Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/e1tWFtxcUdkhT5bqavvgU0ooobk.roa
File:                     e1tWFtxcUdkhT5bqavvgU0ooobk.roa (raw, json)
Hash identifier:          N1wJ2s1MH4emj3I4Xz6UR5Ep3ZYqLlY6SEjerOFDFg4=
Subject key identifier:   7B:5B:56:16:DC:5C:51:D9:21:4F:96:EA:6A:FB:E0:53:4A:28:A1:B9
Certificate issuer:       /CN=7e39825b26775e1551072f457d1edfd9d0ebe2df
Certificate serial:       018CC5DBF3F47200F90CF17AE51AE6BC5F86
Authority key identifier: 7E:39:82:5B:26:77:5E:15:51:07:2F:45:7D:1E:DF:D9:D0:EB:E2:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/e1tWFtxcUdkhT5bqavvgU0ooobk.roa
Signing time:             Mon 01 Jan 2024 16:29:35 +0000
ROA not before:           Mon 01 Jan 2024 16:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48219
IP address blocks:        91.223.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f3:f4:72:00:f9:0c:f1:7a:e5:1a:e6:bc:5f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e39825b26775e1551072f457d1edfd9d0ebe2df
        Validity
            Not Before: Jan  1 16:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b5b5616dc5c51d9214f96ea6afbe0534a28a1b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:02:0e:e5:2a:82:49:ba:f4:54:19:7a:e6:28:
                    36:4c:f3:cf:4b:a5:96:7b:58:56:ac:b9:b7:45:b5:
                    49:2d:b1:f0:93:3d:9d:a1:0c:5c:be:80:b3:1f:a7:
                    10:2f:04:d5:9f:a7:c3:a8:fb:53:f0:50:15:56:c7:
                    1c:e6:5d:7e:e7:5b:9e:fe:57:84:d0:4d:2c:36:0e:
                    5f:be:11:a6:b1:2e:7a:91:33:85:28:02:67:93:8f:
                    4d:ff:29:06:3b:a1:64:18:02:09:9e:a0:92:51:de:
                    4f:ed:5e:71:8c:2b:f2:bd:98:44:0e:32:54:b0:85:
                    ba:db:53:05:dc:65:8b:62:41:df:21:02:b5:a4:b2:
                    38:50:c8:51:91:e9:82:a3:0a:17:c7:a7:33:37:26:
                    a6:d0:f8:c5:fb:46:3f:31:e4:df:ce:09:76:ad:f0:
                    68:27:01:1a:8d:46:a7:cd:6a:d4:67:0b:47:2f:06:
                    02:ad:ae:a4:53:54:25:ec:3a:6e:1b:44:c9:19:1a:
                    b8:a4:bd:11:5c:8f:71:58:ff:9a:ee:29:e3:bb:95:
                    d5:59:3d:30:4b:44:b5:7f:d7:64:66:bb:54:c2:5a:
                    6c:0c:0c:31:8a:d7:d4:c3:65:e8:65:4d:1c:3c:14:
                    c4:8d:47:07:2a:9c:d0:b0:bd:91:d0:13:4c:33:be:
                    ea:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:5B:56:16:DC:5C:51:D9:21:4F:96:EA:6A:FB:E0:53:4A:28:A1:B9
            X509v3 Authority Key Identifier:
                keyid:7E:39:82:5B:26:77:5E:15:51:07:2F:45:7D:1E:DF:D9:D0:EB:E2:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/e1tWFtxcUdkhT5bqavvgU0ooobk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ea:6d:5b:3c:45:2b:a8:bd:24:a7:c4:50:a8:69:48:a5:e9:
         88:97:33:c7:3c:3d:b5:b4:6e:81:a7:e9:a9:24:5b:96:1b:1c:
         19:a9:80:01:df:bf:f4:a1:fb:ac:32:b8:09:bc:14:7c:45:6e:
         40:02:b1:62:3d:7e:9e:f0:2f:4c:bc:b5:55:cb:c4:ee:1d:61:
         99:da:82:75:d5:1a:35:80:b3:39:d4:21:5b:df:1b:92:77:a8:
         12:ad:83:67:d5:74:4c:fb:08:74:fd:91:23:1e:6b:38:0e:db:
         88:6d:a0:ca:45:15:6a:e3:96:00:08:73:dd:0b:36:8a:49:cd:
         17:20:e1:2f:6e:ff:0c:83:33:4a:4f:ec:56:5b:7d:f5:b0:12:
         ff:ca:53:ea:ec:17:10:2c:df:9d:01:81:88:70:eb:d2:4a:96:
         4a:ce:e7:22:fd:d1:88:70:55:3a:86:c4:37:b6:fd:8a:3d:30:
         25:9c:05:71:34:c8:cb:11:88:69:3d:d1:1d:43:1f:e7:35:58:
         79:7e:d6:09:2e:ec:8a:00:44:7d:27:10:fb:a5:6a:c8:6f:b0:
         22:4d:41:a9:ec:df:71:c8:6d:6e:92:8e:b5:a9:fd:e5:27:85:
         d7:74:e3:54:65:9c:10:d8:c2:04:1a:fc:08:e4:e6:d4:9e:96:
         f7:a1:76:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/P0cgD5DPF65RrmvF+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMzk4MjViMjY3NzVlMTU1MTA3MmY0NTdkMWVkZmQ5ZDBl
YmUyZGYwHhcNMjQwMTAxMTYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjViNTYxNmRjNWM1MWQ5MjE0Zjk2ZWE2YWZiZTA1MzRhMjhhMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngIO5SqCSbr0VBl65ig2TPPPS6WW
e1hWrLm3RbVJLbHwkz2doQxcvoCzH6cQLwTVn6fDqPtT8FAVVscc5l1+51ue/leE
0E0sNg5fvhGmsS56kTOFKAJnk49N/ykGO6FkGAIJnqCSUd5P7V5xjCvyvZhEDjJU
sIW621MF3GWLYkHfIQK1pLI4UMhRkemCowoXx6czNyam0PjF+0Y/MeTfzgl2rfBo
JwEajUanzWrUZwtHLwYCra6kU1Ql7DpuG0TJGRq4pL0RXI9xWP+a7inju5XVWT0w
S0S1f9dkZrtUwlpsDAwxitfUw2XoZU0cPBTEjUcHKpzQsL2R0BNMM77qBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtbVhbcXFHZIU+W6mr74FNKKKG5MB8GA1UdIwQY
MBaAFH45glsmd14VUQcvRX0e39nQ6+LfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmptQ1d5WjNYaFZSQnk5RmZSN2YyZERyNHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8yMTY2YTgtMzU3Yy00Y2Y2LWI2ZjIt
ZjhkNmQxYTc0YjFkLzEvZTF0V0Z0eGNVZGtoVDVicWF2dmdVMG9vb2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8yMTY2YTgtMzU3Yy00Y2Y2LWI2ZjItZjhkNmQxYTc0YjFk
LzEvZmptQ1d5WjNYaFZSQnk5RmZSN2YyZERyNHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+JMA0G
CSqGSIb3DQEBCwUAA4IBAQA66m1bPEUrqL0kp8RQqGlIpemIlzPHPD21tG6Bp+mp
JFuWGxwZqYAB37/0ofusMrgJvBR8RW5AArFiPX6e8C9MvLVVy8TuHWGZ2oJ11Ro1
gLM51CFb3xuSd6gSrYNn1XRM+wh0/ZEjHms4DtuIbaDKRRVq45YACHPdCzaKSc0X
IOEvbv8MgzNKT+xWW331sBL/ylPq7BcQLN+dAYGIcOvSSpZKzuci/dGIcFU6hsQ3
tv2KPTAlnAVxNMjLEYhpPdEdQx/nNVh5ftYJLuyKAER9JxD7pWrIb7AiTUGp7N9x
yG1uko61qf3lJ4XXdONUZZwQ2MIEGvwI5ObUnpb3oXad
-----END CERTIFICATE-----
Generated at Fri Nov 22 23:41:11 2024 by rpki-client on console-fra.rpki-client.org