Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/s9WKQnd3NhNHInOPDGp3V3Ued38.roa
File:                     s9WKQnd3NhNHInOPDGp3V3Ued38.roa (raw, json)
Hash identifier:          tukgbIASc1K2v/SIA39PTNLO6mR0KixlqNuWjqLUG7s=
Subject key identifier:   B3:D5:8A:42:77:77:36:13:47:22:73:8F:0C:6A:77:57:75:1E:77:7F
Certificate issuer:       /CN=7c1bbb08037a876230406fa67379f980b5ab3276
Certificate serial:       018CC424A50AB6A2EB9D0F9546C5B6F828EF
Authority key identifier: 7C:1B:BB:08:03:7A:87:62:30:40:6F:A6:73:79:F9:80:B5:AB:32:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fBu7CAN6h2IwQG-mc3n5gLWrMnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/s9WKQnd3NhNHInOPDGp3V3Ued38.roa
Signing time:             Mon 01 Jan 2024 08:29:44 +0000
ROA not before:           Mon 01 Jan 2024 08:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        46.175.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/fBu7CAN6h2IwQG-mc3n5gLWrMnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/fBu7CAN6h2IwQG-mc3n5gLWrMnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fBu7CAN6h2IwQG-mc3n5gLWrMnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:a5:0a:b6:a2:eb:9d:0f:95:46:c5:b6:f8:28:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c1bbb08037a876230406fa67379f980b5ab3276
        Validity
            Not Before: Jan  1 08:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3d58a42777736134722738f0c6a7757751e777f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:02:3c:22:55:04:9d:46:d3:e9:a7:5c:68:b3:
                    d0:48:a0:a8:34:1f:54:70:ce:8d:b0:59:2f:b6:8c:
                    2a:c4:de:ec:f5:1e:70:84:88:f8:62:e9:5a:61:18:
                    19:c4:78:92:39:1a:b6:73:e6:de:cb:b6:47:6d:e9:
                    1d:46:2c:f2:04:3e:e7:f0:f9:10:99:6d:50:4c:4e:
                    99:32:1f:42:f5:25:f2:1e:f5:31:08:c8:ac:0d:d2:
                    55:ad:39:2a:15:53:42:3c:2d:37:a7:98:a6:2f:83:
                    bc:3a:8c:d0:19:43:ab:01:15:00:4f:42:0d:3c:6c:
                    2c:ef:06:b1:b9:4d:1b:b6:02:9f:db:fb:86:e5:15:
                    1e:a2:01:2f:cb:f3:a7:e8:cf:ae:84:75:f7:58:1b:
                    cb:40:8c:86:f4:e4:c7:ea:6c:d6:f0:c6:c8:4b:c5:
                    f5:2e:b2:df:ac:e2:32:03:f7:4c:2d:4c:32:5f:42:
                    30:d3:41:54:5f:b4:52:f2:79:2b:21:f9:31:20:64:
                    cc:4e:e0:4d:66:72:f8:ea:44:dd:ae:7c:0f:3f:70:
                    24:35:81:af:6d:4a:14:d3:13:b8:2e:c3:5e:94:b0:
                    82:38:52:08:a8:34:b3:d4:67:59:c2:c1:b4:2c:5d:
                    28:c1:71:8f:77:e7:bc:b6:da:09:c1:30:56:a2:9b:
                    94:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D5:8A:42:77:77:36:13:47:22:73:8F:0C:6A:77:57:75:1E:77:7F
            X509v3 Authority Key Identifier:
                keyid:7C:1B:BB:08:03:7A:87:62:30:40:6F:A6:73:79:F9:80:B5:AB:32:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fBu7CAN6h2IwQG-mc3n5gLWrMnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/s9WKQnd3NhNHInOPDGp3V3Ued38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/aca99b-82af-4aba-9967-08d5cd16f549/1/fBu7CAN6h2IwQG-mc3n5gLWrMnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:b6:2d:28:86:a2:bd:74:f3:7b:0e:39:ef:8e:d6:51:ce:7f:
         0d:6f:34:c0:69:f8:a1:ca:6d:ee:42:d4:2e:f2:31:88:1d:dc:
         f3:ae:99:38:bb:0c:b1:f8:54:7c:c4:69:90:22:71:63:7a:99:
         32:f9:80:bf:89:48:d4:58:19:26:b1:e2:2e:5d:1c:ab:98:bb:
         bc:3e:a7:a2:62:ce:b5:4f:5c:2a:2d:fa:2d:f4:ac:7f:fb:9d:
         41:da:7c:ed:2d:1c:66:22:2b:e4:39:a2:0f:67:ab:81:2c:14:
         f4:0d:83:f4:a2:66:da:62:db:80:2f:d1:9c:2a:24:16:83:32:
         ee:2b:5a:45:fd:7b:4d:85:8b:81:d9:c3:83:4e:40:8c:ed:cd:
         c3:fe:66:dd:41:dd:d2:0f:b0:77:6a:03:66:d5:b0:2e:bd:24:
         e1:3e:83:13:8c:0f:d5:4c:b0:6d:32:ad:f8:df:54:19:01:39:
         73:80:2d:93:5c:6c:66:24:91:51:8c:2f:13:87:f4:0f:92:3f:
         19:93:70:db:6d:3f:ef:d2:6f:44:1a:29:95:13:f6:72:80:33:
         c6:3d:e4:f9:15:c7:a7:49:e3:9f:f2:d0:83:41:33:f0:de:03:
         75:8b:f5:a3:04:92:99:b5:42:89:62:ea:57:1c:a9:7e:59:5f:
         6f:34:5a:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJKUKtqLrnQ+VRsW2+CjvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMWJiYjA4MDM3YTg3NjIzMDQwNmZhNjczNzlmOTgwYjVh
YjMyNzYwHhcNMjQwMTAxMDgyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Q1OGE0Mjc3NzczNjEzNDcyMjczOGYwYzZhNzc1Nzc1MWU3NzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogI8IlUEnUbT6adcaLPQSKCoNB9U
cM6NsFkvtowqxN7s9R5whIj4YulaYRgZxHiSORq2c+bey7ZHbekdRizyBD7n8PkQ
mW1QTE6ZMh9C9SXyHvUxCMisDdJVrTkqFVNCPC03p5imL4O8OozQGUOrARUAT0IN
PGws7waxuU0btgKf2/uG5RUeogEvy/On6M+uhHX3WBvLQIyG9OTH6mzW8MbIS8X1
LrLfrOIyA/dMLUwyX0Iw00FUX7RS8nkrIfkxIGTMTuBNZnL46kTdrnwPP3AkNYGv
bUoU0xO4LsNelLCCOFIIqDSz1GdZwsG0LF0owXGPd+e8ttoJwTBWopuUiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPVikJ3dzYTRyJzjwxqd1d1Hnd/MB8GA1UdIwQY
MBaAFHwbuwgDeodiMEBvpnN5+YC1qzJ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkJ1N0NBTjZoMkl3UUctbWMzbjVnTFdyTW5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9hY2E5OWItODJhZi00YWJhLTk5Njct
MDhkNWNkMTZmNTQ5LzEvczlXS1FuZDNOaE5ISW5PUERHcDNWM1VlZDM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9hY2E5OWItODJhZi00YWJhLTk5NjctMDhkNWNkMTZmNTQ5
LzEvZkJ1N0NBTjZoMkl3UUctbWMzbjVnTFdyTW5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALq+DMA0G
CSqGSIb3DQEBCwUAA4IBAQBBti0ohqK9dPN7DjnvjtZRzn8NbzTAafihym3uQtQu
8jGIHdzzrpk4uwyx+FR8xGmQInFjepky+YC/iUjUWBkmseIuXRyrmLu8PqeiYs61
T1wqLfot9Kx/+51B2nztLRxmIivkOaIPZ6uBLBT0DYP0ombaYtuAL9GcKiQWgzLu
K1pF/XtNhYuB2cODTkCM7c3D/mbdQd3SD7B3agNm1bAuvSThPoMTjA/VTLBtMq34
31QZATlzgC2TXGxmJJFRjC8Th/QPkj8Zk3DbbT/v0m9EGimVE/ZygDPGPeT5Fcen
SeOf8tCDQTPw3gN1i/WjBJKZtUKJYupXHKl+WV9vNFrT
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:06:55 2024 by rpki-client on console-ams.rpki-client.org