Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/u9i6G99krjw4DvLq8PXudZFOns0.roa
File:                     u9i6G99krjw4DvLq8PXudZFOns0.roa (raw, json)
Hash identifier:          NoQX+rOKXvWRugqMUj3NeQRVvctGTBZQGESKrA+Cpw8=
Subject key identifier:   BB:D8:BA:1B:DF:64:AE:3C:38:0E:F2:EA:F0:F5:EE:75:91:4E:9E:CD
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B2AEC24398141D08CC8FB5BE2F3A
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/u9i6G99krjw4DvLq8PXudZFOns0.roa
Signing time:             Mon 01 Jan 2024 12:30:06 +0000
ROA not before:           Mon 01 Jan 2024 12:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63902
IP address blocks:        45.150.54.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b2:ae:c2:43:98:14:1d:08:cc:8f:b5:be:2f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbd8ba1bdf64ae3c380ef2eaf0f5ee75914e9ecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:31:58:37:fd:6c:f6:84:24:08:6f:a7:b7:fd:
                    e9:4c:40:bc:42:f1:2b:5c:a1:f3:ae:a1:5b:0c:d8:
                    82:cc:90:36:f1:a5:b6:d0:b4:b2:1c:85:ee:d1:15:
                    92:32:04:24:36:6b:52:1e:dd:0f:48:0d:fb:67:97:
                    92:70:34:23:57:bf:6d:73:ea:bf:35:ac:5e:9a:8f:
                    3f:f8:e5:dd:9e:cc:ec:49:4f:ab:bf:fc:8c:a5:20:
                    5f:aa:14:2a:6e:82:3b:9c:ae:85:83:c6:96:1f:ee:
                    df:64:a2:02:e7:f0:54:ab:a7:bf:bf:1b:ed:99:01:
                    4e:09:40:18:e9:61:86:de:24:00:7c:e9:82:7c:2f:
                    95:5f:a5:97:de:8a:82:f0:a3:5e:a8:08:53:9b:5c:
                    a5:7f:22:39:ae:5d:ba:a7:46:13:05:02:26:1c:85:
                    a9:74:d0:0f:cd:8d:05:2c:8e:c0:d0:4c:0b:4d:1e:
                    6c:75:aa:ec:7e:c5:62:b0:5e:f9:ff:ab:5f:69:95:
                    6b:3b:dd:82:c8:8c:7e:80:7f:cd:17:bd:ff:80:fb:
                    7c:87:0e:1d:06:90:b8:56:ad:75:ed:2a:24:30:eb:
                    4e:14:7f:c4:19:f3:2b:3e:3c:ac:48:cd:84:31:18:
                    86:fb:83:b0:71:d5:d6:84:5f:34:54:ed:d4:6d:b9:
                    49:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D8:BA:1B:DF:64:AE:3C:38:0E:F2:EA:F0:F5:EE:75:91:4E:9E:CD
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/u9i6G99krjw4DvLq8PXudZFOns0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:95:36:77:d5:f5:7f:a7:85:4c:15:67:5a:ef:30:a2:aa:09:
         7c:ae:e2:3e:21:05:37:e1:76:1b:d3:fa:33:f4:d0:67:d8:95:
         1d:c2:1b:b0:0f:f3:0e:2d:f1:8e:b4:3e:50:9c:42:4f:bd:71:
         91:ec:77:5c:36:7e:7d:87:ca:9f:49:68:de:3d:8f:16:99:ea:
         a3:34:79:1e:c3:09:8b:16:21:17:3f:b4:0f:54:68:2e:bb:76:
         51:44:c0:bc:6a:55:97:47:de:42:43:ac:3d:2b:bf:98:8f:81:
         fb:f5:07:f2:b0:d2:5f:f5:89:e3:6f:8b:1a:2d:41:1e:09:79:
         1b:09:c4:6b:98:b9:f7:f7:01:bd:95:04:7f:e4:7f:bd:36:e7:
         b4:87:00:a8:17:a3:03:58:70:00:67:11:77:c7:69:b0:db:f5:
         6b:cd:3c:61:9f:b8:ae:be:07:1b:57:c0:76:0e:ee:74:23:53:
         c2:3d:43:cd:1a:a6:e3:d0:e1:46:f0:a0:ec:c0:38:c7:40:ee:
         e3:8d:cf:12:e0:34:5c:47:fb:e5:d8:7d:40:a2:fe:23:0a:d5:
         2e:95:a0:9a:0e:b2:6b:4f:cd:77:b8:1e:33:f2:95:0e:b8:a0:
         15:7d:9e:0f:9e:50:e6:5c:d3:68:c9:d8:1e:22:a2:5d:23:64:
         f5:84:eb:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALKuwkOYFB0IzI+1vi86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmQ4YmExYmRmNjRhZTNjMzgwZWYyZWFmMGY1ZWU3NTkxNGU5ZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDFYN/1s9oQkCG+nt/3pTEC8QvEr
XKHzrqFbDNiCzJA28aW20LSyHIXu0RWSMgQkNmtSHt0PSA37Z5eScDQjV79tc+q/
Naxemo8/+OXdnszsSU+rv/yMpSBfqhQqboI7nK6Fg8aWH+7fZKIC5/BUq6e/vxvt
mQFOCUAY6WGG3iQAfOmCfC+VX6WX3oqC8KNeqAhTm1ylfyI5rl26p0YTBQImHIWp
dNAPzY0FLI7A0EwLTR5sdarsfsVisF75/6tfaZVrO92CyIx+gH/NF73/gPt8hw4d
BpC4Vq117SokMOtOFH/EGfMrPjysSM2EMRiG+4OwcdXWhF80VO3UbblJZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvYuhvfZK48OA7y6vD17nWRTp7NMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvdTlpNkc5OWtyanc0RHZMcThQWHVkWkZPbnMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZY2MA0G
CSqGSIb3DQEBCwUAA4IBAQB0lTZ31fV/p4VMFWda7zCiqgl8ruI+IQU34XYb0/oz
9NBn2JUdwhuwD/MOLfGOtD5QnEJPvXGR7HdcNn59h8qfSWjePY8WmeqjNHkewwmL
FiEXP7QPVGguu3ZRRMC8alWXR95CQ6w9K7+Yj4H79QfysNJf9Ynjb4saLUEeCXkb
CcRrmLn39wG9lQR/5H+9Nue0hwCoF6MDWHAAZxF3x2mw2/VrzTxhn7iuvgcbV8B2
Du50I1PCPUPNGqbj0OFG8KDswDjHQO7jjc8S4DRcR/vl2H1Aov4jCtUulaCaDrJr
T813uB4z8pUOuKAVfZ4PnlDmXNNoydgeIqJdI2T1hOu2
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:13:54 2024 by rpki-client on console-ams.rpki-client.org