Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/ESLfopNmgu5850KR2Bu9yhKxIL8.roa
File:                     ESLfopNmgu5850KR2Bu9yhKxIL8.roa (raw, json)
Hash identifier:          8aautCYMPm6wFX3dwljJoi2ppL8Hr3LkWgpBb61yKJU=
Subject key identifier:   11:22:DF:A2:93:66:82:EE:7C:E7:42:91:D8:1B:BD:CA:12:B1:20:BF
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       018F9FD980B23A7492E874B221D602BC8F04
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/ESLfopNmgu5850KR2Bu9yhKxIL8.roa
Signing time:             Wed 22 May 2024 10:29:42 +0000
ROA not before:           Wed 22 May 2024 10:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        91.108.80.0/21 maxlen: 24
                          93.127.161.0/24 maxlen: 24
                          93.127.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9f:d9:80:b2:3a:74:92:e8:74:b2:21:d6:02:bc:8f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: May 22 10:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1122dfa2936682ee7ce74291d81bbdca12b120bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c3:be:1b:a4:4f:21:c0:ca:7d:a1:1d:81:3d:
                    1d:75:7e:84:41:04:ce:ef:38:d5:3c:7e:91:e1:6d:
                    c5:84:1b:3d:92:79:8f:e4:b1:2b:bb:25:d6:c4:a7:
                    51:7b:d3:03:b0:48:e8:e0:ee:c7:a5:cf:68:ae:33:
                    87:8e:1e:71:13:03:21:4c:fe:9c:9e:5e:d6:5f:45:
                    dd:07:24:96:e8:d9:4c:e5:40:40:64:c1:ec:4a:a0:
                    d3:12:87:e6:35:38:57:de:d8:70:9e:f0:cc:14:7b:
                    e9:14:e3:92:db:e7:52:c3:8c:8c:61:f0:7e:ed:93:
                    5d:75:85:1c:0a:c6:8f:6d:0d:6c:cc:80:40:a7:eb:
                    68:da:d5:0c:6d:7c:76:2c:a7:68:d0:b7:96:c3:9a:
                    89:9a:0c:41:bf:9c:8f:26:b3:8d:07:da:ca:7d:38:
                    c5:66:70:81:5e:ae:29:b7:7e:af:54:50:58:d1:48:
                    f6:9a:c8:41:ca:73:4e:6b:29:bb:2c:6d:75:62:0c:
                    c1:dd:84:8f:79:9c:04:94:05:b7:62:b9:31:4a:24:
                    90:dc:fe:bd:80:ec:06:d6:f8:94:74:8e:e2:64:89:
                    ec:92:0b:22:79:a8:a2:df:79:11:9f:0d:ff:f2:03:
                    69:8d:8e:1c:c5:29:2b:49:59:98:78:4b:ea:bf:d2:
                    62:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:22:DF:A2:93:66:82:EE:7C:E7:42:91:D8:1B:BD:CA:12:B1:20:BF
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/ESLfopNmgu5850KR2Bu9yhKxIL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.80.0/21
                  93.127.161.0/24
                  93.127.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:9e:28:b4:80:8f:9d:7d:35:ce:80:71:de:85:01:c1:b9:e6:
         05:99:06:45:b3:e2:e1:7e:7e:79:fb:3f:67:4e:fb:5a:2a:bb:
         27:17:bf:32:ba:d4:1f:bc:c6:46:00:8d:dc:d4:42:12:03:e2:
         f5:3d:0e:ca:88:d0:15:e7:b6:8a:79:6b:4e:e5:cc:5b:a8:7d:
         da:4a:00:20:16:1f:6b:5f:16:35:92:12:cf:53:37:e8:e5:40:
         29:df:2e:71:f6:e2:d2:d2:b1:44:d2:2b:3e:aa:40:78:98:02:
         63:d2:ff:b6:5a:16:fa:74:7f:e5:d8:d6:b4:16:33:ab:3d:f8:
         4b:0e:c6:4e:9b:36:cc:6a:ec:be:81:4c:f7:93:8a:bd:bb:11:
         12:08:37:1d:22:c1:0f:92:d0:14:02:34:72:c7:a6:e2:eb:f4:
         30:5e:f4:63:0c:47:ad:e6:83:de:09:c4:a3:11:7d:33:3e:06:
         9e:2e:50:c5:d8:f0:3c:d1:b9:f3:79:05:46:ec:19:50:70:fa:
         e3:27:89:f2:6a:fb:97:4e:83:62:53:9d:9b:0c:70:b5:2d:3d:
         7c:d9:37:04:e1:5b:ee:e2:7a:ba:45:cd:52:41:1c:af:58:a6:
         99:64:46:bd:00:d4:34:55:90:e3:22:c1:41:02:4d:a4:16:52:
         c1:99:2e:e5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY+f2YCyOnSS6HSyIdYCvI8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQwNTIyMTAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTIyZGZhMjkzNjY4MmVlN2NlNzQyOTFkODFiYmRjYTEyYjEyMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcO+G6RPIcDKfaEdgT0ddX6EQQTO
7zjVPH6R4W3FhBs9knmP5LEruyXWxKdRe9MDsEjo4O7Hpc9orjOHjh5xEwMhTP6c
nl7WX0XdBySW6NlM5UBAZMHsSqDTEofmNThX3thwnvDMFHvpFOOS2+dSw4yMYfB+
7ZNddYUcCsaPbQ1szIBAp+to2tUMbXx2LKdo0LeWw5qJmgxBv5yPJrONB9rKfTjF
ZnCBXq4pt36vVFBY0Uj2mshBynNOaym7LG11YgzB3YSPeZwElAW3YrkxSiSQ3P69
gOwG1viUdI7iZInskgsieaii33kRnw3/8gNpjY4cxSkrSVmYeEvqv9JitQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBEi36KTZoLufOdCkdgbvcoSsSC/MB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvRVNMZm9wTm1ndTU4NTBLUjJCdTl5aEt4SUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDW2xQAwQA
XX+hAwQAXX+kMA0GCSqGSIb3DQEBCwUAA4IBAQAhnii0gI+dfTXOgHHehQHBueYF
mQZFs+Lhfn55+z9nTvtaKrsnF78yutQfvMZGAI3c1EISA+L1PQ7KiNAV57aKeWtO
5cxbqH3aSgAgFh9rXxY1khLPUzfo5UAp3y5x9uLS0rFE0is+qkB4mAJj0v+2Whb6
dH/l2Na0FjOrPfhLDsZOmzbMauy+gUz3k4q9uxESCDcdIsEPktAUAjRyx6bi6/Qw
XvRjDEet5oPeCcSjEX0zPgaeLlDF2PA80bnzeQVG7BlQcPrjJ4nyavuXToNiU52b
DHC1LT182TcE4Vvu4nq6Rc1SQRyvWKaZZEa9ANQ0VZDjIsFBAk2kFlLBmS7l
-----END CERTIFICATE-----
Generated at Sun Jun 16 13:49:25 2024 by rpki-client on console-fra.rpki-client.org