Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/xm2v6LeYtFWcp4SuC1msDawrIYM.roa
File:                     xm2v6LeYtFWcp4SuC1msDawrIYM.roa (raw, json)
Hash identifier:          V9TL+3ayhugmeU8SdMqatmnEm6wvhZ4hijpq/y+ej/Q=
Subject key identifier:   C6:6D:AF:E8:B7:98:B4:55:9C:A7:84:AE:0B:59:AC:0D:AC:2B:21:83
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018DEBD9CD267A8076D4F7CD6A44C29AD97E
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/xm2v6LeYtFWcp4SuC1msDawrIYM.roa
Signing time:             Tue 27 Feb 2024 18:35:36 +0000
ROA not before:           Tue 27 Feb 2024 18:35:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26548
IP address blocks:        91.198.230.0/24 maxlen: 24
                          91.199.3.0/24 maxlen: 24
                          193.33.66.0/24 maxlen: 24
                          193.37.133.0/24 maxlen: 24
                          193.109.221.0/24 maxlen: 24
                          193.135.13.0/24 maxlen: 24
                          193.176.237.0/24 maxlen: 24
                          193.193.164.0/24 maxlen: 24
                          194.56.255.0/24 maxlen: 24
                          194.107.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:d9:cd:26:7a:80:76:d4:f7:cd:6a:44:c2:9a:d9:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb 27 18:35:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c66dafe8b798b4559ca784ae0b59ac0dac2b2183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7e:56:27:cb:25:44:2b:6e:a9:d7:c2:3b:75:
                    9d:1c:64:30:25:e2:33:e2:a7:3a:a3:da:39:e8:98:
                    03:01:b1:f8:02:65:1d:87:21:70:5d:4c:20:27:14:
                    f4:bc:a4:dc:70:34:0f:33:a9:6e:46:03:21:90:aa:
                    20:f9:34:84:7f:4f:6c:4c:2f:ca:ab:88:60:ac:ae:
                    1d:71:e1:2d:6d:8e:95:2d:10:27:a1:a0:cf:6c:62:
                    4a:f7:f0:31:37:47:79:0f:84:14:ab:2e:50:e9:4b:
                    41:26:0d:5d:4c:43:fe:b7:4b:ce:f3:eb:59:73:ae:
                    de:ac:e2:ac:d9:d7:79:fd:57:e3:a1:66:cf:ce:6e:
                    99:d1:e0:9d:be:a0:8b:03:d3:48:b9:03:48:5e:a6:
                    6c:4e:4c:64:b3:90:18:ea:74:10:50:b6:80:9b:26:
                    e3:5c:10:24:f9:05:ac:60:fb:28:3f:bb:a8:04:05:
                    09:ad:ca:43:71:ee:2e:76:52:da:32:0a:55:d9:65:
                    17:03:f0:de:58:54:dd:a4:e9:52:b2:fd:6c:d5:43:
                    f6:10:1f:a4:0e:2e:ed:f2:b3:8e:3f:89:5e:39:93:
                    39:23:d6:cd:4b:26:b7:b9:2b:83:71:c7:e0:0d:5e:
                    f3:18:9a:67:4e:79:f8:44:a4:8d:9d:a2:0c:d5:e5:
                    67:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:6D:AF:E8:B7:98:B4:55:9C:A7:84:AE:0B:59:AC:0D:AC:2B:21:83
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/xm2v6LeYtFWcp4SuC1msDawrIYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.230.0/24
                  91.199.3.0/24
                  193.33.66.0/24
                  193.37.133.0/24
                  193.109.221.0/24
                  193.135.13.0/24
                  193.176.237.0/24
                  193.193.164.0/24
                  194.56.255.0/24
                  194.107.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:67:b8:06:49:71:c8:79:5d:1e:63:8d:48:7f:ed:5f:93:ca:
         a4:e6:2a:e5:54:fd:2f:22:6a:3c:e3:6e:2e:9f:4a:72:2b:d2:
         c2:3d:52:16:d8:a9:98:9b:d3:dd:c8:10:cc:6b:70:1e:9f:e1:
         8c:ad:60:f5:02:7a:6f:81:ba:c4:23:90:55:20:42:ee:4e:31:
         d9:47:ea:c1:b5:24:d5:bd:e2:d0:90:03:eb:50:f3:c0:9d:14:
         ef:86:71:09:d7:43:5f:86:9c:28:41:d2:a4:e5:20:9a:df:76:
         98:d6:74:1f:79:8a:4f:0b:60:4c:82:1a:5c:79:a7:64:33:21:
         93:57:06:da:e2:fb:cc:f4:e4:b5:81:fd:48:d1:ee:fe:a7:c5:
         2a:54:67:ad:8d:97:98:fe:75:3c:46:99:db:06:d6:36:b2:2d:
         65:6f:64:8b:49:60:1f:61:11:8d:04:11:3c:c3:a9:98:31:61:
         f7:a8:ac:25:47:fb:a5:38:5d:cf:e3:78:5c:74:82:8d:08:98:
         04:d9:fc:b2:ec:22:f7:1f:aa:5f:07:c3:3b:7b:25:2a:dd:cd:
         b4:08:d0:6e:51:70:c0:b7:90:ac:8c:1c:61:04:e3:23:cf:8b:
         cf:cd:4b:3c:dd:28:ae:e9:29:71:7e:4e:95:a0:30:37:e6:12:
         e8:89:a4:50
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY3r2c0meoB21PfNakTCmtl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjI3MTgzNTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjZkYWZlOGI3OThiNDU1OWNhNzg0YWUwYjU5YWMwZGFjMmIyMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH5WJ8slRCtuqdfCO3WdHGQwJeIz
4qc6o9o56JgDAbH4AmUdhyFwXUwgJxT0vKTccDQPM6luRgMhkKog+TSEf09sTC/K
q4hgrK4dceEtbY6VLRAnoaDPbGJK9/AxN0d5D4QUqy5Q6UtBJg1dTEP+t0vO8+tZ
c67erOKs2dd5/VfjoWbPzm6Z0eCdvqCLA9NIuQNIXqZsTkxks5AY6nQQULaAmybj
XBAk+QWsYPsoP7uoBAUJrcpDce4udlLaMgpV2WUXA/DeWFTdpOlSsv1s1UP2EB+k
Di7t8rOOP4leOZM5I9bNSya3uSuDccfgDV7zGJpnTnn4RKSNnaIM1eVnpQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMZtr+i3mLRVnKeErgtZrA2sKyGDMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEveG0ydjZMZVl0RldjcDRTdUMxbXNEYXdySVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAW8bmAwQA
W8cDAwQAwSFCAwQAwSWFAwQAwW3dAwQAwYcNAwQAwbDtAwQAwcGkAwQAwjj/AwQA
wmt9MA0GCSqGSIb3DQEBCwUAA4IBAQCYZ7gGSXHIeV0eY41If+1fk8qk5irlVP0v
Imo8424un0pyK9LCPVIW2KmYm9PdyBDMa3Aen+GMrWD1AnpvgbrEI5BVIELuTjHZ
R+rBtSTVveLQkAPrUPPAnRTvhnEJ10NfhpwoQdKk5SCa33aY1nQfeYpPC2BMghpc
eadkMyGTVwba4vvM9OS1gf1I0e7+p8UqVGetjZeY/nU8RpnbBtY2si1lb2SLSWAf
YRGNBBE8w6mYMWH3qKwlR/ulOF3P43hcdIKNCJgE2fyy7CL3H6pfB8M7eyUq3c20
CNBuUXDAt5CsjBxhBOMjz4vPzUs83Siu6Slxfk6VoDA35hLoiaRQ
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:09:52 2024 by rpki-client on console-ams.rpki-client.org