Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/CYi5LSvq80DVa1RY4KQuxUsMvn8.roa
File:                     CYi5LSvq80DVa1RY4KQuxUsMvn8.roa (raw, json)
Hash identifier:          YhYQUAzLPPGo+dqmsJv7P1FG4Yx0HllvgpRIM6Zi0EU=
Subject key identifier:   09:88:B9:2D:2B:EA:F3:40:D5:6B:54:58:E0:A4:2E:C5:4B:0C:BE:7F
Certificate issuer:       /CN=43b92ec2b0e32cb7b2db13e3765298d6d2e585cd
Certificate serial:       018CC4253D26E434B4E42A844361DA2182AB
Authority key identifier: 43:B9:2E:C2:B0:E3:2C:B7:B2:DB:13:E3:76:52:98:D6:D2:E5:85:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q7kuwrDjLLey2xPjdlKY1tLlhc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/CYi5LSvq80DVa1RY4KQuxUsMvn8.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56441
IP address blocks:        91.231.125.0/24 maxlen: 24
                          91.224.118.0/24 maxlen: 24
                          91.224.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/Q7kuwrDjLLey2xPjdlKY1tLlhc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/Q7kuwrDjLLey2xPjdlKY1tLlhc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q7kuwrDjLLey2xPjdlKY1tLlhc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3d:26:e4:34:b4:e4:2a:84:43:61:da:21:82:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43b92ec2b0e32cb7b2db13e3765298d6d2e585cd
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0988b92d2beaf340d56b5458e0a42ec54b0cbe7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:84:8a:a6:c0:09:50:c6:30:e9:0f:76:aa:be:
                    37:2e:aa:0d:08:3d:b7:9e:08:70:57:3c:3a:4d:88:
                    7d:6e:24:4f:49:de:ec:57:e6:2f:3c:b4:3d:93:83:
                    e1:75:c0:09:5b:bb:13:02:5e:14:72:5b:bd:42:f8:
                    c5:45:6c:d5:db:b9:d0:82:5f:d1:46:67:e6:0f:28:
                    78:11:f4:85:a9:56:a7:4c:27:f0:7f:24:67:0e:98:
                    c4:e2:16:05:06:1b:1f:bf:d9:a9:62:46:d6:62:01:
                    86:d3:4a:12:31:97:e0:8d:34:8c:21:b9:c6:7f:82:
                    37:3c:74:aa:aa:2b:bb:df:d3:37:70:7c:bd:c0:91:
                    d8:0f:33:7a:44:82:7d:a1:47:ce:1f:94:82:bb:5d:
                    38:4f:69:c0:da:f5:c4:3b:4e:0d:1b:22:c6:73:64:
                    70:6b:97:9f:6c:03:e9:db:ae:aa:08:75:81:b2:54:
                    5c:fb:7c:97:54:f9:5d:dd:8b:e9:f1:ce:96:e6:b1:
                    87:8f:62:9d:68:e4:5c:c1:ba:89:11:36:d6:89:a0:
                    36:04:a5:62:ea:0f:77:bc:84:1f:b0:fd:24:db:13:
                    81:24:18:df:33:92:0f:55:ca:78:12:3d:47:eb:e3:
                    0f:df:1e:06:98:08:d6:47:71:22:d3:60:a4:cb:7a:
                    a6:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:88:B9:2D:2B:EA:F3:40:D5:6B:54:58:E0:A4:2E:C5:4B:0C:BE:7F
            X509v3 Authority Key Identifier:
                keyid:43:B9:2E:C2:B0:E3:2C:B7:B2:DB:13:E3:76:52:98:D6:D2:E5:85:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q7kuwrDjLLey2xPjdlKY1tLlhc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/CYi5LSvq80DVa1RY4KQuxUsMvn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/Q7kuwrDjLLey2xPjdlKY1tLlhc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.118.0/23
                  91.231.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:c9:29:d8:38:7f:53:c9:3c:26:01:c9:d5:81:d7:8b:13:69:
         72:f9:2e:3f:b7:12:ce:ba:14:68:a5:6d:36:7f:ff:58:96:d7:
         c6:bf:b6:71:94:6e:fc:0a:1a:3f:b6:56:fa:a3:8c:4a:95:f9:
         b5:12:6e:3d:55:71:91:ea:38:3e:6a:2f:f0:70:eb:ff:75:ae:
         ef:f8:1c:65:d3:9e:d1:0d:c0:1a:06:a1:9a:2c:0f:93:39:6f:
         01:9e:a2:ef:99:67:b4:31:c8:42:a1:da:80:bb:03:77:8c:e7:
         3e:b4:8a:47:e4:cc:43:17:cf:9a:df:6a:69:38:fb:58:28:ba:
         10:0a:d0:1d:72:9e:cb:b4:36:71:91:53:fe:32:56:18:38:37:
         b0:5f:b9:5e:b4:6a:64:cb:b1:fd:79:7b:08:8f:71:2f:07:69:
         38:e1:aa:78:5c:1c:6a:cb:61:56:19:d8:ad:c3:ad:71:68:40:
         25:2b:c8:93:ba:7f:97:6c:c3:44:68:e6:07:28:00:a3:9a:c4:
         7c:3a:8a:1c:4c:6a:03:1f:79:9f:c2:04:ef:c7:7d:e9:27:21:
         cb:60:d6:25:3a:d2:3c:65:83:55:3e:04:00:75:64:a6:5a:70:
         b9:ec:51:7a:18:08:d2:92:33:47:d6:f0:93:1b:bd:b9:0c:67:
         d6:a2:9f:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJT0m5DS05CqEQ2HaIYKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYjkyZWMyYjBlMzJjYjdiMmRiMTNlMzc2NTI5OGQ2ZDJl
NTg1Y2QwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTg4YjkyZDJiZWFmMzQwZDU2YjU0NThlMGE0MmVjNTRiMGNiZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoISKpsAJUMYw6Q92qr43LqoNCD23
nghwVzw6TYh9biRPSd7sV+YvPLQ9k4PhdcAJW7sTAl4Uclu9QvjFRWzV27nQgl/R
RmfmDyh4EfSFqVanTCfwfyRnDpjE4hYFBhsfv9mpYkbWYgGG00oSMZfgjTSMIbnG
f4I3PHSqqiu739M3cHy9wJHYDzN6RIJ9oUfOH5SCu104T2nA2vXEO04NGyLGc2Rw
a5efbAPp266qCHWBslRc+3yXVPld3Yvp8c6W5rGHj2KdaORcwbqJETbWiaA2BKVi
6g93vIQfsP0k2xOBJBjfM5IPVcp4Ej1H6+MP3x4GmAjWR3Ei02Cky3qmZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAmIuS0r6vNA1WtUWOCkLsVLDL5/MB8GA1UdIwQY
MBaAFEO5LsKw4yy3stsT43ZSmNbS5YXNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTdrdXdyRGpMTGV5MnhQamRsS1kxdExsaGMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84OTI4NmYtMGU1OS00NjI2LWE2MTct
NjAyMTUxNTIyYTA5LzEvQ1lpNUxTdnE4MERWYTFSWTRLUXV4VXNNdm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84OTI4NmYtMGU1OS00NjI2LWE2MTctNjAyMTUxNTIyYTA5
LzEvUTdrdXdyRGpMTGV5MnhQamRsS1kxdExsaGMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+B2AwQA
W+d9MA0GCSqGSIb3DQEBCwUAA4IBAQALySnYOH9TyTwmAcnVgdeLE2ly+S4/txLO
uhRopW02f/9YltfGv7ZxlG78Cho/tlb6o4xKlfm1Em49VXGR6jg+ai/wcOv/da7v
+Bxl057RDcAaBqGaLA+TOW8BnqLvmWe0MchCodqAuwN3jOc+tIpH5MxDF8+a32pp
OPtYKLoQCtAdcp7LtDZxkVP+MlYYODewX7letGpky7H9eXsIj3EvB2k44ap4XBxq
y2FWGditw61xaEAlK8iTun+XbMNEaOYHKACjmsR8OoocTGoDH3mfwgTvx33pJyHL
YNYlOtI8ZYNVPgQAdWSmWnC57FF6GAjSkjNH1vCTG725DGfWop/L
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:28:09 2024 by rpki-client on console-fra.rpki-client.org