Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/zm3QO4yHBoxSHT6d1htEV1w8hsU.roa
File:                     zm3QO4yHBoxSHT6d1htEV1w8hsU.roa (raw, json)
Hash identifier:          +o1Rles2nvYUTWX/hXZ9kvvlH/fzlTDy2dp4l/1e+QA=
Subject key identifier:   CE:6D:D0:3B:8C:87:06:8C:52:1D:3E:9D:D6:1B:44:57:5C:3C:86:C5
Certificate issuer:       /CN=9b47ee1f17c987debb2c020d8b5f2d8bdadbeb77
Certificate serial:       018CC2DB39E97C09089B6503CF75CDBB895C
Authority key identifier: 9B:47:EE:1F:17:C9:87:DE:BB:2C:02:0D:8B:5F:2D:8B:DA:DB:EB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m0fuHxfJh967LAINi18ti9rb63c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/zm3QO4yHBoxSHT6d1htEV1w8hsU.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        217.8.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/m0fuHxfJh967LAINi18ti9rb63c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/m0fuHxfJh967LAINi18ti9rb63c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m0fuHxfJh967LAINi18ti9rb63c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:39:e9:7c:09:08:9b:65:03:cf:75:cd:bb:89:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b47ee1f17c987debb2c020d8b5f2d8bdadbeb77
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce6dd03b8c87068c521d3e9dd61b44575c3c86c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b7:6e:76:8d:85:e1:0f:39:88:b5:11:bb:34:
                    e0:ff:69:84:42:1e:73:44:2a:e8:2f:f6:ec:d0:83:
                    44:ab:61:9e:ae:3e:9d:67:e6:e9:a7:43:3c:1d:84:
                    e1:4b:35:f9:67:df:f5:f9:e9:1d:71:02:d8:3e:d1:
                    c1:31:7b:80:ea:b3:7f:ce:29:74:a3:88:de:81:c3:
                    de:19:17:24:25:69:81:f1:fa:f7:2c:c6:4d:e6:2d:
                    e8:2c:0d:03:0f:1c:98:6b:9e:cb:24:03:c0:0e:6c:
                    5b:68:59:0b:93:a0:b2:7c:a0:48:72:a7:53:fc:5a:
                    98:a1:35:b1:f1:bd:38:1c:c5:54:de:e4:4a:c1:3e:
                    00:cf:e6:0e:86:c3:26:bf:3b:91:37:d0:ff:b1:97:
                    29:71:d1:35:df:67:32:fa:a7:45:99:b5:f0:f3:ca:
                    8e:e2:3c:8f:00:28:b6:05:9e:2a:21:f4:33:66:57:
                    02:03:90:b1:12:5a:41:53:2f:8e:2c:f9:77:f4:b8:
                    97:f2:bd:b4:b6:a1:11:79:77:90:ad:5c:5b:2d:90:
                    07:a1:77:8a:8d:f9:4b:52:9b:64:ac:b7:59:c1:fb:
                    c7:5e:e7:d2:e4:fe:97:49:4d:a1:a0:4f:65:b0:67:
                    77:a3:b5:2c:a2:50:24:ae:d4:08:89:8a:59:8c:d6:
                    aa:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:6D:D0:3B:8C:87:06:8C:52:1D:3E:9D:D6:1B:44:57:5C:3C:86:C5
            X509v3 Authority Key Identifier:
                keyid:9B:47:EE:1F:17:C9:87:DE:BB:2C:02:0D:8B:5F:2D:8B:DA:DB:EB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m0fuHxfJh967LAINi18ti9rb63c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/zm3QO4yHBoxSHT6d1htEV1w8hsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/9b16f3-0100-4964-9ec9-e5ec2cc647aa/1/m0fuHxfJh967LAINi18ti9rb63c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.8.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:f5:7c:a6:99:fb:35:ef:53:a8:6c:fe:7f:88:40:06:e8:cf:
         d0:96:6c:6e:ba:4b:d5:6c:c9:a7:33:48:5d:48:57:35:4f:52:
         fe:72:ca:e0:ba:6a:96:cd:00:24:51:26:0a:5d:6d:79:c6:dc:
         ec:d8:e4:77:47:bc:d5:7f:20:15:2e:30:99:0a:01:ba:4e:05:
         f0:d0:09:82:c7:43:ae:2c:f4:ba:dc:a3:a3:d6:49:93:99:de:
         2e:21:8c:96:59:ba:bc:22:1a:b6:bd:12:a4:1b:25:60:c2:38:
         06:9b:b8:90:8c:aa:7c:95:c4:ea:ad:88:b1:44:8b:7c:6b:25:
         d5:21:7b:6a:28:99:9e:ec:45:9f:4a:fd:7f:e2:f4:38:83:6b:
         cf:73:67:97:84:81:64:73:ec:e2:bc:18:c8:dd:a1:8d:21:27:
         f9:71:be:15:dc:38:b1:a6:56:31:69:e0:72:f5:26:78:68:28:
         14:08:5c:57:11:ba:f9:16:5c:17:21:d7:f8:ef:e7:c4:42:c5:
         8c:d2:6f:7d:27:8f:29:74:b7:aa:8d:24:be:23:01:d6:5d:ac:
         a2:fa:95:06:22:85:dc:62:21:8d:9b:1d:23:ce:8f:be:af:a6:
         37:a4:fc:58:4c:85:37:8a:d8:69:19:fe:f2:89:4d:e2:43:4d:
         16:e5:b0:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2znpfAkIm2UDz3XNu4lcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNDdlZTFmMTdjOTg3ZGViYjJjMDIwZDhiNWYyZDhiZGFk
YmViNzcwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTZkZDAzYjhjODcwNjhjNTIxZDNlOWRkNjFiNDQ1NzVjM2M4NmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLdudo2F4Q85iLURuzTg/2mEQh5z
RCroL/bs0INEq2Gerj6dZ+bpp0M8HYThSzX5Z9/1+ekdcQLYPtHBMXuA6rN/zil0
o4jegcPeGRckJWmB8fr3LMZN5i3oLA0DDxyYa57LJAPADmxbaFkLk6CyfKBIcqdT
/FqYoTWx8b04HMVU3uRKwT4Az+YOhsMmvzuRN9D/sZcpcdE132cy+qdFmbXw88qO
4jyPACi2BZ4qIfQzZlcCA5CxElpBUy+OLPl39LiX8r20tqEReXeQrVxbLZAHoXeK
jflLUptkrLdZwfvHXufS5P6XSU2hoE9lsGd3o7UsolAkrtQIiYpZjNaqlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5t0DuMhwaMUh0+ndYbRFdcPIbFMB8GA1UdIwQY
MBaAFJtH7h8XyYfeuywCDYtfLYva2+t3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTBmdUh4ZkpoOTY3TEFJTmkxOHRpOXJiNjNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS85YjE2ZjMtMDEwMC00OTY0LTllYzkt
ZTVlYzJjYzY0N2FhLzEvem0zUU80eUhCb3hTSFQ2ZDFodEVWMXc4aHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS85YjE2ZjMtMDEwMC00OTY0LTllYzktZTVlYzJjYzY0N2Fh
LzEvbTBmdUh4ZkpoOTY3TEFJTmkxOHRpOXJiNjNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Qh2MA0G
CSqGSIb3DQEBCwUAA4IBAQAT9Xymmfs171OobP5/iEAG6M/QlmxuukvVbMmnM0hd
SFc1T1L+csrgumqWzQAkUSYKXW15xtzs2OR3R7zVfyAVLjCZCgG6TgXw0AmCx0Ou
LPS63KOj1kmTmd4uIYyWWbq8Ihq2vRKkGyVgwjgGm7iQjKp8lcTqrYixRIt8ayXV
IXtqKJme7EWfSv1/4vQ4g2vPc2eXhIFkc+zivBjI3aGNISf5cb4V3DixplYxaeBy
9SZ4aCgUCFxXEbr5FlwXIdf47+fEQsWM0m99J48pdLeqjSS+IwHWXayi+pUGIoXc
YiGNmx0jzo++r6Y3pPxYTIU3ithpGf7yiU3iQ00W5bBT
-----END CERTIFICATE-----
Generated at Mon Nov 25 00:04:13 2024 by rpki-client on console-fra.rpki-client.org