Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/mZ_sK7JAQAYgLERBb2Eu_ff4kpw.roa
File:                     mZ_sK7JAQAYgLERBb2Eu_ff4kpw.roa (raw, json)
Hash identifier:          sOdy2hsxe/JvDsZH9k/pPJCQ3QM96+4cb8VPs/i4DE0=
Subject key identifier:   99:9F:EC:2B:B2:40:40:06:20:2C:44:41:6F:61:2E:FD:F7:F8:92:9C
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       018CC9BBF6BC861E8AC2372CAB96E72CC03D
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/mZ_sK7JAQAYgLERBb2Eu_ff4kpw.roa
Signing time:             Tue 02 Jan 2024 10:33:07 +0000
ROA not before:           Tue 02 Jan 2024 10:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        46.34.50.0/24 maxlen: 24
                          46.34.56.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f6:bc:86:1e:8a:c2:37:2c:ab:96:e7:2c:c0:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jan  2 10:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=999fec2bb2404006202c44416f612efdf7f8929c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:57:e4:9f:37:f7:ec:39:4e:66:e1:0b:57:37:
                    62:49:fc:53:33:9b:de:87:16:ae:c4:9b:47:5b:e4:
                    b1:30:9d:a3:50:b7:72:64:96:56:ad:e1:b4:91:e2:
                    d0:11:f0:18:e2:be:03:73:e2:60:4b:75:30:98:c2:
                    9b:97:b6:f0:ef:f1:5a:1f:9d:9c:d4:6f:6b:dd:86:
                    eb:39:1a:48:72:20:b9:c2:20:aa:3b:9b:9d:cc:05:
                    98:df:c7:1f:d2:af:02:ae:06:de:14:36:f5:fc:2b:
                    c0:c2:73:f5:01:92:d1:08:ad:fe:a4:84:44:25:0f:
                    1f:31:72:ce:ff:d0:93:fb:a3:0b:e2:cf:03:1e:12:
                    8a:e2:e6:75:2e:27:9e:e3:05:9f:a6:9c:b4:a9:84:
                    b0:88:67:c0:6c:65:8a:16:7d:bb:1b:c8:07:22:b3:
                    eb:26:88:a0:dc:a5:91:79:bf:60:aa:47:d6:5f:81:
                    94:33:fc:09:8c:86:19:b1:0c:c3:af:2e:9d:73:af:
                    ca:2e:4d:14:fd:5f:c9:33:bb:82:b2:ed:96:f0:28:
                    46:2e:a6:3e:e6:a4:36:a3:23:c1:e9:5a:d7:0b:d3:
                    60:1c:b5:f2:4c:11:f7:20:36:d7:d8:a0:86:08:18:
                    6b:20:89:46:ec:e9:4c:b2:01:9d:a4:6a:e1:53:53:
                    97:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:9F:EC:2B:B2:40:40:06:20:2C:44:41:6F:61:2E:FD:F7:F8:92:9C
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/mZ_sK7JAQAYgLERBb2Eu_ff4kpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.50.0/24
                  46.34.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:f1:0e:72:5d:7f:09:44:0f:69:b3:b1:c7:48:e1:a4:0a:e2:
         63:93:8f:df:66:d4:48:40:da:c2:8a:d1:86:23:0a:d7:86:1e:
         3c:69:e5:cf:6e:d3:53:8a:6f:69:94:8a:e1:e6:6d:81:b7:c8:
         fe:f3:7d:4a:bb:24:56:d1:2d:17:a2:00:5e:45:97:14:6d:5b:
         f6:b2:97:c0:68:72:b6:9f:f4:52:c5:8a:2f:5b:f1:21:cf:a3:
         b1:af:7c:a6:4d:07:9e:cf:12:91:b7:08:78:40:ca:32:4a:6b:
         65:97:25:a5:51:e5:98:dd:79:db:d9:5b:66:1f:01:94:ac:99:
         4c:09:c1:13:10:55:e0:4b:08:92:15:7a:96:62:87:10:00:6b:
         fa:13:13:5b:22:63:72:d1:2b:bc:e8:d9:19:37:a3:a9:cc:9b:
         d4:3c:14:2a:7a:ef:2c:8d:56:4b:3c:b6:6b:9d:f9:9d:0f:e1:
         f0:02:ea:48:1b:2f:05:f3:8e:3a:e7:2c:f3:83:24:ed:2e:20:
         b4:1b:46:9a:25:6e:42:e9:e7:7d:84:43:f4:1e:0a:3a:e4:e8:
         43:7f:c6:9a:0e:6e:97:e2:0d:7d:d6:b7:ab:f0:a0:e2:e1:b5:
         4f:60:cf:7f:ef:1c:16:54:c6:3b:75:a1:6d:8d:5a:a0:43:d9:
         36:21:0e:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJu/a8hh6Kwjcsq5bnLMA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwMTAyMTAzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTlmZWMyYmIyNDA0MDA2MjAyYzQ0NDE2ZjYxMmVmZGY3Zjg5MjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVfknzf37DlOZuELVzdiSfxTM5ve
hxauxJtHW+SxMJ2jULdyZJZWreG0keLQEfAY4r4Dc+JgS3UwmMKbl7bw7/FaH52c
1G9r3YbrORpIciC5wiCqO5udzAWY38cf0q8CrgbeFDb1/CvAwnP1AZLRCK3+pIRE
JQ8fMXLO/9CT+6ML4s8DHhKK4uZ1Liee4wWfppy0qYSwiGfAbGWKFn27G8gHIrPr
Joig3KWReb9gqkfWX4GUM/wJjIYZsQzDry6dc6/KLk0U/V/JM7uCsu2W8ChGLqY+
5qQ2oyPB6VrXC9NgHLXyTBH3IDbX2KCGCBhrIIlG7OlMsgGdpGrhU1OX0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJmf7CuyQEAGICxEQW9hLv33+JKcMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvbVpfc0s3SkFRQVlnTEVSQmIyRXVfZmY0a3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiIyAwQB
LiI4MA0GCSqGSIb3DQEBCwUAA4IBAQBJ8Q5yXX8JRA9ps7HHSOGkCuJjk4/fZtRI
QNrCitGGIwrXhh48aeXPbtNTim9plIrh5m2Bt8j+831KuyRW0S0XogBeRZcUbVv2
spfAaHK2n/RSxYovW/Ehz6Oxr3ymTQeezxKRtwh4QMoySmtllyWlUeWY3Xnb2Vtm
HwGUrJlMCcETEFXgSwiSFXqWYocQAGv6ExNbImNy0Su86NkZN6OpzJvUPBQqeu8s
jVZLPLZrnfmdD+HwAupIGy8F84465yzzgyTtLiC0G0aaJW5C6ed9hEP0Hgo65OhD
f8aaDm6X4g191rer8KDi4bVPYM9/7xwWVMY7daFtjVqgQ9k2IQ7+
-----END CERTIFICATE-----
Generated at Mon Nov 25 00:04:38 2024 by rpki-client on console-fra.rpki-client.org