Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/bb1396-9c05-4e17-bbc5-77660501c478/1/KvmJrD9DEzMcZL3AHb7rXENgqyk.roa
File:                     KvmJrD9DEzMcZL3AHb7rXENgqyk.roa (raw, json)
Hash identifier:          2Y7wcao3/3E8sNQgm9cew3N1KpBiHml6SbSd4ejT9qc=
Subject key identifier:   2A:F9:89:AC:3F:43:13:33:1C:64:BD:C0:1D:BE:EB:5C:43:60:AB:29
Certificate issuer:       /CN=dedf9a671bcf1789c1b5ac3630c741be560dada0
Certificate serial:       018CC64B13E7325CFD72385105C214D420AC
Authority key identifier: DE:DF:9A:67:1B:CF:17:89:C1:B5:AC:36:30:C7:41:BE:56:0D:AD:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3t-aZxvPF4nBtaw2MMdBvlYNraA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/bb1396-9c05-4e17-bbc5-77660501c478/1/KvmJrD9DEzMcZL3AHb7rXENgqyk.roa
Signing time:             Mon 01 Jan 2024 18:30:58 +0000
ROA not before:           Mon 01 Jan 2024 18:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31497
IP address blocks:        193.16.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/bb1396-9c05-4e17-bbc5-77660501c478/1/3t-aZxvPF4nBtaw2MMdBvlYNraA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/bb1396-9c05-4e17-bbc5-77660501c478/1/3t-aZxvPF4nBtaw2MMdBvlYNraA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3t-aZxvPF4nBtaw2MMdBvlYNraA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:13:e7:32:5c:fd:72:38:51:05:c2:14:d4:20:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dedf9a671bcf1789c1b5ac3630c741be560dada0
        Validity
            Not Before: Jan  1 18:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2af989ac3f4313331c64bdc01dbeeb5c4360ab29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:41:9b:3f:c5:94:1a:04:eb:5a:9f:f9:42:7c:
                    f8:32:30:49:b1:aa:49:10:34:bd:03:72:97:7e:ec:
                    23:19:5f:25:99:c6:3e:c7:1e:4f:0a:8f:b9:e5:bb:
                    45:ed:06:d8:b4:3b:08:55:a3:28:1c:4f:e3:f6:e4:
                    04:a3:29:d9:61:94:0c:d6:cb:b2:5b:97:70:90:94:
                    27:a1:f1:65:78:35:b2:31:69:43:50:04:5f:a3:74:
                    fd:2c:65:a8:0b:71:e0:2d:c4:77:95:89:83:57:fa:
                    25:bd:97:c6:40:fe:a3:eb:45:67:36:30:5b:31:63:
                    63:b3:89:3e:d6:7d:a8:69:39:a9:65:ec:97:5e:5d:
                    fc:d3:ad:13:46:4a:01:9f:2a:1e:f0:cf:b0:e8:59:
                    64:3a:bc:9c:69:a7:30:3c:f3:de:6c:b0:35:61:ed:
                    6d:e5:a1:27:9c:36:10:e0:4b:84:86:e2:a1:c1:eb:
                    34:9e:75:6e:cd:b6:1e:c6:81:de:39:d2:f0:7a:e1:
                    e9:2d:9d:ed:ce:6c:0e:27:97:27:43:d7:52:45:26:
                    fc:49:36:f4:23:71:3f:0c:33:b3:17:66:b3:9a:bb:
                    15:16:75:f6:b8:e3:85:48:91:47:80:07:41:7d:f5:
                    6f:51:ca:59:da:bf:64:2d:ce:1a:81:c9:d4:6d:95:
                    03:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F9:89:AC:3F:43:13:33:1C:64:BD:C0:1D:BE:EB:5C:43:60:AB:29
            X509v3 Authority Key Identifier:
                keyid:DE:DF:9A:67:1B:CF:17:89:C1:B5:AC:36:30:C7:41:BE:56:0D:AD:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3t-aZxvPF4nBtaw2MMdBvlYNraA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/bb1396-9c05-4e17-bbc5-77660501c478/1/KvmJrD9DEzMcZL3AHb7rXENgqyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/bb1396-9c05-4e17-bbc5-77660501c478/1/3t-aZxvPF4nBtaw2MMdBvlYNraA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:48:a4:1e:ac:54:5e:fc:d3:70:aa:0b:0e:46:d7:91:a2:0f:
         47:a8:b6:b2:83:16:6f:11:fd:66:64:71:e6:3a:19:04:c1:4e:
         12:54:c7:2d:5e:71:a4:17:ac:a1:1d:69:84:35:d5:e2:ab:18:
         c1:fb:16:fb:a0:ab:76:8b:22:25:65:6b:93:98:ed:a2:7d:e3:
         0c:b0:e0:7b:b0:5a:3a:fc:33:28:33:4d:e3:a6:6f:75:ad:55:
         c3:bc:ba:4f:22:dd:ae:0a:0c:91:72:b7:52:2e:e8:85:30:4b:
         63:3d:b1:86:18:53:22:f8:9e:3b:34:9b:16:d6:a6:6f:18:5a:
         e0:aa:8c:07:05:8c:0e:66:89:f3:c4:15:c7:ee:21:9c:d3:cd:
         ce:67:f4:1e:70:94:8c:af:d5:46:64:c0:ec:46:90:0f:22:b5:
         0d:70:ab:f6:17:69:bb:80:40:ce:64:f0:81:43:b7:fb:88:fa:
         7c:5b:b0:ba:0c:b2:fe:d1:99:09:20:99:04:03:17:92:2c:fb:
         f8:4b:33:97:8c:f2:6e:af:7e:d0:cf:84:1a:c3:3c:e1:c9:26:
         ba:a5:52:58:09:4e:1e:f8:c6:f4:57:e5:9f:f0:6d:a5:bd:a4:
         4b:49:c4:76:18:d2:f8:d8:17:e1:49:bc:f1:49:3a:6a:24:0f:
         04:fc:90:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxPnMlz9cjhRBcIU1CCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGY5YTY3MWJjZjE3ODljMWI1YWMzNjMwYzc0MWJlNTYw
ZGFkYTAwHhcNMjQwMTAxMTgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWY5ODlhYzNmNDMxMzMzMWM2NGJkYzAxZGJlZWI1YzQzNjBhYjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0GbP8WUGgTrWp/5Qnz4MjBJsapJ
EDS9A3KXfuwjGV8lmcY+xx5PCo+55btF7QbYtDsIVaMoHE/j9uQEoynZYZQM1suy
W5dwkJQnofFleDWyMWlDUARfo3T9LGWoC3HgLcR3lYmDV/olvZfGQP6j60VnNjBb
MWNjs4k+1n2oaTmpZeyXXl38060TRkoBnyoe8M+w6FlkOrycaacwPPPebLA1Ye1t
5aEnnDYQ4EuEhuKhwes0nnVuzbYexoHeOdLweuHpLZ3tzmwOJ5cnQ9dSRSb8STb0
I3E/DDOzF2azmrsVFnX2uOOFSJFHgAdBffVvUcpZ2r9kLc4agcnUbZUDHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCr5iaw/QxMzHGS9wB2+61xDYKspMB8GA1UdIwQY
MBaAFN7fmmcbzxeJwbWsNjDHQb5WDa2gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3QtYVp4dlBGNG5CdGF3Mk1NZEJ2bFlOcmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9iYjEzOTYtOWMwNS00ZTE3LWJiYzUt
Nzc2NjA1MDFjNDc4LzEvS3ZtSnJEOURFek1jWkwzQUhiN3JYRU5ncXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9iYjEzOTYtOWMwNS00ZTE3LWJiYzUtNzc2NjA1MDFjNDc4
LzEvM3QtYVp4dlBGNG5CdGF3Mk1NZEJ2bFlOcmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRBnMA0G
CSqGSIb3DQEBCwUAA4IBAQDESKQerFRe/NNwqgsORteRog9HqLaygxZvEf1mZHHm
OhkEwU4SVMctXnGkF6yhHWmENdXiqxjB+xb7oKt2iyIlZWuTmO2ifeMMsOB7sFo6
/DMoM03jpm91rVXDvLpPIt2uCgyRcrdSLuiFMEtjPbGGGFMi+J47NJsW1qZvGFrg
qowHBYwOZonzxBXH7iGc083OZ/QecJSMr9VGZMDsRpAPIrUNcKv2F2m7gEDOZPCB
Q7f7iPp8W7C6DLL+0ZkJIJkEAxeSLPv4SzOXjPJur37Qz4QawzzhySa6pVJYCU4e
+Mb0V+Wf8G2lvaRLScR2GNL42BfhSbzxSTpqJA8E/JD8
-----END CERTIFICATE-----
Generated at Sat Dec 28 02:58:14 2024 by rpki-client on console-ams.rpki-client.org