Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f09a7f-5761-45a7-9ccb-1f3ed6d881b8/1/1-G1sxKyCjtbC2VvyuGBhZes7Qg.roa
File:                     1-G1sxKyCjtbC2VvyuGBhZes7Qg.roa (raw, json)
Hash identifier:          9jZg5bMijYW9BxT5hinrF0KTK0qqqcnj9BnyPR9wjbI=
Subject key identifier:   D7:E1:B5:B3:12:B2:0A:3B:5B:0B:65:6F:CA:E1:81:85:97:AC:ED:08
Certificate issuer:       /CN=9520bf8c77226a3fa88ebe11cc8f1169cc560a79
Certificate serial:       018CC86F1D3C2D07585D0D4FC031FF727563
Authority key identifier: 95:20:BF:8C:77:22:6A:3F:A8:8E:BE:11:CC:8F:11:69:CC:56:0A:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSC_jHciaj-ojr4RzI8RacxWCnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f09a7f-5761-45a7-9ccb-1f3ed6d881b8/1/1-G1sxKyCjtbC2VvyuGBhZes7Qg.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57265
IP address blocks:        91.216.41.0/24 maxlen: 24
                          2001:678:71c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f09a7f-5761-45a7-9ccb-1f3ed6d881b8/1/lSC_jHciaj-ojr4RzI8RacxWCnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f09a7f-5761-45a7-9ccb-1f3ed6d881b8/1/lSC_jHciaj-ojr4RzI8RacxWCnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSC_jHciaj-ojr4RzI8RacxWCnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1d:3c:2d:07:58:5d:0d:4f:c0:31:ff:72:75:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9520bf8c77226a3fa88ebe11cc8f1169cc560a79
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7e1b5b312b20a3b5b0b656fcae1818597aced08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:be:45:c8:22:27:e6:3a:1a:aa:40:db:38:ff:
                    85:34:8d:d3:d6:23:49:e0:7a:b7:da:ef:35:85:10:
                    b5:84:42:2a:8a:e1:5e:93:7a:aa:0d:ff:06:22:a1:
                    1b:53:05:26:21:61:06:72:b6:c1:be:29:fc:00:af:
                    65:5d:be:f6:02:0e:dc:83:df:c3:1b:c8:9b:ba:71:
                    57:1b:42:c3:28:9a:cc:e4:73:8d:67:32:b6:fd:fa:
                    32:c9:d1:ce:71:8c:8f:dc:56:ff:73:12:36:6e:01:
                    34:d1:05:9e:c1:a9:a3:9c:49:20:17:57:05:dd:35:
                    2a:fc:0e:36:57:c3:71:db:82:a7:88:14:c1:95:5e:
                    68:cd:66:95:b6:12:07:b3:5c:fd:4b:7d:82:65:93:
                    bc:a5:7d:9f:ee:a0:6c:47:d1:22:76:d2:d5:6e:4c:
                    a9:3a:bc:3c:4d:6f:84:01:0b:ad:8b:85:fe:f2:91:
                    cf:f1:05:3b:23:8e:9c:61:0d:92:cf:5e:4d:df:b0:
                    f9:4e:92:36:fb:90:0f:37:00:fb:4c:9c:94:7a:07:
                    5d:42:13:27:77:75:6c:61:5e:a0:0c:d0:df:2f:2b:
                    3e:d8:7a:56:60:25:c9:ca:84:48:ae:87:47:30:25:
                    c8:1b:8d:ba:76:70:46:d7:3c:77:8a:76:54:34:8c:
                    00:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E1:B5:B3:12:B2:0A:3B:5B:0B:65:6F:CA:E1:81:85:97:AC:ED:08
            X509v3 Authority Key Identifier:
                keyid:95:20:BF:8C:77:22:6A:3F:A8:8E:BE:11:CC:8F:11:69:CC:56:0A:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSC_jHciaj-ojr4RzI8RacxWCnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f09a7f-5761-45a7-9ccb-1f3ed6d881b8/1/1-G1sxKyCjtbC2VvyuGBhZes7Qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f09a7f-5761-45a7-9ccb-1f3ed6d881b8/1/lSC_jHciaj-ojr4RzI8RacxWCnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.41.0/24
                IPv6:
                  2001:678:71c::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:d9:f1:05:13:34:32:c0:fb:86:6d:11:b3:fd:f2:7d:91:09:
         5c:2d:4f:33:c0:73:42:83:17:8e:41:d2:ca:d9:dc:34:20:75:
         e4:5e:16:60:32:7c:d7:f2:fd:d2:5e:ab:d0:89:66:40:15:00:
         a9:a5:32:2e:71:02:79:ae:74:5b:6a:30:57:8a:a0:d5:e2:66:
         66:2c:59:17:92:5f:dc:e8:69:b5:c1:be:e6:ec:33:79:ed:0a:
         d4:e9:92:e9:ae:32:2a:55:7b:27:2c:2d:0a:b0:d5:ff:a6:ea:
         3a:ed:84:82:60:88:ae:5a:81:91:97:30:a1:78:aa:77:75:7c:
         b5:bd:2e:9e:fa:f8:0d:82:ad:e4:44:ae:66:b8:8d:1e:d1:c0:
         14:c3:85:12:ac:8c:8f:e5:6c:ad:b9:86:74:48:31:0b:5a:ef:
         83:88:98:38:3f:51:6d:10:8a:9e:1f:42:9f:b1:e0:b4:36:50:
         5b:ee:51:74:4b:4c:3a:14:de:bf:46:6b:45:3a:2d:e4:81:07:
         21:c5:f2:aa:d3:31:01:52:32:42:c4:12:d2:81:b7:66:9b:6a:
         42:17:9c:b7:2a:43:d1:8c:95:85:22:21:c3:67:cc:ae:ad:c8:
         ca:20:6c:ce:03:4a:37:6e:8e:c9:28:c4:ab:0c:21:fd:08:06:
         48:49:66:48
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIbx08LQdYXQ1PwDH/cnVjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjBiZjhjNzcyMjZhM2ZhODhlYmUxMWNjOGYxMTY5Y2M1
NjBhNzkwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2UxYjViMzEyYjIwYTNiNWIwYjY1NmZjYWUxODE4NTk3YWNlZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0b5FyCIn5joaqkDbOP+FNI3T1iNJ
4Hq32u81hRC1hEIqiuFek3qqDf8GIqEbUwUmIWEGcrbBvin8AK9lXb72Ag7cg9/D
G8ibunFXG0LDKJrM5HONZzK2/foyydHOcYyP3Fb/cxI2bgE00QWewamjnEkgF1cF
3TUq/A42V8Nx24KniBTBlV5ozWaVthIHs1z9S32CZZO8pX2f7qBsR9EidtLVbkyp
Orw8TW+EAQuti4X+8pHP8QU7I46cYQ2Sz15N37D5TpI2+5APNwD7TJyUegddQhMn
d3VsYV6gDNDfLys+2HpWYCXJyoRIrodHMCXIG426dnBG1zx3inZUNIwAmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNfhtbMSsgo7Wwtlb8rhgYWXrO0IMB8GA1UdIwQY
MBaAFJUgv4x3Imo/qI6+EcyPEWnMVgp5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNDX2pIY2lhai1vanI0UnpJOFJhY3hXQ25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mMDlhN2YtNTc2MS00NWE3LTljY2It
MWYzZWQ2ZDg4MWI4LzEvMS1HMXN4S3lDanRiQzJWdnl1R0JoWmVzN1FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mMDlhN2YtNTc2MS00NWE3LTljY2ItMWYzZWQ2ZDg4MWI4
LzEvbFNDX2pIY2lhai1vanI0UnpJOFJhY3hXQ25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9gpMA8E
AgACMAkDBwAgAQZ4BxwwDQYJKoZIhvcNAQELBQADggEBAKPZ8QUTNDLA+4ZtEbP9
8n2RCVwtTzPAc0KDF45B0srZ3DQgdeReFmAyfNfy/dJeq9CJZkAVAKmlMi5xAnmu
dFtqMFeKoNXiZmYsWReSX9zoabXBvubsM3ntCtTpkumuMipVeycsLQqw1f+m6jrt
hIJgiK5agZGXMKF4qnd1fLW9Lp76+A2CreRErma4jR7RwBTDhRKsjI/lbK25hnRI
MQta74OImDg/UW0Qip4fQp+x4LQ2UFvuUXRLTDoU3r9Ga0U6LeSBByHF8qrTMQFS
MkLEEtKBt2abakIXnLcqQ9GMlYUiIcNnzK6tyMogbM4DSjdujskoxKsMIf0IBkhJ
Zkg=
-----END CERTIFICATE-----
Generated at Tue Nov 26 20:13:33 2024 by rpki-client on console-ams.rpki-client.org