Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/NOMFHSKn28UQ7K4Dtdoj183-0t8.roa
File:                     NOMFHSKn28UQ7K4Dtdoj183-0t8.roa (raw, json)
Hash identifier:          ptKU/dHNhdedl7I5+D8rtah2J2aYeoxZoKg5mv5YlsU=
Subject key identifier:   34:E3:05:1D:22:A7:DB:C5:10:EC:AE:03:B5:DA:23:D7:CD:FE:D2:DF
Certificate issuer:       /CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
Certificate serial:       018E76AA21D08781328C83C77EFE46FC5BD9
Authority key identifier: F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/NOMFHSKn28UQ7K4Dtdoj183-0t8.roa
Signing time:             Mon 25 Mar 2024 17:30:44 +0000
ROA not before:           Mon 25 Mar 2024 17:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15083
IP address blocks:        91.208.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:aa:21:d0:87:81:32:8c:83:c7:7e:fe:46:fc:5b:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
        Validity
            Not Before: Mar 25 17:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34e3051d22a7dbc510ecae03b5da23d7cdfed2df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:28:55:ec:3b:db:08:89:86:a9:e0:7c:9a:e3:
                    1b:a3:95:53:82:f4:06:44:bf:09:1d:bb:8f:30:c6:
                    67:20:1e:9a:e8:74:e0:43:c1:cc:c5:8b:4e:96:5b:
                    e2:58:83:4d:e2:19:92:63:f2:a3:37:ba:6b:c8:cb:
                    e6:e1:1c:f0:2b:9a:24:3f:70:1a:47:0a:18:ce:de:
                    60:7e:7f:5c:91:ef:c2:38:a7:ae:28:e8:d4:18:d2:
                    43:ca:63:4d:98:e9:1e:1d:70:7e:ab:7a:41:b3:a7:
                    c5:eb:8c:81:cd:16:0a:1c:b2:9d:1d:cd:fa:8b:52:
                    0b:92:48:c4:0b:9a:93:e0:a7:88:67:e7:51:60:be:
                    c5:a6:08:b3:9a:fc:a9:38:91:68:af:7f:bc:bc:6a:
                    5e:b5:b2:53:d2:11:b5:b6:f1:85:80:5f:fd:08:e2:
                    5b:ba:2b:90:f9:39:28:35:52:44:ce:ba:03:92:03:
                    87:c9:17:93:c1:30:7d:70:4c:1d:24:e6:b5:1f:42:
                    0c:7a:80:8e:e2:29:b7:b3:95:a1:d6:bb:30:bf:5c:
                    84:07:c7:ee:15:22:d7:46:ce:22:66:e4:cc:e0:6d:
                    51:7b:0e:d2:73:a9:19:b2:49:47:f2:2d:04:00:12:
                    5b:76:bc:61:97:6d:89:b0:64:56:92:3b:49:c6:6d:
                    a5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E3:05:1D:22:A7:DB:C5:10:EC:AE:03:B5:DA:23:D7:CD:FE:D2:DF
            X509v3 Authority Key Identifier:
                keyid:F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/NOMFHSKn28UQ7K4Dtdoj183-0t8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:d1:02:f3:8b:25:1d:31:d7:d1:e9:8f:11:a0:e8:02:eb:95:
         86:b6:2f:e0:cb:b5:af:ef:77:b2:7d:45:be:bd:9a:40:35:59:
         88:8b:48:d8:ad:17:85:8b:cc:e0:22:e9:67:4e:ad:db:c5:b4:
         11:a6:e0:bb:44:1e:8b:81:ec:52:a4:e4:cb:37:94:44:87:dd:
         1c:12:fc:71:64:4a:96:93:d5:10:93:0c:6f:49:05:21:29:98:
         bb:ab:00:9f:05:66:ff:7f:28:54:a1:5b:1f:65:89:23:11:a9:
         32:dd:ab:4e:7f:b5:e0:77:bf:24:a7:b6:41:a4:23:b8:71:f7:
         18:1b:89:b9:77:9b:fd:bb:15:37:fb:86:b4:c7:9e:16:a0:94:
         d6:f4:0c:13:4b:03:fa:dc:0e:0a:94:4f:87:c9:cb:bd:dc:d8:
         9b:b5:5e:4b:13:eb:2f:15:75:fc:a6:d4:58:b8:43:b3:a0:63:
         28:b1:a7:c2:2f:be:22:b0:d3:19:31:d4:3b:ed:8e:39:87:3b:
         78:fd:9c:2f:a6:a4:50:77:11:c5:b6:79:b2:86:c8:62:e3:86:
         2f:ec:13:94:9d:92:e0:49:5b:1d:e6:1b:e4:88:0b:bb:1c:4d:
         64:c1:25:4e:a2:65:fe:73:e7:db:f8:3e:22:5a:51:c0:9e:3b:
         21:8b:20:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY52qiHQh4EyjIPHfv5G/FvZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MmU5YzkxNDZlZDdiYzU4Yzg1Y2RhYjZlYjg1OGU0MjI4
NmVlZjQwHhcNMjQwMzI1MTczMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGUzMDUxZDIyYTdkYmM1MTBlY2FlMDNiNWRhMjNkN2NkZmVkMmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgChV7DvbCImGqeB8muMbo5VTgvQG
RL8JHbuPMMZnIB6a6HTgQ8HMxYtOllviWINN4hmSY/KjN7pryMvm4RzwK5okP3Aa
RwoYzt5gfn9cke/COKeuKOjUGNJDymNNmOkeHXB+q3pBs6fF64yBzRYKHLKdHc36
i1ILkkjEC5qT4KeIZ+dRYL7FpgizmvypOJFor3+8vGpetbJT0hG1tvGFgF/9COJb
uiuQ+TkoNVJEzroDkgOHyReTwTB9cEwdJOa1H0IMeoCO4im3s5Wh1rswv1yEB8fu
FSLXRs4iZuTM4G1Rew7Sc6kZsklH8i0EABJbdrxhl22JsGRWkjtJxm2lJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTjBR0ip9vFEOyuA7XaI9fN/tLfMB8GA1UdIwQY
MBaAFPcunJFG7XvFjIXNq264WOQihu70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2Et
ZDUxNmYwZTE0ODdiLzEvTk9NRkhTS24yOFVRN0s0RHRkb2oxODMtMHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2EtZDUxNmYwZTE0ODdi
LzEvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BsMA0G
CSqGSIb3DQEBCwUAA4IBAQAD0QLziyUdMdfR6Y8RoOgC65WGti/gy7Wv73eyfUW+
vZpANVmIi0jYrReFi8zgIulnTq3bxbQRpuC7RB6LgexSpOTLN5REh90cEvxxZEqW
k9UQkwxvSQUhKZi7qwCfBWb/fyhUoVsfZYkjEaky3atOf7Xgd78kp7ZBpCO4cfcY
G4m5d5v9uxU3+4a0x54WoJTW9AwTSwP63A4KlE+Hycu93NibtV5LE+svFXX8ptRY
uEOzoGMosafCL74isNMZMdQ77Y45hzt4/ZwvpqRQdxHFtnmyhshi44Yv7BOUnZLg
SVsd5hvkiAu7HE1kwSVOomX+c+fb+D4iWlHAnjshiyCH
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:47:49 2024 by rpki-client on console-ams.rpki-client.org