Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/qw4U9X5XyFxhojia5031DGjy31k.roa
File:                     qw4U9X5XyFxhojia5031DGjy31k.roa (raw, json)
Hash identifier:          ANQEimuKh1P1OnAHcr/5cZ6Tb+LWxN9K50Q4SPmUY/k=
Subject key identifier:   AB:0E:14:F5:7E:57:C8:5C:61:A2:38:9A:E7:4D:F5:0C:68:F2:DF:59
Certificate issuer:       /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial:       018CC6B92737AFE983C1671F7A80C63404D1
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/qw4U9X5XyFxhojia5031DGjy31k.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        77.91.88.0/24 maxlen: 24
                          77.91.91.0/24 maxlen: 24
                          77.91.90.0/24 maxlen: 24
                          77.91.89.0/24 maxlen: 24
                          77.91.95.0/24 maxlen: 24
                          77.91.94.0/24 maxlen: 24
                          77.91.93.0/24 maxlen: 24
                          77.91.92.0/24 maxlen: 24
                          185.149.145.0/24 maxlen: 24
                          185.149.144.0/24 maxlen: 24
                          185.149.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:27:37:af:e9:83:c1:67:1f:7a:80:c6:34:04:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab0e14f57e57c85c61a2389ae74df50c68f2df59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:80:48:78:4e:9e:d9:a7:a5:66:4d:31:ef:45:
                    0a:4d:04:cc:b1:18:fb:1a:bd:da:1a:cb:cb:e1:d0:
                    b7:85:6f:cc:e1:13:af:3a:e9:07:40:ff:3b:2f:d7:
                    55:7a:12:f2:18:60:e8:43:37:e4:58:05:02:64:7b:
                    29:9d:00:7d:3a:92:e8:93:71:a3:09:d0:88:7a:26:
                    c6:7d:a6:db:2b:aa:9c:43:9e:ad:85:e3:60:ad:ff:
                    b7:80:2b:41:b0:c5:e0:b3:28:0d:db:16:91:ae:b9:
                    bf:2f:91:d8:69:60:38:61:9a:e6:f0:48:83:4c:69:
                    cf:29:c9:ba:91:60:3f:b3:82:b2:b4:99:56:66:7b:
                    4b:c1:b6:b5:20:70:de:65:91:9c:39:18:bd:64:d5:
                    b5:b3:92:ad:fc:93:f6:06:a3:55:39:ec:fa:f6:40:
                    52:d9:9b:fc:b4:88:84:03:51:f8:92:e1:12:24:33:
                    03:ea:dd:01:cd:4d:35:1f:cb:7c:7b:c8:7e:ac:03:
                    7e:b9:88:7e:09:ae:14:be:fe:3a:14:76:e2:6e:0c:
                    28:b8:56:c7:5d:f2:3b:5a:91:18:41:76:1f:15:83:
                    1d:1e:7a:57:7b:bf:3c:1d:bf:ad:a8:74:ce:a1:22:
                    ca:6a:84:ad:be:e8:45:b1:95:57:d8:e1:46:79:e6:
                    68:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:0E:14:F5:7E:57:C8:5C:61:A2:38:9A:E7:4D:F5:0C:68:F2:DF:59
            X509v3 Authority Key Identifier:
                keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/qw4U9X5XyFxhojia5031DGjy31k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.88.0/21
                  185.149.144.0/23
                  185.149.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:ce:ea:98:b4:fb:a1:fc:14:12:9b:ba:5c:39:e0:e1:71:fd:
         9c:bb:63:46:1e:c1:0e:f9:d0:af:04:1a:64:44:d9:25:08:1a:
         dc:29:10:16:58:a4:bc:2c:d5:4c:76:e7:e5:23:3c:42:26:9b:
         7c:73:77:12:17:39:dd:0e:80:6c:1e:40:79:31:40:91:3c:e0:
         d1:db:45:db:53:c7:44:1a:2f:3d:eb:84:b4:b6:a2:e2:49:b8:
         9e:c2:6d:d3:73:20:45:d5:8f:f5:3d:40:a2:dd:c2:79:f5:f5:
         75:e5:1f:9f:9a:3a:20:1d:fd:80:2a:3f:a0:4f:0f:00:98:2a:
         0c:9d:73:73:77:23:6a:cc:eb:5c:8b:ec:38:7c:cf:3c:19:03:
         5c:d5:17:34:28:15:44:95:e5:38:bc:2d:73:7e:90:bb:f5:6e:
         78:0b:77:12:4e:45:49:67:fc:2f:c0:77:ed:e2:d9:84:b1:99:
         8b:36:d7:cf:f8:fd:83:c0:46:ab:fe:7e:48:97:11:a4:93:aa:
         1d:b7:44:18:86:79:63:5a:bf:de:12:6e:46:43:04:44:83:48:
         60:39:3e:3c:c4:25:9d:8f:1b:bf:55:64:e6:02:18:d7:f1:07:
         a1:f7:a9:3d:e6:3b:9b:79:76:3a:3e:2d:9f:ec:b2:3e:34:19:
         af:c5:f6:2c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuSc3r+mDwWcfeoDGNATRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjBlMTRmNTdlNTdjODVjNjFhMjM4OWFlNzRkZjUwYzY4ZjJkZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIBIeE6e2aelZk0x70UKTQTMsRj7
Gr3aGsvL4dC3hW/M4ROvOukHQP87L9dVehLyGGDoQzfkWAUCZHspnQB9OpLok3Gj
CdCIeibGfabbK6qcQ56theNgrf+3gCtBsMXgsygN2xaRrrm/L5HYaWA4YZrm8EiD
TGnPKcm6kWA/s4KytJlWZntLwba1IHDeZZGcORi9ZNW1s5Kt/JP2BqNVOez69kBS
2Zv8tIiEA1H4kuESJDMD6t0BzU01H8t8e8h+rAN+uYh+Ca4Uvv46FHbibgwouFbH
XfI7WpEYQXYfFYMdHnpXe788Hb+tqHTOoSLKaoStvuhFsZVX2OFGeeZoFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKsOFPV+V8hcYaI4mudN9Qxo8t9ZMB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvcXc0VTlYNVh5Rnhob2ppYTUwMzFER2p5MzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDTVtYAwQB
uZWQAwQAuZWTMA0GCSqGSIb3DQEBCwUAA4IBAQAbzuqYtPuh/BQSm7pcOeDhcf2c
u2NGHsEO+dCvBBpkRNklCBrcKRAWWKS8LNVMduflIzxCJpt8c3cSFzndDoBsHkB5
MUCRPODR20XbU8dEGi8964S0tqLiSbiewm3TcyBF1Y/1PUCi3cJ59fV15R+fmjog
Hf2AKj+gTw8AmCoMnXNzdyNqzOtci+w4fM88GQNc1Rc0KBVEleU4vC1zfpC79W54
C3cSTkVJZ/wvwHft4tmEsZmLNtfP+P2DwEar/n5IlxGkk6odt0QYhnljWr/eEm5G
QwREg0hgOT48xCWdjxu/VWTmAhjX8Qeh96k95jubeXY6Pi2f7LI+NBmvxfYs
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:39:17 2024 by rpki-client on console-fra.rpki-client.org