Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/6a8607-a33a-44af-b2c0-1341de8abe51/1/XT1t9Z2nz7YX8tZS6baMubeuz-c.roa
File:                     XT1t9Z2nz7YX8tZS6baMubeuz-c.roa (raw, json)
Hash identifier:          F0c53UvKpXHfxgW4QKMRXZzB1ai5oMZcXxUBVkD20Ns=
Subject key identifier:   5D:3D:6D:F5:9D:A7:CF:B6:17:F2:D6:52:E9:B6:8C:B9:B7:AE:CF:E7
Certificate issuer:       /CN=6559cf34d4cfc59640862d1e4b79d48d9e4d8e7b
Certificate serial:       0191DBB63CBBC596D70E2D5BFE175B79DCDC
Authority key identifier: 65:59:CF:34:D4:CF:C5:96:40:86:2D:1E:4B:79:D4:8D:9E:4D:8E:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZVnPNNTPxZZAhi0eS3nUjZ5Njns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/6a8607-a33a-44af-b2c0-1341de8abe51/1/XT1t9Z2nz7YX8tZS6baMubeuz-c.roa
Signing time:             Tue 10 Sep 2024 11:33:58 +0000
ROA not before:           Tue 10 Sep 2024 11:33:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        91.238.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/6a8607-a33a-44af-b2c0-1341de8abe51/1/ZVnPNNTPxZZAhi0eS3nUjZ5Njns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/6a8607-a33a-44af-b2c0-1341de8abe51/1/ZVnPNNTPxZZAhi0eS3nUjZ5Njns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZVnPNNTPxZZAhi0eS3nUjZ5Njns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:db:b6:3c:bb:c5:96:d7:0e:2d:5b:fe:17:5b:79:dc:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6559cf34d4cfc59640862d1e4b79d48d9e4d8e7b
        Validity
            Not Before: Sep 10 11:33:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d3d6df59da7cfb617f2d652e9b68cb9b7aecfe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:38:10:6b:d5:2d:ca:4c:24:2e:e3:88:1f:22:
                    08:a6:86:87:e0:69:ae:79:5f:3e:c1:12:ee:bb:16:
                    09:44:d9:0d:8b:51:4e:4f:c1:d1:13:ba:d8:97:5c:
                    72:ec:0a:b3:23:6f:74:85:86:4f:bf:d4:76:3b:70:
                    f9:e3:60:4b:44:65:1a:c3:2d:15:b1:db:3f:97:e6:
                    2e:02:7d:dc:cd:28:54:d5:82:09:c4:f3:a7:f7:62:
                    5e:09:dd:56:d0:44:0c:88:d5:54:28:5b:72:9b:91:
                    50:33:49:c3:36:2a:a1:5d:fe:e6:0f:f0:a7:24:6f:
                    9b:69:da:6d:45:9c:13:c1:bc:5d:c9:e1:f0:d5:c0:
                    1b:19:52:c8:09:0c:0b:0a:97:80:57:23:be:29:b1:
                    54:a6:43:9d:b2:66:5a:be:cc:88:30:e5:d7:35:6b:
                    08:4f:a8:9e:43:c5:31:96:c2:d6:62:fc:ff:1f:4d:
                    c9:62:c3:3e:aa:bd:15:de:9f:10:d2:dc:05:0f:43:
                    fe:45:99:3e:8f:76:04:18:50:85:f0:16:1e:fd:5a:
                    e2:9f:2d:1e:9a:81:81:9e:0c:b9:03:b2:26:e3:48:
                    b1:6e:4d:dd:47:58:ec:75:63:78:da:97:ef:6b:04:
                    3e:e1:1b:c5:a0:69:b0:e0:ab:04:c6:7d:ec:08:16:
                    29:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:3D:6D:F5:9D:A7:CF:B6:17:F2:D6:52:E9:B6:8C:B9:B7:AE:CF:E7
            X509v3 Authority Key Identifier:
                keyid:65:59:CF:34:D4:CF:C5:96:40:86:2D:1E:4B:79:D4:8D:9E:4D:8E:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZVnPNNTPxZZAhi0eS3nUjZ5Njns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6a8607-a33a-44af-b2c0-1341de8abe51/1/XT1t9Z2nz7YX8tZS6baMubeuz-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/6a8607-a33a-44af-b2c0-1341de8abe51/1/ZVnPNNTPxZZAhi0eS3nUjZ5Njns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:74:95:61:e9:0d:1d:b3:11:0d:ee:87:4b:f0:c8:49:62:ab:
         ec:47:6d:5d:6e:e9:98:c8:d7:61:87:f6:7b:e1:39:14:e8:62:
         b3:bd:a8:d3:a5:b1:f0:2e:c4:28:92:07:c9:1b:28:ac:6f:fb:
         21:62:cf:56:c3:47:25:53:08:56:36:e5:d1:5c:03:03:4e:3e:
         00:12:b7:69:25:82:73:c6:78:f7:c6:fe:c6:48:28:97:75:67:
         c8:26:15:db:ee:f5:31:41:d0:7c:e5:05:78:32:27:28:47:a4:
         50:d3:2c:23:99:a5:3b:97:8e:9b:0a:ea:db:c7:e0:d0:02:bb:
         b4:11:2a:c6:2c:88:70:b0:54:42:c6:fd:5f:48:f6:5a:81:2e:
         3a:e9:9d:63:d2:59:f3:45:0c:27:14:c0:a3:a3:06:1d:25:b7:
         8e:33:56:31:ff:46:60:4a:30:85:9c:65:1f:19:93:9c:18:2f:
         eb:5b:e4:d8:73:64:77:88:d2:0c:df:61:23:f2:03:65:aa:0d:
         e4:28:20:ef:58:03:53:2f:0d:cd:8f:c2:c2:26:a0:85:30:83:
         50:2b:91:99:e1:b3:ae:21:d6:3c:f5:66:9b:18:28:5d:0b:5d:
         c4:4c:5f:53:3f:c0:1b:24:9f:76:d7:ea:9e:3e:4c:9b:16:a9:
         06:de:78:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHbtjy7xZbXDi1b/hdbedzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NTljZjM0ZDRjZmM1OTY0MDg2MmQxZTRiNzlkNDhkOWU0
ZDhlN2IwHhcNMjQwOTEwMTEzMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDNkNmRmNTlkYTdjZmI2MTdmMmQ2NTJlOWI2OGNiOWI3YWVjZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDgQa9UtykwkLuOIHyIIpoaH4Gmu
eV8+wRLuuxYJRNkNi1FOT8HRE7rYl1xy7AqzI290hYZPv9R2O3D542BLRGUawy0V
sds/l+YuAn3czShU1YIJxPOn92JeCd1W0EQMiNVUKFtym5FQM0nDNiqhXf7mD/Cn
JG+badptRZwTwbxdyeHw1cAbGVLICQwLCpeAVyO+KbFUpkOdsmZavsyIMOXXNWsI
T6ieQ8UxlsLWYvz/H03JYsM+qr0V3p8Q0twFD0P+RZk+j3YEGFCF8BYe/Vriny0e
moGBngy5A7Im40ixbk3dR1jsdWN42pfvawQ+4RvFoGmw4KsExn3sCBYpeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF09bfWdp8+2F/LWUum2jLm3rs/nMB8GA1UdIwQY
MBaAFGVZzzTUz8WWQIYtHkt51I2eTY57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlZuUE5OVFB4WlpBaGkwZVMzblVqWjVOam5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82YTg2MDctYTMzYS00NGFmLWIyYzAt
MTM0MWRlOGFiZTUxLzEvWFQxdDlaMm56N1lYOHRaUzZiYU11YmV1ei1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82YTg2MDctYTMzYS00NGFmLWIyYzAtMTM0MWRlOGFiZTUx
LzEvWlZuUE5OVFB4WlpBaGkwZVMzblVqWjVOam5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7DMA0G
CSqGSIb3DQEBCwUAA4IBAQCVdJVh6Q0dsxEN7odL8MhJYqvsR21dbumYyNdhh/Z7
4TkU6GKzvajTpbHwLsQokgfJGyisb/shYs9Ww0clUwhWNuXRXAMDTj4AErdpJYJz
xnj3xv7GSCiXdWfIJhXb7vUxQdB85QV4MicoR6RQ0ywjmaU7l46bCurbx+DQAru0
ESrGLIhwsFRCxv1fSPZagS466Z1j0lnzRQwnFMCjowYdJbeOM1Yx/0ZgSjCFnGUf
GZOcGC/rW+TYc2R3iNIM32Ej8gNlqg3kKCDvWANTLw3Nj8LCJqCFMINQK5GZ4bOu
IdY89WabGChdC13ETF9TP8AbJJ921+qePkybFqkG3nim
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:53:22 2024 by rpki-client on console-fra.rpki-client.org