Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/p9Bx6-80Z5u_nVEX6cPclfGKy44.roa
File:                     p9Bx6-80Z5u_nVEX6cPclfGKy44.roa (raw, json)
Hash identifier:          FO0CDO5/eLT4T8N64qjY/znyGnOT32AUzGq1jdCfiNs=
Subject key identifier:   A7:D0:71:EB:EF:34:67:9B:BF:9D:51:17:E9:C3:DC:95:F1:8A:CB:8E
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B7D6426E599D2DD17C38C51A0C8A
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/p9Bx6-80Z5u_nVEX6cPclfGKy44.roa
Signing time:             Mon 01 Jan 2024 20:29:38 +0000
ROA not before:           Mon 01 Jan 2024 20:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64433
IP address blocks:        213.108.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b7:d6:42:6e:59:9d:2d:d1:7c:38:c5:1a:0c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7d071ebef34679bbf9d5117e9c3dc95f18acb8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e8:13:e4:73:ab:1f:7b:3b:b5:b7:d2:8c:57:
                    70:69:a6:87:02:f4:93:f0:d2:2c:bf:75:82:1d:98:
                    8c:4a:75:aa:71:00:d2:bb:1b:4c:cf:bb:6b:8c:ba:
                    18:47:d0:ba:a5:73:67:1e:16:0f:ea:da:08:2a:80:
                    d7:8b:85:e7:ba:4a:eb:5f:b5:60:3e:ae:15:c2:bb:
                    85:5b:57:b6:7a:97:39:fe:55:c4:e2:fe:27:5d:4b:
                    24:16:ef:fb:23:85:a0:6b:21:75:ab:b7:d7:5f:75:
                    79:55:e7:b7:12:e2:3b:49:06:fa:87:ef:5b:06:e8:
                    75:cf:d1:d3:63:cc:88:80:89:65:b9:7b:58:bf:6a:
                    0c:11:76:fd:68:62:6b:95:f0:01:52:4d:8f:9b:6c:
                    d4:17:34:e7:16:cc:22:03:a1:10:44:57:1e:14:90:
                    31:c5:90:c1:f0:0e:eb:22:4f:f9:35:a9:fc:1b:96:
                    d2:62:b7:6d:c4:33:45:75:ef:88:eb:0f:ee:e5:99:
                    b6:a6:05:d2:e5:6e:02:3d:84:49:6f:57:e1:92:2e:
                    bc:a7:57:b5:be:dc:9e:d1:f6:3b:d1:a2:1f:63:a9:
                    89:a0:7a:f0:36:33:d7:c4:55:b8:95:01:06:67:64:
                    ee:c4:3e:12:b9:1e:28:fe:45:fe:29:56:07:1e:25:
                    a1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:D0:71:EB:EF:34:67:9B:BF:9D:51:17:E9:C3:DC:95:F1:8A:CB:8E
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/p9Bx6-80Z5u_nVEX6cPclfGKy44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:5c:54:a8:ad:14:c2:5c:88:6d:6f:f7:f7:fd:4e:92:e2:92:
         bd:1c:78:dd:30:34:0e:cd:bd:41:e9:eb:fc:9b:03:cc:fc:26:
         7e:27:a1:7e:55:45:fa:3b:2c:e0:0c:a2:f2:74:95:f8:da:3f:
         5d:1d:74:09:d4:ba:3a:81:92:e3:8b:c9:69:71:ed:d0:98:ab:
         db:e3:21:ce:71:fe:47:07:fe:f3:ca:ce:a6:1c:a0:08:d7:be:
         7d:10:73:65:57:c8:0d:0c:99:ad:5e:bd:77:ab:e0:94:45:db:
         9e:77:fa:6e:18:08:b4:26:9b:63:c6:31:31:9f:84:64:d5:7c:
         49:d7:24:fb:b6:27:ca:10:a9:83:47:4c:24:2b:d7:28:a6:4f:
         5d:66:93:fe:14:ae:f9:eb:fe:c6:c6:b7:ba:2f:0f:06:2c:0e:
         2a:23:24:d7:09:9d:a6:0b:7e:f5:4d:df:2f:3c:ea:c4:d5:83:
         2b:99:34:de:20:a4:b8:5a:80:ef:39:3c:82:26:e9:48:d1:a9:
         d2:19:f3:b2:69:99:99:7a:8b:bf:1b:20:5c:6b:cd:58:81:f8:
         b6:1a:64:92:03:97:b8:ce:54:22:0d:04:97:11:aa:ac:2c:0c:
         36:05:72:d0:92:fc:28:be:34:ee:4e:11:96:8e:3d:e5:f0:45:
         f1:d4:14:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7fWQm5ZnS3RfDjFGgyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2QwNzFlYmVmMzQ2NzliYmY5ZDUxMTdlOWMzZGM5NWYxOGFjYjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtegT5HOrH3s7tbfSjFdwaaaHAvST
8NIsv3WCHZiMSnWqcQDSuxtMz7trjLoYR9C6pXNnHhYP6toIKoDXi4XnukrrX7Vg
Pq4VwruFW1e2epc5/lXE4v4nXUskFu/7I4WgayF1q7fXX3V5Vee3EuI7SQb6h+9b
Buh1z9HTY8yIgIlluXtYv2oMEXb9aGJrlfABUk2Pm2zUFzTnFswiA6EQRFceFJAx
xZDB8A7rIk/5Nan8G5bSYrdtxDNFde+I6w/u5Zm2pgXS5W4CPYRJb1fhki68p1e1
vtye0fY70aIfY6mJoHrwNjPXxFW4lQEGZ2TuxD4SuR4o/kX+KVYHHiWh4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfQcevvNGebv51RF+nD3JXxisuOMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvcDlCeDYtODBaNXVfblZFWDZjUGNsZkdLeTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WwHMA0G
CSqGSIb3DQEBCwUAA4IBAQA4XFSorRTCXIhtb/f3/U6S4pK9HHjdMDQOzb1B6ev8
mwPM/CZ+J6F+VUX6OyzgDKLydJX42j9dHXQJ1Lo6gZLji8lpce3QmKvb4yHOcf5H
B/7zys6mHKAI1759EHNlV8gNDJmtXr13q+CURdued/puGAi0JptjxjExn4Rk1XxJ
1yT7tifKEKmDR0wkK9copk9dZpP+FK756/7Gxre6Lw8GLA4qIyTXCZ2mC371Td8v
POrE1YMrmTTeIKS4WoDvOTyCJulI0anSGfOyaZmZeou/GyBca81Ygfi2GmSSA5e4
zlQiDQSXEaqsLAw2BXLQkvwovjTuThGWjj3l8EXx1BTT
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:47:27 2024 by rpki-client on console-fra.rpki-client.org