Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/nC7nGxqyhHlJ5uAJ6RNbMWzW6dA.roa
File:                     nC7nGxqyhHlJ5uAJ6RNbMWzW6dA.roa (raw, json)
Hash identifier:          zoS6c0glIvjBRiKv6gJaiEKJevXnf19+0bH40yvbfLI=
Subject key identifier:   9C:2E:E7:1B:1A:B2:84:79:49:E6:E0:09:E9:13:5B:31:6C:D6:E9:D0
Certificate issuer:       /CN=7cdc40c3dbdf819d7413e772bd875814c7eaf55e
Certificate serial:       018CC56E3D61ABD551057F4278007485F081
Authority key identifier: 7C:DC:40:C3:DB:DF:81:9D:74:13:E7:72:BD:87:58:14:C7:EA:F5:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/nC7nGxqyhHlJ5uAJ6RNbMWzW6dA.roa
Signing time:             Mon 01 Jan 2024 14:29:45 +0000
ROA not before:           Mon 01 Jan 2024 14:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201233
IP address blocks:        217.18.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3d:61:ab:d5:51:05:7f:42:78:00:74:85:f0:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cdc40c3dbdf819d7413e772bd875814c7eaf55e
        Validity
            Not Before: Jan  1 14:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c2ee71b1ab2847949e6e009e9135b316cd6e9d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:db:f9:d1:91:c6:ab:a2:cb:0a:b9:90:29:e5:
                    37:9d:68:48:be:6a:6d:ba:d6:18:7f:27:f8:25:0f:
                    91:94:26:42:9d:b9:a7:bd:4f:fc:6a:7c:cf:06:ff:
                    d5:da:b6:ae:30:df:6c:e3:71:60:00:a7:22:3e:f6:
                    cf:17:41:f8:b4:db:c2:33:5c:a7:e3:3e:6f:f9:c4:
                    1e:c7:40:26:42:0c:0f:af:38:34:f6:fd:51:d9:de:
                    8f:8a:67:63:4a:59:10:9f:19:78:a9:0e:63:d9:4b:
                    c4:b9:8e:ba:c3:8e:5a:31:ca:a6:06:de:23:57:69:
                    9e:9e:bb:78:88:30:f9:33:bf:d1:f7:b6:96:45:4f:
                    7a:c2:de:44:bf:13:4a:9a:cd:e3:ab:5e:ef:8d:42:
                    3e:a2:12:c5:bb:b7:1c:13:87:09:eb:48:b0:1f:8e:
                    74:d3:a1:16:c8:ef:3e:c2:e3:58:7d:76:9f:c4:a9:
                    58:e8:7e:c6:e4:ba:aa:55:e3:33:6b:bf:df:8d:8e:
                    e7:8b:31:8a:86:ca:f2:2d:85:b4:0b:f6:ac:04:30:
                    00:90:3b:96:1c:0f:d9:a2:22:78:1b:dc:b8:5b:ec:
                    26:98:48:50:be:3e:e8:eb:d2:54:fd:d0:c0:3c:03:
                    43:70:cb:24:2f:ba:77:e6:f4:97:2d:c2:b1:9a:31:
                    8e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:2E:E7:1B:1A:B2:84:79:49:E6:E0:09:E9:13:5B:31:6C:D6:E9:D0
            X509v3 Authority Key Identifier:
                keyid:7C:DC:40:C3:DB:DF:81:9D:74:13:E7:72:BD:87:58:14:C7:EA:F5:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/nC7nGxqyhHlJ5uAJ6RNbMWzW6dA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:6e:67:f1:e1:ae:fa:12:68:54:07:75:3d:b9:dc:b6:d3:23:
         ca:64:57:c2:0f:aa:21:e8:65:c1:5f:83:3d:8e:6b:62:89:0f:
         e3:8c:ff:4a:af:60:4e:0f:b1:8b:a5:a4:cb:07:4f:3e:94:6b:
         e8:32:b3:5a:e4:99:77:f5:bb:72:0d:a8:e5:7f:cc:e1:e4:74:
         1a:51:db:0c:c1:31:a0:a3:aa:44:0c:8d:4d:15:2c:c4:be:0d:
         6d:6c:62:e7:a1:95:03:25:06:ec:df:0f:4c:27:8a:b1:d1:e8:
         c4:5c:e9:d9:20:d2:6e:98:d2:1d:08:b3:3d:28:f4:d6:10:08:
         3c:de:c4:9c:ff:0a:01:69:41:db:81:db:41:a5:bf:37:db:dd:
         c5:bf:98:c2:5d:2e:7e:43:6f:cc:60:46:98:77:55:63:18:a2:
         a6:69:e6:0e:4c:f8:2f:f0:72:8c:74:ac:10:4a:e7:30:f6:75:
         ac:ec:7e:2c:65:96:8d:66:36:f3:cf:95:30:02:23:50:7f:88:
         20:d4:2c:0f:52:04:f7:d6:09:66:d5:0f:5b:3f:4a:9f:e2:6b:
         11:74:c7:cb:f9:c5:70:29:0f:f7:ff:74:17:a5:80:ae:b4:9d:
         25:41:8d:19:cd:2a:79:c1:db:40:33:e2:d4:c9:15:30:ee:b0:
         95:49:46:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbj1hq9VRBX9CeAB0hfCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZGM0MGMzZGJkZjgxOWQ3NDEzZTc3MmJkODc1ODE0Yzdl
YWY1NWUwHhcNMjQwMTAxMTQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzJlZTcxYjFhYjI4NDc5NDllNmUwMDllOTEzNWIzMTZjZDZlOWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldv50ZHGq6LLCrmQKeU3nWhIvmpt
utYYfyf4JQ+RlCZCnbmnvU/8anzPBv/V2rauMN9s43FgAKciPvbPF0H4tNvCM1yn
4z5v+cQex0AmQgwPrzg09v1R2d6PimdjSlkQnxl4qQ5j2UvEuY66w45aMcqmBt4j
V2menrt4iDD5M7/R97aWRU96wt5EvxNKms3jq17vjUI+ohLFu7ccE4cJ60iwH450
06EWyO8+wuNYfXafxKlY6H7G5LqqVeMza7/fjY7nizGKhsryLYW0C/asBDAAkDuW
HA/ZoiJ4G9y4W+wmmEhQvj7o69JU/dDAPANDcMskL7p35vSXLcKxmjGO3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwu5xsasoR5SebgCekTWzFs1unQMB8GA1UdIwQY
MBaAFHzcQMPb34GddBPncr2HWBTH6vVeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk54QXc5dmZnWjEwRS1keXZZZFlGTWZxOVY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8yZTU0M2QtNGVmNy00ZTg1LTg2N2Et
OTlmMjAwNDY1OWQxLzEvbkM3bkd4cXloSGxKNXVBSjZSTmJNV3pXNmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8yZTU0M2QtNGVmNy00ZTg1LTg2N2EtOTlmMjAwNDY1OWQx
LzEvZk54QXc5dmZnWjEwRS1keXZZZFlGTWZxOVY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJVMA0G
CSqGSIb3DQEBCwUAA4IBAQBmbmfx4a76EmhUB3U9udy20yPKZFfCD6oh6GXBX4M9
jmtiiQ/jjP9Kr2BOD7GLpaTLB08+lGvoMrNa5Jl39btyDajlf8zh5HQaUdsMwTGg
o6pEDI1NFSzEvg1tbGLnoZUDJQbs3w9MJ4qx0ejEXOnZINJumNIdCLM9KPTWEAg8
3sSc/woBaUHbgdtBpb83293Fv5jCXS5+Q2/MYEaYd1VjGKKmaeYOTPgv8HKMdKwQ
Sucw9nWs7H4sZZaNZjbzz5UwAiNQf4gg1CwPUgT31glm1Q9bP0qf4msRdMfL+cVw
KQ/3/3QXpYCutJ0lQY0ZzSp5wdtAM+LUyRUw7rCVSUbF
-----END CERTIFICATE-----