Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/MTv0NStI3nbBEi3LpYY7Z8j49is.roa
File:                     MTv0NStI3nbBEi3LpYY7Z8j49is.roa (raw, json)
Hash identifier:          EfubS3RI+COmE9GgwR4x3Zems1+GzP6zc10LGarML9Y=
Subject key identifier:   31:3B:F4:35:2B:48:DE:76:C1:12:2D:CB:A5:86:3B:67:C8:F8:F6:2B
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC79528D64450AB3EDFDB1D5ABA358A38
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/MTv0NStI3nbBEi3LpYY7Z8j49is.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201786
IP address blocks:        91.239.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:28:d6:44:50:ab:3e:df:db:1d:5a:ba:35:8a:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=313bf4352b48de76c1122dcba5863b67c8f8f62b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f7:70:e1:1b:9f:f9:1c:73:b8:c0:8b:95:34:
                    e3:5b:be:44:83:52:23:26:27:41:3b:e0:ed:c4:b4:
                    f8:3e:1d:2a:38:8f:bc:a7:1e:cf:64:23:5f:4c:54:
                    6c:32:6c:cd:98:9a:77:95:f4:6c:a4:45:50:a2:42:
                    b4:84:04:9f:6d:8d:40:d6:ef:31:4c:b2:eb:7d:e9:
                    6f:aa:69:d6:4b:57:c5:59:9d:c5:5f:10:f7:46:80:
                    75:72:24:a2:13:01:1c:a0:e0:60:7b:3e:00:b7:55:
                    9b:f2:26:53:bf:1f:7e:78:5a:1a:1a:61:40:7a:46:
                    8b:87:c0:1f:c3:5a:56:f4:88:aa:aa:28:d8:2d:56:
                    ec:15:5f:c2:7d:12:51:e4:07:bd:d4:57:a6:d4:49:
                    aa:aa:16:94:e1:26:90:0b:cc:77:ec:0c:c5:3b:3e:
                    dd:cd:30:22:00:08:6f:8d:a4:e0:a8:c1:3d:71:f1:
                    2b:27:41:7b:b8:71:97:c9:43:2d:4f:74:76:03:1d:
                    32:7c:cf:8e:bb:6c:1c:6b:f3:48:1a:66:f5:a2:4f:
                    a3:eb:8c:f5:b8:85:2f:1a:cd:bc:f3:c5:e1:fb:13:
                    e1:99:7f:80:07:42:81:40:73:62:5b:0e:be:26:a9:
                    dd:80:ff:12:7a:23:ce:7c:57:9f:6e:91:a5:f1:3b:
                    50:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:3B:F4:35:2B:48:DE:76:C1:12:2D:CB:A5:86:3B:67:C8:F8:F6:2B
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/MTv0NStI3nbBEi3LpYY7Z8j49is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:b8:f6:86:28:69:49:d5:3b:1a:ec:96:10:b3:d6:74:55:cf:
         f8:0e:ef:17:6b:bd:87:f0:3f:77:24:56:71:4d:28:4b:a4:e1:
         13:77:b6:49:08:a0:18:48:76:96:8c:40:41:dd:24:65:77:86:
         bc:e0:ba:ae:f5:c1:6b:0d:91:ec:1d:4d:4b:a8:5e:46:e6:6d:
         48:dc:d2:35:ae:f4:63:9b:20:2f:4e:37:00:92:a0:40:95:ba:
         71:64:e5:13:1c:99:36:ad:14:02:91:66:4e:b4:da:ff:36:e6:
         5c:8a:d9:8a:49:d0:58:b0:44:45:a0:cd:ea:7c:96:3a:60:d2:
         ac:9d:90:e4:ee:15:9f:3a:1d:da:91:cf:38:d3:43:bc:b9:05:
         85:f6:48:8e:82:46:65:5c:fe:95:53:b2:6d:87:87:7a:4b:14:
         c4:08:6c:3c:93:b0:33:63:bf:2f:2d:ec:a9:b1:c5:7b:78:ce:
         e3:d3:c2:a3:cf:12:68:48:e8:14:36:47:84:4a:bc:b1:8f:c3:
         cd:c5:08:49:92:82:e9:38:23:60:73:c1:d1:4f:ee:71:37:3d:
         eb:eb:39:19:32:40:3b:ef:72:3a:33:3a:2c:7f:a1:21:72:af:
         bb:3a:ce:5d:67:a6:66:45:4e:c9:7f:38:00:aa:31:fd:f5:e6:
         02:6a:be:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSjWRFCrPt/bHVq6NYo4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTNiZjQzNTJiNDhkZTc2YzExMjJkY2JhNTg2M2I2N2M4ZjhmNjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvdw4Ruf+RxzuMCLlTTjW75Eg1Ij
JidBO+DtxLT4Ph0qOI+8px7PZCNfTFRsMmzNmJp3lfRspEVQokK0hASfbY1A1u8x
TLLrfelvqmnWS1fFWZ3FXxD3RoB1ciSiEwEcoOBgez4At1Wb8iZTvx9+eFoaGmFA
ekaLh8Afw1pW9IiqqijYLVbsFV/CfRJR5Ae91Fem1EmqqhaU4SaQC8x37AzFOz7d
zTAiAAhvjaTgqME9cfErJ0F7uHGXyUMtT3R2Ax0yfM+Ou2wca/NIGmb1ok+j64z1
uIUvGs2888Xh+xPhmX+AB0KBQHNiWw6+JqndgP8SeiPOfFefbpGl8TtQEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDE79DUrSN52wRIty6WGO2fI+PYrMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvTVR2ME5TdEkzbmJCRWkzTHBZWTdaOGo0OWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/jMA0G
CSqGSIb3DQEBCwUAA4IBAQAouPaGKGlJ1Tsa7JYQs9Z0Vc/4Du8Xa72H8D93JFZx
TShLpOETd7ZJCKAYSHaWjEBB3SRld4a84Lqu9cFrDZHsHU1LqF5G5m1I3NI1rvRj
myAvTjcAkqBAlbpxZOUTHJk2rRQCkWZOtNr/NuZcitmKSdBYsERFoM3qfJY6YNKs
nZDk7hWfOh3akc8400O8uQWF9kiOgkZlXP6VU7Jth4d6SxTECGw8k7AzY78vLeyp
scV7eM7j08KjzxJoSOgUNkeESryxj8PNxQhJkoLpOCNgc8HRT+5xNz3r6zkZMkA7
73I6Mzosf6Ehcq+7Os5dZ6ZmRU7JfzgAqjH99eYCar6o
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:54:59 2024 by rpki-client on console-ams.rpki-client.org