Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/dbf104-1e2c-42e8-b28b-ebd3145422ea/1/18jTG6POx-muFSHxnkh_nNQZvmw.roa
File:                     18jTG6POx-muFSHxnkh_nNQZvmw.roa (raw, json)
Hash identifier:          WV0Kc+r5uAs87GMdDWPkE2QfvJFqKsqYFQvbkPiMCKg=
Subject key identifier:   D7:C8:D3:1B:A3:CE:C7:E9:AE:15:21:F1:9E:48:7F:9C:D4:19:BE:6C
Certificate issuer:       /CN=45e2a9fb777010296f9b8e215ee0db4467174d2d
Certificate serial:       018CC8712CBE7BB38F0D47A5818FED9CF5BB
Authority key identifier: 45:E2:A9:FB:77:70:10:29:6F:9B:8E:21:5E:E0:DB:44:67:17:4D:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ReKp-3dwEClvm44hXuDbRGcXTS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/dbf104-1e2c-42e8-b28b-ebd3145422ea/1/18jTG6POx-muFSHxnkh_nNQZvmw.roa
Signing time:             Tue 02 Jan 2024 04:31:49 +0000
ROA not before:           Tue 02 Jan 2024 04:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15542
IP address blocks:        91.230.33.0/24 maxlen: 24
                          91.230.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/dbf104-1e2c-42e8-b28b-ebd3145422ea/1/ReKp-3dwEClvm44hXuDbRGcXTS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/dbf104-1e2c-42e8-b28b-ebd3145422ea/1/ReKp-3dwEClvm44hXuDbRGcXTS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ReKp-3dwEClvm44hXuDbRGcXTS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:2c:be:7b:b3:8f:0d:47:a5:81:8f:ed:9c:f5:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e2a9fb777010296f9b8e215ee0db4467174d2d
        Validity
            Not Before: Jan  2 04:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7c8d31ba3cec7e9ae1521f19e487f9cd419be6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5b:e5:e7:f4:a5:2d:b8:ba:80:35:b1:62:43:
                    89:86:a1:6b:b9:72:3e:24:87:de:63:b8:be:4d:89:
                    c1:8d:2c:15:9b:85:ac:d4:65:df:c0:49:13:c9:bf:
                    95:2d:c3:f8:e4:c3:df:b8:88:e9:71:0f:84:b2:c5:
                    53:7f:67:d4:1d:3d:e7:49:96:0c:29:e5:8e:18:09:
                    eb:cf:74:65:26:e8:1d:01:21:1f:6c:5e:cf:1c:5c:
                    e1:f4:be:45:83:26:8b:16:ef:93:42:10:f1:08:f6:
                    8a:15:66:2c:fa:f1:01:95:89:cd:50:5c:d0:6b:3e:
                    8d:54:79:31:e8:bf:c3:49:0e:6c:42:12:f6:fc:a5:
                    db:66:96:cb:69:9e:75:0e:86:75:ec:3f:46:2f:82:
                    78:0b:4d:7f:74:47:d7:31:a1:61:5b:f8:4e:eb:25:
                    e1:ba:96:b9:f6:ee:a1:97:6f:26:f6:da:b8:b7:eb:
                    cc:d4:fd:7c:c8:e3:01:0c:d4:d8:d5:d0:e2:1b:d6:
                    ad:4d:b1:79:7b:06:ad:ea:27:37:74:03:b1:b5:3c:
                    96:69:88:f9:7d:67:90:16:49:28:e2:ee:c8:d3:32:
                    be:27:c1:8c:ef:db:af:9c:a6:a1:c0:c0:b2:ac:59:
                    86:8a:73:78:00:96:71:b2:56:0c:b0:e1:06:d4:d3:
                    87:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C8:D3:1B:A3:CE:C7:E9:AE:15:21:F1:9E:48:7F:9C:D4:19:BE:6C
            X509v3 Authority Key Identifier:
                keyid:45:E2:A9:FB:77:70:10:29:6F:9B:8E:21:5E:E0:DB:44:67:17:4D:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ReKp-3dwEClvm44hXuDbRGcXTS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/dbf104-1e2c-42e8-b28b-ebd3145422ea/1/18jTG6POx-muFSHxnkh_nNQZvmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/dbf104-1e2c-42e8-b28b-ebd3145422ea/1/ReKp-3dwEClvm44hXuDbRGcXTS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.33.0-91.230.35.255

    Signature Algorithm: sha256WithRSAEncryption
         39:46:50:dd:dc:df:b0:19:01:d5:d3:bf:4c:09:50:23:27:c7:
         13:f7:9c:15:d2:00:b5:d0:e2:50:96:47:7c:21:fc:54:cb:f3:
         01:d7:f7:72:b0:a6:32:bc:ce:99:79:f6:c0:99:cc:87:0e:ef:
         3c:ac:b8:f0:a1:a2:59:ed:0a:af:cd:10:da:64:c8:c4:c0:0e:
         58:44:a5:44:32:3a:f8:8a:3f:6b:47:1a:8a:9f:6e:4c:82:dc:
         65:ee:da:1f:0f:6d:41:cc:d4:48:6e:e3:9d:88:8a:c9:d0:09:
         81:aa:c7:3c:b7:f8:83:08:8a:e2:e4:1f:b4:86:f3:77:0a:e2:
         cb:a0:83:44:66:03:2d:d4:75:2c:0e:9e:30:33:48:76:4a:11:
         75:ce:6a:9c:a4:b1:19:1f:02:e4:1a:44:9c:7f:45:51:17:fd:
         12:90:ea:3f:fe:dc:b2:15:53:25:25:89:89:27:cc:a4:17:61:
         1a:5a:e7:d4:8a:ad:b0:38:a6:01:c8:67:3b:bd:2b:9e:d9:0c:
         2b:23:0d:e5:78:b5:fd:68:fd:02:37:16:e1:fa:7d:1e:1a:67:
         a5:5f:d9:1b:c3:11:c2:dc:0a:50:f4:93:bd:5a:a1:56:f2:d7:
         bf:78:c1:98:f7:fc:45:9c:b8:30:61:9a:9e:e8:50:2a:02:0b:
         4f:3b:86:06
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIcSy+e7OPDUelgY/tnPW7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZTJhOWZiNzc3MDEwMjk2ZjliOGUyMTVlZTBkYjQ0Njcx
NzRkMmQwHhcNMjQwMTAyMDQzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2M4ZDMxYmEzY2VjN2U5YWUxNTIxZjE5ZTQ4N2Y5Y2Q0MTliZTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFvl5/SlLbi6gDWxYkOJhqFruXI+
JIfeY7i+TYnBjSwVm4Ws1GXfwEkTyb+VLcP45MPfuIjpcQ+EssVTf2fUHT3nSZYM
KeWOGAnrz3RlJugdASEfbF7PHFzh9L5FgyaLFu+TQhDxCPaKFWYs+vEBlYnNUFzQ
az6NVHkx6L/DSQ5sQhL2/KXbZpbLaZ51DoZ17D9GL4J4C01/dEfXMaFhW/hO6yXh
upa59u6hl28m9tq4t+vM1P18yOMBDNTY1dDiG9atTbF5ewat6ic3dAOxtTyWaYj5
fWeQFkko4u7I0zK+J8GM79uvnKahwMCyrFmGinN4AJZxslYMsOEG1NOHyQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNfI0xujzsfprhUh8Z5If5zUGb5sMB8GA1UdIwQY
MBaAFEXiqft3cBApb5uOIV7g20RnF00tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmVLcC0zZHdFQ2x2bTQ0aFh1RGJSR2NYVFMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9kYmYxMDQtMWUyYy00MmU4LWIyOGIt
ZWJkMzE0NTQyMmVhLzEvMThqVEc2UE94LW11RlNIeG5raF9uTlFadm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9kYmYxMDQtMWUyYy00MmU4LWIyOGItZWJkMzE0NTQyMmVh
LzEvUmVLcC0zZHdFQ2x2bTQ0aFh1RGJSR2NYVFMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABb5iED
BAJb5iAwDQYJKoZIhvcNAQELBQADggEBADlGUN3c37AZAdXTv0wJUCMnxxP3nBXS
ALXQ4lCWR3wh/FTL8wHX93KwpjK8zpl59sCZzIcO7zysuPCholntCq/NENpkyMTA
DlhEpUQyOviKP2tHGoqfbkyC3GXu2h8PbUHM1Ehu452IisnQCYGqxzy3+IMIiuLk
H7SG83cK4sugg0RmAy3UdSwOnjAzSHZKEXXOapyksRkfAuQaRJx/RVEX/RKQ6j/+
3LIVUyUliYknzKQXYRpa59SKrbA4pgHIZzu9K57ZDCsjDeV4tf1o/QI3FuH6fR4a
Z6Vf2RvDEcLcClD0k71aoVby1794wZj3/EWcuDBhmp7oUCoCC087hgY=
-----END CERTIFICATE-----
Generated at Sun Jun 16 21:42:43 2024 by rpki-client on console-fra.rpki-client.org