Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/523c7d-3917-4137-9df3-abea625868a8/1/E9ssSI1Tn0lrU4RoW8ysqXD2pqE.roa
File:                     E9ssSI1Tn0lrU4RoW8ysqXD2pqE.roa (raw, json)
Hash identifier:          0xwkxHL+QCHMv1+8wLygtv/1G5SIpwNNhM2xS9Fewek=
Subject key identifier:   13:DB:2C:48:8D:53:9F:49:6B:53:84:68:5B:CC:AC:A9:70:F6:A6:A1
Certificate issuer:       /CN=37c651736e243d5ea6cecca63afdb4a0312d7730
Certificate serial:       018CC5001F2E571E8453444C8F7433EB82C9
Authority key identifier: 37:C6:51:73:6E:24:3D:5E:A6:CE:CC:A6:3A:FD:B4:A0:31:2D:77:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N8ZRc24kPV6mzsymOv20oDEtdzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/523c7d-3917-4137-9df3-abea625868a8/1/E9ssSI1Tn0lrU4RoW8ysqXD2pqE.roa
Signing time:             Mon 01 Jan 2024 12:29:28 +0000
ROA not before:           Mon 01 Jan 2024 12:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198049
IP address blocks:        91.230.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/523c7d-3917-4137-9df3-abea625868a8/1/N8ZRc24kPV6mzsymOv20oDEtdzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/523c7d-3917-4137-9df3-abea625868a8/1/N8ZRc24kPV6mzsymOv20oDEtdzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N8ZRc24kPV6mzsymOv20oDEtdzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1f:2e:57:1e:84:53:44:4c:8f:74:33:eb:82:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37c651736e243d5ea6cecca63afdb4a0312d7730
        Validity
            Not Before: Jan  1 12:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13db2c488d539f496b5384685bccaca970f6a6a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:23:ec:30:f0:45:08:73:94:77:a9:49:db:7b:
                    1e:76:75:14:f7:e0:1a:8f:c3:21:35:86:41:b3:a8:
                    3e:c9:4b:f9:ac:d5:76:ae:3b:64:ff:0f:c0:c0:e9:
                    ee:01:80:26:82:76:62:40:38:62:90:4f:46:e1:43:
                    71:bb:ec:51:47:d6:fc:4b:ff:ff:30:02:2c:79:61:
                    19:77:39:88:bd:45:bb:9c:99:87:35:f7:99:c5:95:
                    de:24:84:8a:1c:e6:44:6a:63:3c:55:60:52:96:00:
                    4d:a6:d7:08:40:59:c9:90:49:36:9c:0d:27:fb:8e:
                    7c:dc:83:23:c5:df:86:3f:53:04:8f:65:8e:98:e6:
                    76:f0:ab:1b:8e:9b:4c:0d:b0:99:6b:2a:2e:f1:65:
                    97:de:ee:be:5a:d7:e6:c8:25:6b:e7:c2:dc:e9:0b:
                    d3:12:b1:74:6e:ff:f7:e7:87:8b:9c:b9:dc:51:3f:
                    80:a6:3c:21:78:a4:fb:80:8c:1d:e9:1e:24:4e:69:
                    95:72:bd:ba:69:09:aa:60:96:78:67:98:8a:41:f8:
                    0e:fa:00:5c:60:94:1a:37:7e:39:4c:52:7e:af:ab:
                    05:3a:19:20:0b:ac:67:3e:0b:43:e7:c9:3c:cc:14:
                    92:41:66:55:b9:e4:36:e9:ef:5e:e5:fa:ec:c1:12:
                    19:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:DB:2C:48:8D:53:9F:49:6B:53:84:68:5B:CC:AC:A9:70:F6:A6:A1
            X509v3 Authority Key Identifier:
                keyid:37:C6:51:73:6E:24:3D:5E:A6:CE:CC:A6:3A:FD:B4:A0:31:2D:77:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N8ZRc24kPV6mzsymOv20oDEtdzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/523c7d-3917-4137-9df3-abea625868a8/1/E9ssSI1Tn0lrU4RoW8ysqXD2pqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/523c7d-3917-4137-9df3-abea625868a8/1/N8ZRc24kPV6mzsymOv20oDEtdzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:07:56:bd:0a:b3:e0:44:0c:b5:45:c7:ed:41:6f:11:20:ee:
         f1:9c:f8:6c:6e:f2:76:89:28:87:8d:98:09:30:b9:de:d6:97:
         d8:50:a5:b1:17:10:02:c8:3b:d4:9c:d3:70:51:57:b6:1a:cc:
         e2:a8:b9:a8:31:32:05:40:a9:84:7d:9f:05:c6:e1:74:b7:4d:
         bd:89:9d:f6:c7:7b:eb:2a:0b:6e:45:bb:8b:c3:58:fd:3f:81:
         74:da:69:35:80:d3:0d:61:d5:1a:23:55:af:30:6f:2f:0c:09:
         44:d0:17:6b:98:40:1a:77:8e:0b:e9:82:8b:51:26:2a:c0:47:
         5a:f6:c8:79:30:2a:27:6d:00:69:e8:59:1d:aa:5d:b5:ea:7e:
         06:92:60:10:ce:74:92:85:d0:a7:e8:64:48:bd:f1:70:b5:7b:
         01:d9:87:1c:7a:47:9f:64:b4:8c:2a:6d:3e:0e:26:72:52:2d:
         28:3a:a0:2e:95:4e:9f:59:11:16:0e:b7:be:c3:1b:da:45:6a:
         6d:6c:a1:0b:93:19:86:f5:ad:09:a7:97:84:3d:0e:73:06:40:
         a4:d2:1c:e0:df:f2:de:10:cf:87:1c:5e:e2:e2:ad:29:13:51:
         b5:52:54:d1:f0:a0:60:a5:c3:8d:b8:41:03:d6:43:df:e1:5f:
         33:78:57:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAB8uVx6EU0RMj3Qz64LJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3YzY1MTczNmUyNDNkNWVhNmNlY2NhNjNhZmRiNGEwMzEy
ZDc3MzAwHhcNMjQwMTAxMTIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2RiMmM0ODhkNTM5ZjQ5NmI1Mzg0Njg1YmNjYWNhOTcwZjZhNmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyPsMPBFCHOUd6lJ23sednUU9+Aa
j8MhNYZBs6g+yUv5rNV2rjtk/w/AwOnuAYAmgnZiQDhikE9G4UNxu+xRR9b8S///
MAIseWEZdzmIvUW7nJmHNfeZxZXeJISKHOZEamM8VWBSlgBNptcIQFnJkEk2nA0n
+4583IMjxd+GP1MEj2WOmOZ28KsbjptMDbCZayou8WWX3u6+WtfmyCVr58Lc6QvT
ErF0bv/354eLnLncUT+ApjwheKT7gIwd6R4kTmmVcr26aQmqYJZ4Z5iKQfgO+gBc
YJQaN345TFJ+r6sFOhkgC6xnPgtD58k8zBSSQWZVueQ26e9e5frswRIZXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPbLEiNU59Ja1OEaFvMrKlw9qahMB8GA1UdIwQY
MBaAFDfGUXNuJD1eps7Mpjr9tKAxLXcwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjhaUmMyNGtQVjZtenN5bU92MjBvREV0ZHpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi81MjNjN2QtMzkxNy00MTM3LTlkZjMt
YWJlYTYyNTg2OGE4LzEvRTlzc1NJMVRuMGxyVTRSb1c4eXNxWEQycHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi81MjNjN2QtMzkxNy00MTM3LTlkZjMtYWJlYTYyNTg2OGE4
LzEvTjhaUmMyNGtQVjZtenN5bU92MjBvREV0ZHpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+aRMA0G
CSqGSIb3DQEBCwUAA4IBAQB5B1a9CrPgRAy1RcftQW8RIO7xnPhsbvJ2iSiHjZgJ
MLne1pfYUKWxFxACyDvUnNNwUVe2GsziqLmoMTIFQKmEfZ8FxuF0t029iZ32x3vr
KgtuRbuLw1j9P4F02mk1gNMNYdUaI1WvMG8vDAlE0BdrmEAad44L6YKLUSYqwEda
9sh5MConbQBp6Fkdql216n4GkmAQznSShdCn6GRIvfFwtXsB2YccekefZLSMKm0+
DiZyUi0oOqAulU6fWREWDre+wxvaRWptbKELkxmG9a0Jp5eEPQ5zBkCk0hzg3/Le
EM+HHF7i4q0pE1G1UlTR8KBgpcONuEED1kPf4V8zeFew
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:54:47 2024 by rpki-client on console-fra.rpki-client.org