Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/2SA-pU10nYaeDKMIsnAAHuIGi1c.roa
File:                     2SA-pU10nYaeDKMIsnAAHuIGi1c.roa (raw, json)
Hash identifier:          AxiiLjcM2JO5jRhxuL+R68mTwsB0Or/TSNElO2SSOTo=
Subject key identifier:   D9:20:3E:A5:4D:74:9D:86:9E:0C:A3:08:B2:70:00:1E:E2:06:8B:57
Certificate issuer:       /CN=52e41f4806ce48fc398842381f2ffbe04b294818
Certificate serial:       018CC9BCADC7E4F60F93DDFD4F2E3DF18A10
Authority key identifier: 52:E4:1F:48:06:CE:48:FC:39:88:42:38:1F:2F:FB:E0:4B:29:48:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UuQfSAbOSPw5iEI4Hy_74EspSBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/2SA-pU10nYaeDKMIsnAAHuIGi1c.roa
Signing time:             Tue 02 Jan 2024 10:33:54 +0000
ROA not before:           Tue 02 Jan 2024 10:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41247
IP address blocks:        91.222.184.0/24 maxlen: 24
                          91.222.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/UuQfSAbOSPw5iEI4Hy_74EspSBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/UuQfSAbOSPw5iEI4Hy_74EspSBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UuQfSAbOSPw5iEI4Hy_74EspSBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ad:c7:e4:f6:0f:93:dd:fd:4f:2e:3d:f1:8a:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52e41f4806ce48fc398842381f2ffbe04b294818
        Validity
            Not Before: Jan  2 10:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9203ea54d749d869e0ca308b270001ee2068b57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:55:7c:d5:82:a2:69:13:b2:18:e8:b7:20:ae:
                    4b:24:dc:c1:fa:0f:fc:37:a8:c7:21:9d:42:2f:09:
                    3b:6c:43:84:60:28:ba:63:f5:74:aa:bc:3d:3e:6c:
                    4c:9c:f0:42:66:b7:43:2d:82:e2:72:6e:8f:3c:8b:
                    5c:c8:6c:fd:e3:78:d3:71:9b:2c:68:99:6f:42:ac:
                    01:ef:9a:48:0a:d7:85:53:33:b7:81:75:97:b1:7c:
                    f4:97:bd:67:57:11:44:52:b2:9b:9a:57:bc:ff:6e:
                    60:8e:8b:99:7c:9d:75:9d:fc:39:91:10:c8:20:39:
                    79:f9:0d:04:14:88:1f:77:d5:19:eb:fe:c3:00:96:
                    08:47:a8:17:85:f1:0b:0a:a3:d6:95:78:c0:78:1f:
                    90:4e:90:7c:47:e7:a3:16:d1:01:1f:e5:e6:3c:74:
                    8d:26:e8:ca:0d:cd:c4:f4:1b:74:bf:a3:ef:1f:fd:
                    e4:15:5e:c9:76:03:88:2b:99:71:2f:79:47:ec:36:
                    2e:73:46:a6:70:09:2c:c5:ec:a7:7b:ed:78:5d:55:
                    a9:5e:a6:4c:01:29:9e:62:98:fb:ff:cb:52:79:5d:
                    83:d9:5c:0e:09:db:72:6e:e9:4d:39:f1:6e:cc:bd:
                    e9:27:ca:35:f7:b9:b0:97:95:35:77:6d:c4:e9:aa:
                    b4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:20:3E:A5:4D:74:9D:86:9E:0C:A3:08:B2:70:00:1E:E2:06:8B:57
            X509v3 Authority Key Identifier:
                keyid:52:E4:1F:48:06:CE:48:FC:39:88:42:38:1F:2F:FB:E0:4B:29:48:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UuQfSAbOSPw5iEI4Hy_74EspSBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/2SA-pU10nYaeDKMIsnAAHuIGi1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/0408f7-76a2-49c7-a022-deb44b869d19/1/UuQfSAbOSPw5iEI4Hy_74EspSBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.184.0/24
                  91.222.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:b1:30:90:b7:5e:f9:12:14:d9:cf:23:3b:eb:8d:64:ae:d3:
         26:6e:d6:91:93:e5:1c:e0:57:11:c5:a5:4a:24:ff:a5:6e:e9:
         ac:4e:9d:bf:6a:61:92:d7:d7:2e:f1:48:61:23:5f:cc:6f:fa:
         df:20:57:47:d0:2b:10:a3:72:0f:5e:bb:6b:f8:31:82:9c:f8:
         c5:71:5f:e0:0d:2d:d1:f9:5d:39:5b:81:2b:91:a4:14:3b:ec:
         9d:db:5e:0d:27:1e:53:f6:57:d4:e8:04:f0:c9:85:8e:b7:58:
         6e:85:34:57:85:3c:ce:06:3e:84:5f:e4:41:d9:ad:90:73:46:
         1f:b2:98:f8:51:c0:07:24:a5:ce:33:a2:e3:5f:56:53:22:d2:
         da:42:f5:46:ad:73:ba:01:69:e0:fc:41:ec:b3:6a:b2:3b:c5:
         0d:0c:6d:ec:83:3e:79:03:a4:f8:7b:4c:ad:54:65:fd:c0:00:
         c0:3e:44:7e:56:04:6a:b5:1d:02:79:28:3e:31:4c:12:bf:49:
         d9:47:cc:45:c8:7b:a2:53:d9:3d:1d:93:6c:b0:71:12:79:35:
         02:cd:98:99:80:a2:a6:6c:69:21:2b:80:8f:57:95:f0:ea:61:
         6f:1f:1b:ac:01:75:0e:84:f0:9e:00:90:66:92:18:12:e5:d8:
         75:e4:52:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvK3H5PYPk939Ty498YoQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZTQxZjQ4MDZjZTQ4ZmMzOTg4NDIzODFmMmZmYmUwNGIy
OTQ4MTgwHhcNMjQwMTAyMTAzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTIwM2VhNTRkNzQ5ZDg2OWUwY2EzMDhiMjcwMDAxZWUyMDY4YjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1V81YKiaROyGOi3IK5LJNzB+g/8
N6jHIZ1CLwk7bEOEYCi6Y/V0qrw9PmxMnPBCZrdDLYLicm6PPItcyGz943jTcZss
aJlvQqwB75pICteFUzO3gXWXsXz0l71nVxFEUrKbmle8/25gjouZfJ11nfw5kRDI
IDl5+Q0EFIgfd9UZ6/7DAJYIR6gXhfELCqPWlXjAeB+QTpB8R+ejFtEBH+XmPHSN
JujKDc3E9Bt0v6PvH/3kFV7JdgOIK5lxL3lH7DYuc0amcAksxeyne+14XVWpXqZM
ASmeYpj7/8tSeV2D2VwOCdtybulNOfFuzL3pJ8o197mwl5U1d23E6aq0nQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNkgPqVNdJ2GngyjCLJwAB7iBotXMB8GA1UdIwQY
MBaAFFLkH0gGzkj8OYhCOB8v++BLKUgYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXVRZlNBYk9TUHc1aUVJNEh5Xzc0RXNwU0JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wNDA4ZjctNzZhMi00OWM3LWEwMjIt
ZGViNDRiODY5ZDE5LzEvMlNBLXBVMTBuWWFlREtNSXNuQUFIdUlHaTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wNDA4ZjctNzZhMi00OWM3LWEwMjItZGViNDRiODY5ZDE5
LzEvVXVRZlNBYk9TUHc1aUVJNEh5Xzc0RXNwU0JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW964AwQA
W967MA0GCSqGSIb3DQEBCwUAA4IBAQBHsTCQt175EhTZzyM7641krtMmbtaRk+Uc
4FcRxaVKJP+lbumsTp2/amGS19cu8UhhI1/Mb/rfIFdH0CsQo3IPXrtr+DGCnPjF
cV/gDS3R+V05W4ErkaQUO+yd214NJx5T9lfU6ATwyYWOt1huhTRXhTzOBj6EX+RB
2a2Qc0Yfspj4UcAHJKXOM6LjX1ZTItLaQvVGrXO6AWng/EHss2qyO8UNDG3sgz55
A6T4e0ytVGX9wADAPkR+VgRqtR0CeSg+MUwSv0nZR8xFyHuiU9k9HZNssHESeTUC
zZiZgKKmbGkhK4CPV5Xw6mFvHxusAXUOhPCeAJBmkhgS5dh15FLR
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:54:15 2024 by rpki-client on console-fra.rpki-client.org