Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/9Jf9mm7dyS_yyQIOO5qAuNQBZII.roa
File:                     9Jf9mm7dyS_yyQIOO5qAuNQBZII.roa (raw, json)
Hash identifier:          z6PkUw09yqlmRd8xOu71hoHNy+p5D2PhqUHJtrd2WfE=
Subject key identifier:   F4:97:FD:9A:6E:DD:C9:2F:F2:C9:02:0E:3B:9A:80:B8:D4:01:64:82
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       018CC64B61C16324322A69076EA35185BACC
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/9Jf9mm7dyS_yyQIOO5qAuNQBZII.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38230
IP address blocks:        2a0e:46c4:200::/48 maxlen: 48
                          2a0e:46c4:110::/48 maxlen: 48
                          2a0e:46c4:101::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:61:c1:63:24:32:2a:69:07:6e:a3:51:85:ba:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f497fd9a6eddc92ff2c9020e3b9a80b8d4016482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e5:89:e5:64:0e:6f:15:39:65:eb:30:3d:e7:
                    df:c9:6e:46:da:17:ec:4c:72:5a:0f:43:f1:db:98:
                    13:ba:8a:cf:09:23:2e:12:6c:8d:6b:e2:f5:af:0d:
                    2c:7f:2f:5f:43:c4:1a:c8:49:da:9b:2d:55:af:5f:
                    16:cc:02:64:0f:65:13:c7:dc:ea:44:48:cf:0f:94:
                    a0:50:08:5d:3c:9f:ea:2d:fc:db:9b:46:03:33:87:
                    ba:34:b6:26:4e:78:15:54:a1:47:4d:39:bd:06:c8:
                    98:ed:f1:49:ff:74:cf:1e:24:99:8c:88:b1:4a:61:
                    dc:06:8d:48:6f:67:2a:6c:97:66:f9:73:88:16:f9:
                    7d:7b:29:c8:e9:fe:7e:eb:91:9c:15:a0:56:c6:d5:
                    7f:5a:c3:8d:19:aa:75:87:fb:07:fe:d8:a6:0b:ac:
                    7e:ca:c6:3a:d0:8a:53:15:e8:24:7a:5d:c8:c6:97:
                    53:1d:f9:c5:51:a0:78:81:19:cc:20:63:de:f0:3a:
                    d6:ee:22:ca:62:1f:d4:0d:f4:c5:08:10:d8:24:53:
                    0c:9f:3f:a4:8c:22:de:cc:78:2d:38:db:66:61:cc:
                    8a:fd:98:24:78:f0:6e:8a:80:9d:af:f2:24:3d:ee:
                    0e:7a:71:d0:f2:65:2a:b3:63:b8:2c:88:ed:a4:86:
                    e2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:97:FD:9A:6E:DD:C9:2F:F2:C9:02:0E:3B:9A:80:B8:D4:01:64:82
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/9Jf9mm7dyS_yyQIOO5qAuNQBZII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:101::/48
                  2a0e:46c4:110::/48
                  2a0e:46c4:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:21:35:78:54:c1:b8:e5:ce:3d:44:96:5d:f8:a1:d3:97:50:
         8c:2f:a6:65:4e:6c:b9:e0:d0:0c:fe:a2:17:3b:f2:de:a2:ac:
         3b:8c:d8:df:69:4d:ac:95:8b:5a:40:84:08:80:37:64:7e:49:
         44:b9:04:28:c5:f5:c6:e1:dd:e0:f2:ba:8d:35:6c:81:62:47:
         1f:43:41:ad:e0:1e:33:99:15:09:ea:65:63:00:8a:64:93:77:
         77:d1:d0:fb:53:84:8b:ef:52:5b:8f:0c:60:b3:9b:be:c5:a3:
         ef:00:ea:94:c9:6a:57:42:4f:e3:5e:db:34:14:65:11:2f:b3:
         02:51:c5:19:04:cb:37:7e:88:78:39:1e:c2:6b:9a:64:7e:29:
         23:97:f1:96:67:9f:f9:c0:8e:aa:42:f0:37:97:5a:a4:a2:2f:
         61:a2:11:7c:01:48:34:d8:2c:de:8d:0f:4c:3f:7a:cd:65:5b:
         26:a0:69:0f:4a:03:1c:4d:ca:88:b5:44:22:c7:c7:27:ed:8c:
         ae:30:53:a3:be:99:14:fc:69:f5:fc:3c:65:1f:56:75:b0:71:
         2c:0d:3e:8c:9a:d3:6b:ee:cd:e7:8d:47:bf:50:86:da:75:7c:
         9a:de:54:27:d2:26:4e:58:f4:7f:f5:aa:58:bb:c3:aa:3c:c8:
         aa:69:4c:f6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGS2HBYyQyKmkHbqNRhbrMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDk3ZmQ5YTZlZGRjOTJmZjJjOTAyMGUzYjlhODBiOGQ0MDE2NDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeWJ5WQObxU5ZeswPeffyW5G2hfs
THJaD0Px25gTuorPCSMuEmyNa+L1rw0sfy9fQ8QayEnamy1Vr18WzAJkD2UTx9zq
REjPD5SgUAhdPJ/qLfzbm0YDM4e6NLYmTngVVKFHTTm9BsiY7fFJ/3TPHiSZjIix
SmHcBo1Ib2cqbJdm+XOIFvl9eynI6f5+65GcFaBWxtV/WsONGap1h/sH/timC6x+
ysY60IpTFegkel3IxpdTHfnFUaB4gRnMIGPe8DrW7iLKYh/UDfTFCBDYJFMMnz+k
jCLezHgtONtmYcyK/ZgkePBuioCdr/IkPe4OenHQ8mUqs2O4LIjtpIbisQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPSX/Zpu3ckv8skCDjuagLjUAWSCMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvOUpmOW1tN2R5U195eVFJT081cUF1TlFCWklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg5GxAEB
AwcAKg5GxAEQAwcAKg5GxAIAMA0GCSqGSIb3DQEBCwUAA4IBAQCOITV4VMG45c49
RJZd+KHTl1CML6ZlTmy54NAM/qIXO/Leoqw7jNjfaU2slYtaQIQIgDdkfklEuQQo
xfXG4d3g8rqNNWyBYkcfQ0Gt4B4zmRUJ6mVjAIpkk3d30dD7U4SL71Jbjwxgs5u+
xaPvAOqUyWpXQk/jXts0FGURL7MCUcUZBMs3foh4OR7Ca5pkfikjl/GWZ5/5wI6q
QvA3l1qkoi9hohF8AUg02CzejQ9MP3rNZVsmoGkPSgMcTcqItUQix8cn7YyuMFOj
vpkU/Gn1/DxlH1Z1sHEsDT6MmtNr7s3njUe/UIbadXya3lQn0iZOWPR/9apYu8Oq
PMiqaUz2
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:19:23 2024 by rpki-client on console-fra.rpki-client.org