Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/1-JeU5Ztmd7dI2WAxKqDvuuLFfdc.roa
File:                     1-JeU5Ztmd7dI2WAxKqDvuuLFfdc.roa (raw, json)
Hash identifier:          sJa+U3LLkFzW3SprgwTcuNyrM/WIZcd29wv7V4vGIrY=
Subject key identifier:   F8:97:94:E5:9B:66:77:B7:48:D9:60:31:2A:A0:EF:BA:E2:C5:7D:D7
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       01942747F962F5029C58155BEEC17AB73935
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/1-JeU5Ztmd7dI2WAxKqDvuuLFfdc.roa
Signing time:             Thu 02 Jan 2025 13:50:15 +0000
ROA not before:           Thu 02 Jan 2025 13:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25487
IP address blocks:        217.13.80.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f9:62:f5:02:9c:58:15:5b:ee:c1:7a:b7:39:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: Jan  2 13:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f89794e59b6677b748d960312aa0efbae2c57dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a6:d3:d7:26:8d:28:89:08:76:7f:c7:b3:cb:
                    00:5e:c7:b3:60:8e:60:40:49:a9:a0:8f:b1:1b:f3:
                    36:01:92:21:cd:e5:92:f4:a5:19:7a:9b:f5:bf:73:
                    ff:ae:33:2a:b5:b4:d7:28:ed:80:85:83:07:65:7f:
                    25:0c:4c:70:ff:76:fa:9e:b3:a1:30:cb:31:2f:3a:
                    de:43:7a:02:b4:e8:80:a9:2c:76:f1:ff:fc:96:b5:
                    78:aa:58:0d:9b:f1:8a:58:e3:b8:5b:bb:1d:88:18:
                    7e:09:a1:e7:6c:fa:81:cd:27:cb:aa:0f:ce:ed:32:
                    a6:2b:61:ea:c4:f3:e7:6f:a3:3d:94:fc:8e:70:39:
                    64:df:91:6f:32:ee:fc:07:4f:9a:73:b5:94:22:d0:
                    c4:67:8c:f8:41:14:54:3b:75:e5:55:77:db:b1:b8:
                    d7:72:48:ae:cd:02:63:54:0e:c4:f1:ef:08:59:91:
                    fe:2d:ae:3e:c7:2e:3d:28:59:c9:12:cc:7c:67:6f:
                    ae:e0:fe:87:5b:3a:b2:a0:0a:ab:51:c8:17:68:81:
                    71:a5:66:da:24:d7:8d:f9:79:15:05:18:f3:be:8b:
                    e8:10:21:0b:ef:d8:3e:33:82:da:0f:f9:52:76:1c:
                    1b:81:4f:73:29:d0:31:a7:a0:3f:76:6c:51:65:63:
                    cf:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:97:94:E5:9B:66:77:B7:48:D9:60:31:2A:A0:EF:BA:E2:C5:7D:D7
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/1-JeU5Ztmd7dI2WAxKqDvuuLFfdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.13.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6f:ae:e8:4c:b8:42:c3:10:e9:3c:3b:8f:13:cf:0f:40:51:82:
         ab:3c:24:c1:72:ec:48:56:6a:32:95:20:d3:53:f1:1d:c2:0a:
         e0:1d:82:eb:88:2c:2c:f9:c0:6b:b0:ac:2c:19:de:ba:3c:16:
         d7:23:12:83:f8:6c:33:d8:9f:fe:aa:4c:ed:1d:9c:43:9e:b1:
         f7:c3:92:47:e5:c2:b8:16:f3:ec:47:e9:c7:c6:53:fa:f9:d5:
         44:5c:fe:1a:a9:5c:25:e8:e3:f5:4e:d7:14:71:d5:e2:be:cb:
         32:92:15:b4:cf:34:59:46:db:4d:d9:55:8c:4d:bd:0b:d0:d0:
         95:76:91:57:db:c4:c3:08:28:e8:d5:4d:21:99:8a:ba:4c:9b:
         cd:55:87:3e:93:e4:5f:ba:d1:2d:a5:c5:4e:f9:89:63:55:54:
         4b:2a:52:8d:19:43:de:f7:66:62:92:6c:7f:36:c3:b3:4f:ee:
         fd:34:6f:33:25:9d:b0:71:68:b4:d9:fc:09:ea:31:c3:ff:d1:
         d1:b1:d4:fa:e1:2b:14:dd:18:07:1e:7e:7c:c9:04:ad:94:aa:
         56:3a:35:d1:bf:ec:38:7b:e3:6b:da:1f:6f:b8:30:b4:b8:33:
         ac:5b:8c:c1:35:c1:52:8d:d9:77:52:3e:85:38:4e:f1:35:8e:
         c1:a3:3c:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnR/li9QKcWBVb7sF6tzk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjUwMTAyMTM1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODk3OTRlNTliNjY3N2I3NDhkOTYwMzEyYWEwZWZiYWUyYzU3ZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2abT1yaNKIkIdn/Hs8sAXsezYI5g
QEmpoI+xG/M2AZIhzeWS9KUZepv1v3P/rjMqtbTXKO2AhYMHZX8lDExw/3b6nrOh
MMsxLzreQ3oCtOiAqSx28f/8lrV4qlgNm/GKWOO4W7sdiBh+CaHnbPqBzSfLqg/O
7TKmK2HqxPPnb6M9lPyOcDlk35FvMu78B0+ac7WUItDEZ4z4QRRUO3XlVXfbsbjX
ckiuzQJjVA7E8e8IWZH+La4+xy49KFnJEsx8Z2+u4P6HWzqyoAqrUcgXaIFxpWba
JNeN+XkVBRjzvovoECEL79g+M4LaD/lSdhwbgU9zKdAxp6A/dmxRZWPPcQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPiXlOWbZne3SNlgMSqg77rixX3XMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvMS1KZVU1WnRtZDdkSTJXQXhLcUR2dXVMRmZkYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTcvNzZiYzFlLWI2ZjQtNDA4YS1iYjg5LTA4ZDEyNzBjMmU3
MS8xL2daUF82ZHMzWW1zVC1GMTh4RmVxMWNIekRKOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBNkNUDAN
BgkqhkiG9w0BAQsFAAOCAQEAb67oTLhCwxDpPDuPE88PQFGCqzwkwXLsSFZqMpUg
01PxHcIK4B2C64gsLPnAa7CsLBneujwW1yMSg/hsM9if/qpM7R2cQ56x98OSR+XC
uBbz7Efpx8ZT+vnVRFz+GqlcJejj9U7XFHHV4r7LMpIVtM80WUbbTdlVjE29C9DQ
lXaRV9vEwwgo6NVNIZmKukybzVWHPpPkX7rRLaXFTvmJY1VUSypSjRlD3vdmYpJs
fzbDs0/u/TRvMyWdsHFotNn8Ceoxw//R0bHU+uErFN0YBx5+fMkErZSqVjo10b/s
OHvja9ofb7gwtLgzrFuMwTXBUo3Zd1I+hThO8TWOwaM8BA==
-----END CERTIFICATE-----
Generated at Wed Feb 5 17:02:17 2025 by rpki-client