Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/1zhbjfm2IIXrv-myvFqRiAUu4Q8.roa
File:                     1zhbjfm2IIXrv-myvFqRiAUu4Q8.roa (raw, json)
Hash identifier:          vV/19nYRFnA8RjZBBqhfPXIWvJl10dGgAhrWcJEaj1Q=
Subject key identifier:   D7:38:5B:8D:F9:B6:20:85:EB:BF:E9:B2:BC:5A:91:88:05:2E:E1:0F
Certificate issuer:       /CN=a9a28417c1e1b68f69be1d3ec812037097619ccd
Certificate serial:       018CC4246A07370D1FDBF2516FB478DA6F91
Authority key identifier: A9:A2:84:17:C1:E1:B6:8F:69:BE:1D:3E:C8:12:03:70:97:61:9C:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qaKEF8Hhto9pvh0-yBIDcJdhnM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/1zhbjfm2IIXrv-myvFqRiAUu4Q8.roa
Signing time:             Mon 01 Jan 2024 08:29:29 +0000
ROA not before:           Mon 01 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9050
IP address blocks:        91.201.83.0/24 maxlen: 24
                          91.201.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/qaKEF8Hhto9pvh0-yBIDcJdhnM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/qaKEF8Hhto9pvh0-yBIDcJdhnM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qaKEF8Hhto9pvh0-yBIDcJdhnM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6a:07:37:0d:1f:db:f2:51:6f:b4:78:da:6f:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9a28417c1e1b68f69be1d3ec812037097619ccd
        Validity
            Not Before: Jan  1 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7385b8df9b62085ebbfe9b2bc5a9188052ee10f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f4:d0:d9:69:cb:4d:75:88:8a:c6:6e:89:72:
                    8a:c4:0b:a9:4a:60:2a:fb:b0:4a:8c:2d:63:d2:0e:
                    d5:c3:e4:d2:33:dc:a0:3e:fc:34:65:e8:f4:10:39:
                    16:3b:09:65:a4:34:18:46:17:11:e7:9f:2c:3a:d6:
                    55:b7:ad:d0:b2:71:ba:29:59:6b:6a:ab:ad:3f:16:
                    dd:3b:25:35:75:d2:43:53:4d:54:45:cc:e0:98:ea:
                    cc:7a:7b:ea:ad:b0:64:0a:bb:c0:9a:6c:84:22:a7:
                    ff:83:9c:fb:ce:3f:60:bb:dd:86:64:26:09:37:42:
                    fd:0f:7d:b1:44:b5:e1:a8:0c:6a:c6:b6:a2:68:b8:
                    d3:17:54:5d:64:88:7b:13:00:4b:e4:26:d7:46:d4:
                    1b:31:f9:38:ce:06:5c:2f:4f:d4:2b:b1:e9:07:ff:
                    a5:2a:7b:f0:62:7b:99:11:97:95:96:d1:51:18:7b:
                    8b:dc:61:90:0b:3d:6a:be:8c:6c:c1:3a:f5:b0:94:
                    61:2e:e8:05:54:53:f0:d1:fb:14:3c:e1:84:47:44:
                    f4:8c:01:44:97:d0:87:27:09:19:72:88:32:67:3e:
                    8c:07:60:27:ee:db:23:52:c5:e7:c7:a1:a1:28:76:
                    84:3d:92:04:df:6a:b5:88:83:89:be:19:93:a1:55:
                    cd:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:38:5B:8D:F9:B6:20:85:EB:BF:E9:B2:BC:5A:91:88:05:2E:E1:0F
            X509v3 Authority Key Identifier:
                keyid:A9:A2:84:17:C1:E1:B6:8F:69:BE:1D:3E:C8:12:03:70:97:61:9C:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qaKEF8Hhto9pvh0-yBIDcJdhnM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/1zhbjfm2IIXrv-myvFqRiAUu4Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/309c36-7c1d-4a33-9cf5-ed36477b9480/1/qaKEF8Hhto9pvh0-yBIDcJdhnM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:64:05:3c:66:23:07:1a:47:5e:cd:e0:8a:43:41:b5:48:66:
         86:e5:e1:12:1a:e4:ef:bd:95:02:7e:e5:f4:0d:35:d6:0c:b4:
         9e:7f:1c:47:ca:ac:4c:7c:4d:7f:5f:af:35:49:fe:f7:ac:c2:
         9a:cd:84:0f:d0:4b:4b:c0:3d:a9:b8:51:15:7d:16:b6:0e:47:
         65:8d:71:03:d8:ec:cd:30:68:27:6d:5f:81:07:0b:1f:16:0f:
         a6:09:c0:61:01:2f:27:d0:b6:03:a9:e6:38:2a:44:1f:be:8a:
         24:f0:d7:a4:ad:64:5a:dc:97:08:59:f5:75:6a:be:ea:65:70:
         10:e0:80:25:bb:07:3d:ca:29:e8:a9:bd:ca:ed:c1:fe:99:98:
         72:ac:6a:c8:b8:ad:14:3f:9a:0f:b9:5d:70:98:aa:97:18:40:
         f3:a0:bc:2f:cf:ef:f3:f5:c7:32:d9:f1:e1:d0:a2:43:0c:07:
         7b:4b:4c:3c:0a:8f:6d:e9:f6:76:de:8c:cb:95:03:5d:71:8f:
         20:26:2d:c0:f6:70:60:b8:52:b1:99:54:6d:25:6e:b7:55:8c:
         41:c4:3e:b4:39:85:2a:84:4d:cb:0d:3a:2b:5b:4a:9a:02:d2:
         89:77:b9:f6:2b:04:4a:b4:44:bf:29:f0:94:d0:b5:d9:5a:04:
         ca:5f:61:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGoHNw0f2/JRb7R42m+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YTI4NDE3YzFlMWI2OGY2OWJlMWQzZWM4MTIwMzcwOTc2
MTljY2QwHhcNMjQwMTAxMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzM4NWI4ZGY5YjYyMDg1ZWJiZmU5YjJiYzVhOTE4ODA1MmVlMTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvTQ2WnLTXWIisZuiXKKxAupSmAq
+7BKjC1j0g7Vw+TSM9ygPvw0Zej0EDkWOwllpDQYRhcR558sOtZVt63QsnG6KVlr
aqutPxbdOyU1ddJDU01URczgmOrMenvqrbBkCrvAmmyEIqf/g5z7zj9gu92GZCYJ
N0L9D32xRLXhqAxqxraiaLjTF1RdZIh7EwBL5CbXRtQbMfk4zgZcL0/UK7HpB/+l
KnvwYnuZEZeVltFRGHuL3GGQCz1qvoxswTr1sJRhLugFVFPw0fsUPOGER0T0jAFE
l9CHJwkZcogyZz6MB2An7tsjUsXnx6GhKHaEPZIE32q1iIOJvhmToVXN4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNc4W435tiCF67/psrxakYgFLuEPMB8GA1UdIwQY
MBaAFKmihBfB4baPab4dPsgSA3CXYZzNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWFLRUY4SGh0bzlwdmgwLXlCSURjSmRobk0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zMDljMzYtN2MxZC00YTMzLTljZjUt
ZWQzNjQ3N2I5NDgwLzEvMXpoYmpmbTJJSVhydi1teXZGcVJpQVV1NFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zMDljMzYtN2MxZC00YTMzLTljZjUtZWQzNjQ3N2I5NDgw
LzEvcWFLRUY4SGh0bzlwdmgwLXlCSURjSmRobk0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8lSMA0G
CSqGSIb3DQEBCwUAA4IBAQAjZAU8ZiMHGkdezeCKQ0G1SGaG5eESGuTvvZUCfuX0
DTXWDLSefxxHyqxMfE1/X681Sf73rMKazYQP0EtLwD2puFEVfRa2DkdljXED2OzN
MGgnbV+BBwsfFg+mCcBhAS8n0LYDqeY4KkQfvook8NekrWRa3JcIWfV1ar7qZXAQ
4IAluwc9yinoqb3K7cH+mZhyrGrIuK0UP5oPuV1wmKqXGEDzoLwvz+/z9ccy2fHh
0KJDDAd7S0w8Co9t6fZ23ozLlQNdcY8gJi3A9nBguFKxmVRtJW63VYxBxD60OYUq
hE3LDTorW0qaAtKJd7n2KwRKtES/KfCU0LXZWgTKX2H6
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:22:09 2024 by rpki-client on console-ams.rpki-client.org