Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/71ab69-6965-4b70-968d-bb57a4ef7153/1/u9Y8DlzF-1eXoDqhm7yk23JMY80.roa
File:                     u9Y8DlzF-1eXoDqhm7yk23JMY80.roa (raw, json)
Hash identifier:          lMCy5JxrxYvMWGK3TlzmNZPtgtpH2pejBh/cErJOQIM=
Subject key identifier:   BB:D6:3C:0E:5C:C5:FB:57:97:A0:3A:A1:9B:BC:A4:DB:72:4C:63:CD
Certificate issuer:       /CN=7fc956a52b73504a4f1ff34547199297a7f5de9d
Certificate serial:       018CC500DB14FCB55FB4479B7E832537AD76
Authority key identifier: 7F:C9:56:A5:2B:73:50:4A:4F:1F:F3:45:47:19:92:97:A7:F5:DE:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f8lWpStzUEpPH_NFRxmSl6f13p0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/71ab69-6965-4b70-968d-bb57a4ef7153/1/u9Y8DlzF-1eXoDqhm7yk23JMY80.roa
Signing time:             Mon 01 Jan 2024 12:30:16 +0000
ROA not before:           Mon 01 Jan 2024 12:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203239
IP address blocks:        146.247.46.0/24 maxlen: 24
                          2a0d:1e00::/48 maxlen: 48
                          2a0d:1e00:46::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/71ab69-6965-4b70-968d-bb57a4ef7153/1/f8lWpStzUEpPH_NFRxmSl6f13p0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/71ab69-6965-4b70-968d-bb57a4ef7153/1/f8lWpStzUEpPH_NFRxmSl6f13p0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f8lWpStzUEpPH_NFRxmSl6f13p0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:db:14:fc:b5:5f:b4:47:9b:7e:83:25:37:ad:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fc956a52b73504a4f1ff34547199297a7f5de9d
        Validity
            Not Before: Jan  1 12:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbd63c0e5cc5fb5797a03aa19bbca4db724c63cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4a:ab:a9:ae:c9:70:3a:6a:1c:0f:76:83:d1:
                    f0:70:46:bc:46:58:cd:7a:44:c3:cf:2d:e4:54:f2:
                    f6:c4:a6:22:54:59:73:e1:2f:1b:dc:11:ee:e4:37:
                    e4:8f:00:d5:f5:9a:f4:e9:b6:5d:a3:15:4a:6a:66:
                    20:ab:d4:52:f1:a5:04:7b:70:1a:27:53:53:57:1f:
                    c4:73:cf:20:e0:4c:0c:5a:bd:e4:c3:a3:2e:dc:b5:
                    01:c8:db:63:27:b7:ba:13:d9:8d:30:66:f0:8e:a2:
                    01:52:ea:be:26:21:68:49:c1:e9:db:61:9a:6e:3e:
                    a9:f4:3d:fe:8c:c7:12:c6:5e:e2:f4:09:3c:18:ae:
                    6c:62:b9:27:77:ac:36:80:2c:5a:d0:6c:e4:24:dc:
                    a3:7f:8b:2f:cf:20:cf:95:71:ec:6b:c0:a0:05:f2:
                    f9:45:6f:be:7d:af:19:9f:9a:97:24:a5:8b:c5:4a:
                    27:6f:ff:13:40:73:60:46:12:2f:3f:79:c1:c9:fd:
                    10:b8:5c:f7:9e:0a:0b:98:ec:ee:70:47:3e:85:66:
                    41:e3:32:05:f6:03:52:c3:dd:ff:66:48:04:92:f6:
                    19:ed:01:ed:97:89:2e:4a:f6:4d:1b:56:3d:0b:26:
                    b7:88:36:c6:99:b4:8e:2d:e8:25:98:07:81:fb:5b:
                    ee:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D6:3C:0E:5C:C5:FB:57:97:A0:3A:A1:9B:BC:A4:DB:72:4C:63:CD
            X509v3 Authority Key Identifier:
                keyid:7F:C9:56:A5:2B:73:50:4A:4F:1F:F3:45:47:19:92:97:A7:F5:DE:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8lWpStzUEpPH_NFRxmSl6f13p0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/71ab69-6965-4b70-968d-bb57a4ef7153/1/u9Y8DlzF-1eXoDqhm7yk23JMY80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/71ab69-6965-4b70-968d-bb57a4ef7153/1/f8lWpStzUEpPH_NFRxmSl6f13p0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.46.0/24
                IPv6:
                  2a0d:1e00::/48
                  2a0d:1e00:46::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:25:18:d8:3e:a0:3c:f6:78:96:ad:9d:9b:8c:09:ce:d8:97:
         a9:e6:17:27:c2:6e:2e:49:a5:64:49:87:1a:b0:91:08:5f:5b:
         ce:1b:39:6f:cc:07:ee:02:8e:43:c2:fb:2f:8e:b1:8c:33:94:
         cb:6d:06:af:8c:0d:f7:ab:76:6d:5a:eb:5c:ce:ac:b5:29:76:
         e4:c9:19:f1:8e:c3:2e:e2:c1:33:c1:ec:4c:ef:f6:10:65:c0:
         ff:93:69:a1:a8:93:0f:36:8d:ea:ba:be:7b:68:d3:fb:b2:dc:
         20:c2:d1:cb:37:a9:92:1f:12:56:39:c3:52:7f:20:a2:94:c2:
         ad:8c:9d:51:57:be:9a:4f:4e:10:95:5f:8f:1b:d3:f1:97:73:
         8c:4a:65:1f:f7:a7:40:4d:2c:96:42:0b:c3:83:fd:0f:a5:81:
         73:0e:66:5a:ef:3b:64:23:93:db:9a:77:e7:e2:bb:c5:0e:06:
         b3:60:15:28:90:d6:cb:2e:1a:ac:a5:88:a8:e3:84:86:e8:65:
         95:71:63:1d:30:b7:9d:7e:8a:e2:a4:c8:99:64:58:83:c7:64:
         29:9d:c5:05:f6:26:a8:16:97:61:9f:4f:71:a1:3e:e1:a5:fa:
         8f:4a:5e:f7:91:1d:41:ad:fe:6d:c6:b0:86:5b:2e:a1:da:9d:
         ce:31:02:23
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzFANsU/LVftEebfoMlN612MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmYzk1NmE1MmI3MzUwNGE0ZjFmZjM0NTQ3MTk5Mjk3YTdm
NWRlOWQwHhcNMjQwMTAxMTIzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmQ2M2MwZTVjYzVmYjU3OTdhMDNhYTE5YmJjYTRkYjcyNGM2M2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEqrqa7JcDpqHA92g9HwcEa8RljN
ekTDzy3kVPL2xKYiVFlz4S8b3BHu5DfkjwDV9Zr06bZdoxVKamYgq9RS8aUEe3Aa
J1NTVx/Ec88g4EwMWr3kw6Mu3LUByNtjJ7e6E9mNMGbwjqIBUuq+JiFoScHp22Ga
bj6p9D3+jMcSxl7i9Ak8GK5sYrknd6w2gCxa0GzkJNyjf4svzyDPlXHsa8CgBfL5
RW++fa8Zn5qXJKWLxUonb/8TQHNgRhIvP3nByf0QuFz3ngoLmOzucEc+hWZB4zIF
9gNSw93/ZkgEkvYZ7QHtl4kuSvZNG1Y9Cya3iDbGmbSOLeglmAeB+1vuXQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLvWPA5cxftXl6A6oZu8pNtyTGPNMB8GA1UdIwQY
MBaAFH/JVqUrc1BKTx/zRUcZkpen9d6dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjhsV3BTdHpVRXBQSF9ORlJ4bVNsNmYxM3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS83MWFiNjktNjk2NS00YjcwLTk2OGQt
YmI1N2E0ZWY3MTUzLzEvdTlZOERsekYtMWVYb0RxaG03eWsyM0pNWTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS83MWFiNjktNjk2NS00YjcwLTk2OGQtYmI1N2E0ZWY3MTUz
LzEvZjhsV3BTdHpVRXBQSF9ORlJ4bVNsNmYxM3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAkvcuMBgE
AgACMBIDBwAqDR4AAAADBwAqDR4AAEYwDQYJKoZIhvcNAQELBQADggEBACYlGNg+
oDz2eJatnZuMCc7Yl6nmFyfCbi5JpWRJhxqwkQhfW84bOW/MB+4CjkPC+y+OsYwz
lMttBq+MDferdm1a61zOrLUpduTJGfGOwy7iwTPB7Ezv9hBlwP+TaaGokw82jeq6
vnto0/uy3CDC0cs3qZIfElY5w1J/IKKUwq2MnVFXvppPThCVX48b0/GXc4xKZR/3
p0BNLJZCC8OD/Q+lgXMOZlrvO2Qjk9uad+fiu8UOBrNgFSiQ1ssuGqyliKjjhIbo
ZZVxYx0wt51+iuKkyJlkWIPHZCmdxQX2JqgWl2GfT3GhPuGl+o9KXveRHUGt/m3G
sIZbLqHanc4xAiM=
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:42:27 2024 by rpki-client on console-ams.rpki-client.org