Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/69a209-fa57-43f0-bbc2-7507e819a795/1/Fn3i3MV6TMSgJn324_l7ex5Yto0.roa
File:                     Fn3i3MV6TMSgJn324_l7ex5Yto0.roa (raw, json)
Hash identifier:          3PSneX7oC2/IUWoQtE3XWdjYUql24sI8bXQ1dLgYwTA=
Subject key identifier:   16:7D:E2:DC:C5:7A:4C:C4:A0:26:7D:F6:E3:F9:7B:7B:1E:58:B6:8D
Certificate issuer:       /CN=e31da2ba057e9a54a6170f257ff97856dc97e068
Certificate serial:       018CC64A70565664D424793830EF9972F02A
Authority key identifier: E3:1D:A2:BA:05:7E:9A:54:A6:17:0F:25:7F:F9:78:56:DC:97:E0:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4x2iugV-mlSmFw8lf_l4VtyX4Gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/69a209-fa57-43f0-bbc2-7507e819a795/1/Fn3i3MV6TMSgJn324_l7ex5Yto0.roa
Signing time:             Mon 01 Jan 2024 18:30:16 +0000
ROA not before:           Mon 01 Jan 2024 18:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58029
IP address blocks:        192.166.157.0/24 maxlen: 24
                          192.166.154.0/24 maxlen: 24
                          192.166.156.0/24 maxlen: 24
                          192.166.155.0/24 maxlen: 24
                          91.223.125.0/24 maxlen: 24
                          91.241.57.0/24 maxlen: 24
                          2a0f:9c80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/69a209-fa57-43f0-bbc2-7507e819a795/1/4x2iugV-mlSmFw8lf_l4VtyX4Gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/69a209-fa57-43f0-bbc2-7507e819a795/1/4x2iugV-mlSmFw8lf_l4VtyX4Gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4x2iugV-mlSmFw8lf_l4VtyX4Gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:70:56:56:64:d4:24:79:38:30:ef:99:72:f0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e31da2ba057e9a54a6170f257ff97856dc97e068
        Validity
            Not Before: Jan  1 18:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=167de2dcc57a4cc4a0267df6e3f97b7b1e58b68d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:29:85:69:4c:44:d6:cd:e8:91:f9:b5:c3:d0:
                    ac:ac:7a:5d:5f:b6:61:8d:84:70:1d:91:73:5b:dd:
                    c0:9b:cf:90:8b:f4:88:b7:21:07:f0:80:fc:dd:bf:
                    6b:7f:a1:b1:6a:91:a1:42:a5:4c:9a:2a:71:07:04:
                    31:da:2b:a5:bd:ba:a0:62:61:a1:f3:82:ba:89:cc:
                    a2:2d:7d:b7:f7:13:02:51:27:70:0e:76:55:6c:96:
                    bc:e0:f9:f1:60:b5:11:f5:5c:10:24:49:6e:4d:d3:
                    a7:2d:01:19:4c:59:33:a7:08:42:91:86:93:f7:fc:
                    51:ec:0b:89:e5:5b:f4:d9:d6:3d:95:af:b9:f3:1b:
                    56:75:93:7c:d8:67:8c:c3:cf:4a:46:60:7d:0f:e3:
                    ca:0f:12:4d:f6:ae:8c:fd:44:a2:f8:83:21:b2:b1:
                    31:1c:a4:26:30:14:fb:ea:04:bb:de:50:26:20:7a:
                    9f:8f:4f:ee:e1:31:fd:65:16:0d:d3:31:22:29:d3:
                    9a:5b:17:3c:b4:97:6d:1d:94:29:9e:80:fc:77:0d:
                    eb:5d:bf:ca:83:93:7f:6a:d5:5f:5f:0d:1f:8e:7f:
                    c3:cf:54:b8:20:d8:46:6c:cb:ba:95:9b:bb:d9:c3:
                    35:e6:9b:0c:61:0d:cb:3b:3c:a4:6c:ae:aa:89:98:
                    32:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:7D:E2:DC:C5:7A:4C:C4:A0:26:7D:F6:E3:F9:7B:7B:1E:58:B6:8D
            X509v3 Authority Key Identifier:
                keyid:E3:1D:A2:BA:05:7E:9A:54:A6:17:0F:25:7F:F9:78:56:DC:97:E0:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4x2iugV-mlSmFw8lf_l4VtyX4Gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/69a209-fa57-43f0-bbc2-7507e819a795/1/Fn3i3MV6TMSgJn324_l7ex5Yto0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/69a209-fa57-43f0-bbc2-7507e819a795/1/4x2iugV-mlSmFw8lf_l4VtyX4Gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.125.0/24
                  91.241.57.0/24
                  192.166.154.0-192.166.157.255
                IPv6:
                  2a0f:9c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:32:27:ed:0c:9c:e2:67:63:cc:20:a5:52:e0:0e:14:91:cc:
         fd:5c:cb:51:fc:a9:bc:8a:2a:f7:9a:a4:00:bd:38:60:b2:d5:
         4a:2a:24:4c:2d:d0:da:06:c5:82:6c:7e:7b:e6:99:7e:89:47:
         e6:ab:8b:a6:02:4a:7c:96:a9:6f:86:6c:5e:8b:0c:b3:3b:e4:
         68:eb:33:6f:7c:a1:9d:40:dc:6a:b1:f9:a8:76:6c:9b:12:b3:
         b1:d5:ef:c5:25:d5:0d:6d:28:d0:b7:d5:68:22:01:4f:12:f4:
         76:62:07:9d:98:ee:a0:46:1a:35:a7:e9:28:74:4f:6d:5a:57:
         ac:9d:ec:81:13:3b:14:0d:5a:eb:ee:c0:c4:1c:59:52:dd:f2:
         70:e0:91:ed:79:de:53:72:1c:e6:67:4a:e2:14:32:31:7f:45:
         9d:82:2f:cd:ac:79:7d:48:fa:be:be:98:31:38:7a:25:07:2a:
         2d:ec:d1:12:25:5e:01:2c:c6:ef:3c:4e:0e:8c:c9:76:92:de:
         2a:20:95:fd:40:30:ee:a4:a1:86:e1:b4:50:bd:3a:22:de:0e:
         e2:e6:2b:52:50:cc:e7:29:8c:7b:2e:ef:3a:e9:35:d7:15:c9:
         3a:71:be:00:fd:73:13:30:12:83:9a:1d:3f:5e:14:3a:5e:a1:
         ac:6b:1a:a4
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzGSnBWVmTUJHk4MO+ZcvAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMWRhMmJhMDU3ZTlhNTRhNjE3MGYyNTdmZjk3ODU2ZGM5
N2UwNjgwHhcNMjQwMTAxMTgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjdkZTJkY2M1N2E0Y2M0YTAyNjdkZjZlM2Y5N2I3YjFlNThiNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSmFaUxE1s3okfm1w9CsrHpdX7Zh
jYRwHZFzW93Am8+Qi/SItyEH8ID83b9rf6GxapGhQqVMmipxBwQx2iulvbqgYmGh
84K6icyiLX239xMCUSdwDnZVbJa84PnxYLUR9VwQJEluTdOnLQEZTFkzpwhCkYaT
9/xR7AuJ5Vv02dY9la+58xtWdZN82GeMw89KRmB9D+PKDxJN9q6M/USi+IMhsrEx
HKQmMBT76gS73lAmIHqfj0/u4TH9ZRYN0zEiKdOaWxc8tJdtHZQpnoD8dw3rXb/K
g5N/atVfXw0fjn/Dz1S4INhGbMu6lZu72cM15psMYQ3LOzykbK6qiZgyqwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFBZ94tzFekzEoCZ99uP5e3seWLaNMB8GA1UdIwQY
MBaAFOMdoroFfppUphcPJX/5eFbcl+BoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHgyaXVnVi1tbFNtRnc4bGZfbDRWdHlYNEdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82OWEyMDktZmE1Ny00M2YwLWJiYzIt
NzUwN2U4MTlhNzk1LzEvRm4zaTNNVjZUTVNnSm4zMjRfbDdleDVZdG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82OWEyMDktZmE1Ny00M2YwLWJiYzItNzUwN2U4MTlhNzk1
LzEvNHgyaXVnVi1tbFNtRnc4bGZfbDRWdHlYNEdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQAW999AwQA
W/E5MAwDBAHAppoDBAHAppwwDQQCAAIwBwMFAyoPnIAwDQYJKoZIhvcNAQELBQAD
ggEBAGsyJ+0MnOJnY8wgpVLgDhSRzP1cy1H8qbyKKveapAC9OGCy1UoqJEwt0NoG
xYJsfnvmmX6JR+ari6YCSnyWqW+GbF6LDLM75GjrM298oZ1A3Gqx+ah2bJsSs7HV
78Ul1Q1tKNC31WgiAU8S9HZiB52Y7qBGGjWn6Sh0T21aV6yd7IETOxQNWuvuwMQc
WVLd8nDgke153lNyHOZnSuIUMjF/RZ2CL82seX1I+r6+mDE4eiUHKi3s0RIlXgEs
xu88Tg6MyXaS3ioglf1AMO6koYbhtFC9OiLeDuLmK1JQzOcpjHsu7zrpNdcVyTpx
vgD9cxMwEoOaHT9eFDpeoaxrGqQ=
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:58:29 2024 by rpki-client on console-fra.rpki-client.org