Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/RGRQyycScMgIaEkVRTTYZcBbshE.roa
File:                     RGRQyycScMgIaEkVRTTYZcBbshE.roa (raw, json)
Hash identifier:          R251uuvyYJsnRk6nXvAjAQeOdiywSG9AQKpl1Hd9UZs=
Subject key identifier:   44:64:50:CB:27:12:70:C8:08:68:49:15:45:34:D8:65:C0:5B:B2:11
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018CC86F37AF1BB1F0D3546202B3094ABB4E
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/RGRQyycScMgIaEkVRTTYZcBbshE.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        91.221.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:37:af:1b:b1:f0:d3:54:62:02:b3:09:4a:bb:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=446450cb271270c8086849154534d865c05bb211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:39:03:ee:31:f3:cb:21:7c:8b:63:1c:c8:a8:
                    0a:dd:3a:06:f7:c1:c9:93:fa:a7:bf:63:b8:58:1e:
                    61:fb:b8:3c:10:e3:33:2f:6f:de:c9:e8:9e:30:d6:
                    e8:03:d0:7a:15:0d:32:20:c4:a8:b0:fa:c9:4c:9b:
                    90:4a:f6:89:d1:1f:3b:0b:35:ac:93:51:27:4f:ac:
                    1e:4c:44:f9:42:34:31:a3:35:7e:65:25:a8:b6:aa:
                    c4:46:dd:41:65:a0:3a:15:82:24:54:87:61:39:6d:
                    6d:78:7e:ac:d8:a6:c8:00:03:19:5c:e2:96:0f:90:
                    73:68:b5:79:a4:82:e6:54:8e:32:cd:6a:4b:ad:f0:
                    ac:46:48:7a:df:10:c6:97:e1:26:d5:5e:c4:26:2a:
                    40:b6:30:31:6f:5a:6e:05:52:91:da:64:a6:db:84:
                    a8:58:72:66:c0:24:62:09:c0:e9:97:35:ed:8c:f9:
                    02:10:4e:1f:95:86:61:1d:96:5e:e5:36:82:e6:f7:
                    f3:6f:59:32:d0:a1:06:4e:d2:b8:27:e8:f0:26:73:
                    6c:c7:19:8c:e9:a7:f1:9b:a4:05:9f:fc:17:89:64:
                    63:68:81:1c:70:65:6e:51:8b:30:e9:0d:73:62:5a:
                    23:7a:51:77:33:a0:85:dd:61:0d:5a:c5:23:97:5f:
                    8e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:64:50:CB:27:12:70:C8:08:68:49:15:45:34:D8:65:C0:5B:B2:11
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/RGRQyycScMgIaEkVRTTYZcBbshE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:37:34:ef:68:ce:30:e6:cd:cc:33:77:50:74:24:4e:aa:49:
         a5:5b:a5:18:e9:4a:5b:38:d2:f2:05:cc:35:49:d4:d1:c6:c7:
         8f:82:7a:70:05:47:0b:5b:28:36:15:7a:b7:51:ec:00:5b:24:
         04:be:b4:89:87:df:ba:09:37:1f:eb:80:26:66:bb:1f:8c:64:
         07:84:7e:ec:ff:9b:77:b0:ee:bb:9c:23:86:70:a8:a7:45:fc:
         99:f4:3c:fd:2a:00:5e:57:8d:71:6c:70:18:3a:9c:52:61:2b:
         78:73:f4:d3:90:11:f4:6b:3c:09:3c:6f:86:18:38:3a:42:88:
         eb:ef:93:4c:c2:36:99:d3:eb:9c:47:81:cd:95:05:d7:65:8e:
         9e:88:03:5f:14:a2:bb:67:95:ff:9b:89:08:0f:18:68:14:5b:
         60:a0:b0:d0:e0:c3:3c:e7:56:9a:ae:44:30:ec:be:4a:f1:df:
         40:b6:07:d9:a4:27:1e:4f:9d:fc:36:2b:bc:0f:7b:17:86:4d:
         76:48:ed:0b:d1:eb:4b:bf:04:e1:6e:a7:e4:0c:15:2d:7a:97:
         41:f3:2c:20:50:6d:01:4d:15:f7:fa:6c:84:d6:42:77:9f:97:
         eb:de:43:62:04:1f:c4:65:cc:c3:10:31:92:10:dc:f3:a9:cd:
         a2:96:b8:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzevG7Hw01RiArMJSrtOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDY0NTBjYjI3MTI3MGM4MDg2ODQ5MTU0NTM0ZDg2NWMwNWJiMjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjkD7jHzyyF8i2McyKgK3ToG98HJ
k/qnv2O4WB5h+7g8EOMzL2/eyeieMNboA9B6FQ0yIMSosPrJTJuQSvaJ0R87CzWs
k1EnT6weTET5QjQxozV+ZSWotqrERt1BZaA6FYIkVIdhOW1teH6s2KbIAAMZXOKW
D5BzaLV5pILmVI4yzWpLrfCsRkh63xDGl+Em1V7EJipAtjAxb1puBVKR2mSm24So
WHJmwCRiCcDplzXtjPkCEE4flYZhHZZe5TaC5vfzb1ky0KEGTtK4J+jwJnNsxxmM
6afxm6QFn/wXiWRjaIEccGVuUYsw6Q1zYlojelF3M6CF3WENWsUjl1+OmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERkUMsnEnDICGhJFUU02GXAW7IRMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvUkdSUXl5Y1NjTWdJYUVrVlJUVFlaY0Jic2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW910MA0G
CSqGSIb3DQEBCwUAA4IBAQBCNzTvaM4w5s3MM3dQdCROqkmlW6UY6UpbONLyBcw1
SdTRxsePgnpwBUcLWyg2FXq3UewAWyQEvrSJh9+6CTcf64AmZrsfjGQHhH7s/5t3
sO67nCOGcKinRfyZ9Dz9KgBeV41xbHAYOpxSYSt4c/TTkBH0azwJPG+GGDg6Qojr
75NMwjaZ0+ucR4HNlQXXZY6eiANfFKK7Z5X/m4kIDxhoFFtgoLDQ4MM851aarkQw
7L5K8d9AtgfZpCceT538Niu8D3sXhk12SO0L0etLvwThbqfkDBUtepdB8ywgUG0B
TRX3+myE1kJ3n5fr3kNiBB/EZczDEDGSENzzqc2ilrg/
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:07:02 2024 by rpki-client on console-ams.rpki-client.org