Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vVZNzwWRy2fcyrKXofXL0693c_E.roa
File:                     vVZNzwWRy2fcyrKXofXL0693c_E.roa (raw, json)
Hash identifier:          V2m/o2cHqAA+D2UbTaG0OMFz9eQiMRqyrll0IiaKN7o=
Subject key identifier:   BD:56:4D:CF:05:91:CB:67:DC:CA:B2:97:A1:F5:CB:D3:AF:77:73:F1
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCE1D5CED4A22BC6AE0E3876A60100
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vVZNzwWRy2fcyrKXofXL0693c_E.roa
Signing time:             Tue 02 Jan 2024 06:29:28 +0000
ROA not before:           Tue 02 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44017
IP address blocks:        91.92.233.0/24 maxlen: 24
                          91.92.234.0/24 maxlen: 24
                          91.92.235.0/24 maxlen: 24
                          87.120.91.0/24 maxlen: 24
                          94.156.147.0/24 maxlen: 24
                          94.156.146.0/24 maxlen: 24
                          2a00:1728:1c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e1:d5:ce:d4:a2:2b:c6:ae:0e:38:76:a6:01:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd564dcf0591cb67dccab297a1f5cbd3af7773f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:52:34:ff:6d:0f:c3:a0:62:2a:f2:42:5a:bb:
                    9d:bb:42:f5:64:b5:39:a9:ec:ef:fc:75:26:70:6f:
                    3c:8b:b0:fc:bb:48:25:d2:54:d8:40:9e:fd:b4:af:
                    15:29:2a:62:6b:7d:e6:42:72:3f:68:aa:f6:58:33:
                    1c:a5:57:71:e7:7f:64:de:89:1d:2a:60:a8:04:22:
                    fc:49:7b:2b:c9:60:f0:46:4e:db:b1:23:bc:aa:28:
                    83:f0:a5:48:9f:41:57:2e:e2:c2:10:a5:b0:ad:a6:
                    3c:87:cb:1c:d2:51:89:db:77:a1:15:bd:4d:f7:e1:
                    99:38:45:57:7b:22:0e:0b:a9:5d:7d:77:24:31:63:
                    6a:84:f7:ad:a9:60:cb:d7:9b:43:ab:b2:f3:63:8b:
                    dc:f1:35:b7:e1:06:95:92:4e:29:46:d2:29:01:fb:
                    91:3e:2a:2c:10:cb:f4:29:5e:47:85:0c:c9:0b:aa:
                    c0:8a:f2:dc:70:42:18:f2:dd:56:66:a1:ed:42:a4:
                    33:35:1b:5a:0e:2a:39:f5:2f:00:fb:52:a0:c3:1f:
                    7f:9b:e3:86:93:96:dc:33:4d:35:e8:54:ea:3b:09:
                    73:72:c4:d7:22:0d:3f:11:ca:2a:1a:22:ab:bf:46:
                    da:5e:d1:40:d3:8a:3b:81:28:de:3a:59:7b:e4:8b:
                    b7:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:56:4D:CF:05:91:CB:67:DC:CA:B2:97:A1:F5:CB:D3:AF:77:73:F1
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/vVZNzwWRy2fcyrKXofXL0693c_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.91.0/24
                  91.92.233.0-91.92.235.255
                  94.156.146.0/23
                IPv6:
                  2a00:1728:1c::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:2e:d9:68:4c:48:8d:fa:b9:f7:08:ef:52:33:c4:99:b2:85:
         06:f1:07:39:17:f2:86:bc:fa:ba:3c:b0:cf:4d:70:bf:1d:37:
         a8:fd:c7:fb:e2:87:bb:01:cf:5e:53:b4:b4:9e:83:d8:5c:85:
         cc:88:ba:c5:b5:5b:6c:ce:18:e4:11:82:16:24:66:88:d8:a1:
         4e:13:ca:64:fd:6d:1a:80:85:b9:8f:76:1f:ee:88:9f:1d:5b:
         4f:47:9c:7e:3f:aa:50:fe:d9:d0:26:d0:12:9a:21:17:c6:20:
         14:8d:a2:b2:d5:45:b8:1a:f5:7b:7a:c3:ef:35:2f:71:5c:46:
         16:c2:97:6a:cc:37:d5:bd:d5:16:e6:12:f2:46:be:15:79:cd:
         4d:01:99:ce:a7:34:81:35:24:8a:3b:69:3e:7f:7f:01:1e:a0:
         58:d9:75:7c:0e:45:f0:e6:36:22:e6:9a:dc:c8:65:0a:5d:0b:
         f4:77:88:26:88:40:56:49:2d:9b:88:11:86:f0:2c:1c:3d:70:
         56:40:61:64:81:e5:79:40:3f:9b:ae:f6:91:7c:e8:71:c9:b0:
         86:70:10:a2:79:cc:29:2e:01:4a:47:9a:2f:e0:c1:fb:a4:0b:
         ef:b2:f9:88:51:47:f9:9f:aa:03:ee:01:82:ad:4c:08:31:c9:
         3a:13:3c:69
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYzI3OHVztSiK8auDjh2pgEAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDU2NGRjZjA1OTFjYjY3ZGNjYWIyOTdhMWY1Y2JkM2FmNzc3M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVI0/20Pw6BiKvJCWrudu0L1ZLU5
qezv/HUmcG88i7D8u0gl0lTYQJ79tK8VKSpia33mQnI/aKr2WDMcpVdx539k3okd
KmCoBCL8SXsryWDwRk7bsSO8qiiD8KVIn0FXLuLCEKWwraY8h8sc0lGJ23ehFb1N
9+GZOEVXeyIOC6ldfXckMWNqhPetqWDL15tDq7LzY4vc8TW34QaVkk4pRtIpAfuR
PiosEMv0KV5HhQzJC6rAivLccEIY8t1WZqHtQqQzNRtaDio59S8A+1Kgwx9/m+OG
k5bcM0016FTqOwlzcsTXIg0/EcoqGiKrv0baXtFA04o7gSjeOll75Iu3TQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFL1WTc8Fkctn3Mqyl6H1y9Ovd3PxMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdlZaTnp3V1J5MmZjeXJLWG9mWEwwNjkzY19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaAwQAV3hbMAwD
BABbXOkDBAJbXOgDBAFenJIwDwQCAAIwCQMHACoAFygAHDANBgkqhkiG9w0BAQsF
AAOCAQEAPS7ZaExIjfq59wjvUjPEmbKFBvEHORfyhrz6ujywz01wvx03qP3H++KH
uwHPXlO0tJ6D2FyFzIi6xbVbbM4Y5BGCFiRmiNihThPKZP1tGoCFuY92H+6Inx1b
T0ecfj+qUP7Z0CbQEpohF8YgFI2istVFuBr1e3rD7zUvcVxGFsKXasw31b3VFuYS
8ka+FXnNTQGZzqc0gTUkijtpPn9/AR6gWNl1fA5F8OY2Iuaa3MhlCl0L9HeIJohA
Vkktm4gRhvAsHD1wVkBhZIHleUA/m672kXzoccmwhnAQonnMKS4BSkeaL+DB+6QL
77L5iFFH+Z+qA+4Bgq1MCDHJOhM8aQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:05:58 2024 by rpki-client on console-fra.rpki-client.org