Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/0EzAA4zN-dlLdRFglRKU0um_ZYE.roa
File:                     0EzAA4zN-dlLdRFglRKU0um_ZYE.roa (raw, json)
Hash identifier:          j9YZicJRj7jMbV/PNTlBrMjavCQfC8Z3z5xnGg0ya3M=
Subject key identifier:   D0:4C:C0:03:8C:CD:F9:D9:4B:75:11:60:95:12:94:D2:E9:BF:65:81
Certificate issuer:       /CN=f23258aa6b83ec9fb7be966c626a9166781c7f3b
Certificate serial:       018CC6B7BA51EF26B2D22537F7D979A29D43
Authority key identifier: F2:32:58:AA:6B:83:EC:9F:B7:BE:96:6C:62:6A:91:66:78:1C:7F:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8jJYqmuD7J-3vpZsYmqRZngcfzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/0EzAA4zN-dlLdRFglRKU0um_ZYE.roa
Signing time:             Mon 01 Jan 2024 20:29:38 +0000
ROA not before:           Mon 01 Jan 2024 20:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        155.105.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/8jJYqmuD7J-3vpZsYmqRZngcfzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/8jJYqmuD7J-3vpZsYmqRZngcfzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8jJYqmuD7J-3vpZsYmqRZngcfzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ba:51:ef:26:b2:d2:25:37:f7:d9:79:a2:9d:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f23258aa6b83ec9fb7be966c626a9166781c7f3b
        Validity
            Not Before: Jan  1 20:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d04cc0038ccdf9d94b751160951294d2e9bf6581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3a:6e:29:69:61:c0:de:95:9e:34:46:11:e5:
                    3e:4d:a5:6a:07:ff:9b:d1:3a:e7:47:cb:1f:c1:1e:
                    be:c9:6a:12:76:2f:9c:c3:ce:ab:30:af:03:97:4f:
                    11:7a:24:fc:a1:30:e9:d9:1f:e7:80:38:4a:18:4f:
                    5f:80:bd:c5:4e:0c:4a:65:30:94:cd:c8:de:c2:e1:
                    f0:cc:21:86:86:37:f8:d5:2c:0e:89:4d:c7:7a:f8:
                    01:7b:96:bd:39:31:97:e5:14:c1:1f:70:50:df:87:
                    02:62:7a:df:38:16:96:8d:f7:7e:6a:f2:f6:02:8e:
                    b7:1c:20:1b:6b:35:6d:dd:dd:40:40:77:c4:90:11:
                    f3:2f:be:c9:0f:90:f5:40:9f:1c:14:42:21:bd:34:
                    95:8a:91:3a:8b:da:9d:57:db:26:82:64:a3:55:fe:
                    9a:c3:60:ce:22:58:e4:62:5b:b1:d9:77:0c:61:8c:
                    e9:f3:c6:91:6e:9c:aa:a6:ec:1b:f5:c0:b5:f3:41:
                    cf:3c:91:8b:b0:fd:a7:72:8d:ea:0b:2a:e0:75:ef:
                    5d:54:56:d4:d3:46:67:ac:b3:08:56:82:61:d9:18:
                    89:84:b9:6f:b9:6c:d2:ed:34:96:64:23:12:99:5d:
                    f3:4f:09:86:20:55:42:63:64:5d:7f:2d:23:f1:ff:
                    be:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:4C:C0:03:8C:CD:F9:D9:4B:75:11:60:95:12:94:D2:E9:BF:65:81
            X509v3 Authority Key Identifier:
                keyid:F2:32:58:AA:6B:83:EC:9F:B7:BE:96:6C:62:6A:91:66:78:1C:7F:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8jJYqmuD7J-3vpZsYmqRZngcfzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/0EzAA4zN-dlLdRFglRKU0um_ZYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/48c3a8-b954-41c9-bd23-712fcfa441e4/1/8jJYqmuD7J-3vpZsYmqRZngcfzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.105.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         19:64:11:7d:4f:25:96:7c:97:cc:74:bb:92:ae:7f:94:e2:53:
         03:7f:13:ef:20:6b:ee:ec:aa:9f:ac:00:6d:fc:0e:c0:82:7a:
         ea:f8:19:b9:23:f1:04:0b:c2:9e:f1:36:21:8d:d4:f6:25:bc:
         ed:c0:e7:94:4a:23:e6:4b:13:ea:b8:ad:30:78:91:4b:e2:64:
         c2:5a:a8:d2:8a:a8:b5:6b:41:a6:84:c6:6f:4b:e4:33:94:53:
         52:c2:1f:70:04:84:d5:d8:10:d4:4a:7c:16:e4:34:71:d6:30:
         d2:5b:eb:87:70:c6:2d:d2:42:e1:91:84:d6:7e:47:63:f4:64:
         36:5f:c3:a4:6b:07:9a:2f:c8:2c:05:2a:fb:37:fa:b4:cd:ae:
         68:3e:e9:fc:bb:27:b7:87:71:8d:3b:e7:0c:ef:e4:51:a2:f9:
         b9:73:8c:02:77:9a:a8:64:d9:20:8c:10:b0:c7:61:0d:d8:b5:
         49:7e:16:08:ec:6f:b6:d1:40:51:59:86:73:e8:a8:2d:39:b2:
         86:c4:0a:fc:3b:f5:fc:d0:93:6d:98:a6:c8:58:ae:aa:22:4b:
         54:fa:6c:21:72:64:d2:26:7a:a4:3d:b6:7c:44:7e:e7:6e:23:
         a0:35:c0:7b:66:c0:f1:fa:49:ea:7a:84:59:c9:aa:c9:78:85:
         33:f7:28:54
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGt7pR7yay0iU399l5op1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMzI1OGFhNmI4M2VjOWZiN2JlOTY2YzYyNmE5MTY2Nzgx
YzdmM2IwHhcNMjQwMTAxMjAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDRjYzAwMzhjY2RmOWQ5NGI3NTExNjA5NTEyOTRkMmU5YmY2NTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTpuKWlhwN6VnjRGEeU+TaVqB/+b
0TrnR8sfwR6+yWoSdi+cw86rMK8Dl08ReiT8oTDp2R/ngDhKGE9fgL3FTgxKZTCU
zcjewuHwzCGGhjf41SwOiU3HevgBe5a9OTGX5RTBH3BQ34cCYnrfOBaWjfd+avL2
Ao63HCAbazVt3d1AQHfEkBHzL77JD5D1QJ8cFEIhvTSVipE6i9qdV9smgmSjVf6a
w2DOIljkYlux2XcMYYzp88aRbpyqpuwb9cC180HPPJGLsP2nco3qCyrgde9dVFbU
00ZnrLMIVoJh2RiJhLlvuWzS7TSWZCMSmV3zTwmGIFVCY2Rdfy0j8f++LQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNBMwAOMzfnZS3URYJUSlNLpv2WBMB8GA1UdIwQY
MBaAFPIyWKprg+yft76WbGJqkWZ4HH87MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGpKWXFtdUQ3Si0zdnBac1ltcVJabmdjZnpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC80OGMzYTgtYjk1NC00MWM5LWJkMjMt
NzEyZmNmYTQ0MWU0LzEvMEV6QUE0ek4tZGxMZFJGZ2xSS1UwdW1fWllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC80OGMzYTgtYjk1NC00MWM5LWJkMjMtNzEyZmNmYTQ0MWU0
LzEvOGpKWXFtdUQ3Si0zdnBac1ltcVJabmdjZnpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAm2kwDQYJ
KoZIhvcNAQELBQADggEBABlkEX1PJZZ8l8x0u5Kuf5TiUwN/E+8ga+7sqp+sAG38
DsCCeur4Gbkj8QQLwp7xNiGN1PYlvO3A55RKI+ZLE+q4rTB4kUviZMJaqNKKqLVr
QaaExm9L5DOUU1LCH3AEhNXYENRKfBbkNHHWMNJb64dwxi3SQuGRhNZ+R2P0ZDZf
w6RrB5ovyCwFKvs3+rTNrmg+6fy7J7eHcY075wzv5FGi+blzjAJ3mqhk2SCMELDH
YQ3YtUl+Fgjsb7bRQFFZhnPoqC05sobECvw79fzQk22YpshYrqoiS1T6bCFyZNIm
eqQ9tnxEfuduI6A1wHtmwPH6Sep6hFnJqsl4hTP3KFQ=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:24:00 2024 by rpki-client on console-ams.rpki-client.org