Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/t9SGmO99Vazc1LKIleSZT8nHNJU.roa
File:                     t9SGmO99Vazc1LKIleSZT8nHNJU.roa (raw, json)
Hash identifier:          CzF+GcN/zs2ZAPBUilrEZ+hfdqh+UB4LnmttiKLOSjc=
Subject key identifier:   B7:D4:86:98:EF:7D:55:AC:DC:D4:B2:88:95:E4:99:4F:C9:C7:34:95
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018CC86F70295BD1C3948B0F07A7D2D4A6FB
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/t9SGmO99Vazc1LKIleSZT8nHNJU.roa
Signing time:             Tue 02 Jan 2024 04:29:55 +0000
ROA not before:           Tue 02 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19930
IP address blocks:        57.250.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:70:29:5b:d1:c3:94:8b:0f:07:a7:d2:d4:a6:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7d48698ef7d55acdcd4b28895e4994fc9c73495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:de:f7:de:8e:1d:a0:99:e3:21:f4:1f:b8:68:
                    32:7d:ae:27:66:d2:90:9a:1c:ed:0b:8e:55:4c:4f:
                    91:0b:2d:b8:e3:be:c1:ad:bc:0a:79:6c:a2:fd:e4:
                    72:45:dd:1c:66:2f:04:44:26:4b:73:be:ac:c9:2c:
                    f5:19:25:24:03:04:14:e7:64:44:20:82:5e:f0:50:
                    ab:c3:dd:45:6a:54:3f:37:aa:7b:53:df:b1:b6:05:
                    d7:21:90:cc:ac:ad:a1:66:b8:83:39:fb:95:aa:47:
                    cb:6f:6a:fe:98:03:19:81:89:b9:a7:83:23:80:58:
                    63:82:ff:b4:33:6e:e0:a6:0e:20:cb:92:b9:f8:7d:
                    d5:39:22:95:1a:a1:61:37:98:8d:c1:a2:5b:d8:34:
                    3c:01:c3:fd:0e:30:16:b8:ba:ff:57:4a:c6:2e:3d:
                    98:e1:b7:6a:6e:23:2c:b8:f2:85:77:c6:67:14:8b:
                    1d:8d:82:1d:4e:d1:6a:3d:2f:03:74:8c:82:86:03:
                    f8:72:6b:8a:c7:3f:c6:4c:f1:0c:e8:e1:91:f5:f9:
                    cb:a2:4b:9b:e1:47:13:72:49:d7:c8:30:fc:5c:d7:
                    b0:4d:5d:c2:73:2a:a8:dc:31:ee:60:3b:39:f3:53:
                    ed:8e:f9:2b:39:35:82:c1:fa:95:f4:43:13:26:5e:
                    61:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:D4:86:98:EF:7D:55:AC:DC:D4:B2:88:95:E4:99:4F:C9:C7:34:95
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/t9SGmO99Vazc1LKIleSZT8nHNJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.250.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:e4:c9:54:eb:58:9f:4e:2b:61:73:29:fe:e4:47:fe:22:ed:
         bc:79:98:5f:2f:fa:37:35:cc:fe:82:be:35:0f:1e:0b:7e:21:
         8d:2e:87:05:67:44:5a:7e:4e:05:04:fe:7e:cc:ec:f6:bc:63:
         57:7b:62:f9:85:1e:13:7a:f5:eb:02:3f:e8:8b:9b:50:57:eb:
         11:7c:b2:96:06:03:b7:5c:ae:da:c0:4e:df:01:8d:21:93:61:
         48:54:09:ea:87:91:a8:a1:e5:f8:c2:82:82:57:65:c8:a0:08:
         c2:75:0b:6c:5c:1e:72:83:be:1d:17:9f:4b:dc:eb:7e:02:70:
         ba:f7:a7:53:0d:dd:5d:f8:c1:1f:d4:9b:86:2c:49:a6:60:58:
         a3:40:74:24:d9:57:44:9e:cc:a2:ba:f2:56:45:7a:7a:3f:ad:
         67:0c:53:1f:e7:7d:4b:0b:bc:96:5b:32:ed:69:a0:5b:97:40:
         d4:c0:9e:6b:36:54:19:35:cf:67:7a:98:ac:e1:ce:43:a1:14:
         9a:24:47:93:ba:72:60:de:37:95:4c:fb:69:83:86:c2:23:8b:
         0c:57:24:f8:34:b4:b0:fa:6e:6a:52:3c:fb:dc:9b:33:25:ff:
         39:52:b9:63:7e:46:36:87:fd:c1:99:52:6b:f4:43:06:1f:50:
         6e:7b:da:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3ApW9HDlIsPB6fS1Kb7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2Q0ODY5OGVmN2Q1NWFjZGNkNGIyODg5NWU0OTk0ZmM5YzczNDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd733o4doJnjIfQfuGgyfa4nZtKQ
mhztC45VTE+RCy24477BrbwKeWyi/eRyRd0cZi8ERCZLc76sySz1GSUkAwQU52RE
IIJe8FCrw91FalQ/N6p7U9+xtgXXIZDMrK2hZriDOfuVqkfLb2r+mAMZgYm5p4Mj
gFhjgv+0M27gpg4gy5K5+H3VOSKVGqFhN5iNwaJb2DQ8AcP9DjAWuLr/V0rGLj2Y
4bdqbiMsuPKFd8ZnFIsdjYIdTtFqPS8DdIyChgP4cmuKxz/GTPEM6OGR9fnLokub
4UcTcknXyDD8XNewTV3Ccyqo3DHuYDs581PtjvkrOTWCwfqV9EMTJl5hswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfUhpjvfVWs3NSyiJXkmU/JxzSVMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvdDlTR21POTlWYXpjMUxLSWxlU1pUOG5ITkpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAOfo6MA0G
CSqGSIb3DQEBCwUAA4IBAQBL5MlU61ifTithcyn+5Ef+Iu28eZhfL/o3Ncz+gr41
Dx4LfiGNLocFZ0Rafk4FBP5+zOz2vGNXe2L5hR4TevXrAj/oi5tQV+sRfLKWBgO3
XK7awE7fAY0hk2FIVAnqh5GooeX4woKCV2XIoAjCdQtsXB5yg74dF59L3Ot+AnC6
96dTDd1d+MEf1JuGLEmmYFijQHQk2VdEnsyiuvJWRXp6P61nDFMf531LC7yWWzLt
aaBbl0DUwJ5rNlQZNc9nepis4c5DoRSaJEeTunJg3jeVTPtpg4bCI4sMVyT4NLSw
+m5qUjz73JszJf85UrljfkY2h/3BmVJr9EMGH1Bue9pb
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:00:20 2024 by rpki-client on console-fra.rpki-client.org