Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/ya2AGZPhi9hAyyLlCTCKrdIzLXw.roa
File:                     ya2AGZPhi9hAyyLlCTCKrdIzLXw.roa (raw, json)
Hash identifier:          KH8ct0pru/m+D6z7pPzhDVLSenXXxt32icIo+hHFfu4=
Subject key identifier:   C9:AD:80:19:93:E1:8B:D8:40:CB:22:E5:09:30:8A:AD:D2:33:2D:7C
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       018CC42456BFDAFA0C0B50AFC4677C6E111C
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/ya2AGZPhi9hAyyLlCTCKrdIzLXw.roa
Signing time:             Mon 01 Jan 2024 08:29:25 +0000
ROA not before:           Mon 01 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57512
IP address blocks:        91.108.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:56:bf:da:fa:0c:0b:50:af:c4:67:7c:6e:11:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9ad801993e18bd840cb22e509308aadd2332d7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c8:9f:95:3a:7a:2c:5e:cc:80:d0:44:75:31:
                    61:3c:35:3d:3a:a4:b7:cb:51:01:3d:9c:8f:c1:dd:
                    b2:a1:90:65:e0:03:ef:80:60:3f:d7:c9:0e:88:44:
                    24:1a:b7:cb:1e:ad:1c:3c:4a:37:f2:71:4f:55:db:
                    b8:18:d8:a4:d8:3a:7c:cc:4c:e7:ab:e6:ee:eb:8f:
                    72:0d:41:39:6a:3b:fa:25:93:b2:7b:20:8c:01:44:
                    68:01:bf:a1:24:b0:2a:5f:b0:1a:ae:a7:0c:7e:78:
                    1a:bc:a6:24:ea:26:73:3f:63:6f:6d:5e:7f:a3:a1:
                    33:61:4e:ea:6e:0f:4f:f3:c7:e2:f3:47:e3:84:30:
                    83:d6:3c:f9:c0:30:ec:57:61:24:b8:e4:9a:8d:21:
                    42:89:65:f3:d4:c7:34:8d:58:a5:b9:01:3c:88:96:
                    43:cb:90:7c:ed:80:48:89:2b:a1:77:5f:8c:72:f4:
                    84:b5:88:c5:3b:fd:52:b5:e5:2f:eb:16:41:58:64:
                    09:ce:33:91:ca:f1:6f:e1:4c:02:48:74:ab:af:46:
                    0e:23:49:1c:ca:fe:5b:ff:70:91:77:21:40:32:7d:
                    87:21:e1:a6:73:83:34:58:00:41:49:f7:ba:4c:77:
                    53:66:f6:60:d1:4a:3f:9d:7d:1a:a9:4e:4a:6a:fb:
                    a0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:AD:80:19:93:E1:8B:D8:40:CB:22:E5:09:30:8A:AD:D2:33:2D:7C
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/ya2AGZPhi9hAyyLlCTCKrdIzLXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:58:c1:d0:4c:ad:38:7a:95:02:1f:bd:76:e0:98:59:77:a9:
         b1:0b:f1:ed:93:ec:b2:62:f7:21:a3:6d:87:17:c7:5c:98:46:
         bd:c1:a9:5c:82:b2:93:5d:c5:2f:db:97:2d:24:00:3f:ee:03:
         f5:27:3b:87:4e:24:53:11:39:59:02:db:d7:85:4b:dd:a1:72:
         0f:83:92:3f:17:31:67:7d:87:3b:d6:ea:13:47:cf:bc:f7:0f:
         ca:f1:97:f6:fe:e8:dd:40:93:8c:e6:4f:6d:ef:c1:c3:6c:b2:
         0c:90:24:cb:c2:78:f6:f5:67:3b:e6:cc:64:48:eb:17:0d:05:
         79:5a:42:cc:d3:07:c9:f2:98:c1:0f:75:5b:8f:11:8b:2e:94:
         65:fb:be:31:0d:73:b2:ee:24:cd:ca:b1:47:da:a0:65:2c:50:
         3b:4c:4c:fb:fb:16:69:00:e6:4c:40:aa:e7:ee:d3:6e:79:c8:
         1a:0f:6e:70:0d:d4:d1:53:55:1f:54:40:9b:5c:a4:a2:fb:b7:
         fc:52:9b:a2:12:e8:90:15:cb:ab:05:ab:b7:f4:f8:ca:2d:13:
         79:ba:ee:a5:83:49:8f:dc:78:37:88:c0:da:da:26:c7:bb:a2:
         27:27:38:e6:b9:18:22:e7:b9:ae:9b:df:bb:b7:0e:40:4f:93:
         e7:2a:d6:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFa/2voMC1CvxGd8bhEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWFkODAxOTkzZTE4YmQ4NDBjYjIyZTUwOTMwOGFhZGQyMzMyZDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8iflTp6LF7MgNBEdTFhPDU9OqS3
y1EBPZyPwd2yoZBl4APvgGA/18kOiEQkGrfLHq0cPEo38nFPVdu4GNik2Dp8zEzn
q+bu649yDUE5ajv6JZOyeyCMAURoAb+hJLAqX7AarqcMfngavKYk6iZzP2NvbV5/
o6EzYU7qbg9P88fi80fjhDCD1jz5wDDsV2EkuOSajSFCiWXz1Mc0jViluQE8iJZD
y5B87YBIiSuhd1+McvSEtYjFO/1SteUv6xZBWGQJzjORyvFv4UwCSHSrr0YOI0kc
yv5b/3CRdyFAMn2HIeGmc4M0WABBSfe6THdTZvZg0Uo/nX0aqU5KavugXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmtgBmT4YvYQMsi5Qkwiq3SMy18MB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEveWEyQUdaUGhpOWhBeXlMbENUQ0tyZEl6TFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2w2MA0G
CSqGSIb3DQEBCwUAA4IBAQBoWMHQTK04epUCH7124JhZd6mxC/Htk+yyYvcho22H
F8dcmEa9walcgrKTXcUv25ctJAA/7gP1JzuHTiRTETlZAtvXhUvdoXIPg5I/FzFn
fYc71uoTR8+89w/K8Zf2/ujdQJOM5k9t78HDbLIMkCTLwnj29Wc75sxkSOsXDQV5
WkLM0wfJ8pjBD3VbjxGLLpRl+74xDXOy7iTNyrFH2qBlLFA7TEz7+xZpAOZMQKrn
7tNuecgaD25wDdTRU1UfVECbXKSi+7f8UpuiEuiQFcurBau39PjKLRN5uu6lg0mP
3Hg3iMDa2ibHu6InJzjmuRgi57mum9+7tw5AT5PnKtaC
-----END CERTIFICATE-----
Generated at Mon Jun 17 11:57:51 2024 by rpki-client on console-ams.rpki-client.org