Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/nrfRU41c1HJ_3px9syP-SKCxxS8.roa
File:                     nrfRU41c1HJ_3px9syP-SKCxxS8.roa (raw, json)
Hash identifier:          iGmF5sRlJj4OkJEFWlWXo8D5pbxAC9e9ayC3oxy+7K8=
Subject key identifier:   9E:B7:D1:53:8D:5C:D4:72:7F:DE:9C:7D:B3:23:FE:48:A0:B1:C5:2F
Certificate issuer:       /CN=fce4f396729bf478e636549821f6f6970d893f52
Certificate serial:       018DD57FF1D9727112E22E668E44C7539168
Authority key identifier: FC:E4:F3:96:72:9B:F4:78:E6:36:54:98:21:F6:F6:97:0D:89:3F:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_OTzlnKb9HjmNlSYIfb2lw2JP1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/nrfRU41c1HJ_3px9syP-SKCxxS8.roa
Signing time:             Fri 23 Feb 2024 10:25:48 +0000
ROA not before:           Fri 23 Feb 2024 10:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47648
IP address blocks:        152.89.188.0/22 maxlen: 24
                          185.239.196.0/22 maxlen: 24
                          195.68.248.0/23 maxlen: 24
                          195.68.254.0/23 maxlen: 24
                          2a0c:6180::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/_OTzlnKb9HjmNlSYIfb2lw2JP1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/_OTzlnKb9HjmNlSYIfb2lw2JP1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_OTzlnKb9HjmNlSYIfb2lw2JP1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:7f:f1:d9:72:71:12:e2:2e:66:8e:44:c7:53:91:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fce4f396729bf478e636549821f6f6970d893f52
        Validity
            Not Before: Feb 23 10:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eb7d1538d5cd4727fde9c7db323fe48a0b1c52f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:34:34:2f:12:a3:cd:96:c8:f3:b7:df:ab:0b:
                    4d:c2:57:50:64:bb:a7:4b:cf:86:68:ec:25:f7:28:
                    8c:4b:69:47:ef:1a:68:b5:bd:20:0c:39:ea:6b:6a:
                    86:c9:d9:83:15:cd:4c:ac:41:48:18:d6:fe:77:80:
                    ac:99:f2:25:71:58:ca:6c:ce:c5:bf:f8:d8:7a:e3:
                    85:45:a4:53:1c:58:b5:0e:09:80:3f:f7:53:23:bf:
                    75:5f:f7:12:ab:82:7d:e6:a0:48:66:e9:f4:64:04:
                    38:aa:ba:1f:87:4c:af:6d:1e:db:9c:5f:a8:70:c4:
                    4a:bd:f4:94:89:8b:83:49:df:9d:c8:c8:70:42:00:
                    3e:98:65:d2:7e:85:09:69:9a:9a:80:a2:12:0d:a5:
                    ce:48:f9:e5:b6:70:96:df:90:93:b4:12:a0:30:14:
                    6d:e7:c3:f9:e6:c7:f0:57:d8:a2:0f:33:79:48:b2:
                    5a:46:d2:ac:98:28:d1:1e:12:be:ed:68:62:34:8a:
                    2a:c4:30:77:dd:e2:4a:a8:38:ee:61:c4:0e:81:9d:
                    28:fe:9f:05:0a:42:a7:95:fc:3a:c4:b4:ed:da:f1:
                    3d:d4:72:25:ae:e7:85:e0:9d:60:e3:97:20:89:55:
                    26:db:92:a7:52:d2:9b:01:a8:3f:33:21:d2:7d:53:
                    a6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:B7:D1:53:8D:5C:D4:72:7F:DE:9C:7D:B3:23:FE:48:A0:B1:C5:2F
            X509v3 Authority Key Identifier:
                keyid:FC:E4:F3:96:72:9B:F4:78:E6:36:54:98:21:F6:F6:97:0D:89:3F:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_OTzlnKb9HjmNlSYIfb2lw2JP1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/nrfRU41c1HJ_3px9syP-SKCxxS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/36275e-6759-4d52-b2d1-8c70de9e9b9d/1/_OTzlnKb9HjmNlSYIfb2lw2JP1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.188.0/22
                  185.239.196.0/22
                  195.68.248.0/23
                  195.68.254.0/23
                IPv6:
                  2a0c:6180::/29

    Signature Algorithm: sha256WithRSAEncryption
         d6:76:7f:00:49:cb:ec:f5:78:2a:76:02:2e:87:66:2f:a0:ab:
         62:65:f1:31:c5:3d:be:b7:5d:a6:d3:df:f2:b2:e0:05:5d:05:
         63:90:50:f2:dc:bd:cf:5e:91:7c:3e:da:8c:b2:f3:df:77:99:
         18:59:39:3c:e1:75:fb:ca:47:f6:e5:8f:c1:df:e8:04:e2:5e:
         a8:55:52:c5:6e:f6:16:45:db:26:e2:ec:f4:55:0b:28:ad:8e:
         e1:64:aa:3b:87:2e:10:21:d0:5f:f5:b3:0b:ad:5a:f2:a5:3d:
         32:1b:b2:15:97:56:05:80:75:f3:b7:9b:50:97:a8:ff:91:a9:
         94:bb:92:8e:21:9f:d2:84:7a:4f:14:ce:45:5e:50:88:fe:b5:
         a6:1a:0d:bf:f0:1a:c5:1a:d7:33:25:90:aa:2e:98:b1:f3:d9:
         3a:55:04:bd:4e:03:4b:fb:e6:ec:7f:9b:b1:e6:c5:59:7d:ff:
         53:a5:e7:85:c0:47:71:02:e0:2a:e8:2b:01:f7:a6:26:9c:14:
         ac:12:71:b9:fe:bd:ef:69:6a:58:24:bc:be:d3:4c:f4:10:f2:
         1c:30:1f:0c:4e:87:e6:f8:ae:e3:00:2d:05:53:58:43:c9:64:
         f1:e8:ac:08:de:21:57:8f:f3:6d:8f:92:02:74:a8:a9:84:4d:
         1d:34:ab:34
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY3Vf/HZcnES4i5mjkTHU5FoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZTRmMzk2NzI5YmY0NzhlNjM2NTQ5ODIxZjZmNjk3MGQ4
OTNmNTIwHhcNMjQwMjIzMTAyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWI3ZDE1MzhkNWNkNDcyN2ZkZTljN2RiMzIzZmU0OGEwYjFjNTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjQ0LxKjzZbI87ffqwtNwldQZLun
S8+GaOwl9yiMS2lH7xpotb0gDDnqa2qGydmDFc1MrEFIGNb+d4CsmfIlcVjKbM7F
v/jYeuOFRaRTHFi1DgmAP/dTI791X/cSq4J95qBIZun0ZAQ4qrofh0yvbR7bnF+o
cMRKvfSUiYuDSd+dyMhwQgA+mGXSfoUJaZqagKISDaXOSPnltnCW35CTtBKgMBRt
58P55sfwV9iiDzN5SLJaRtKsmCjRHhK+7WhiNIoqxDB33eJKqDjuYcQOgZ0o/p8F
CkKnlfw6xLTt2vE91HIlrueF4J1g45cgiVUm25KnUtKbAag/MyHSfVOmXwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJ630VONXNRyf96cfbMj/kigscUvMB8GA1UdIwQY
MBaAFPzk85Zym/R45jZUmCH29pcNiT9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX09UemxuS2I5SGptTmxTWUlmYjJsdzJKUDFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zNjI3NWUtNjc1OS00ZDUyLWIyZDEt
OGM3MGRlOWU5YjlkLzEvbnJmUlU0MWMxSEpfM3B4OXN5UC1TS0N4eFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zNjI3NWUtNjc1OS00ZDUyLWIyZDEtOGM3MGRlOWU5Yjlk
LzEvX09UemxuS2I5SGptTmxTWUlmYjJsdzJKUDFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCmFm8AwQC
ue/EAwQBw0T4AwQBw0T+MA0EAgACMAcDBQMqDGGAMA0GCSqGSIb3DQEBCwUAA4IB
AQDWdn8AScvs9XgqdgIuh2YvoKtiZfExxT2+t12m09/ysuAFXQVjkFDy3L3PXpF8
PtqMsvPfd5kYWTk84XX7ykf25Y/B3+gE4l6oVVLFbvYWRdsm4uz0VQsorY7hZKo7
hy4QIdBf9bMLrVrypT0yG7IVl1YFgHXzt5tQl6j/kamUu5KOIZ/ShHpPFM5FXlCI
/rWmGg2/8BrFGtczJZCqLpix89k6VQS9TgNL++bsf5ux5sVZff9TpeeFwEdxAuAq
6CsB96YmnBSsEnG5/r3vaWpYJLy+00z0EPIcMB8MTofm+K7jAC0FU1hDyWTx6KwI
3iFXj/Ntj5ICdKiphE0dNKs0
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:41:21 2024 by rpki-client on console-ams.rpki-client.org