n40DO-8Cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3PB_1VAPUeSNGST92n40DO-8Cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:0c:c7:82:b4:c9:af:e3:81:d1:83:6e:be:25:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7373c1ff55403d4792346493f769f8d033bef02c
        Validity
            Not Before: Jan  2 00:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d25e2bb97eae66d8feedd2cf7c64c1996383be47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a5:9a:c5:eb:f2:0f:ac:ab:03:45:b8:93:6a:
                    50:1e:d1:16:7e:56:37:9e:78:cf:c0:54:22:67:08:
                    25:10:cc:3f:73:63:e4:8b:4b:31:43:f3:d0:ec:a7:
                    99:8a:aa:ac:7d:f1:eb:90:43:18:06:35:f6:dc:15:
                    98:e4:b2:8a:d8:a9:b9:7d:ab:26:15:66:46:70:b6:
                    82:d5:84:ea:94:a2:4d:5f:60:67:c7:8f:10:71:2a:
                    45:b1:62:10:1b:5d:fc:e9:52:ca:ea:5c:b4:91:61:
                    5e:3a:48:d8:40:dd:f5:55:aa:72:f6:45:30:de:0e:
                    d0:a9:d4:28:4a:53:a9:44:b6:14:ac:7a:24:7d:31:
                    a1:e5:73:c2:82:3e:ac:f0:06:cc:4b:17:1f:c8:31:
                    5b:0a:56:cf:5f:3d:94:4f:13:9f:c5:45:2a:53:04:
                    03:7c:d6:00:21:30:a8:6e:4d:47:8c:ab:d6:91:c3:
                    51:e5:04:89:35:8a:b8:6a:8d:35:6e:94:ae:72:86:
                    7b:43:fd:1f:8f:be:46:d3:d7:f0:1d:ae:b1:8b:1f:
                    80:bf:f0:8e:30:0a:7c:17:b4:56:3e:65:aa:02:c3:
                    50:64:08:b7:32:6c:c7:4f:b9:0c:6e:3a:41:20:21:
                    3f:c0:e4:ba:0f:67:6c:96:91:9c:88:06:54:98:fe:
                    3b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:5E:2B:B9:7E:AE:66:D8:FE:ED:D2:CF:7C:64:C1:99:63:83:BE:47
            X509v3 Authority Key Identifier:
                keyid:73:73:C1:FF:55:40:3D:47:92:34:64:93:F7:69:F8:D0:33:BE:F0:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3PB_1VAPUeSNGST92n40DO-8Cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/0l4ruX6uZtj-7dLPfGTBmWODvkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1aff10-dd29-439f-8d23-bc9a5f6605fc/1/c3PB_1VAPUeSNGST92n40DO-8Cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.230.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:83:88:7e:69:da:82:f8:3a:10:81:01:69:a6:d7:75:16:21:
         a1:e7:1c:53:1a:a9:16:29:8f:b3:d1:3e:2e:92:75:b3:75:c1:
         af:e1:2b:54:65:5a:b2:5c:4c:03:ed:ad:fc:cb:da:64:1d:3a:
         96:99:e1:67:d8:aa:fb:ea:8f:1e:58:e1:8e:eb:b3:3b:92:94:
         13:ea:23:6c:d3:08:85:85:a8:b3:1e:98:86:d0:e2:f7:81:8d:
         56:2c:8d:bf:9d:68:3a:0f:4c:31:ec:aa:cd:c1:91:cf:60:36:
         cb:3b:0d:e1:91:71:2b:4a:05:e4:bc:6b:11:1d:c4:05:60:ed:
         da:c0:25:ef:96:cf:74:e9:da:90:ae:c8:cb:98:3f:fc:ee:2a:
         b3:36:f4:af:4c:59:81:53:54:62:c5:28:c8:9f:8e:f5:1a:b3:
         62:34:e6:9d:7e:c3:6f:9c:31:39:16:5f:08:2f:7c:23:29:7f:
         6e:7e:af:99:e7:8f:8d:ae:d3:2a:30:d0:81:f3:20:5f:f3:b2:
         9c:1a:0d:60:30:fe:f0:e6:ea:da:2a:86:b0:b2:5e:a8:cf:c2:
         a3:00:bf:ce:56:73:5e:4a:56:de:e4:a2:bb:e8:69:0e:c0:97:
         ea:1f:1a:02:d1:1e:87:29:0c:0e:3a:62:66:ef:16:09:02:ab:
         b3:7a:87:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlQzHgrTJr+OB0YNuviVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczNzNjMWZmNTU0MDNkNDc5MjM0NjQ5M2Y3NjlmOGQwMzNi
ZWYwMmMwHhcNMjQwMTAyMDAzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjVlMmJiOTdlYWU2NmQ4ZmVlZGQyY2Y3YzY0YzE5OTYzODNiZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKWaxevyD6yrA0W4k2pQHtEWflY3
nnjPwFQiZwglEMw/c2Pki0sxQ/PQ7KeZiqqsffHrkEMYBjX23BWY5LKK2Km5fasm
FWZGcLaC1YTqlKJNX2Bnx48QcSpFsWIQG1386VLK6ly0kWFeOkjYQN31Vapy9kUw
3g7QqdQoSlOpRLYUrHokfTGh5XPCgj6s8AbMSxcfyDFbClbPXz2UTxOfxUUqUwQD
fNYAITCobk1HjKvWkcNR5QSJNYq4ao01bpSucoZ7Q/0fj75G09fwHa6xix+Av/CO
MAp8F7RWPmWqAsNQZAi3MmzHT7kMbjpBICE/wOS6D2dslpGciAZUmP47ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJeK7l+rmbY/u3Sz3xkwZljg75HMB8GA1UdIwQY
MBaAFHNzwf9VQD1HkjRkk/dp+NAzvvAsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzNQQl8xVkFQVWVTTkdTVDkybjQwRE8tOEN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8xYWZmMTAtZGQyOS00MzlmLThkMjMt
YmM5YTVmNjYwNWZjLzEvMGw0cnVYNnVadGotN2RMUGZHVEJtV09EdmtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8xYWZmMTAtZGQyOS00MzlmLThkMjMtYmM5YTVmNjYwNWZj
LzEvYzNQQl8xVkFQVWVTTkdTVDkybjQwRE8tOEN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ebLMA0G
CSqGSIb3DQEBCwUAA4IBAQBIg4h+adqC+DoQgQFpptd1FiGh5xxTGqkWKY+z0T4u
knWzdcGv4StUZVqyXEwD7a38y9pkHTqWmeFn2Kr76o8eWOGO67M7kpQT6iNs0wiF
haizHpiG0OL3gY1WLI2/nWg6D0wx7KrNwZHPYDbLOw3hkXErSgXkvGsRHcQFYO3a
wCXvls906dqQrsjLmD/87iqzNvSvTFmBU1RixSjIn471GrNiNOadfsNvnDE5Fl8I
L3wjKX9ufq+Z54+NrtMqMNCB8yBf87KcGg1gMP7w5uraKoawsl6oz8KjAL/OVnNe
Slbe5KK76GkOwJfqHxoC0R6HKQwOOmJm7xYJAquzeodM
-----END CERTIFICATE-----
Generated at Thu Nov 21 23:49:39 2024 by rpki-client on console-ams.rpki-client.org