Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/1--9HzWUN4Zms4phwaMtfRkmPwuU.roa
File:                     1--9HzWUN4Zms4phwaMtfRkmPwuU.roa (raw, json)
Hash identifier:          QCs8b0Mt7GG2+D3IHc7pSfKPUZEXRERAReT7lfg2kOw=
Subject key identifier:   FB:EF:47:CD:65:0D:E1:99:AC:E2:98:70:68:CB:5F:46:49:8F:C2:E5
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       018CC26D55F95AC2B68714E9E9F34DD533EF
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/1--9HzWUN4Zms4phwaMtfRkmPwuU.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        95.215.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:55:f9:5a:c2:b6:87:14:e9:e9:f3:4d:d5:33:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbef47cd650de199ace2987068cb5f46498fc2e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:05:d9:a2:eb:b3:ce:de:39:7e:ad:b5:6a:51:
                    b7:fd:dd:a7:6f:28:fe:3d:24:3b:5f:5c:e8:af:88:
                    df:ca:24:f2:a0:ab:a4:aa:5e:5e:38:fe:05:d9:43:
                    77:08:a7:f5:b5:d0:15:12:fd:e6:a8:3b:1b:4a:90:
                    b7:2e:fa:a6:a3:f1:44:79:c7:05:b1:e7:41:af:36:
                    92:05:ab:26:ee:66:30:b1:7c:a9:ba:a7:33:47:4a:
                    e5:30:b3:8b:26:37:95:be:fa:c9:ff:43:28:34:f2:
                    2f:25:e8:5d:ec:65:6d:aa:05:be:1b:16:74:32:6d:
                    27:f6:4c:80:ad:4f:bc:d6:fc:0b:23:22:58:29:a7:
                    03:d1:b8:d0:d6:61:10:c4:1e:49:48:24:33:90:9a:
                    6c:41:4d:db:20:84:d0:d0:a4:0f:b0:bd:ac:ef:29:
                    54:04:58:c9:ef:cb:f1:7e:58:ad:e4:5f:22:ba:38:
                    97:71:e2:40:9c:1b:dc:5f:a6:19:0f:96:eb:d1:fb:
                    92:7b:97:c8:9a:4f:67:8c:98:49:4f:27:03:9f:5a:
                    fd:53:9e:9e:6f:d2:b4:b0:25:58:fa:8c:fc:a7:29:
                    98:ed:9e:f2:e0:64:64:e7:93:5f:90:1a:6b:8e:e2:
                    cf:5d:60:2b:e0:85:b2:44:c1:42:bf:68:af:d2:e3:
                    c9:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:EF:47:CD:65:0D:E1:99:AC:E2:98:70:68:CB:5F:46:49:8F:C2:E5
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/1--9HzWUN4Zms4phwaMtfRkmPwuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:43:c2:81:5b:00:b6:06:c3:00:8b:9c:5f:4f:6f:99:e8:4a:
         83:85:8c:8a:84:e1:b0:0c:99:d3:8f:46:0f:98:8f:25:e1:8d:
         ce:de:62:12:ca:39:0c:ed:c2:99:da:0c:b5:2a:c6:f1:61:28:
         14:fe:66:3a:ed:f5:18:a8:c3:e2:3f:e4:a6:b4:e0:ce:20:a1:
         92:ed:56:c1:74:ca:75:10:73:a0:c3:a5:79:46:5d:2f:17:fd:
         b1:a0:88:bc:aa:8b:25:3c:a6:9e:56:8a:3c:aa:e5:05:ff:91:
         a3:ac:b1:0e:d1:25:9e:91:c8:df:b3:64:8d:3c:af:f5:96:d5:
         6e:2e:0c:fd:03:5c:00:33:9a:1e:ab:51:f1:e5:36:a9:66:e7:
         0b:64:33:f0:1f:d6:43:2d:1b:5f:0c:d5:7e:92:a2:28:96:98:
         0b:f3:72:71:43:3c:41:b5:df:2c:06:b2:d6:12:e7:8f:5c:e5:
         2c:f1:0a:18:60:66:65:8a:3a:36:bb:83:06:73:0c:a6:5a:b7:
         3f:76:7e:44:ab:ff:fb:70:a1:9e:ae:71:25:08:85:09:c1:5f:
         a2:64:3a:6d:81:e8:91:93:2f:43:57:ae:2d:1c:68:87:f7:df:
         15:18:c8:e7:e6:9c:f5:37:66:be:86:8b:73:f3:69:12:4c:2b:
         14:f0:27:d6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbVX5WsK2hxTp6fNN1TPvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmVmNDdjZDY1MGRlMTk5YWNlMjk4NzA2OGNiNWY0NjQ5OGZjMmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQXZouuzzt45fq21alG3/d2nbyj+
PSQ7X1zor4jfyiTyoKukql5eOP4F2UN3CKf1tdAVEv3mqDsbSpC3Lvqmo/FEeccF
sedBrzaSBasm7mYwsXypuqczR0rlMLOLJjeVvvrJ/0MoNPIvJehd7GVtqgW+GxZ0
Mm0n9kyArU+81vwLIyJYKacD0bjQ1mEQxB5JSCQzkJpsQU3bIITQ0KQPsL2s7ylU
BFjJ78vxflit5F8iujiXceJAnBvcX6YZD5br0fuSe5fImk9njJhJTycDn1r9U56e
b9K0sCVY+oz8pymY7Z7y4GRk55NfkBprjuLPXWAr4IWyRMFCv2iv0uPJ8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPvvR81lDeGZrOKYcGjLX0ZJj8LlMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvMS0tOUh6V1VONFptczRwaHdhTXRmUmttUHd1VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTcvZjBhZTYyLWMxMDctNDNjZS1hOGE5LTZiNDM3MjYwMjA5
Ni8xL1JGbnNLbF9WT1FuRkk1OU15TmJUS2FKM203RS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF/XbDAN
BgkqhkiG9w0BAQsFAAOCAQEAWEPCgVsAtgbDAIucX09vmehKg4WMioThsAyZ049G
D5iPJeGNzt5iEso5DO3CmdoMtSrG8WEoFP5mOu31GKjD4j/kprTgziChku1WwXTK
dRBzoMOleUZdLxf9saCIvKqLJTymnlaKPKrlBf+Ro6yxDtElnpHI37NkjTyv9ZbV
bi4M/QNcADOaHqtR8eU2qWbnC2Qz8B/WQy0bXwzVfpKiKJaYC/NycUM8QbXfLAay
1hLnj1zlLPEKGGBmZYo6NruDBnMMplq3P3Z+RKv/+3Chnq5xJQiFCcFfomQ6bYHo
kZMvQ1euLRxoh/ffFRjI5+ac9TdmvoaLc/NpEkwrFPAn1g==
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:55:40 2024 by rpki-client on console-ams.rpki-client.org