Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/j7Ou8DKp_fHXAxJk9Aa_D2Jz1f8.roa
File:                     j7Ou8DKp_fHXAxJk9Aa_D2Jz1f8.roa (raw, json)
Hash identifier:          D8r6c5AxrnH8LUhHbS47r87PmY0mjQvqZC7sIz8KDps=
Subject key identifier:   8F:B3:AE:F0:32:A9:FD:F1:D7:03:12:64:F4:06:BF:0F:62:73:D5:FF
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DE691DB787B29AF32DD8A8BBE4A47
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/j7Ou8DKp_fHXAxJk9Aa_D2Jz1f8.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35298
IP address blocks:        31.173.176.0/20 maxlen: 20
                          37.29.76.0/22 maxlen: 22
                          78.41.100.0/22 maxlen: 22
                          178.176.154.0/23 maxlen: 23
                          2a03:d000:8741::/48 maxlen: 48
                          2a03:d000:8704::/48 maxlen: 48
                          2a03:d000:8740::/48 maxlen: 48
                          2a03:d000:8703::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e6:91:db:78:7b:29:af:32:dd:8a:8b:be:4a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fb3aef032a9fdf1d7031264f406bf0f6273d5ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ec:fd:04:9a:95:57:cf:7d:57:61:b2:61:55:
                    44:8f:6f:b4:d4:62:6d:2a:28:fd:fd:cb:0a:78:a5:
                    58:21:98:82:ff:1c:f4:a3:46:7e:65:4a:05:62:39:
                    d0:a9:23:0f:13:58:ad:6a:8c:d7:1d:4c:fa:35:01:
                    ec:2a:6a:01:8c:bb:32:cb:45:f2:26:94:94:00:7f:
                    94:30:48:56:bf:2f:69:2c:f1:55:15:dc:4f:78:c5:
                    f3:96:79:21:c6:65:0f:ed:8b:78:3f:c0:8e:63:24:
                    71:1a:f7:54:b8:84:9f:a7:78:dd:e7:b1:2d:f4:ec:
                    07:1b:b2:90:b9:35:df:20:12:dc:b7:e7:e9:57:5f:
                    23:45:ab:b8:5b:d0:2b:46:7c:a4:42:19:b5:11:23:
                    ee:55:68:e6:39:29:72:3d:de:9d:f8:09:b0:67:13:
                    c3:2f:be:0b:c5:8f:2d:9f:30:b3:97:da:c6:b0:f6:
                    0f:47:13:ea:33:e9:08:a1:4a:75:dd:07:16:86:17:
                    03:8b:a1:44:ee:46:24:68:a3:a0:5d:cf:76:94:fd:
                    f3:71:ae:d6:f4:fa:5b:d2:21:58:fb:82:c4:26:52:
                    79:fd:bb:0d:3c:6b:66:7d:55:29:e4:00:91:99:3d:
                    d3:bc:a4:d9:f7:3e:7d:b9:02:4a:67:77:32:9b:c2:
                    b5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B3:AE:F0:32:A9:FD:F1:D7:03:12:64:F4:06:BF:0F:62:73:D5:FF
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/j7Ou8DKp_fHXAxJk9Aa_D2Jz1f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.173.176.0/20
                  37.29.76.0/22
                  78.41.100.0/22
                  178.176.154.0/23
                IPv6:
                  2a03:d000:8703::-2a03:d000:8704:ffff:ffff:ffff:ffff:ffff
                  2a03:d000:8740::/47

    Signature Algorithm: sha256WithRSAEncryption
         9e:3f:8f:41:cb:99:16:6d:ee:f6:ad:25:0b:23:b1:31:8f:e8:
         16:a3:10:c8:2c:e1:10:2f:aa:d9:b7:dd:e8:1a:e5:f1:ad:fe:
         33:df:15:2a:5f:af:19:f6:6a:3f:f7:75:ed:f3:8e:df:b4:16:
         58:3d:0a:9f:90:d8:e1:bf:54:37:1d:58:43:29:de:6d:b9:23:
         76:ca:69:d4:45:23:5e:4f:b7:78:26:cc:62:b4:02:42:6c:00:
         b3:62:2a:c1:f9:d5:17:c8:fa:d9:d0:94:d7:57:8e:6c:0d:b2:
         57:af:ce:ef:99:a2:c3:c5:17:e7:08:a4:bc:d3:1e:1e:e9:2c:
         ac:97:b6:2d:5e:3b:14:19:ce:b8:bb:b5:4e:bb:c7:d9:f2:61:
         c0:25:84:e1:d3:c5:b6:ea:23:f5:e9:bf:e7:6c:4d:f4:a7:7a:
         fb:d2:fe:18:0c:d1:16:ce:02:70:51:99:79:d0:02:80:37:d7:
         68:6c:59:13:50:12:1a:18:c7:8e:4b:6d:7d:e6:5e:2a:d8:69:
         01:34:95:0a:46:d4:61:00:ca:89:86:6a:c5:c1:9c:b2:54:ba:
         65:72:8b:3d:bb:7c:48:f4:57:4c:9d:02:30:f6:1f:ec:a1:ad:
         70:97:fb:3e:0b:40:e5:73:82:6b:db:a1:91:77:90:99:fa:a5:
         a4:3d:db:59
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYzFbeaR23h7Ka8y3YqLvkpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmIzYWVmMDMyYTlmZGYxZDcwMzEyNjRmNDA2YmYwZjYyNzNkNWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruz9BJqVV899V2GyYVVEj2+01GJt
Kij9/csKeKVYIZiC/xz0o0Z+ZUoFYjnQqSMPE1itaozXHUz6NQHsKmoBjLsyy0Xy
JpSUAH+UMEhWvy9pLPFVFdxPeMXzlnkhxmUP7Yt4P8COYyRxGvdUuISfp3jd57Et
9OwHG7KQuTXfIBLct+fpV18jRau4W9ArRnykQhm1ESPuVWjmOSlyPd6d+AmwZxPD
L74LxY8tnzCzl9rGsPYPRxPqM+kIoUp13QcWhhcDi6FE7kYkaKOgXc92lP3zca7W
9Ppb0iFY+4LEJlJ5/bsNPGtmfVUp5ACRmT3TvKTZ9z59uQJKZ3cym8K1fwIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFI+zrvAyqf3x1wMSZPQGvw9ic9X/MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvajdPdThES3BfZkhYQXhKazlBYV9EMkp6MWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAeBAIAATAYAwQEH62wAwQC
JR1MAwQCTilkAwQBsrCaMCMEAgACMB0wEgMHACoD0ACHAwMHACoD0ACHBAMHASoD
0ACHQDANBgkqhkiG9w0BAQsFAAOCAQEAnj+PQcuZFm3u9q0lCyOxMY/oFqMQyCzh
EC+q2bfd6Brl8a3+M98VKl+vGfZqP/d17fOO37QWWD0Kn5DY4b9UNx1YQynebbkj
dspp1EUjXk+3eCbMYrQCQmwAs2IqwfnVF8j62dCU11eObA2yV6/O75miw8UX5wik
vNMeHuksrJe2LV47FBnOuLu1TrvH2fJhwCWE4dPFtuoj9em/52xN9Kd6+9L+GAzR
Fs4CcFGZedACgDfXaGxZE1ASGhjHjkttfeZeKthpATSVCkbUYQDKiYZqxcGcslS6
ZXKLPbt8SPRXTJ0CMPYf7KGtcJf7PgtA5XOCa9uhkXeQmfqlpD3bWQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:38:15 2024 by rpki-client on console-fra.rpki-client.org