Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9dac0b-0577-45e9-93da-65bbbd1f276b/1/Adg_Z57ETwKXdLtnu5EYiYlufX0.roa
File:                     Adg_Z57ETwKXdLtnu5EYiYlufX0.roa (raw, json)
Hash identifier:          j0/XfCAVBNUN2y6g5KG2jcpl0Vwx/petBnr9kJLrhnQ=
Subject key identifier:   01:D8:3F:67:9E:C4:4F:02:97:74:BB:67:BB:91:18:89:89:6E:7D:7D
Certificate issuer:       /CN=4db2ccfdd4a8ae8dda86105e4135179fe37aa50e
Certificate serial:       018CC56DDB4B54542CE6E0D903F3FCAA1ED7
Authority key identifier: 4D:B2:CC:FD:D4:A8:AE:8D:DA:86:10:5E:41:35:17:9F:E3:7A:A5:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TbLM_dSoro3ahhBeQTUXn-N6pQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9dac0b-0577-45e9-93da-65bbbd1f276b/1/Adg_Z57ETwKXdLtnu5EYiYlufX0.roa
Signing time:             Mon 01 Jan 2024 14:29:20 +0000
ROA not before:           Mon 01 Jan 2024 14:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44621
IP address blocks:        91.224.62.0/23 maxlen: 23
                          91.202.97.0/24 maxlen: 24
                          91.202.96.0/24 maxlen: 24
                          91.202.98.0/24 maxlen: 24
                          91.202.99.0/24 maxlen: 24
                          91.206.130.0/24 maxlen: 24
                          91.206.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9dac0b-0577-45e9-93da-65bbbd1f276b/1/TbLM_dSoro3ahhBeQTUXn-N6pQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9dac0b-0577-45e9-93da-65bbbd1f276b/1/TbLM_dSoro3ahhBeQTUXn-N6pQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TbLM_dSoro3ahhBeQTUXn-N6pQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:db:4b:54:54:2c:e6:e0:d9:03:f3:fc:aa:1e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4db2ccfdd4a8ae8dda86105e4135179fe37aa50e
        Validity
            Not Before: Jan  1 14:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01d83f679ec44f029774bb67bb911889896e7d7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f7:02:5f:4d:82:83:28:82:87:29:1c:ad:ed:
                    48:e6:38:8f:62:86:7e:c0:5e:cf:3c:ac:3a:5c:f4:
                    54:bf:44:4a:9e:79:61:f1:4f:f6:26:07:f3:42:4e:
                    aa:dc:99:bd:fa:58:69:98:c7:2a:3b:1f:f5:9d:aa:
                    df:1a:92:cf:ca:73:4e:1d:9d:9b:ab:9e:cf:27:c9:
                    49:e0:9c:44:ec:42:95:75:82:10:45:a9:7b:0d:60:
                    e8:17:8e:da:cb:21:28:4b:1a:33:57:b6:0b:c9:3f:
                    36:b4:b2:78:16:1c:3e:52:06:20:e0:3e:8f:ea:69:
                    38:ab:9f:83:d8:25:43:bd:62:6a:25:c8:ab:ac:00:
                    ff:b9:80:c7:6e:66:35:97:a7:e2:0e:ee:04:0d:9e:
                    6a:82:34:73:ad:db:55:ae:f7:5a:c8:fa:88:86:a4:
                    5a:77:b6:80:4a:ee:cd:89:76:fe:cd:af:b6:7c:2d:
                    69:24:7f:2a:97:db:f9:b3:f6:a2:70:51:80:e0:0a:
                    cf:6c:40:07:43:cf:c3:d0:12:00:d4:0a:dd:23:03:
                    cb:39:ad:ca:62:21:be:c5:8d:58:87:3d:da:be:03:
                    21:4a:03:f5:61:98:db:49:3f:a2:40:bb:05:da:32:
                    2b:04:26:ef:2d:71:78:3d:ea:47:42:b0:3b:07:6a:
                    ba:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:D8:3F:67:9E:C4:4F:02:97:74:BB:67:BB:91:18:89:89:6E:7D:7D
            X509v3 Authority Key Identifier:
                keyid:4D:B2:CC:FD:D4:A8:AE:8D:DA:86:10:5E:41:35:17:9F:E3:7A:A5:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TbLM_dSoro3ahhBeQTUXn-N6pQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9dac0b-0577-45e9-93da-65bbbd1f276b/1/Adg_Z57ETwKXdLtnu5EYiYlufX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9dac0b-0577-45e9-93da-65bbbd1f276b/1/TbLM_dSoro3ahhBeQTUXn-N6pQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.96.0/22
                  91.206.130.0/23
                  91.224.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:56:f9:1e:51:0b:1b:02:78:a2:4c:db:a8:56:cf:18:0f:f8:
         b0:a9:ea:e7:07:b5:df:78:bc:c8:93:c9:f4:53:6a:de:91:97:
         f6:15:3e:2a:c6:d7:66:bf:f3:74:c5:37:41:3a:ee:2a:aa:0b:
         a3:bc:b2:db:e8:9a:5a:42:d8:4a:5b:c6:2b:b7:3b:2d:99:d7:
         1c:06:c2:55:a8:ae:5d:eb:b0:d7:63:b5:37:15:ed:03:77:18:
         d5:c4:6a:0c:c8:11:96:0d:4c:89:a5:06:56:08:2f:3d:14:67:
         2f:00:da:77:29:22:c8:32:31:05:51:28:d7:53:c3:ec:e5:de:
         88:16:72:88:26:45:ea:44:89:10:fb:25:31:da:a5:e2:7c:24:
         07:ec:2a:9d:5d:2c:15:aa:d0:23:f6:ba:b9:45:88:cb:46:a5:
         15:46:49:56:e5:7f:7c:04:9d:c6:22:c1:f6:12:0d:5c:58:31:
         23:cb:c4:d6:97:63:9a:fa:8e:8f:94:f0:a9:b3:72:48:6f:36:
         c9:98:03:e6:47:f8:dd:17:a8:e1:86:49:c2:84:55:e2:99:e6:
         89:5b:6e:dc:a6:97:cc:68:5d:4f:07:74:b0:14:b5:e6:b1:bc:
         e1:27:a6:1e:06:ee:26:b7:3f:dc:ea:8d:bc:2e:c7:5c:a0:ec:
         a3:6c:26:e9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbdtLVFQs5uDZA/P8qh7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYjJjY2ZkZDRhOGFlOGRkYTg2MTA1ZTQxMzUxNzlmZTM3
YWE1MGUwHhcNMjQwMTAxMTQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWQ4M2Y2NzllYzQ0ZjAyOTc3NGJiNjdiYjkxMTg4OTg5NmU3ZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPcCX02CgyiChykcre1I5jiPYoZ+
wF7PPKw6XPRUv0RKnnlh8U/2JgfzQk6q3Jm9+lhpmMcqOx/1narfGpLPynNOHZ2b
q57PJ8lJ4JxE7EKVdYIQRal7DWDoF47ayyEoSxozV7YLyT82tLJ4Fhw+UgYg4D6P
6mk4q5+D2CVDvWJqJcirrAD/uYDHbmY1l6fiDu4EDZ5qgjRzrdtVrvdayPqIhqRa
d7aASu7NiXb+za+2fC1pJH8ql9v5s/aicFGA4ArPbEAHQ8/D0BIA1ArdIwPLOa3K
YiG+xY1Yhz3avgMhSgP1YZjbST+iQLsF2jIrBCbvLXF4PepHQrA7B2q6QwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAHYP2eexE8Cl3S7Z7uRGImJbn19MB8GA1UdIwQY
MBaAFE2yzP3UqK6N2oYQXkE1F5/jeqUOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGJMTV9kU29ybzNhaGhCZVFUVVhuLU42cFE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85ZGFjMGItMDU3Ny00NWU5LTkzZGEt
NjViYmJkMWYyNzZiLzEvQWRnX1o1N0VUd0tYZEx0bnU1RVlpWWx1ZlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85ZGFjMGItMDU3Ny00NWU5LTkzZGEtNjViYmJkMWYyNzZi
LzEvVGJMTV9kU29ybzNhaGhCZVFUVVhuLU42cFE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8pgAwQB
W86CAwQBW+A+MA0GCSqGSIb3DQEBCwUAA4IBAQCuVvkeUQsbAniiTNuoVs8YD/iw
qernB7XfeLzIk8n0U2rekZf2FT4qxtdmv/N0xTdBOu4qqgujvLLb6JpaQthKW8Yr
tzstmdccBsJVqK5d67DXY7U3Fe0DdxjVxGoMyBGWDUyJpQZWCC89FGcvANp3KSLI
MjEFUSjXU8Ps5d6IFnKIJkXqRIkQ+yUx2qXifCQH7CqdXSwVqtAj9rq5RYjLRqUV
RklW5X98BJ3GIsH2Eg1cWDEjy8TWl2Oa+o6PlPCps3JIbzbJmAPmR/jdF6jhhknC
hFXimeaJW27cppfMaF1PB3SwFLXmsbzhJ6YeBu4mtz/c6o28LsdcoOyjbCbp
-----END CERTIFICATE-----
Generated at Sat Nov 23 17:10:33 2024 by rpki-client on console-ams.rpki-client.org