Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/nlDHQkn-DIYxrxjTGwo5Vktb-uE.roa
File:                     nlDHQkn-DIYxrxjTGwo5Vktb-uE.roa (raw, json)
Hash identifier:          DeHqdIwA2dfTmwITCQp1QdRUBcnBHFOJtmQBPv1RXRk=
Subject key identifier:   9E:50:C7:42:49:FE:0C:86:31:AF:18:D3:1B:0A:39:56:4B:5B:FA:E1
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       018CC94DB0ED43B7DAA3A6876803C6C46134
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/nlDHQkn-DIYxrxjTGwo5Vktb-uE.roa
Signing time:             Tue 02 Jan 2024 08:32:41 +0000
ROA not before:           Tue 02 Jan 2024 08:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20517
IP address blocks:        185.20.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b0:ed:43:b7:da:a3:a6:87:68:03:c6:c4:61:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  2 08:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e50c74249fe0c8631af18d31b0a39564b5bfae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:11:02:9a:a1:fb:db:37:a4:23:a8:30:cd:c0:
                    39:d9:79:ac:07:b8:7a:6c:18:81:f8:02:96:85:10:
                    3a:7f:c6:db:3e:2f:7d:68:23:5a:62:d5:6d:f4:37:
                    0a:d0:96:23:0c:0f:f0:8d:58:97:af:95:8e:f4:8a:
                    57:18:9e:91:e1:cb:ad:77:d2:6b:aa:10:d7:db:ad:
                    25:f1:14:6c:35:77:16:66:10:77:a0:28:9f:31:62:
                    a6:a0:87:a8:65:80:79:5c:a0:d8:85:91:29:eb:1d:
                    b0:f0:38:cb:d3:25:12:bd:b1:32:15:f8:00:a0:71:
                    08:57:76:15:d9:56:10:13:9f:cc:c4:44:e1:ce:23:
                    cc:d2:74:a8:88:1d:ad:91:42:86:6d:11:6e:d4:fa:
                    7a:e5:28:f0:cb:d6:2d:98:12:f1:1f:0f:ca:a7:ed:
                    7d:4c:68:10:a6:a9:8b:d2:02:ae:9d:af:2d:07:61:
                    80:d0:97:be:d4:06:50:23:ab:44:80:94:0e:f3:f8:
                    8a:33:55:2f:35:64:c4:ae:3f:35:32:c0:07:34:d7:
                    29:7f:09:00:1a:16:2b:a8:70:e4:0a:82:e5:b7:9f:
                    59:2f:4d:09:3c:41:92:55:a2:08:c3:24:db:ff:0f:
                    aa:bf:fe:ee:52:cd:50:53:f3:ba:bd:fb:12:a1:d8:
                    12:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:50:C7:42:49:FE:0C:86:31:AF:18:D3:1B:0A:39:56:4B:5B:FA:E1
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/nlDHQkn-DIYxrxjTGwo5Vktb-uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:57:89:b0:85:f1:ee:4b:6c:8d:ad:20:cd:a7:8d:43:7f:d6:
         76:96:f1:b9:1b:02:ce:16:da:be:b6:a6:a6:58:a4:14:f8:21:
         6e:09:38:96:2f:4e:0a:fa:f7:a3:ae:42:bb:d5:a4:2e:cd:f3:
         8e:4f:4d:16:00:b6:5e:0a:48:c1:eb:98:79:fe:64:3c:4c:df:
         9e:2f:9c:7e:be:74:80:cb:f5:a1:7c:21:4a:46:13:50:01:71:
         91:72:53:8f:a9:69:6c:fe:35:41:13:63:06:ec:ad:a8:27:1d:
         92:8a:47:c9:96:5a:df:50:15:b3:51:62:71:8d:99:b4:5a:7f:
         84:44:a8:d1:56:23:eb:a8:5e:93:40:71:84:5b:e8:48:62:d8:
         fd:ce:7a:47:be:34:46:01:34:2c:6e:a8:49:21:ff:09:37:f9:
         20:77:71:cc:e8:d8:1b:c9:b4:a5:66:5b:1b:38:60:4c:25:7f:
         4b:0c:d3:16:f4:95:8f:15:d7:57:a7:16:79:62:a4:a6:56:99:
         14:6e:8f:6b:4b:4d:42:dc:42:5f:2f:cf:11:53:42:e4:d3:16:
         37:1a:c8:f8:7a:8f:23:9d:9c:95:4c:6d:a5:58:9e:09:51:07:
         6e:fb:44:76:a5:87:0f:ea:37:30:e9:12:94:ac:23:e8:e8:53:
         df:0f:46:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTbDtQ7fao6aHaAPGxGE0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjQwMTAyMDgzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTUwYzc0MjQ5ZmUwYzg2MzFhZjE4ZDMxYjBhMzk1NjRiNWJmYWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRECmqH72zekI6gwzcA52XmsB7h6
bBiB+AKWhRA6f8bbPi99aCNaYtVt9DcK0JYjDA/wjViXr5WO9IpXGJ6R4cutd9Jr
qhDX260l8RRsNXcWZhB3oCifMWKmoIeoZYB5XKDYhZEp6x2w8DjL0yUSvbEyFfgA
oHEIV3YV2VYQE5/MxEThziPM0nSoiB2tkUKGbRFu1Pp65Sjwy9YtmBLxHw/Kp+19
TGgQpqmL0gKuna8tB2GA0Je+1AZQI6tEgJQO8/iKM1UvNWTErj81MsAHNNcpfwkA
GhYrqHDkCoLlt59ZL00JPEGSVaIIwyTb/w+qv/7uUs1QU/O6vfsSodgSSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5Qx0JJ/gyGMa8Y0xsKOVZLW/rhMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvbmxESFFrbi1ESVl4cnhqVEd3bzVWa3RiLXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRT+MA0G
CSqGSIb3DQEBCwUAA4IBAQBoV4mwhfHuS2yNrSDNp41Df9Z2lvG5GwLOFtq+tqam
WKQU+CFuCTiWL04K+vejrkK71aQuzfOOT00WALZeCkjB65h5/mQ8TN+eL5x+vnSA
y/WhfCFKRhNQAXGRclOPqWls/jVBE2MG7K2oJx2SikfJllrfUBWzUWJxjZm0Wn+E
RKjRViPrqF6TQHGEW+hIYtj9znpHvjRGATQsbqhJIf8JN/kgd3HM6NgbybSlZlsb
OGBMJX9LDNMW9JWPFddXpxZ5YqSmVpkUbo9rS01C3EJfL88RU0Lk0xY3Gsj4eo8j
nZyVTG2lWJ4JUQdu+0R2pYcP6jcw6RKUrCPo6FPfD0Z0
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:05:27 2024 by rpki-client on console-ams.rpki-client.org