Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/9BxBndiqYr4MwLlO9E2Jx-HT_8Y.roa
File:                     9BxBndiqYr4MwLlO9E2Jx-HT_8Y.roa (raw, json)
Hash identifier:          j7yNTX7kOc7BAsafYeYpqUrLhoOtd+Ed2CLp0et1nkY=
Subject key identifier:   F4:1C:41:9D:D8:AA:62:BE:0C:C0:B9:4E:F4:4D:89:C7:E1:D3:FF:C6
Certificate issuer:       /CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
Certificate serial:       018CC94DEA82CECD4FB7A9F1343842BA052A
Authority key identifier: D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/9BxBndiqYr4MwLlO9E2Jx-HT_8Y.roa
Signing time:             Tue 02 Jan 2024 08:32:55 +0000
ROA not before:           Tue 02 Jan 2024 08:32:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49737
IP address blocks:        89.25.32.0/24 maxlen: 24
                          89.25.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ea:82:ce:cd:4f:b7:a9:f1:34:38:42:ba:05:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d07d7573aacae821c87d6d36431cfe4b2801ab41
        Validity
            Not Before: Jan  2 08:32:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f41c419dd8aa62be0cc0b94ef44d89c7e1d3ffc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:96:dd:c7:40:93:d4:eb:6a:ed:64:dd:bd:02:
                    54:07:78:65:75:56:05:1b:87:f3:f3:39:46:0c:96:
                    f7:b0:6f:77:53:21:45:9f:53:44:72:7d:12:d9:81:
                    fc:04:68:1f:57:3d:74:0d:63:67:02:f5:ce:c5:29:
                    18:e0:d2:8a:44:5c:4d:12:37:2b:e6:3e:0b:18:ee:
                    90:09:58:7c:ab:93:97:63:64:c0:68:c0:6f:63:4b:
                    8c:3d:96:df:f3:7f:56:b4:fd:06:30:05:fb:c3:b0:
                    61:12:81:68:7e:54:ba:c4:47:64:2d:4d:5b:78:ea:
                    95:d1:b1:73:fd:17:2c:9c:79:66:fd:ea:78:69:4f:
                    e4:1d:84:ad:4d:5f:a5:a9:4e:2d:6b:20:51:80:4b:
                    9f:0d:8f:77:02:a0:69:2d:dd:6d:4e:22:ec:0d:47:
                    83:7d:4f:09:8c:f8:41:a3:6a:c6:4e:b3:50:df:67:
                    63:d2:e4:d7:4a:f2:99:6d:ba:a2:37:3f:0d:c2:21:
                    b0:11:0c:06:8e:9a:e8:7e:f1:47:87:e7:c8:a3:ec:
                    28:11:f2:04:8e:4b:1d:49:be:a6:b5:34:71:a0:02:
                    6b:48:ff:f8:67:df:1e:40:8f:43:13:3c:8f:6d:8b:
                    0c:11:df:90:7c:17:d4:be:e0:b9:0c:6c:5a:70:07:
                    8b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1C:41:9D:D8:AA:62:BE:0C:C0:B9:4E:F4:4D:89:C7:E1:D3:FF:C6
            X509v3 Authority Key Identifier:
                keyid:D0:7D:75:73:AA:CA:E8:21:C8:7D:6D:36:43:1C:FE:4B:28:01:AB:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0H11c6rK6CHIfW02Qxz-SygBq0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/9BxBndiqYr4MwLlO9E2Jx-HT_8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/5725cc-ad70-46f8-bb62-cf9dc5baaa79/1/0H11c6rK6CHIfW02Qxz-SygBq0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.25.32.0/24
                  89.25.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:a4:f0:a1:7b:2e:67:6f:3e:aa:cd:6f:30:d6:ea:c4:6a:ec:
         af:4a:25:62:a8:64:bd:9c:2c:11:6b:1a:c5:0d:36:6c:17:12:
         5f:34:c7:14:97:a2:33:e1:58:bb:0a:c2:ce:d5:43:ee:f7:26:
         24:50:95:1d:26:07:1e:ba:69:17:8b:5e:e5:60:ce:34:51:0d:
         cc:9f:35:b1:30:b0:15:84:38:96:58:32:13:d1:a6:96:8d:61:
         ee:fc:6b:02:fd:24:49:62:ca:be:79:1f:a1:f6:14:33:0a:b0:
         2f:96:45:66:2d:d3:0c:ce:d1:dc:74:58:26:28:ec:43:86:9d:
         71:33:3b:63:df:ff:75:e4:59:f4:d3:73:24:37:74:0a:47:db:
         80:7f:c9:d0:a4:dc:aa:04:f1:f3:e1:ce:be:f8:a8:e8:e2:27:
         ae:1d:68:99:fe:ae:e6:9e:38:4c:09:5b:06:fe:31:dd:d5:af:
         fa:c1:1b:23:cf:dc:3b:45:3f:a2:ad:ca:21:a4:9d:9a:36:1b:
         46:4b:5a:20:dc:bb:1d:5c:43:b4:ab:c3:a9:19:51:a9:79:93:
         a2:2d:af:e3:29:b9:a5:fc:71:88:66:0a:31:96:ff:f8:af:d8:
         26:ec:15:8f:e0:25:60:e0:cb:89:5f:7b:c3:2b:45:6f:39:18:
         c8:9d:c3:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTeqCzs1Pt6nxNDhCugUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwN2Q3NTczYWFjYWU4MjFjODdkNmQzNjQzMWNmZTRiMjgw
MWFiNDEwHhcNMjQwMTAyMDgzMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDFjNDE5ZGQ4YWE2MmJlMGNjMGI5NGVmNDRkODljN2UxZDNmZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZbdx0CT1Otq7WTdvQJUB3hldVYF
G4fz8zlGDJb3sG93UyFFn1NEcn0S2YH8BGgfVz10DWNnAvXOxSkY4NKKRFxNEjcr
5j4LGO6QCVh8q5OXY2TAaMBvY0uMPZbf839WtP0GMAX7w7BhEoFoflS6xEdkLU1b
eOqV0bFz/RcsnHlm/ep4aU/kHYStTV+lqU4tayBRgEufDY93AqBpLd1tTiLsDUeD
fU8JjPhBo2rGTrNQ32dj0uTXSvKZbbqiNz8NwiGwEQwGjprofvFHh+fIo+woEfIE
jksdSb6mtTRxoAJrSP/4Z98eQI9DEzyPbYsMEd+QfBfUvuC5DGxacAeL+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPQcQZ3YqmK+DMC5TvRNicfh0//GMB8GA1UdIwQY
MBaAFNB9dXOqyughyH1tNkMc/ksoAatBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjIt
Y2Y5ZGM1YmFhYTc5LzEvOUJ4Qm5kaXFZcjRNd0xsTzlFMkp4LUhUXzhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81NzI1Y2MtYWQ3MC00NmY4LWJiNjItY2Y5ZGM1YmFhYTc5
LzEvMEgxMWM2cks2Q0hJZlcwMlF4ei1TeWdCcTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRkgAwQA
WRkwMA0GCSqGSIb3DQEBCwUAA4IBAQC7pPChey5nbz6qzW8w1urEauyvSiViqGS9
nCwRaxrFDTZsFxJfNMcUl6Iz4Vi7CsLO1UPu9yYkUJUdJgceumkXi17lYM40UQ3M
nzWxMLAVhDiWWDIT0aaWjWHu/GsC/SRJYsq+eR+h9hQzCrAvlkVmLdMMztHcdFgm
KOxDhp1xMztj3/915Fn003MkN3QKR9uAf8nQpNyqBPHz4c6++Kjo4ieuHWiZ/q7m
njhMCVsG/jHd1a/6wRsjz9w7RT+ircohpJ2aNhtGS1og3LsdXEO0q8OpGVGpeZOi
La/jKbml/HGIZgoxlv/4r9gm7BWP4CVg4MuJX3vDK0VvORjIncP1
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:05:12 2024 by rpki-client on console-ams.rpki-client.org