Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/e9169a-ee06-4e4a-b21e-849417ae634d/1/9tU3y2geCUDLasrk6ieYzxld4qk.roa
File:                     9tU3y2geCUDLasrk6ieYzxld4qk.roa (raw, json)
Hash identifier:          uZKss6VTDVQu/jjjUNwxO8BRwHWKBQP0+peOJpgHLEE=
Subject key identifier:   F6:D5:37:CB:68:1E:09:40:CB:6A:CA:E4:EA:27:98:CF:19:5D:E2:A9
Certificate issuer:       /CN=cdf62cbd6cf7e808224f6cf8725e36e2a965352c
Certificate serial:       018CC801779489E590D87C617CB9C0E5EF2A
Authority key identifier: CD:F6:2C:BD:6C:F7:E8:08:22:4F:6C:F8:72:5E:36:E2:A9:65:35:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zfYsvWz36AgiT2z4cl424qllNSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/e9169a-ee06-4e4a-b21e-849417ae634d/1/9tU3y2geCUDLasrk6ieYzxld4qk.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8298
IP address blocks:        194.1.163.0/24 maxlen: 24
                          2001:678:d78::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/e9169a-ee06-4e4a-b21e-849417ae634d/1/zfYsvWz36AgiT2z4cl424qllNSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/e9169a-ee06-4e4a-b21e-849417ae634d/1/zfYsvWz36AgiT2z4cl424qllNSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zfYsvWz36AgiT2z4cl424qllNSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:77:94:89:e5:90:d8:7c:61:7c:b9:c0:e5:ef:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdf62cbd6cf7e808224f6cf8725e36e2a965352c
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6d537cb681e0940cb6acae4ea2798cf195de2a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5a:ad:9a:b6:1e:08:79:6b:29:e2:a2:f6:4f:
                    08:13:fd:ad:2f:76:38:e0:7e:53:9e:bc:f6:b3:c9:
                    73:76:4f:f9:ce:57:47:97:ed:ba:66:ad:5a:1e:7c:
                    77:32:5e:8a:fd:26:39:31:ae:40:38:4f:72:0f:25:
                    fc:d9:ce:08:78:4c:e7:5d:49:0e:c8:01:5f:03:3e:
                    a6:ca:24:2b:36:1b:65:a1:fb:60:f9:b2:0a:a2:b2:
                    5b:dc:76:fb:18:f9:4b:2b:33:02:71:8a:93:bd:ae:
                    95:71:fc:f2:15:7c:18:0d:7b:17:b4:3f:ea:07:d6:
                    d0:cb:81:3c:ce:2e:06:e7:70:c3:f2:20:fc:b4:a7:
                    f1:53:36:cc:71:b1:9f:3c:16:6f:c4:b2:58:77:1f:
                    4e:c4:fd:ce:f1:da:f1:06:d6:26:1f:dd:b4:e0:d1:
                    71:3d:e5:af:84:3f:3a:41:4e:c4:14:59:81:84:d3:
                    9e:7b:3f:28:ca:1d:a0:bb:67:60:f4:33:14:3a:21:
                    34:6c:9b:ad:2c:d2:b4:98:ba:05:a5:ed:b9:43:89:
                    fb:36:e1:52:80:ce:1f:c0:25:8d:3e:e6:17:78:98:
                    4a:9b:7e:07:7a:8a:d4:e7:c6:66:26:8e:be:7b:fa:
                    3a:1e:95:0e:1c:33:81:33:2c:4c:e4:55:5b:fd:0e:
                    48:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D5:37:CB:68:1E:09:40:CB:6A:CA:E4:EA:27:98:CF:19:5D:E2:A9
            X509v3 Authority Key Identifier:
                keyid:CD:F6:2C:BD:6C:F7:E8:08:22:4F:6C:F8:72:5E:36:E2:A9:65:35:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zfYsvWz36AgiT2z4cl424qllNSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/e9169a-ee06-4e4a-b21e-849417ae634d/1/9tU3y2geCUDLasrk6ieYzxld4qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/e9169a-ee06-4e4a-b21e-849417ae634d/1/zfYsvWz36AgiT2z4cl424qllNSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.163.0/24
                IPv6:
                  2001:678:d78::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:d1:79:ff:81:bd:5a:74:17:ba:25:82:84:c7:c5:df:4f:9d:
         a3:80:b6:a2:83:4d:de:18:a7:01:11:f3:a9:6e:b8:cb:f8:37:
         b8:94:21:a2:ce:b0:6d:f4:a7:f1:b9:42:5c:2e:22:aa:b3:07:
         2b:dd:1f:f6:31:6c:6a:d2:06:f3:9f:a0:f6:d7:e0:58:58:a4:
         1d:0c:80:08:2a:ca:b1:e1:ac:f3:bf:b4:97:84:e0:44:78:39:
         d1:8c:ea:6a:34:c2:3f:50:0e:83:01:2f:62:b7:51:a4:61:38:
         d8:21:de:73:1a:2a:6d:74:50:9f:80:5d:b8:a9:30:e1:40:22:
         b3:d4:a7:1f:95:8c:43:7e:da:d7:24:af:fb:42:00:61:06:8a:
         29:5f:60:06:89:39:d9:58:5e:0b:42:b4:35:f7:73:be:4c:7a:
         6f:5f:2e:97:e3:48:dc:3e:7c:b8:79:92:ed:2f:e8:d8:02:7b:
         b0:e6:9b:5b:90:0f:af:1f:fc:11:ab:f8:d0:06:69:d6:2f:b1:
         4b:68:6b:be:35:f3:5c:a9:8f:45:b6:2a:b4:32:07:20:4a:e1:
         36:8e:43:81:07:d8:3a:85:d7:10:a0:6b:e6:3a:3d:52:ed:a0:
         9b:3a:19:bf:6b:30:fa:a8:fb:94:08:01:39:14:1f:7c:42:0f:
         8f:fd:ac:25
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAXeUieWQ2HxhfLnA5e8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZjYyY2JkNmNmN2U4MDgyMjRmNmNmODcyNWUzNmUyYTk2
NTM1MmMwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmQ1MzdjYjY4MWUwOTQwY2I2YWNhZTRlYTI3OThjZjE5NWRlMmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1qtmrYeCHlrKeKi9k8IE/2tL3Y4
4H5Tnrz2s8lzdk/5zldHl+26Zq1aHnx3Ml6K/SY5Ma5AOE9yDyX82c4IeEznXUkO
yAFfAz6myiQrNhtloftg+bIKorJb3Hb7GPlLKzMCcYqTva6VcfzyFXwYDXsXtD/q
B9bQy4E8zi4G53DD8iD8tKfxUzbMcbGfPBZvxLJYdx9OxP3O8drxBtYmH9204NFx
PeWvhD86QU7EFFmBhNOeez8oyh2gu2dg9DMUOiE0bJutLNK0mLoFpe25Q4n7NuFS
gM4fwCWNPuYXeJhKm34HeorU58ZmJo6+e/o6HpUOHDOBMyxM5FVb/Q5IHwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPbVN8toHglAy2rK5OonmM8ZXeKpMB8GA1UdIwQY
MBaAFM32LL1s9+gIIk9s+HJeNuKpZTUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemZZc3ZXejM2QWdpVDJ6NGNsNDI0cWxsTlN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9lOTE2OWEtZWUwNi00ZTRhLWIyMWUt
ODQ5NDE3YWU2MzRkLzEvOXRVM3kyZ2VDVURMYXNyazZpZVl6eGxkNHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9lOTE2OWEtZWUwNi00ZTRhLWIyMWUtODQ5NDE3YWU2MzRk
LzEvemZZc3ZXejM2QWdpVDJ6NGNsNDI0cWxsTlN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgGjMA8E
AgACMAkDBwAgAQZ4DXgwDQYJKoZIhvcNAQELBQADggEBAG7Ref+BvVp0F7olgoTH
xd9PnaOAtqKDTd4YpwER86luuMv4N7iUIaLOsG30p/G5QlwuIqqzByvdH/YxbGrS
BvOfoPbX4FhYpB0MgAgqyrHhrPO/tJeE4ER4OdGM6mo0wj9QDoMBL2K3UaRhONgh
3nMaKm10UJ+AXbipMOFAIrPUpx+VjEN+2tckr/tCAGEGiilfYAaJOdlYXgtCtDX3
c75Mem9fLpfjSNw+fLh5ku0v6NgCe7Dmm1uQD68f/BGr+NAGadYvsUtoa74181yp
j0W2KrQyByBK4TaOQ4EH2DqF1xCga+Y6PVLtoJs6Gb9rMPqo+5QIATkUH3xCD4/9
rCU=
-----END CERTIFICATE-----
Generated at Mon Jun 17 16:35:27 2024 by rpki-client on console-ams.rpki-client.org