Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/9FM8Dxsu-DAs5PrINAaJpT3aHoU.roa
File:                     9FM8Dxsu-DAs5PrINAaJpT3aHoU.roa (raw, json)
Hash identifier:          EyDSZdPRe/uzwW1Ie5PyH1NdsnHRJJ/Mc7yBre9PDOc=
Subject key identifier:   F4:53:3C:0F:1B:2E:F8:30:2C:E4:FA:C8:34:06:89:A5:3D:DA:1E:85
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       018CC8DECF14D0F2BD29DBBAE2752664B7F1
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/9FM8Dxsu-DAs5PrINAaJpT3aHoU.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48931
IP address blocks:        89.42.38.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cf:14:d0:f2:bd:29:db:ba:e2:75:26:64:b7:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4533c0f1b2ef8302ce4fac8340689a53dda1e85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:61:d4:7f:9c:cb:f8:e1:f6:ca:f2:e5:a4:e9:
                    c4:19:0b:af:e7:75:04:a8:6b:4f:30:a1:eb:1e:4d:
                    b0:4b:7e:db:b5:4b:24:51:72:f1:33:08:ac:89:1a:
                    1d:93:53:bb:af:a2:dc:87:e1:35:31:fb:3c:19:bc:
                    7a:46:d7:e6:62:4e:e5:f3:d1:cd:d4:48:54:13:0a:
                    d4:b3:67:af:14:18:b6:53:5b:27:04:10:eb:c7:cc:
                    de:f2:fa:f5:28:b2:28:e4:9a:f4:4b:8b:28:ea:4b:
                    27:58:eb:57:a5:f4:70:4a:ce:4f:ae:58:08:e2:db:
                    eb:21:63:9a:e1:98:0d:da:d4:e4:31:23:99:68:95:
                    a9:e3:03:d4:e0:0d:57:56:aa:28:56:27:a9:8a:01:
                    e7:e9:9f:63:bc:f7:2d:bf:c2:70:f1:6c:81:ab:4a:
                    50:51:b5:34:a2:26:b1:e3:7d:1f:56:1f:da:f2:52:
                    17:fc:6c:13:e2:1b:f7:76:f8:ca:f5:85:b4:04:64:
                    2a:b0:19:7d:1c:40:d7:2c:25:fa:d0:a8:ff:69:7d:
                    aa:73:76:8e:b5:da:eb:ab:29:65:c7:d0:ff:63:83:
                    24:b4:96:39:b2:6f:bd:30:af:d4:6e:aa:56:1b:f1:
                    6b:95:ed:e8:5c:cf:72:ba:d2:45:1b:58:a1:8a:50:
                    62:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:53:3C:0F:1B:2E:F8:30:2C:E4:FA:C8:34:06:89:A5:3D:DA:1E:85
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/9FM8Dxsu-DAs5PrINAaJpT3aHoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:08:c8:55:b6:c2:9d:e9:e9:69:71:21:b5:41:d9:0c:45:c6:
         b0:e3:fa:5f:f9:3f:1a:4a:c6:0b:c9:fd:3b:82:ab:26:f4:cd:
         b2:10:34:06:85:bb:dc:35:67:03:1c:fc:f1:90:a3:40:7e:43:
         32:01:d2:e1:7e:0f:a8:de:4f:6c:8d:9e:29:0b:f5:cb:5d:c0:
         e8:2d:ac:4d:82:3d:17:42:a7:7d:3e:93:c1:d2:c4:85:19:ec:
         70:1e:0e:8d:74:83:e9:73:f1:4b:42:06:3e:98:28:87:58:38:
         e2:ba:23:75:65:67:15:c0:a8:75:a7:82:53:3b:10:dc:63:10:
         dc:6d:77:c9:29:e1:56:6c:e7:b1:1e:1c:8b:50:fe:5f:fd:92:
         9e:23:1c:68:a7:37:3a:f0:40:4c:43:db:ef:38:70:43:cb:72:
         d3:76:8c:99:87:ee:5f:d6:de:0f:64:41:a6:7b:8a:f4:0d:15:
         4e:0e:a5:98:60:d6:99:d9:de:0e:7d:97:94:88:9d:44:c6:02:
         ab:b9:67:e0:cc:d8:41:1c:f8:c6:95:cf:16:f6:f6:82:07:de:
         7e:41:ec:57:3b:3c:0e:51:03:11:6c:da:a7:bf:2d:10:3d:c7:
         2a:84:07:ee:cd:79:eb:90:27:60:30:d9:54:51:c2:bf:e0:ae:
         17:ea:91:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3s8U0PK9Kdu64nUmZLfxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDUzM2MwZjFiMmVmODMwMmNlNGZhYzgzNDA2ODlhNTNkZGExZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWHUf5zL+OH2yvLlpOnEGQuv53UE
qGtPMKHrHk2wS37btUskUXLxMwisiRodk1O7r6Lch+E1Mfs8Gbx6RtfmYk7l89HN
1EhUEwrUs2evFBi2U1snBBDrx8ze8vr1KLIo5Jr0S4so6ksnWOtXpfRwSs5PrlgI
4tvrIWOa4ZgN2tTkMSOZaJWp4wPU4A1XVqooViepigHn6Z9jvPctv8Jw8WyBq0pQ
UbU0oiax430fVh/a8lIX/GwT4hv3dvjK9YW0BGQqsBl9HEDXLCX60Kj/aX2qc3aO
tdrrqyllx9D/Y4MktJY5sm+9MK/UbqpWG/Frle3oXM9yutJFG1ihilBimwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRTPA8bLvgwLOT6yDQGiaU92h6FMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvOUZNOER4c3UtREFzNVBySU5BYUpwVDNhSG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWSomMA0G
CSqGSIb3DQEBCwUAA4IBAQCECMhVtsKd6elpcSG1QdkMRcaw4/pf+T8aSsYLyf07
gqsm9M2yEDQGhbvcNWcDHPzxkKNAfkMyAdLhfg+o3k9sjZ4pC/XLXcDoLaxNgj0X
Qqd9PpPB0sSFGexwHg6NdIPpc/FLQgY+mCiHWDjiuiN1ZWcVwKh1p4JTOxDcYxDc
bXfJKeFWbOexHhyLUP5f/ZKeIxxopzc68EBMQ9vvOHBDy3LTdoyZh+5f1t4PZEGm
e4r0DRVODqWYYNaZ2d4OfZeUiJ1ExgKruWfgzNhBHPjGlc8W9vaCB95+QexXOzwO
UQMRbNqnvy0QPccqhAfuzXnrkCdgMNlUUcK/4K4X6pGG
-----END CERTIFICATE-----
Generated at Sat Nov 23 01:17:49 2024 by rpki-client on console-fra.rpki-client.org