Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Dyo6jL-lYaEwhfYy6ambhHT_SXE.roa
File:                     Dyo6jL-lYaEwhfYy6ambhHT_SXE.roa (raw, json)
Hash identifier:          av6YJQzepaOMEpX43TwN8tQZ2e0AmsFq3U4hrJndvgA=
Subject key identifier:   0F:2A:3A:8C:BF:A5:61:A1:30:85:F6:32:E9:A9:9B:84:74:FF:49:71
Certificate issuer:       /CN=51ad6791b8dbe9c352bd64a9322172b41c4b2171
Certificate serial:       018D1C5D477BACAB33E799F11015400B42CE
Authority key identifier: 51:AD:67:91:B8:DB:E9:C3:52:BD:64:A9:32:21:72:B4:1C:4B:21:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ua1nkbjb6cNSvWSpMiFytBxLIXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Dyo6jL-lYaEwhfYy6ambhHT_SXE.roa
Signing time:             Thu 18 Jan 2024 11:38:11 +0000
ROA not before:           Thu 18 Jan 2024 11:38:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47790
IP address blocks:        91.206.210.0/24 maxlen: 24
                          91.206.211.0/24 maxlen: 24
                          91.226.196.0/24 maxlen: 24
                          91.226.197.0/24 maxlen: 24
                          91.230.8.0/24 maxlen: 24
                          91.230.9.0/24 maxlen: 24
                          185.142.160.0/22 maxlen: 24
                          185.152.120.0/24 maxlen: 24
                          185.152.121.0/24 maxlen: 24
                          185.152.122.0/24 maxlen: 24
                          185.152.123.0/24 maxlen: 24
                          2a14:7a80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Ua1nkbjb6cNSvWSpMiFytBxLIXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Ua1nkbjb6cNSvWSpMiFytBxLIXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ua1nkbjb6cNSvWSpMiFytBxLIXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:5d:47:7b:ac:ab:33:e7:99:f1:10:15:40:0b:42:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ad6791b8dbe9c352bd64a9322172b41c4b2171
        Validity
            Not Before: Jan 18 11:38:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f2a3a8cbfa561a13085f632e9a99b8474ff4971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e9:2b:e2:ed:75:73:92:9b:a8:40:4c:49:c6:
                    ce:07:e9:f3:14:3f:b4:51:d4:f1:98:9c:fb:3b:e3:
                    5d:7c:fd:a7:dc:df:ba:ef:10:f2:1f:0f:66:2e:c6:
                    cd:bd:e1:d8:fb:35:f3:2b:48:b7:dc:52:a0:d8:2b:
                    f4:dd:55:06:ee:1c:ba:50:19:58:37:25:6d:f5:7c:
                    ea:df:cc:13:1f:89:a2:9c:65:31:a5:a5:02:69:e7:
                    8d:58:64:5e:1d:26:59:1b:ec:93:e6:99:30:e7:59:
                    62:f1:30:67:6e:96:2b:59:b1:f0:4a:6b:82:0e:97:
                    48:df:ab:4a:64:0e:57:31:04:06:29:67:01:92:6b:
                    ee:f2:71:95:ba:76:8f:60:7d:26:9c:79:0e:bc:d2:
                    9e:e5:93:13:ca:e4:b5:b9:64:4a:68:bb:bc:d0:91:
                    98:0d:8c:75:b8:ce:d7:91:73:1c:4b:db:c3:15:20:
                    5a:10:e4:ae:68:8f:ba:b4:18:54:46:e9:74:0b:ce:
                    f8:20:84:f2:b0:b7:59:c6:fd:00:e5:08:70:ba:a7:
                    7d:5d:95:03:a6:7e:c7:62:a7:cc:cc:2e:15:53:9d:
                    4d:13:c7:2c:c2:ae:af:f4:e0:7b:0f:63:90:fc:ac:
                    3f:73:6e:6a:0f:ff:7f:91:50:9e:6f:32:6d:61:8a:
                    83:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:2A:3A:8C:BF:A5:61:A1:30:85:F6:32:E9:A9:9B:84:74:FF:49:71
            X509v3 Authority Key Identifier:
                keyid:51:AD:67:91:B8:DB:E9:C3:52:BD:64:A9:32:21:72:B4:1C:4B:21:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ua1nkbjb6cNSvWSpMiFytBxLIXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Dyo6jL-lYaEwhfYy6ambhHT_SXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3f6178-5fd3-403f-8fec-1a89ff11965e/1/Ua1nkbjb6cNSvWSpMiFytBxLIXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.210.0/23
                  91.226.196.0/23
                  91.230.8.0/23
                  185.142.160.0/22
                  185.152.120.0/22
                IPv6:
                  2a14:7a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:f6:af:5f:c4:06:31:76:3e:86:18:df:47:36:7b:da:8d:2a:
         8d:f6:18:93:2c:69:ff:16:da:6c:86:48:20:a5:77:18:94:63:
         3f:86:3a:5f:2e:f9:e8:09:36:17:3f:77:fa:1f:f9:13:d6:a2:
         6b:76:8c:81:9c:9e:78:8e:e9:6c:fc:70:d0:7b:a8:df:5d:c9:
         e5:5b:fa:f3:bb:b9:07:09:c7:90:60:2a:24:73:6a:04:6a:6c:
         3c:ef:dd:1c:97:fb:bd:51:3f:f6:89:e4:3b:70:2c:9c:b1:98:
         f5:b5:e3:d5:dc:31:32:e4:65:76:f5:4c:52:4a:a7:17:af:0c:
         13:98:72:e4:1e:c6:58:d3:15:af:b9:df:90:cf:50:80:7e:2a:
         ab:b3:93:64:88:36:a5:a7:19:b8:37:11:0c:ba:3b:1c:20:00:
         64:70:ea:98:89:99:0c:be:f9:b0:93:52:55:06:0f:25:65:5a:
         83:10:48:38:9b:56:b8:21:16:b7:e3:86:a9:48:22:61:32:ec:
         b9:76:d4:9a:46:c3:67:5c:7b:fe:c5:b2:27:aa:66:c8:e7:52:
         8d:74:e4:6b:68:3c:4c:03:e9:94:1e:cf:8c:5a:10:89:9e:f9:
         aa:e2:83:96:49:94:1f:56:ce:32:a1:80:b2:c8:b7:e9:f8:53:
         2a:fb:e1:52
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAY0cXUd7rKsz55nxEBVAC0LOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYWQ2NzkxYjhkYmU5YzM1MmJkNjRhOTMyMjE3MmI0MWM0
YjIxNzEwHhcNMjQwMTE4MTEzODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjJhM2E4Y2JmYTU2MWExMzA4NWY2MzJlOWE5OWI4NDc0ZmY0OTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+kr4u11c5KbqEBMScbOB+nzFD+0
UdTxmJz7O+NdfP2n3N+67xDyHw9mLsbNveHY+zXzK0i33FKg2Cv03VUG7hy6UBlY
NyVt9Xzq38wTH4minGUxpaUCaeeNWGReHSZZG+yT5pkw51li8TBnbpYrWbHwSmuC
DpdI36tKZA5XMQQGKWcBkmvu8nGVunaPYH0mnHkOvNKe5ZMTyuS1uWRKaLu80JGY
DYx1uM7XkXMcS9vDFSBaEOSuaI+6tBhURul0C874IITysLdZxv0A5Qhwuqd9XZUD
pn7HYqfMzC4VU51NE8cswq6v9OB7D2OQ/Kw/c25qD/9/kVCebzJtYYqDZwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFA8qOoy/pWGhMIX2Mumpm4R0/0lxMB8GA1UdIwQY
MBaAFFGtZ5G42+nDUr1kqTIhcrQcSyFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWExbmtiamI2Y05TdldTcE1pRnl0QnhMSVhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zZjYxNzgtNWZkMy00MDNmLThmZWMt
MWE4OWZmMTE5NjVlLzEvRHlvNmpMLWxZYUV3aGZZeTZhbWJoSFRfU1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zZjYxNzgtNWZkMy00MDNmLThmZWMtMWE4OWZmMTE5NjVl
LzEvVWExbmtiamI2Y05TdldTcE1pRnl0QnhMSVhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQBW87SAwQB
W+LEAwQBW+YIAwQCuY6gAwQCuZh4MA0EAgACMAcDBQMqFHqAMA0GCSqGSIb3DQEB
CwUAA4IBAQCU9q9fxAYxdj6GGN9HNnvajSqN9hiTLGn/FtpshkggpXcYlGM/hjpf
LvnoCTYXP3f6H/kT1qJrdoyBnJ54juls/HDQe6jfXcnlW/rzu7kHCceQYCokc2oE
amw8790cl/u9UT/2ieQ7cCycsZj1tePV3DEy5GV29UxSSqcXrwwTmHLkHsZY0xWv
ud+Qz1CAfiqrs5NkiDalpxm4NxEMujscIABkcOqYiZkMvvmwk1JVBg8lZVqDEEg4
m1a4IRa344apSCJhMuy5dtSaRsNnXHv+xbInqmbI51KNdORraDxMA+mUHs+MWhCJ
nvmq4oOWSZQfVs4yoYCyyLfp+FMq++FS
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:52:01 2024 by rpki-client on console-fra.rpki-client.org