Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CpMWErKBVL1WLEFi55nAiyjbOEI.roa
File:                     CpMWErKBVL1WLEFi55nAiyjbOEI.roa (raw, json)
Hash identifier:          NeZBg7S2FVWDkbTryVNk3UUZDTMk3DidB57debf7MNI=
Subject key identifier:   0A:93:16:12:B2:81:54:BD:56:2C:41:62:E7:99:C0:8B:28:DB:38:42
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD045226E2366896D1400216F04BF7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CpMWErKBVL1WLEFi55nAiyjbOEI.roa
Signing time:             Tue 02 Jan 2024 06:29:36 +0000
ROA not before:           Tue 02 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204281
IP address blocks:        91.92.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:04:52:26:e2:36:68:96:d1:40:02:16:f0:4b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a931612b28154bd562c4162e799c08b28db3842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:df:52:60:6b:69:78:95:c5:69:ae:6a:53:be:
                    5b:ac:96:c8:5b:28:50:3a:e6:69:63:bb:e5:c2:d8:
                    f5:33:4b:35:58:28:37:36:7a:9a:42:77:aa:b6:31:
                    2f:14:95:73:4e:bb:24:d7:cb:a8:12:2a:85:a6:9c:
                    2c:12:4a:bc:d4:e2:53:b0:fe:8d:b9:79:e6:03:6b:
                    92:22:ef:be:c1:5b:72:55:6c:87:3c:23:a6:3b:c1:
                    a1:cd:ea:3b:fb:83:d2:13:18:29:97:3c:4f:e5:7b:
                    ba:f9:85:15:da:f9:e7:12:41:7a:16:37:7b:e3:0a:
                    b1:60:94:96:da:4c:99:a3:b8:6e:c6:5b:b3:a5:13:
                    99:24:60:57:d2:a4:26:8f:ef:41:ec:ed:cc:1b:90:
                    b4:66:ee:c7:a3:70:40:6c:6e:fa:29:e8:fc:97:57:
                    31:16:16:f0:b1:e0:0b:c4:ab:81:c4:69:f0:0e:90:
                    98:84:6f:5a:62:fd:67:73:bb:37:00:d4:b8:ce:4a:
                    5c:f5:7c:cf:01:e7:b1:20:31:c9:82:dd:ee:3a:b8:
                    04:01:fa:e6:86:91:28:8f:85:69:5e:4c:5b:50:9a:
                    df:3a:50:c6:10:aa:3f:ea:11:65:d4:9c:42:5c:83:
                    93:85:e7:b5:01:ad:11:0f:54:4f:25:25:f5:c7:85:
                    a7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:93:16:12:B2:81:54:BD:56:2C:41:62:E7:99:C0:8B:28:DB:38:42
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CpMWErKBVL1WLEFi55nAiyjbOEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:1f:f1:1e:cb:12:9a:78:bd:34:a4:f5:aa:61:2b:3d:64:34:
         91:fd:47:b0:c6:d6:c4:23:b0:b5:78:64:b6:17:d9:1d:f9:9f:
         4e:9e:86:52:63:11:71:d1:b2:5b:6b:b3:9a:0f:75:d3:c7:a5:
         8e:94:71:6e:be:82:11:4a:52:8a:07:db:74:9b:a5:21:df:2b:
         f6:b3:93:30:8b:dd:99:90:2b:b6:7f:0a:32:f8:77:3b:01:0d:
         33:0f:ca:02:c7:4f:9d:a4:4b:9b:ba:4c:25:13:a3:ee:a5:8a:
         bb:df:ad:6e:7b:41:57:40:b6:5e:bc:10:e9:47:c7:97:89:9e:
         c5:3a:c5:29:35:73:b0:fa:9f:48:e5:d6:28:06:98:22:39:72:
         a0:f4:92:b1:b6:2f:d9:8e:d0:b2:19:0c:56:cb:1a:7f:79:4b:
         73:eb:d1:7b:0c:a5:a9:35:6d:a3:ff:75:e9:14:bb:c4:8d:6c:
         a3:41:bd:f6:36:62:ad:96:2c:1a:db:62:cf:3f:60:52:93:6d:
         b0:bd:92:10:c4:0f:80:b5:79:52:2c:1b:53:4c:8b:49:82:b5:
         30:21:99:4a:ae:52:76:2e:69:66:36:b2:2b:86:d8:64:06:f6:
         ca:33:f0:c4:9d:fc:78:74:38:f9:f6:e0:23:04:01:5d:82:c9:
         9d:e3:9e:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3QRSJuI2aJbRQAIW8Ev3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTkzMTYxMmIyODE1NGJkNTYyYzQxNjJlNzk5YzA4YjI4ZGIzODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzN9SYGtpeJXFaa5qU75brJbIWyhQ
OuZpY7vlwtj1M0s1WCg3NnqaQneqtjEvFJVzTrsk18uoEiqFppwsEkq81OJTsP6N
uXnmA2uSIu++wVtyVWyHPCOmO8Ghzeo7+4PSExgplzxP5Xu6+YUV2vnnEkF6Fjd7
4wqxYJSW2kyZo7huxluzpROZJGBX0qQmj+9B7O3MG5C0Zu7Ho3BAbG76Kej8l1cx
FhbwseALxKuBxGnwDpCYhG9aYv1nc7s3ANS4zkpc9XzPAeexIDHJgt3uOrgEAfrm
hpEoj4VpXkxbUJrfOlDGEKo/6hFl1JxCXIOThee1Aa0RD1RPJSX1x4WnWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqTFhKygVS9VixBYueZwIso2zhCMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ3BNV0VyS0JWTDFXTEVGaTU1bkFpeWpiT0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW1yiMA0G
CSqGSIb3DQEBCwUAA4IBAQBGH/EeyxKaeL00pPWqYSs9ZDSR/UewxtbEI7C1eGS2
F9kd+Z9OnoZSYxFx0bJba7OaD3XTx6WOlHFuvoIRSlKKB9t0m6Uh3yv2s5Mwi92Z
kCu2fwoy+Hc7AQ0zD8oCx0+dpEubukwlE6PupYq7361ue0FXQLZevBDpR8eXiZ7F
OsUpNXOw+p9I5dYoBpgiOXKg9JKxti/ZjtCyGQxWyxp/eUtz69F7DKWpNW2j/3Xp
FLvEjWyjQb32NmKtliwa22LPP2BSk22wvZIQxA+AtXlSLBtTTItJgrUwIZlKrlJ2
LmlmNrIrhthkBvbKM/DEnfx4dDj59uAjBAFdgsmd4546
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:05:55 2024 by rpki-client on console-fra.rpki-client.org