Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/d91187-7545-41e7-9894-a9bd5e410aed/1/OgIdxk6GslVlDbMHpIULE7ALTsY.roa
File:                     OgIdxk6GslVlDbMHpIULE7ALTsY.roa (raw, json)
Hash identifier:          XYfrqmQ+runluozRN5WGsTswfZXTk7AL0YYKC9kqxoo=
Subject key identifier:   3A:02:1D:C6:4E:86:B2:55:65:0D:B3:07:A4:85:0B:13:B0:0B:4E:C6
Certificate issuer:       /CN=a3eceac8125534a57947962db28903fad7ac3af9
Certificate serial:       018CC5DD0787A659D6C8ACA958080FF3CDE9
Authority key identifier: A3:EC:EA:C8:12:55:34:A5:79:47:96:2D:B2:89:03:FA:D7:AC:3A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o-zqyBJVNKV5R5YtsokD-tesOvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/d91187-7545-41e7-9894-a9bd5e410aed/1/OgIdxk6GslVlDbMHpIULE7ALTsY.roa
Signing time:             Mon 01 Jan 2024 16:30:46 +0000
ROA not before:           Mon 01 Jan 2024 16:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199520
IP address blocks:        91.226.40.0/23 maxlen: 24
                          91.224.246.0/23 maxlen: 24
                          2a0c:9e80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/d91187-7545-41e7-9894-a9bd5e410aed/1/o-zqyBJVNKV5R5YtsokD-tesOvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/d91187-7545-41e7-9894-a9bd5e410aed/1/o-zqyBJVNKV5R5YtsokD-tesOvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o-zqyBJVNKV5R5YtsokD-tesOvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:07:87:a6:59:d6:c8:ac:a9:58:08:0f:f3:cd:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3eceac8125534a57947962db28903fad7ac3af9
        Validity
            Not Before: Jan  1 16:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a021dc64e86b255650db307a4850b13b00b4ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fa:06:05:6b:f3:d6:af:af:08:ff:65:64:f8:
                    dd:19:ee:c7:36:60:87:d5:a2:b4:73:ab:e8:9f:dd:
                    44:40:53:68:c3:3f:ee:52:d1:a4:b0:26:ea:27:f1:
                    a8:17:49:ec:5f:9e:b0:e5:7d:00:36:92:9b:c4:f3:
                    33:ad:c1:cb:07:c9:29:d2:65:39:98:8d:aa:4b:62:
                    59:46:b9:15:41:83:8f:c9:fb:74:ac:c8:6d:56:4e:
                    61:5b:33:06:7f:16:d6:db:71:0e:f0:33:57:f3:a2:
                    5f:db:79:12:bf:1b:67:56:86:18:d0:09:86:34:6e:
                    1c:a1:92:62:f4:08:60:00:66:fe:4b:b4:f3:f7:19:
                    43:6f:ae:1a:2a:2e:fa:ee:c6:be:12:98:bf:28:e2:
                    dd:55:9c:34:14:e7:c6:a1:28:fa:90:d3:3b:3c:62:
                    08:47:35:72:cd:84:e5:ca:7f:6c:0f:1c:03:f1:e1:
                    09:ba:5b:47:e5:86:da:a7:69:6e:f6:3d:8d:16:98:
                    ec:e1:cb:27:da:d7:c6:de:52:74:74:91:ff:35:c9:
                    32:2d:7c:77:50:00:f1:69:29:da:76:b0:b8:15:6b:
                    c7:35:8b:3f:1d:a3:7c:84:44:4d:be:be:63:8e:0f:
                    76:a0:4e:6d:23:b4:01:11:fe:d3:63:55:3f:55:58:
                    37:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:02:1D:C6:4E:86:B2:55:65:0D:B3:07:A4:85:0B:13:B0:0B:4E:C6
            X509v3 Authority Key Identifier:
                keyid:A3:EC:EA:C8:12:55:34:A5:79:47:96:2D:B2:89:03:FA:D7:AC:3A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o-zqyBJVNKV5R5YtsokD-tesOvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/d91187-7545-41e7-9894-a9bd5e410aed/1/OgIdxk6GslVlDbMHpIULE7ALTsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/d91187-7545-41e7-9894-a9bd5e410aed/1/o-zqyBJVNKV5R5YtsokD-tesOvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.246.0/23
                  91.226.40.0/23
                IPv6:
                  2a0c:9e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:51:5a:9a:c1:c4:0b:d6:8a:f5:17:e9:b0:04:85:b6:2f:54:
         f3:43:2b:4b:45:38:34:71:5b:2b:4e:da:cb:4e:c3:c3:f3:cf:
         cb:6f:a2:a2:fd:28:02:44:10:83:cb:46:9c:72:68:40:6e:5b:
         df:e0:2e:aa:bd:d9:75:f7:5b:28:de:b9:5a:e7:0e:d8:12:fe:
         4e:41:3e:21:a3:0f:8c:56:ae:7c:a3:e9:70:61:8c:71:0c:8c:
         59:40:55:f3:24:db:a8:3d:52:84:2d:e0:42:34:2c:e5:c3:3d:
         08:e4:67:de:92:1a:45:98:91:2f:5d:56:6c:8c:1f:95:54:8e:
         cb:3b:7e:83:bc:20:5e:c9:f2:a5:d4:de:26:4a:2d:06:b4:e2:
         bd:a2:e5:d8:e8:bd:c3:4e:a6:5c:6e:3c:9f:53:d1:98:be:48:
         1a:a2:fd:97:a5:3d:3d:dc:ad:4e:08:e0:57:a0:e2:ea:ce:c8:
         f0:94:97:3f:b3:ae:32:c9:b5:f3:3c:ba:79:d8:c6:4c:50:2c:
         56:ca:bd:c5:2b:bf:50:07:3f:45:5d:d2:3f:db:35:d4:ca:d8:
         71:97:d1:12:a9:d0:af:ac:02:38:00:12:aa:82:14:00:c3:56:
         69:bb:f2:93:66:a2:ff:1e:c7:90:a5:26:0b:9d:a4:23:09:58:
         80:12:c0:99
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3QeHplnWyKypWAgP883pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZWNlYWM4MTI1NTM0YTU3OTQ3OTYyZGIyODkwM2ZhZDdh
YzNhZjkwHhcNMjQwMTAxMTYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTAyMWRjNjRlODZiMjU1NjUwZGIzMDdhNDg1MGIxM2IwMGI0ZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifoGBWvz1q+vCP9lZPjdGe7HNmCH
1aK0c6von91EQFNowz/uUtGksCbqJ/GoF0nsX56w5X0ANpKbxPMzrcHLB8kp0mU5
mI2qS2JZRrkVQYOPyft0rMhtVk5hWzMGfxbW23EO8DNX86Jf23kSvxtnVoYY0AmG
NG4coZJi9AhgAGb+S7Tz9xlDb64aKi767sa+Epi/KOLdVZw0FOfGoSj6kNM7PGII
RzVyzYTlyn9sDxwD8eEJultH5Ybap2lu9j2NFpjs4csn2tfG3lJ0dJH/NckyLXx3
UADxaSnadrC4FWvHNYs/HaN8hERNvr5jjg92oE5tI7QBEf7TY1U/VVg35QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDoCHcZOhrJVZQ2zB6SFCxOwC07GMB8GA1UdIwQY
MBaAFKPs6sgSVTSleUeWLbKJA/rXrDr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvby16cXlCSlZOS1Y1UjVZdHNva0QtdGVzT3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kOTExODctNzU0NS00MWU3LTk4OTQt
YTliZDVlNDEwYWVkLzEvT2dJZHhrNkdzbFZsRGJNSHBJVUxFN0FMVHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kOTExODctNzU0NS00MWU3LTk4OTQtYTliZDVlNDEwYWVk
LzEvby16cXlCSlZOS1Y1UjVZdHNva0QtdGVzT3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW+D2AwQB
W+IoMA0EAgACMAcDBQAqDJ6AMA0GCSqGSIb3DQEBCwUAA4IBAQBGUVqawcQL1or1
F+mwBIW2L1TzQytLRTg0cVsrTtrLTsPD88/Lb6Ki/SgCRBCDy0accmhAblvf4C6q
vdl191so3rla5w7YEv5OQT4how+MVq58o+lwYYxxDIxZQFXzJNuoPVKELeBCNCzl
wz0I5GfekhpFmJEvXVZsjB+VVI7LO36DvCBeyfKl1N4mSi0GtOK9ouXY6L3DTqZc
bjyfU9GYvkgaov2XpT093K1OCOBXoOLqzsjwlJc/s64yybXzPLp52MZMUCxWyr3F
K79QBz9FXdI/2zXUythxl9ESqdCvrAI4ABKqghQAw1Zpu/KTZqL/HseQpSYLnaQj
CViAEsCZ
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:58:30 2024 by rpki-client on console-ams.rpki-client.org