Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/nKcJs922KonzdB3NL-6p13cEnE8.roa
File:                     nKcJs922KonzdB3NL-6p13cEnE8.roa (raw, json)
Hash identifier:          4hyeRFqyHNcbboH1gxbTtNovRsqDfEZnLff48AJ5DIs=
Subject key identifier:   9C:A7:09:B3:DD:B6:2A:89:F3:74:1D:CD:2F:EE:A9:D7:77:04:9C:4F
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       018CC64B1E43146AC8861B8DE7C0498C0067
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/nKcJs922KonzdB3NL-6p13cEnE8.roa
Signing time:             Mon 01 Jan 2024 18:31:00 +0000
ROA not before:           Mon 01 Jan 2024 18:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205547
IP address blocks:        46.32.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1e:43:14:6a:c8:86:1b:8d:e7:c0:49:8c:00:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan  1 18:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ca709b3ddb62a89f3741dcd2feea9d777049c4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:22:8c:48:1b:45:f1:22:9d:9a:81:4c:e5:ec:
                    a3:82:e4:ea:a1:61:1d:70:97:a6:7c:fe:f1:97:5b:
                    f2:e1:3a:31:d9:19:f4:ad:43:1a:f5:75:b0:ed:27:
                    e6:da:e8:89:26:56:31:04:b0:56:09:7b:eb:62:45:
                    51:34:7b:07:10:87:f7:dc:f3:e5:27:9a:e3:62:be:
                    3f:1c:e5:3f:e7:85:c9:2e:9e:b4:8d:ac:67:7d:15:
                    9b:b9:73:bd:e4:d8:af:82:73:7f:04:8d:5d:93:96:
                    44:9a:0c:ac:73:af:68:3d:02:f7:75:38:41:05:52:
                    8d:ac:54:25:63:8e:65:47:6e:f7:9b:c6:d2:ad:e1:
                    12:de:5b:c2:a5:81:49:ac:ce:bd:c5:9f:4a:44:fe:
                    7e:b5:5e:b4:3d:44:c4:cb:8b:90:4b:11:5b:99:70:
                    64:24:5e:7c:6a:75:89:e2:ed:9d:10:cd:cb:b3:bf:
                    58:f7:cd:38:5e:8e:ee:b3:aa:af:aa:26:89:07:62:
                    6a:2b:cc:5e:35:a4:6f:59:6a:b9:92:fd:7f:43:d0:
                    93:52:fb:d7:99:c6:8e:ce:a2:0c:d7:34:9d:d1:1c:
                    3d:81:16:32:33:c6:1c:40:26:91:79:d4:f6:71:ca:
                    a2:fe:4a:df:e4:e7:b4:8e:d5:bc:99:cb:a0:8d:f1:
                    7e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A7:09:B3:DD:B6:2A:89:F3:74:1D:CD:2F:EE:A9:D7:77:04:9C:4F
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/nKcJs922KonzdB3NL-6p13cEnE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:2b:cd:62:f2:10:29:31:05:86:3d:c6:c7:7a:6f:49:38:fb:
         ba:57:60:2b:2f:1d:e8:27:2c:85:62:45:91:2a:0c:77:ef:55:
         22:db:56:d8:b4:87:d5:a2:ae:36:4a:29:81:ed:4d:3f:62:71:
         fd:c1:5e:d5:f4:cb:7b:e8:86:ac:c1:f0:6e:e7:5d:5b:3e:0b:
         a1:68:26:48:04:1d:43:2a:c2:40:6e:29:3d:eb:d0:7d:b3:4c:
         2b:80:9f:3a:d9:cd:d2:81:4d:57:a7:a4:5a:51:99:65:41:7a:
         f1:07:a1:10:d9:e7:95:30:b0:96:6a:9c:85:1a:27:5d:74:af:
         12:47:4c:fa:0b:18:c1:5d:96:9e:b5:6b:f1:20:c3:b3:f9:ef:
         9a:3d:97:10:c6:f0:4a:f5:65:bc:1d:7d:5f:7b:63:02:e9:4c:
         0b:e8:79:31:46:8b:be:46:ec:a6:fd:37:39:d5:4d:b8:b1:4c:
         29:51:21:36:26:be:32:fa:37:54:f6:ea:39:e3:ec:e4:13:0b:
         87:f1:37:20:5c:01:24:67:9b:5b:d2:c7:d9:07:d7:8f:ca:30:
         5b:eb:7a:db:57:e8:2e:be:d2:c4:82:ad:ea:c7:7b:68:e4:ee:
         12:4e:8e:b2:62:32:7c:e5:ca:c1:72:11:2f:48:d4:76:d9:c5:
         3c:0a:a3:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSx5DFGrIhhuN58BJjABnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjQwMTAxMTgzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E3MDliM2RkYjYyYTg5ZjM3NDFkY2QyZmVlYTlkNzc3MDQ5YzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryKMSBtF8SKdmoFM5eyjguTqoWEd
cJemfP7xl1vy4Tox2Rn0rUMa9XWw7Sfm2uiJJlYxBLBWCXvrYkVRNHsHEIf33PPl
J5rjYr4/HOU/54XJLp60jaxnfRWbuXO95NivgnN/BI1dk5ZEmgysc69oPQL3dThB
BVKNrFQlY45lR273m8bSreES3lvCpYFJrM69xZ9KRP5+tV60PUTEy4uQSxFbmXBk
JF58anWJ4u2dEM3Ls79Y9804Xo7us6qvqiaJB2JqK8xeNaRvWWq5kv1/Q9CTUvvX
mcaOzqIM1zSd0Rw9gRYyM8YcQCaRedT2ccqi/krf5Oe0jtW8mcugjfF+GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJynCbPdtiqJ83QdzS/uqdd3BJxPMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvbktjSnM5MjJLb256ZEIzTkwtNnAxM2NFbkU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiCuMA0G
CSqGSIb3DQEBCwUAA4IBAQCHK81i8hApMQWGPcbHem9JOPu6V2ArLx3oJyyFYkWR
Kgx371Ui21bYtIfVoq42SimB7U0/YnH9wV7V9Mt76IaswfBu511bPguhaCZIBB1D
KsJAbik969B9s0wrgJ862c3SgU1Xp6RaUZllQXrxB6EQ2eeVMLCWapyFGidddK8S
R0z6CxjBXZaetWvxIMOz+e+aPZcQxvBK9WW8HX1fe2MC6UwL6HkxRou+Ruym/Tc5
1U24sUwpUSE2Jr4y+jdU9uo54+zkEwuH8TcgXAEkZ5tb0sfZB9ePyjBb63rbV+gu
vtLEgq3qx3to5O4STo6yYjJ85crBchEvSNR22cU8CqMF
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:20:43 2024 by rpki-client on console-ams.rpki-client.org