Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/577b09-8d12-42c7-9af3-a164886ffc20/1/tH-_iaIPhbYxvzDsF-ByM1_LlRM.roa
File:                     tH-_iaIPhbYxvzDsF-ByM1_LlRM.roa (raw, json)
Hash identifier:          DLaIgnFKLeNcGn6eBjuGSuhucB0qNFCC9tnRsJCkNtg=
Subject key identifier:   B4:7F:BF:89:A2:0F:85:B6:31:BF:30:EC:17:E0:72:33:5F:CB:95:13
Certificate issuer:       /CN=552986484ecd015857ebf61dc4b361302c7916c6
Certificate serial:       0190302253C5FC2E773D41591C5643D19EB8
Authority key identifier: 55:29:86:48:4E:CD:01:58:57:EB:F6:1D:C4:B3:61:30:2C:79:16:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSmGSE7NAVhX6_YdxLNhMCx5FsY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/577b09-8d12-42c7-9af3-a164886ffc20/1/tH-_iaIPhbYxvzDsF-ByM1_LlRM.roa
Signing time:             Wed 19 Jun 2024 10:54:34 +0000
ROA not before:           Wed 19 Jun 2024 10:54:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60534
IP address blocks:        91.225.8.0/22 maxlen: 32
                          185.54.102.0/24 maxlen: 32
                          185.135.120.0/22 maxlen: 32
                          185.244.239.0/24 maxlen: 32
                          2a06:f3c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/577b09-8d12-42c7-9af3-a164886ffc20/1/VSmGSE7NAVhX6_YdxLNhMCx5FsY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/577b09-8d12-42c7-9af3-a164886ffc20/1/VSmGSE7NAVhX6_YdxLNhMCx5FsY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSmGSE7NAVhX6_YdxLNhMCx5FsY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:22:53:c5:fc:2e:77:3d:41:59:1c:56:43:d1:9e:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=552986484ecd015857ebf61dc4b361302c7916c6
        Validity
            Not Before: Jun 19 10:54:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b47fbf89a20f85b631bf30ec17e072335fcb9513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bf:0b:fe:8a:a3:ae:50:f1:ab:2c:33:29:20:
                    f1:15:e0:c6:90:ee:45:8c:3b:a1:c3:33:63:b4:70:
                    95:0d:24:9e:e5:e8:51:35:41:5c:42:d8:7d:cb:4f:
                    23:c5:11:e2:4b:10:a4:dc:25:35:41:0e:98:0d:80:
                    f4:ac:50:f6:bd:07:0e:3b:ff:37:52:6c:52:8e:aa:
                    93:f0:b0:35:1f:87:1d:37:4a:60:2a:b9:22:6e:af:
                    0b:e3:94:37:3f:8b:bb:a8:61:d9:58:1f:ed:dd:80:
                    0d:05:ec:70:7b:7d:92:df:d4:2b:bf:1e:1c:ad:cc:
                    21:f5:97:fe:50:b2:aa:f7:45:20:32:6b:a8:09:4b:
                    a1:4d:bb:30:95:c9:a3:62:72:24:46:4c:25:8b:dc:
                    ac:3e:33:69:b2:7a:be:72:d9:82:72:13:34:09:ed:
                    c7:e0:43:0c:a3:80:bd:22:84:da:b8:bc:ff:39:b9:
                    a4:31:8d:88:e9:c2:c7:54:2e:55:bc:2f:df:d6:05:
                    ef:af:bb:91:9e:c6:43:41:80:a1:c5:ee:73:f5:cc:
                    79:0c:6a:c6:25:f9:2a:21:b6:79:0e:49:0c:1e:0b:
                    ae:5a:a0:1b:69:f6:aa:8c:e2:11:a7:c8:3e:37:75:
                    72:7b:6e:11:fb:f7:a7:03:1d:a5:36:27:f4:06:99:
                    c5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:7F:BF:89:A2:0F:85:B6:31:BF:30:EC:17:E0:72:33:5F:CB:95:13
            X509v3 Authority Key Identifier:
                keyid:55:29:86:48:4E:CD:01:58:57:EB:F6:1D:C4:B3:61:30:2C:79:16:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSmGSE7NAVhX6_YdxLNhMCx5FsY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/577b09-8d12-42c7-9af3-a164886ffc20/1/tH-_iaIPhbYxvzDsF-ByM1_LlRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/577b09-8d12-42c7-9af3-a164886ffc20/1/VSmGSE7NAVhX6_YdxLNhMCx5FsY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.8.0/22
                  185.54.102.0/24
                  185.135.120.0/22
                  185.244.239.0/24
                IPv6:
                  2a06:f3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:9c:d2:f8:1d:6f:21:f5:47:37:2d:08:5d:a7:ff:d3:68:f4:
         a8:fd:cd:0c:02:b4:9e:f5:f3:39:16:fc:68:8e:e6:d0:aa:ad:
         6c:0e:31:24:1d:3b:74:94:be:8c:61:c5:61:78:8a:05:d3:40:
         23:b3:28:a5:30:4d:a7:10:51:2d:4a:46:20:19:a5:58:b2:fd:
         7c:82:40:fb:55:5a:0d:7e:95:2a:2b:bb:02:7c:d7:cb:67:8f:
         6f:1b:79:bf:42:01:23:1c:c7:4c:2c:47:4f:63:bf:5b:4a:e6:
         f1:5d:2a:69:63:8e:a3:e4:45:25:15:2f:79:a7:9c:49:cb:35:
         a4:0e:d1:18:fc:54:0f:34:dc:f3:0a:c9:d1:85:e1:8d:0c:1b:
         30:c5:a7:ca:5f:80:07:20:a8:8e:80:42:18:55:ab:14:49:c8:
         f0:c8:44:89:4b:56:2b:15:79:b4:c7:e0:63:06:da:f4:bb:b3:
         45:d2:83:6d:2f:92:dc:d4:6a:2b:48:71:35:7b:00:a3:87:99:
         de:71:1a:fc:25:7d:fe:0a:61:5c:7a:d7:ac:bc:8c:b9:37:4f:
         04:a4:81:5d:07:68:09:c8:70:17:b2:49:de:72:cb:9a:97:5a:
         af:b4:f4:d3:59:9c:a6:f5:c2:f3:68:ab:11:c0:4b:d0:f0:0f:
         f6:97:6a:87
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZAwIlPF/C53PUFZHFZD0Z64MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1Mjk4NjQ4NGVjZDAxNTg1N2ViZjYxZGM0YjM2MTMwMmM3
OTE2YzYwHhcNMjQwNjE5MTA1NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDdmYmY4OWEyMGY4NWI2MzFiZjMwZWMxN2UwNzIzMzVmY2I5NTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwb8L/oqjrlDxqywzKSDxFeDGkO5F
jDuhwzNjtHCVDSSe5ehRNUFcQth9y08jxRHiSxCk3CU1QQ6YDYD0rFD2vQcOO/83
UmxSjqqT8LA1H4cdN0pgKrkibq8L45Q3P4u7qGHZWB/t3YANBexwe32S39Qrvx4c
rcwh9Zf+ULKq90UgMmuoCUuhTbswlcmjYnIkRkwli9ysPjNpsnq+ctmCchM0Ce3H
4EMMo4C9IoTauLz/ObmkMY2I6cLHVC5VvC/f1gXvr7uRnsZDQYChxe5z9cx5DGrG
JfkqIbZ5DkkMHguuWqAbafaqjOIRp8g+N3Vye24R+/enAx2lNif0BpnFTQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLR/v4miD4W2Mb8w7BfgcjNfy5UTMB8GA1UdIwQY
MBaAFFUphkhOzQFYV+v2HcSzYTAseRbGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNtR1NFN05BVmhYNl9ZZHhMTmhNQ3g1RnNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS81NzdiMDktOGQxMi00MmM3LTlhZjMt
YTE2NDg4NmZmYzIwLzEvdEgtX2lhSVBoYll4dnpEc0YtQnlNMV9MbFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS81NzdiMDktOGQxMi00MmM3LTlhZjMtYTE2NDg4NmZmYzIw
LzEvVlNtR1NFN05BVmhYNl9ZZHhMTmhNQ3g1RnNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCW+EIAwQA
uTZmAwQCuYd4AwQAufTvMA0EAgACMAcDBQMqBvPAMA0GCSqGSIb3DQEBCwUAA4IB
AQCbnNL4HW8h9Uc3LQhdp//TaPSo/c0MArSe9fM5FvxojubQqq1sDjEkHTt0lL6M
YcVheIoF00AjsyilME2nEFEtSkYgGaVYsv18gkD7VVoNfpUqK7sCfNfLZ49vG3m/
QgEjHMdMLEdPY79bSubxXSppY46j5EUlFS95p5xJyzWkDtEY/FQPNNzzCsnRheGN
DBswxafKX4AHIKiOgEIYVasUScjwyESJS1YrFXm0x+BjBtr0u7NF0oNtL5Lc1Gor
SHE1ewCjh5necRr8JX3+CmFcetesvIy5N08EpIFdB2gJyHAXsknecsual1qvtPTT
WZym9cLzaKsRwEvQ8A/2l2qH
-----END CERTIFICATE-----
Generated at Fri Sep 20 20:34:47 2024 by rpki-client on console-fra.rpki-client.org