Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/NyAUU7lcE2XpXz-URbm6vSlCA2k.roa
File:                     NyAUU7lcE2XpXz-URbm6vSlCA2k.roa (raw, json)
Hash identifier:          JdMyqnbER90lIiGN5p5tjWb0daxLmrRiIlKhXSpoQEU=
Subject key identifier:   37:20:14:53:B9:5C:13:65:E9:5F:3F:94:45:B9:BA:BD:29:42:03:69
Certificate issuer:       /CN=7de98f48e988790d0e0793537941b413d2e60306
Certificate serial:       018CC3B690B39C985EFD14A640BECE4D978B
Authority key identifier: 7D:E9:8F:48:E9:88:79:0D:0E:07:93:53:79:41:B4:13:D2:E6:03:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/NyAUU7lcE2XpXz-URbm6vSlCA2k.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41071
IP address blocks:        5.252.44.0/22 maxlen: 22
                          91.102.128.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:90:b3:9c:98:5e:fd:14:a6:40:be:ce:4d:97:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7de98f48e988790d0e0793537941b413d2e60306
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37201453b95c1365e95f3f9445b9babd29420369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0a:16:fd:3f:b5:f7:df:fd:c0:e0:b4:c4:ed:
                    eb:9d:1e:d0:c0:ad:f3:30:b3:c7:1a:58:d1:aa:9a:
                    c9:ed:e4:0c:df:a0:64:aa:b2:c6:ff:30:5f:1c:35:
                    9d:13:37:f5:61:6c:e8:b7:ee:36:40:b2:6f:df:3e:
                    31:f1:80:27:47:dc:d3:3c:9f:0b:72:75:cc:1e:d4:
                    65:cf:ad:f4:57:fb:73:d5:47:a5:cb:a0:e0:7c:44:
                    ea:a1:ad:ea:bf:3d:2a:88:0e:ea:3a:f3:d4:77:c0:
                    4f:41:99:37:66:7b:16:59:13:a4:cc:a6:73:65:39:
                    e2:5f:33:b1:04:ce:52:49:ec:df:9f:cd:d7:91:f0:
                    3b:38:48:e8:9d:ef:2e:31:64:1a:50:bb:94:ba:bf:
                    b9:36:0c:eb:06:1c:bd:27:09:3a:8e:50:c0:ba:93:
                    6b:f6:ee:83:f2:0a:1f:93:c8:a8:a7:2f:88:d9:58:
                    a9:66:06:c5:11:30:ea:b9:41:22:37:5e:4e:f6:8f:
                    16:61:52:74:d8:f3:d8:63:e7:d2:61:cf:74:cf:c2:
                    b6:28:57:7e:c9:42:10:2f:78:db:08:a3:84:b2:87:
                    0f:81:03:c8:78:d0:e0:f5:84:3f:46:33:fe:49:88:
                    2f:ff:d2:f8:8f:33:ee:27:11:2f:b7:ab:17:97:5f:
                    80:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:20:14:53:B9:5C:13:65:E9:5F:3F:94:45:B9:BA:BD:29:42:03:69
            X509v3 Authority Key Identifier:
                keyid:7D:E9:8F:48:E9:88:79:0D:0E:07:93:53:79:41:B4:13:D2:E6:03:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/femPSOmIeQ0OB5NTeUG0E9LmAwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/NyAUU7lcE2XpXz-URbm6vSlCA2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/c0fc0a-15d4-46cc-a8b9-47632cb5b854/1/femPSOmIeQ0OB5NTeUG0E9LmAwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.44.0/22
                  91.102.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a2:2b:25:b6:3e:7d:1b:70:9b:99:66:f9:fa:26:d4:9e:98:4c:
         30:0a:45:0e:7a:6a:24:d8:4e:c2:f9:32:37:3c:d3:83:60:79:
         8f:9a:b5:bf:f4:f0:70:7d:96:fb:a4:ae:ed:f2:06:84:3c:5f:
         b6:eb:53:6a:0b:c2:16:17:29:5a:68:49:ce:27:e6:84:69:c1:
         95:96:80:86:80:41:e8:6d:42:dc:65:cb:0f:cd:15:3d:08:52:
         fd:03:d5:ef:53:4b:a7:3a:42:e6:9d:30:ba:90:e7:7b:b0:0d:
         55:35:de:9a:ad:a3:00:5f:8b:d2:44:1e:31:12:32:10:00:f4:
         0f:ea:df:7d:79:ea:e5:65:c8:c1:54:ae:15:69:02:3b:84:40:
         e3:87:23:0e:35:0c:2a:58:21:9e:10:68:94:3a:9c:9b:15:1d:
         24:74:1c:dd:5a:c1:57:7c:b0:c0:11:2a:e7:cd:0f:22:fb:d0:
         15:f3:6b:02:38:38:d9:1d:6d:20:6d:eb:5e:70:c4:9c:c3:46:
         8f:b7:3e:de:cc:a4:2d:6f:cb:bc:f4:ab:34:71:e3:b2:02:b4:
         9a:1b:21:e2:56:83:ab:96:35:82:c5:a6:6f:28:46:0f:9d:43:
         e7:11:df:fa:da:cc:bd:b8:bc:af:5b:b5:0f:6e:6f:49:3c:be:
         8c:96:7a:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtpCznJhe/RSmQL7OTZeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZTk4ZjQ4ZTk4ODc5MGQwZTA3OTM1Mzc5NDFiNDEzZDJl
NjAzMDYwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzIwMTQ1M2I5NWMxMzY1ZTk1ZjNmOTQ0NWI5YmFiZDI5NDIwMzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgoW/T+199/9wOC0xO3rnR7QwK3z
MLPHGljRqprJ7eQM36BkqrLG/zBfHDWdEzf1YWzot+42QLJv3z4x8YAnR9zTPJ8L
cnXMHtRlz630V/tz1Uely6DgfETqoa3qvz0qiA7qOvPUd8BPQZk3ZnsWWROkzKZz
ZTniXzOxBM5SSezfn83XkfA7OEjone8uMWQaULuUur+5NgzrBhy9Jwk6jlDAupNr
9u6D8gofk8iopy+I2VipZgbFETDquUEiN15O9o8WYVJ02PPYY+fSYc90z8K2KFd+
yUIQL3jbCKOEsocPgQPIeNDg9YQ/RjP+SYgv/9L4jzPuJxEvt6sXl1+AlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDcgFFO5XBNl6V8/lEW5ur0pQgNpMB8GA1UdIwQY
MBaAFH3pj0jpiHkNDgeTU3lBtBPS5gMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmVtUFNPbUllUTBPQjVOVGVVRzBFOUxtQXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jMGZjMGEtMTVkNC00NmNjLWE4Yjkt
NDc2MzJjYjViODU0LzEvTnlBVVU3bGNFMlhwWHotVVJibTZ2U2xDQTJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jMGZjMGEtMTVkNC00NmNjLWE4YjktNDc2MzJjYjViODU0
LzEvZmVtUFNPbUllUTBPQjVOVGVVRzBFOUxtQXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBfwsAwQD
W2aAMA0GCSqGSIb3DQEBCwUAA4IBAQCiKyW2Pn0bcJuZZvn6JtSemEwwCkUOemok
2E7C+TI3PNODYHmPmrW/9PBwfZb7pK7t8gaEPF+261NqC8IWFylaaEnOJ+aEacGV
loCGgEHobULcZcsPzRU9CFL9A9XvU0unOkLmnTC6kOd7sA1VNd6araMAX4vSRB4x
EjIQAPQP6t99eerlZcjBVK4VaQI7hEDjhyMONQwqWCGeEGiUOpybFR0kdBzdWsFX
fLDAESrnzQ8i+9AV82sCODjZHW0gbetecMScw0aPtz7ezKQtb8u89Ks0ceOyArSa
GyHiVoOrljWCxaZvKEYPnUPnEd/62sy9uLyvW7UPbm9JPL6Mlnoa
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:54:57 2024 by rpki-client on console-fra.rpki-client.org