Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/EjoRTmXZPogeMLnq4ICj13QYj7A.roa
File:                     EjoRTmXZPogeMLnq4ICj13QYj7A.roa (raw, json)
Hash identifier:          OvD7i8Zl26+i9FUL4ZqZ/VO7EmmdT74UH3HZYnZTyGM=
Subject key identifier:   12:3A:11:4E:65:D9:3E:88:1E:30:B9:EA:E0:80:A3:D7:74:18:8F:B0
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018CC86F35A4EC49F2A1C87CDFB5A1BB3F01
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/EjoRTmXZPogeMLnq4ICj13QYj7A.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29538
IP address blocks:        91.221.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:35:a4:ec:49:f2:a1:c8:7c:df:b5:a1:bb:3f:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=123a114e65d93e881e30b9eae080a3d774188fb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:51:71:dd:90:a6:4c:5b:9a:a8:cd:7a:07:22:
                    a5:4a:34:70:0a:a5:2a:71:77:94:a0:9a:7b:79:20:
                    a2:24:70:dc:fd:5b:f8:0f:d4:1b:96:3a:79:af:48:
                    81:c5:61:4f:17:07:59:d7:d1:20:14:0a:f9:5f:0e:
                    ee:20:81:9f:2f:91:55:68:2c:18:5a:ce:8e:9c:bc:
                    ee:92:e4:72:d0:a8:3d:ec:2b:e2:86:c6:b6:2d:38:
                    4b:b8:30:59:37:bc:4f:5a:85:c7:c2:d5:e4:b5:70:
                    59:81:4b:47:7e:40:16:0b:95:ac:aa:f2:08:36:38:
                    98:00:f4:c2:96:83:9f:06:96:17:d4:ad:1f:6b:a2:
                    3f:a5:ac:1f:56:e6:57:14:39:4e:93:5d:0b:4f:2f:
                    6b:94:c4:45:5e:3e:da:8a:68:e4:56:1b:5d:bd:0e:
                    d8:3f:20:0e:bd:fd:69:a0:94:df:f3:7b:c0:ca:5b:
                    fc:ee:43:10:6e:cd:ae:05:80:9e:00:fd:f9:44:73:
                    5c:1f:54:ef:fc:b8:94:ea:e0:75:50:46:7f:b2:0b:
                    6f:29:08:d4:1e:a8:99:99:15:e2:44:bb:7e:bc:1e:
                    f0:49:6f:0a:7a:22:4b:d4:cc:69:8d:40:9f:7a:be:
                    86:6f:4b:d8:0c:3b:ed:fa:a6:b1:03:2d:51:3f:34:
                    5d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:3A:11:4E:65:D9:3E:88:1E:30:B9:EA:E0:80:A3:D7:74:18:8F:B0
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/EjoRTmXZPogeMLnq4ICj13QYj7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:57:2e:60:05:1d:1c:b6:21:be:27:7d:6f:20:a0:cd:61:8e:
         d6:5e:fc:76:f6:c9:df:9e:6e:19:54:f6:8e:e0:ef:f8:37:1c:
         4f:d1:2c:40:3c:14:4c:63:28:b1:53:58:ff:fc:d4:8c:24:46:
         15:8f:2d:3f:ab:3b:8b:bc:14:af:dc:1a:fa:0d:6e:f6:f6:23:
         e5:c7:89:07:b1:4f:51:a5:e6:4f:53:a3:7a:90:81:85:0b:ad:
         f6:6b:df:31:60:cc:3f:b3:6a:d8:ca:a4:fc:71:c1:7e:0e:ee:
         7f:fb:6b:a5:18:dd:cd:7f:6b:28:65:a5:0f:bd:1e:d1:ab:8f:
         86:79:31:93:36:db:19:33:74:79:01:64:59:aa:be:03:72:06:
         a1:2f:ca:b1:89:42:c4:35:45:ab:9a:6c:16:86:cb:54:45:59:
         03:98:01:7a:e4:f2:a9:2a:e6:ed:2b:62:6e:54:ec:da:68:1e:
         fb:45:f6:0a:b0:de:3a:ef:8f:4a:7f:40:fa:e4:a5:30:d8:25:
         85:75:fb:e6:5e:7e:71:bf:e1:c5:63:1f:72:df:8c:c7:d3:2f:
         89:7a:55:e4:77:d4:1f:87:5b:33:39:a3:04:06:a7:97:48:7a:
         e9:48:ca:d5:ec:d4:eb:1e:ad:c2:59:5d:03:28:fb:66:66:89:
         4e:89:2f:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzWk7Enyoch837Whuz8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjNhMTE0ZTY1ZDkzZTg4MWUzMGI5ZWFlMDgwYTNkNzc0MTg4ZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1Fx3ZCmTFuaqM16ByKlSjRwCqUq
cXeUoJp7eSCiJHDc/Vv4D9Qbljp5r0iBxWFPFwdZ19EgFAr5Xw7uIIGfL5FVaCwY
Ws6OnLzukuRy0Kg97Cvihsa2LThLuDBZN7xPWoXHwtXktXBZgUtHfkAWC5WsqvII
NjiYAPTCloOfBpYX1K0fa6I/pawfVuZXFDlOk10LTy9rlMRFXj7aimjkVhtdvQ7Y
PyAOvf1poJTf83vAylv87kMQbs2uBYCeAP35RHNcH1Tv/LiU6uB1UEZ/sgtvKQjU
HqiZmRXiRLt+vB7wSW8KeiJL1MxpjUCfer6Gb0vYDDvt+qaxAy1RPzRdfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBI6EU5l2T6IHjC56uCAo9d0GI+wMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvRWpvUlRtWFpQb2dlTUxucTRJQ2oxM1FZajdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW910MA0G
CSqGSIb3DQEBCwUAA4IBAQByVy5gBR0ctiG+J31vIKDNYY7WXvx29snfnm4ZVPaO
4O/4NxxP0SxAPBRMYyixU1j//NSMJEYVjy0/qzuLvBSv3Br6DW729iPlx4kHsU9R
peZPU6N6kIGFC632a98xYMw/s2rYyqT8ccF+Du5/+2ulGN3Nf2soZaUPvR7Rq4+G
eTGTNtsZM3R5AWRZqr4DcgahL8qxiULENUWrmmwWhstURVkDmAF65PKpKubtK2Ju
VOzaaB77RfYKsN46749Kf0D65KUw2CWFdfvmXn5xv+HFYx9y34zH0y+JelXkd9Qf
h1szOaMEBqeXSHrpSMrV7NTrHq3CWV0DKPtmZolOiS/N
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:35:09 2024 by rpki-client on console-fra.rpki-client.org