Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/O9z59kqaxoeNEuG-ii8R6h4FRnY.roa
File:                     O9z59kqaxoeNEuG-ii8R6h4FRnY.roa (raw, json)
Hash identifier:          1Xmf6rOdq4atnRQwEt1Axk/QormEa2i5I6TDkuA7Mqs=
Subject key identifier:   3B:DC:F9:F6:4A:9A:C6:87:8D:12:E1:BE:8A:2F:11:EA:1E:05:46:76
Certificate issuer:       /CN=fb236b213d56493f3b077e6b41f42e4f3df8cdce
Certificate serial:       018CC7940D45DE7961B1CF4027DB431C57AD
Authority key identifier: FB:23:6B:21:3D:56:49:3F:3B:07:7E:6B:41:F4:2E:4F:3D:F8:CD:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-yNrIT1WST87B35rQfQuTz34zc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/O9z59kqaxoeNEuG-ii8R6h4FRnY.roa
Signing time:             Tue 02 Jan 2024 00:30:17 +0000
ROA not before:           Tue 02 Jan 2024 00:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200611
IP address blocks:        80.210.80.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/1-yNrIT1WST87B35rQfQuTz34zc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/1-yNrIT1WST87B35rQfQuTz34zc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-yNrIT1WST87B35rQfQuTz34zc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:0d:45:de:79:61:b1:cf:40:27:db:43:1c:57:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb236b213d56493f3b077e6b41f42e4f3df8cdce
        Validity
            Not Before: Jan  2 00:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bdcf9f64a9ac6878d12e1be8a2f11ea1e054676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a2:d4:60:eb:c8:cf:59:92:ff:62:50:dd:43:
                    69:27:62:fd:86:2e:6d:24:54:48:9e:1b:b8:4e:69:
                    85:4b:c2:12:28:90:38:d5:23:d7:e8:d9:c7:da:41:
                    6d:fe:71:1c:a2:f9:f3:d3:29:9a:f1:23:8e:79:e5:
                    71:2a:a9:8c:f4:ec:29:33:22:20:35:b6:04:fa:bc:
                    f4:12:7e:5e:d4:a4:da:74:05:a3:67:96:bc:94:dc:
                    b0:02:5d:f6:7a:7e:ea:59:4f:5b:09:62:7b:48:ca:
                    91:f3:d5:9c:17:e6:38:31:f0:9d:8d:03:ea:af:3a:
                    ba:e7:63:02:51:c1:12:2b:f1:60:1e:f3:9b:e1:0d:
                    11:32:b2:34:96:66:fe:33:e1:f5:24:8a:d5:3c:ae:
                    ee:9a:28:9d:18:c1:26:d9:3e:92:94:a7:f7:76:7c:
                    96:d4:4c:a0:51:d9:e1:88:03:bc:f9:34:7e:91:f1:
                    19:04:7b:65:08:26:0a:06:10:9e:59:39:1a:9f:32:
                    98:59:c9:51:3b:6f:d7:ee:c6:71:d6:0f:c5:80:c9:
                    15:72:2f:0f:79:06:fc:1b:25:2e:6d:35:49:d1:00:
                    74:c5:c8:10:62:34:5c:b9:cd:81:cd:5e:d7:9f:07:
                    11:aa:5c:b3:c2:d8:b4:91:cc:8d:3c:67:2a:e8:e7:
                    13:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:DC:F9:F6:4A:9A:C6:87:8D:12:E1:BE:8A:2F:11:EA:1E:05:46:76
            X509v3 Authority Key Identifier:
                keyid:FB:23:6B:21:3D:56:49:3F:3B:07:7E:6B:41:F4:2E:4F:3D:F8:CD:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-yNrIT1WST87B35rQfQuTz34zc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/O9z59kqaxoeNEuG-ii8R6h4FRnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/20f4ac-80d9-40e2-a9e6-1c88eebeb293/1/1-yNrIT1WST87B35rQfQuTz34zc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.210.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a0:c8:0d:cb:8d:fd:88:f4:93:7e:c6:49:11:87:a9:e6:5e:d6:
         2a:1f:cb:90:2d:5c:a0:51:ee:7a:6c:3c:5f:40:f9:fe:84:04:
         e1:3b:e0:b4:56:e3:ce:0c:0e:76:2f:46:38:47:ae:ba:b2:ea:
         b2:3a:d6:cb:07:28:3d:07:f6:db:57:bd:fe:42:1d:3e:50:a4:
         46:51:9a:dc:cd:2b:55:88:f9:2b:9c:eb:80:73:26:51:d2:1c:
         97:fd:a7:e4:45:43:8b:32:de:28:25:c2:19:e6:d8:4e:76:72:
         02:9b:d2:9d:e9:d8:3b:1a:ea:7c:77:40:b0:03:82:52:dc:af:
         13:b5:23:45:7c:84:f7:4e:19:f2:32:49:80:8b:9b:d1:62:ad:
         ca:b6:4a:8a:be:8e:d2:6b:19:80:82:30:49:20:aa:66:2c:5e:
         83:99:a6:dc:45:4d:6b:74:c8:b9:79:3c:54:35:4b:7e:44:51:
         8e:19:17:c8:14:61:08:2c:c0:3e:9e:44:d1:7b:a6:1d:d4:e7:
         b6:66:57:62:06:b5:5e:9b:60:f1:3e:79:81:cf:1c:7a:51:0f:
         17:69:e6:20:d1:cc:9d:df:1b:aa:28:90:48:56:fb:da:32:bb:
         86:cb:a0:55:94:6b:b8:a4:59:fd:49:ef:21:91:d3:e2:92:b2:
         ae:84:b2:d5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlA1F3nlhsc9AJ9tDHFetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMjM2YjIxM2Q1NjQ5M2YzYjA3N2U2YjQxZjQyZTRmM2Rm
OGNkY2UwHhcNMjQwMTAyMDAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmRjZjlmNjRhOWFjNjg3OGQxMmUxYmU4YTJmMTFlYTFlMDU0Njc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaLUYOvIz1mS/2JQ3UNpJ2L9hi5t
JFRInhu4TmmFS8ISKJA41SPX6NnH2kFt/nEcovnz0yma8SOOeeVxKqmM9OwpMyIg
NbYE+rz0En5e1KTadAWjZ5a8lNywAl32en7qWU9bCWJ7SMqR89WcF+Y4MfCdjQPq
rzq652MCUcESK/FgHvOb4Q0RMrI0lmb+M+H1JIrVPK7umiidGMEm2T6SlKf3dnyW
1EygUdnhiAO8+TR+kfEZBHtlCCYKBhCeWTkanzKYWclRO2/X7sZx1g/FgMkVci8P
eQb8GyUubTVJ0QB0xcgQYjRcuc2BzV7XnwcRqlyzwti0kcyNPGcq6OcTzwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDvc+fZKmsaHjRLhvoovEeoeBUZ2MB8GA1UdIwQY
MBaAFPsjayE9Vkk/Owd+a0H0Lk89+M3OMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS15TnJJVDFXU1Q4N0IzNXJRZlF1VHozNHpjNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUvMjBmNGFjLTgwZDktNDBlMi1hOWU2
LTFjODhlZWJlYjI5My8xL085ejU5a3FheG9lTkV1Ry1paThSNmg0RlJuWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODUvMjBmNGFjLTgwZDktNDBlMi1hOWU2LTFjODhlZWJlYjI5
My8xLzEteU5ySVQxV1NUODdCMzVyUWZRdVR6MzR6YzQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBARQ0lAw
DQYJKoZIhvcNAQELBQADggEBAKDIDcuN/Yj0k37GSRGHqeZe1iofy5AtXKBR7nps
PF9A+f6EBOE74LRW484MDnYvRjhHrrqy6rI61ssHKD0H9ttXvf5CHT5QpEZRmtzN
K1WI+Suc64BzJlHSHJf9p+RFQ4sy3iglwhnm2E52cgKb0p3p2Dsa6nx3QLADglLc
rxO1I0V8hPdOGfIySYCLm9Fircq2Soq+jtJrGYCCMEkgqmYsXoOZptxFTWt0yLl5
PFQ1S35EUY4ZF8gUYQgswD6eRNF7ph3U57ZmV2IGtV6bYPE+eYHPHHpRDxdp5iDR
zJ3fG6ookEhW+9oyu4bLoFWUa7ikWf1J7yGR0+KSsq6EstU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:50:10 2024 by rpki-client on console-fra.rpki-client.org