Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/9hAbFGgTjdD_adkklR4gTqWfkeg.roa
File:                     9hAbFGgTjdD_adkklR4gTqWfkeg.roa (raw, json)
Hash identifier:          QTz9PId7gQc9SvYiiuBfQjgIC/59tIiFir5jLabq6sA=
Subject key identifier:   F6:10:1B:14:68:13:8D:D0:FF:69:D9:24:95:1E:20:4E:A5:9F:91:E8
Certificate issuer:       /CN=edb04a943332768017266f4e5f56c006d98ebbb4
Certificate serial:       018CC94E1A4547FCA47832158EF45C5D7780
Authority key identifier: ED:B0:4A:94:33:32:76:80:17:26:6F:4E:5F:56:C0:06:D9:8E:BB:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7bBKlDMydoAXJm9OX1bABtmOu7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/9hAbFGgTjdD_adkklR4gTqWfkeg.roa
Signing time:             Tue 02 Jan 2024 08:33:08 +0000
ROA not before:           Tue 02 Jan 2024 08:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137922
IP address blocks:        2a03:b8c0:11::/48 maxlen: 48
                          2a03:b8c0:27::/48 maxlen: 48
                          2a03:b8c0:17::/48 maxlen: 48
                          2a03:b8c0:18::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/7bBKlDMydoAXJm9OX1bABtmOu7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/7bBKlDMydoAXJm9OX1bABtmOu7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7bBKlDMydoAXJm9OX1bABtmOu7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:1a:45:47:fc:a4:78:32:15:8e:f4:5c:5d:77:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edb04a943332768017266f4e5f56c006d98ebbb4
        Validity
            Not Before: Jan  2 08:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6101b1468138dd0ff69d924951e204ea59f91e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5f:90:d3:81:0e:39:42:bb:7a:03:52:76:f3:
                    64:47:4f:0d:ef:e0:ae:6f:a7:46:28:6d:27:13:db:
                    61:32:2e:59:62:b7:93:0d:da:3a:dd:8e:f0:f6:1f:
                    32:15:0b:68:55:4f:14:25:17:48:3e:af:95:05:57:
                    0a:1c:5e:c9:a7:7a:ab:2d:e7:13:8e:e0:d8:82:22:
                    6e:17:76:4f:7e:0e:79:17:6f:79:af:e1:d8:f1:f4:
                    2b:ab:2e:a6:39:1a:eb:34:ee:de:a1:54:0d:6f:47:
                    6e:94:08:ba:56:4b:91:07:91:29:a6:13:28:e7:08:
                    6f:d9:11:b4:7f:04:1b:b1:96:e5:d0:d1:40:90:72:
                    eb:38:bd:ca:97:59:68:e8:dc:71:35:80:55:4c:00:
                    66:47:81:e1:6f:9e:19:6c:2f:de:de:59:dc:cb:4d:
                    14:67:3a:75:1c:74:fe:52:95:a7:6d:4d:7b:a9:13:
                    33:d3:1e:f5:6c:18:d3:56:dc:8b:19:8d:e9:68:8e:
                    06:b4:bf:1b:09:67:61:51:87:05:af:2d:f9:44:b7:
                    f4:87:26:46:0b:84:c0:94:26:dc:bb:cb:3e:d1:be:
                    85:4a:ad:e7:e9:c5:4e:b8:1e:44:db:3b:a2:4f:8f:
                    b3:68:d4:51:5d:95:d0:01:00:b8:2d:3b:8c:16:96:
                    10:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:10:1B:14:68:13:8D:D0:FF:69:D9:24:95:1E:20:4E:A5:9F:91:E8
            X509v3 Authority Key Identifier:
                keyid:ED:B0:4A:94:33:32:76:80:17:26:6F:4E:5F:56:C0:06:D9:8E:BB:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7bBKlDMydoAXJm9OX1bABtmOu7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/9hAbFGgTjdD_adkklR4gTqWfkeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/7bBKlDMydoAXJm9OX1bABtmOu7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:b8c0:11::/48
                  2a03:b8c0:17::-2a03:b8c0:18:ffff:ffff:ffff:ffff:ffff
                  2a03:b8c0:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:55:89:32:44:73:4f:26:1f:19:11:a9:e9:71:79:fa:45:07:
         2c:91:49:cb:af:24:30:34:1c:2f:42:02:df:38:06:62:fd:d4:
         34:92:e2:00:7f:f7:a4:22:3d:4e:3f:62:6a:04:82:49:08:96:
         b2:9e:70:a9:4b:36:76:c7:19:29:fb:fe:99:04:a2:08:f6:3d:
         c7:79:97:86:38:39:0b:bc:0f:36:12:33:e5:29:cf:89:3a:09:
         ed:2b:78:c4:b8:26:af:98:9c:52:13:e5:89:e4:6f:92:ac:f5:
         21:78:c9:27:2a:38:a4:84:d9:5e:b0:61:32:5a:46:82:e3:f5:
         cb:36:26:e7:79:be:26:7b:af:24:73:9f:93:34:1c:87:0a:06:
         99:bc:cb:13:2d:eb:58:b9:0a:e3:39:de:df:e2:bd:00:50:70:
         4d:4f:49:e5:83:23:14:5f:fb:36:41:f0:be:17:eb:82:ac:8e:
         52:ab:b6:8b:5d:e0:78:04:cb:2d:c2:04:eb:2c:c0:40:e7:d6:
         91:65:4f:ad:b5:8b:60:9d:37:c9:3a:08:71:df:62:f0:eb:26:
         29:e4:cc:43:a1:bf:b6:1b:84:be:6b:cf:32:15:2a:34:2b:09:
         5f:72:6c:ee:21:c9:fc:42:db:11:20:56:6c:42:9c:55:2c:17:
         d2:c9:f5:7f
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzJThpFR/ykeDIVjvRcXXeAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYjA0YTk0MzMzMjc2ODAxNzI2NmY0ZTVmNTZjMDA2ZDk4
ZWJiYjQwHhcNMjQwMTAyMDgzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjEwMWIxNDY4MTM4ZGQwZmY2OWQ5MjQ5NTFlMjA0ZWE1OWY5MWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnF+Q04EOOUK7egNSdvNkR08N7+Cu
b6dGKG0nE9thMi5ZYreTDdo63Y7w9h8yFQtoVU8UJRdIPq+VBVcKHF7Jp3qrLecT
juDYgiJuF3ZPfg55F295r+HY8fQrqy6mORrrNO7eoVQNb0dulAi6VkuRB5EpphMo
5whv2RG0fwQbsZbl0NFAkHLrOL3Kl1lo6NxxNYBVTABmR4Hhb54ZbC/e3lncy00U
Zzp1HHT+UpWnbU17qRMz0x71bBjTVtyLGY3paI4GtL8bCWdhUYcFry35RLf0hyZG
C4TAlCbcu8s+0b6FSq3n6cVOuB5E2zuiT4+zaNRRXZXQAQC4LTuMFpYQWwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFPYQGxRoE43Q/2nZJJUeIE6ln5HoMB8GA1UdIwQY
MBaAFO2wSpQzMnaAFyZvTl9WwAbZjru0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2JCS2xETXlkb0FYSm05T1gxYkFCdG1PdTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC81MGE0YzQtOTFkMS00MzExLWI2N2It
ZTQ1ZmE2NGQ0ZDJkLzEvOWhBYkZHZ1RqZERfYWRra2xSNGdUcVdma2VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC81MGE0YzQtOTFkMS00MzExLWI2N2ItZTQ1ZmE2NGQ0ZDJk
LzEvN2JCS2xETXlkb0FYSm05T1gxYkFCdG1PdTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAAjAmAwcAKgO4wAAR
MBIDBwAqA7jAABcDBwAqA7jAABgDBwAqA7jAACcwDQYJKoZIhvcNAQELBQADggEB
AAFViTJEc08mHxkRqelxefpFByyRScuvJDA0HC9CAt84BmL91DSS4gB/96QiPU4/
YmoEgkkIlrKecKlLNnbHGSn7/pkEogj2Pcd5l4Y4OQu8DzYSM+Upz4k6Ce0reMS4
Jq+YnFIT5Ynkb5Ks9SF4yScqOKSE2V6wYTJaRoLj9cs2Jud5viZ7ryRzn5M0HIcK
Bpm8yxMt61i5CuM53t/ivQBQcE1PSeWDIxRf+zZB8L4X64KsjlKrtotd4HgEyy3C
BOsswEDn1pFlT621i2CdN8k6CHHfYvDrJinkzEOhv7YbhL5rzzIVKjQrCV9ybO4h
yfxC2xEgVmxCnFUsF9LJ9X8=
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:52:01 2024 by rpki-client on console-ams.rpki-client.org