Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/58b8e2-1215-4bb0-96df-2f08380ae6c7/1/IuOISKZmqKTeC7vPWni8DXOhA8A.roa
File:                     IuOISKZmqKTeC7vPWni8DXOhA8A.roa (raw, json)
Hash identifier:          ObHgWL4nLXU8LOmAbCnUaarWdh6zHeXkPiqJGtqO+K4=
Subject key identifier:   22:E3:88:48:A6:66:A8:A4:DE:0B:BB:CF:5A:78:BC:0D:73:A1:03:C0
Certificate issuer:       /CN=f0a32d2129a386c9a0afdbb915e0dbf130ba70d5
Certificate serial:       018DA826A702248A25296AE94CB5FC4F6E27
Authority key identifier: F0:A3:2D:21:29:A3:86:C9:A0:AF:DB:B9:15:E0:DB:F1:30:BA:70:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8KMtISmjhsmgr9u5FeDb8TC6cNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/58b8e2-1215-4bb0-96df-2f08380ae6c7/1/IuOISKZmqKTeC7vPWni8DXOhA8A.roa
Signing time:             Wed 14 Feb 2024 15:05:21 +0000
ROA not before:           Wed 14 Feb 2024 15:05:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207829
IP address blocks:        91.198.170.0/23 maxlen: 23
                          2a0b:c140::/32 maxlen: 32
                          2a0b:c140:aa::/48 maxlen: 48
                          2a0b:c140:ab::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/58b8e2-1215-4bb0-96df-2f08380ae6c7/1/8KMtISmjhsmgr9u5FeDb8TC6cNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/58b8e2-1215-4bb0-96df-2f08380ae6c7/1/8KMtISmjhsmgr9u5FeDb8TC6cNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8KMtISmjhsmgr9u5FeDb8TC6cNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:26:a7:02:24:8a:25:29:6a:e9:4c:b5:fc:4f:6e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0a32d2129a386c9a0afdbb915e0dbf130ba70d5
        Validity
            Not Before: Feb 14 15:05:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22e38848a666a8a4de0bbbcf5a78bc0d73a103c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5a:39:a1:b5:5e:3d:be:d6:9d:6f:9b:3a:88:
                    e3:23:c2:ee:1a:4f:11:25:99:e8:ef:5a:47:b1:5e:
                    27:86:d5:67:aa:79:6c:80:f7:36:2b:cf:20:e8:9d:
                    c6:4f:4e:f7:48:39:de:ad:a5:05:d1:a1:cd:1b:d7:
                    26:38:a3:d1:2f:99:bb:90:ef:a0:43:07:91:69:5e:
                    be:f8:cc:ae:52:83:67:8f:31:05:a1:cc:e5:03:e4:
                    17:53:46:3a:b3:af:87:f3:ab:f7:5c:60:a7:a1:f0:
                    d9:a5:6c:62:a0:b2:0d:8b:82:82:8f:22:74:23:5a:
                    61:09:41:02:89:b8:cb:54:90:12:1a:77:7b:a5:cd:
                    52:2f:5b:fe:d1:d5:9c:c1:d7:3c:f9:f5:b6:a6:90:
                    46:98:ec:62:34:5c:0e:4d:f6:99:f7:b4:86:44:3f:
                    f2:4e:35:7f:3d:2c:96:92:af:ae:f8:a5:bd:e9:26:
                    3f:e3:37:3e:55:b8:ca:9e:8c:f6:aa:f1:f3:ab:ae:
                    0a:00:2e:05:0e:0f:70:02:91:73:9d:f1:46:04:b1:
                    36:d1:07:cc:ff:8b:98:0e:f8:a1:7b:83:f8:29:54:
                    b8:34:de:0c:7a:92:77:ae:43:63:b4:04:d8:ad:33:
                    8c:e9:e9:24:f5:44:5d:9f:fe:c5:f4:33:ca:a1:c0:
                    ad:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:E3:88:48:A6:66:A8:A4:DE:0B:BB:CF:5A:78:BC:0D:73:A1:03:C0
            X509v3 Authority Key Identifier:
                keyid:F0:A3:2D:21:29:A3:86:C9:A0:AF:DB:B9:15:E0:DB:F1:30:BA:70:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8KMtISmjhsmgr9u5FeDb8TC6cNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/58b8e2-1215-4bb0-96df-2f08380ae6c7/1/IuOISKZmqKTeC7vPWni8DXOhA8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/58b8e2-1215-4bb0-96df-2f08380ae6c7/1/8KMtISmjhsmgr9u5FeDb8TC6cNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.170.0/23
                IPv6:
                  2a0b:c140::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:63:6f:ac:9f:21:e3:9c:40:a8:63:22:fe:ab:3b:98:b0:f1:
         ae:b5:72:32:13:09:8e:76:0d:33:ae:38:43:72:ae:c6:e2:fd:
         8f:71:47:f5:64:91:18:55:98:cf:74:2d:b1:25:d5:bd:81:4e:
         66:25:af:0c:5e:20:8b:cb:36:df:97:28:f4:e6:b2:f1:23:f0:
         a4:0d:19:e7:2f:73:53:94:ae:40:c1:dc:e7:40:38:0d:02:50:
         c3:d8:1a:e7:bf:83:52:03:37:09:87:a4:a1:37:51:12:d9:e1:
         6e:70:b1:c8:d0:bc:51:ac:51:e2:ae:7e:01:f8:73:55:69:7f:
         24:93:d7:76:45:7a:1c:78:63:5e:61:8e:3e:e1:39:ac:fb:b2:
         5b:67:d1:a6:7f:7a:1b:63:9c:74:e4:a8:ab:89:df:db:7a:7d:
         41:9e:f9:a6:42:ce:08:cc:69:47:d9:86:31:32:84:51:a7:2f:
         e4:37:14:a8:7f:e5:b9:a4:ea:20:ed:ed:97:df:60:75:5b:86:
         83:3a:b1:5c:75:b9:84:53:f3:c3:03:81:59:e5:44:6f:b5:07:
         19:d3:97:78:a2:30:ef:9f:f6:64:0a:38:d8:b1:1e:6c:c3:0d:
         a7:d7:52:98:5f:c1:03:2a:5b:13:c9:22:0f:c0:5c:af:62:23:
         ec:36:22:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2oJqcCJIolKWrpTLX8T24nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYTMyZDIxMjlhMzg2YzlhMGFmZGJiOTE1ZTBkYmYxMzBi
YTcwZDUwHhcNMjQwMjE0MTUwNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmUzODg0OGE2NjZhOGE0ZGUwYmJiY2Y1YTc4YmMwZDczYTEwM2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1o5obVePb7WnW+bOojjI8LuGk8R
JZno71pHsV4nhtVnqnlsgPc2K88g6J3GT073SDneraUF0aHNG9cmOKPRL5m7kO+g
QweRaV6++MyuUoNnjzEFoczlA+QXU0Y6s6+H86v3XGCnofDZpWxioLINi4KCjyJ0
I1phCUECibjLVJASGnd7pc1SL1v+0dWcwdc8+fW2ppBGmOxiNFwOTfaZ97SGRD/y
TjV/PSyWkq+u+KW96SY/4zc+VbjKnoz2qvHzq64KAC4FDg9wApFznfFGBLE20QfM
/4uYDvihe4P4KVS4NN4MepJ3rkNjtATYrTOM6ekk9URdn/7F9DPKocCt3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCLjiEimZqik3gu7z1p4vA1zoQPAMB8GA1UdIwQY
MBaAFPCjLSEpo4bJoK/buRXg2/EwunDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEtNdElTbWpoc21ncjl1NUZlRGI4VEM2Y05VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy81OGI4ZTItMTIxNS00YmIwLTk2ZGYt
MmYwODM4MGFlNmM3LzEvSXVPSVNLWm1xS1RlQzd2UFduaThEWE9oQThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy81OGI4ZTItMTIxNS00YmIwLTk2ZGYtMmYwODM4MGFlNmM3
LzEvOEtNdElTbWpoc21ncjl1NUZlRGI4VEM2Y05VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW8aqMA0E
AgACMAcDBQAqC8FAMA0GCSqGSIb3DQEBCwUAA4IBAQCMY2+snyHjnECoYyL+qzuY
sPGutXIyEwmOdg0zrjhDcq7G4v2PcUf1ZJEYVZjPdC2xJdW9gU5mJa8MXiCLyzbf
lyj05rLxI/CkDRnnL3NTlK5AwdznQDgNAlDD2Brnv4NSAzcJh6ShN1ES2eFucLHI
0LxRrFHirn4B+HNVaX8kk9d2RXoceGNeYY4+4Tms+7JbZ9Gmf3obY5x05Kirid/b
en1BnvmmQs4IzGlH2YYxMoRRpy/kNxSof+W5pOog7e2X32B1W4aDOrFcdbmEU/PD
A4FZ5URvtQcZ05d4ojDvn/ZkCjjYsR5sww2n11KYX8EDKlsTySIPwFyvYiPsNiIB
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:35:20 2024 by rpki-client on console-fra.rpki-client.org