Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/NxoMKFeXdg4eH4dApgQF5eGA_qQ.roa
File:                     NxoMKFeXdg4eH4dApgQF5eGA_qQ.roa (raw, json)
Hash identifier:          xqStYIF0oXo/tJk6AlDXDx1t3kzCR4JpCBSFW7S9BAg=
Subject key identifier:   37:1A:0C:28:57:97:76:0E:1E:1F:87:40:A6:04:05:E5:E1:80:FE:A4
Certificate issuer:       /CN=178c8f20c939aaa9c80cce6a0d1567183ca1c599
Certificate serial:       018CC801A84178EAFD12D6AF26E9AF720064
Authority key identifier: 17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/NxoMKFeXdg4eH4dApgQF5eGA_qQ.roa
Signing time:             Tue 02 Jan 2024 02:30:00 +0000
ROA not before:           Tue 02 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35470
IP address blocks:        91.199.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a8:41:78:ea:fd:12:d6:af:26:e9:af:72:00:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=178c8f20c939aaa9c80cce6a0d1567183ca1c599
        Validity
            Not Before: Jan  2 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=371a0c285797760e1e1f8740a60405e5e180fea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fb:f0:bf:48:94:38:29:b2:69:85:4d:d3:ff:
                    48:b6:3a:ee:26:5f:ce:51:d7:9d:6d:75:b4:9a:8b:
                    fd:19:82:27:ed:16:19:c1:f6:9a:bb:36:e2:c5:89:
                    62:ad:3b:11:25:fd:68:fe:0e:9f:3a:53:0b:25:3c:
                    1d:65:1c:8a:99:4a:3f:40:05:41:55:e7:14:05:e3:
                    65:59:8f:9f:39:22:8d:00:b2:85:0a:78:09:4f:cd:
                    8a:0c:e7:70:f2:05:ee:75:ed:a9:eb:6d:05:58:43:
                    26:6a:68:81:eb:db:1a:b8:f3:c0:56:e5:99:e0:3f:
                    9a:b6:e6:74:33:5c:58:8d:1e:22:11:b0:5e:22:cb:
                    01:00:f7:54:ce:8b:a7:3a:91:48:12:c6:0e:93:db:
                    41:b1:25:67:bc:b1:d1:54:86:0f:f5:bc:b1:4f:58:
                    ab:fb:ff:33:06:c6:a4:ad:30:a3:b3:d5:1c:68:ff:
                    73:0f:b9:49:a0:ad:d7:92:c0:2b:e4:cb:63:38:6f:
                    e6:bd:e9:91:61:99:9d:88:a6:34:8b:ce:cf:e9:11:
                    db:a3:75:3e:58:c0:b7:36:92:65:7a:90:b9:db:e1:
                    a5:eb:d8:9a:97:9a:d4:c5:de:ce:25:7d:dd:19:65:
                    c4:12:2e:1c:af:b2:fb:e3:d6:80:82:82:ea:8f:f0:
                    95:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:1A:0C:28:57:97:76:0E:1E:1F:87:40:A6:04:05:E5:E1:80:FE:A4
            X509v3 Authority Key Identifier:
                keyid:17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/NxoMKFeXdg4eH4dApgQF5eGA_qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:9e:4c:99:89:7a:4b:02:3d:d8:94:8a:31:9e:5b:1b:f8:94:
         ab:66:8d:3a:84:c8:d9:5f:17:19:57:67:98:b6:79:68:4e:33:
         b7:09:55:97:82:7a:e4:20:b6:f8:96:ee:9b:4d:5f:b9:47:ba:
         fa:81:4c:d8:19:b6:03:b7:76:aa:d5:43:da:2a:ad:94:93:29:
         f2:89:a9:b1:f6:47:72:4e:60:52:a1:e9:25:b6:b1:e7:c1:05:
         59:51:34:f9:a6:8e:c5:ec:49:eb:a1:8b:41:f7:83:33:7b:42:
         f7:35:5b:76:af:a2:f0:bc:96:17:6d:69:ab:49:4a:c2:4f:de:
         f4:91:f2:c2:c4:6a:76:43:d0:53:18:4b:d7:f1:69:dd:54:93:
         ce:c4:69:92:7a:14:de:01:07:b3:b5:7c:06:15:e6:96:17:30:
         7a:90:31:b1:28:31:ba:69:1d:74:4f:0a:55:e9:60:16:e6:bf:
         c5:dd:ba:29:ad:a4:0c:11:28:2c:65:43:62:1c:b2:c5:eb:5e:
         38:11:c0:35:bd:bd:3d:5f:f0:7d:82:1e:38:7a:cd:f6:29:de:
         4f:6b:c6:e2:1d:d4:97:4a:cd:2f:36:46:f8:00:42:09:45:82:
         21:0c:ab:1a:a7:62:a9:cd:f8:e8:e6:20:0d:d5:44:2c:9d:3f:
         53:59:93:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAahBeOr9EtavJumvcgBkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OGM4ZjIwYzkzOWFhYTljODBjY2U2YTBkMTU2NzE4M2Nh
MWM1OTkwHhcNMjQwMTAyMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzFhMGMyODU3OTc3NjBlMWUxZjg3NDBhNjA0MDVlNWUxODBmZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvvwv0iUOCmyaYVN0/9ItjruJl/O
UdedbXW0mov9GYIn7RYZwfaauzbixYlirTsRJf1o/g6fOlMLJTwdZRyKmUo/QAVB
VecUBeNlWY+fOSKNALKFCngJT82KDOdw8gXude2p620FWEMmamiB69sauPPAVuWZ
4D+atuZ0M1xYjR4iEbBeIssBAPdUzounOpFIEsYOk9tBsSVnvLHRVIYP9byxT1ir
+/8zBsakrTCjs9UcaP9zD7lJoK3XksAr5MtjOG/mvemRYZmdiKY0i87P6RHbo3U+
WMC3NpJlepC52+Gl69ial5rUxd7OJX3dGWXEEi4cr7L749aAgoLqj/CVhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcaDChXl3YOHh+HQKYEBeXhgP6kMB8GA1UdIwQY
MBaAFBeMjyDJOaqpyAzOag0VZxg8ocWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjR5UElNazVxcW5JRE01cURSVm5HRHloeFprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy83ZWRkOWEtZmI3Mi00M2Q3LWIyNTIt
NGNkMTFlOGI3NDk3LzEvTnhvTUtGZVhkZzRlSDRkQXBnUUY1ZUdBX3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy83ZWRkOWEtZmI3Mi00M2Q3LWIyNTItNGNkMTFlOGI3NDk3
LzEvRjR5UElNazVxcW5JRE01cURSVm5HRHloeFprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dKMA0G
CSqGSIb3DQEBCwUAA4IBAQCsnkyZiXpLAj3YlIoxnlsb+JSrZo06hMjZXxcZV2eY
tnloTjO3CVWXgnrkILb4lu6bTV+5R7r6gUzYGbYDt3aq1UPaKq2Ukynyiamx9kdy
TmBSoekltrHnwQVZUTT5po7F7EnroYtB94Mze0L3NVt2r6LwvJYXbWmrSUrCT970
kfLCxGp2Q9BTGEvX8WndVJPOxGmSehTeAQeztXwGFeaWFzB6kDGxKDG6aR10TwpV
6WAW5r/F3bopraQMESgsZUNiHLLF6144EcA1vb09X/B9gh44es32Kd5Pa8biHdSX
Ss0vNkb4AEIJRYIhDKsap2Kpzfjo5iAN1UQsnT9TWZMy
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:38:56 2024 by rpki-client on console-fra.rpki-client.org