Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/4PP6Ig7JR0BI6zoV04TcFhbOdLM.roa
File:                     4PP6Ig7JR0BI6zoV04TcFhbOdLM.roa (raw, json)
Hash identifier:          DuV/7LP0Xlz0SWvrYGIKxmdNIYUeQE3zqqUUi1s4fTc=
Subject key identifier:   E0:F3:FA:22:0E:C9:47:40:48:EB:3A:15:D3:84:DC:16:16:CE:74:B3
Certificate issuer:       /CN=e8534643ec4826b439417fdb3cb2c493e61f949e
Certificate serial:       018CC9BC01C346469BA30A60C3B01C616C5D
Authority key identifier: E8:53:46:43:EC:48:26:B4:39:41:7F:DB:3C:B2:C4:93:E6:1F:94:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/4PP6Ig7JR0BI6zoV04TcFhbOdLM.roa
Signing time:             Tue 02 Jan 2024 10:33:10 +0000
ROA not before:           Tue 02 Jan 2024 10:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44622
IP address blocks:        91.225.252.0/24 maxlen: 24
                          91.225.253.0/24 maxlen: 24
                          91.225.255.0/24 maxlen: 24
                          91.225.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:01:c3:46:46:9b:a3:0a:60:c3:b0:1c:61:6c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8534643ec4826b439417fdb3cb2c493e61f949e
        Validity
            Not Before: Jan  2 10:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0f3fa220ec9474048eb3a15d384dc1616ce74b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:38:bb:c1:e8:32:bf:bd:ac:54:b1:43:00:c5:
                    7b:34:96:cb:3d:db:86:19:08:7f:46:8c:77:2e:a1:
                    03:7a:2c:72:11:aa:e3:cb:94:9e:b1:8f:a2:97:3d:
                    90:0a:1a:c4:45:41:7d:7f:6a:ca:38:8d:82:c0:29:
                    da:6b:cf:3d:dd:b1:96:1a:00:15:80:d8:e4:c1:51:
                    7d:a3:eb:90:c8:cf:71:90:c7:74:f6:af:de:08:e3:
                    9d:39:c0:1d:6b:18:40:c1:64:a7:ad:98:63:39:42:
                    1b:5e:4d:bc:35:14:f4:08:9e:d2:06:7d:cb:ea:ed:
                    0b:08:9c:a7:57:a7:79:a7:f1:fd:3a:1f:d6:88:8b:
                    fa:3f:af:29:a2:ae:f8:27:7c:0c:63:73:97:bc:dc:
                    e4:09:8b:ea:8e:b7:8b:58:67:bb:e8:e4:27:05:56:
                    be:9d:c2:3d:f5:4b:0a:7d:f2:15:bb:7e:df:1b:60:
                    0d:4c:a5:20:f2:12:53:cd:45:fa:7f:b6:07:9f:e5:
                    f7:bf:db:58:0f:9f:5d:12:1a:5b:18:78:a9:70:25:
                    71:49:36:b3:28:3f:dc:40:71:2d:ad:c8:8c:ea:85:
                    9b:c5:63:7c:1d:bf:85:c7:fb:48:92:bb:9d:02:f0:
                    fc:a7:ab:de:71:e4:59:a5:d8:ac:c4:03:f3:0e:68:
                    22:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:F3:FA:22:0E:C9:47:40:48:EB:3A:15:D3:84:DC:16:16:CE:74:B3
            X509v3 Authority Key Identifier:
                keyid:E8:53:46:43:EC:48:26:B4:39:41:7F:DB:3C:B2:C4:93:E6:1F:94:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/4PP6Ig7JR0BI6zoV04TcFhbOdLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:30:9f:bd:6d:6d:4c:52:f0:93:8d:d0:12:71:85:cc:9a:10:
         38:b7:7b:a6:ab:20:27:95:9f:77:ea:7d:ef:25:1d:7c:b3:6e:
         ab:0b:2a:5f:54:c0:e0:9a:ca:9f:aa:7b:6a:70:09:2b:15:2d:
         f1:e5:2e:ee:5c:f1:6a:66:a4:c0:1d:fd:54:d3:9f:4d:0d:82:
         bc:85:3c:87:08:03:10:2d:10:19:ab:15:dd:8a:40:2b:6b:c6:
         e2:43:89:12:d2:98:68:64:e1:9a:38:48:16:8f:3c:59:79:75:
         b8:6a:95:3c:8b:57:6f:70:b8:3b:5f:02:64:6d:0e:56:e1:3c:
         e8:6a:93:60:38:12:2e:9e:0a:a9:09:c0:e4:8a:23:d5:b1:4f:
         b5:90:96:b0:d0:c9:27:24:e8:14:e5:de:c1:ae:c4:a2:e3:f4:
         83:45:85:3b:37:06:fa:bc:47:9c:d1:d8:f7:02:d7:36:98:0c:
         18:b8:4a:c9:fa:17:f2:de:59:2f:6a:63:50:70:b3:2b:ba:37:
         09:3a:18:b9:77:2f:7f:6c:51:f0:69:4c:06:73:4c:97:ed:cc:
         8d:3b:1b:53:eb:6e:2f:0f:ba:db:eb:e4:60:9e:1e:18:16:4d:
         b6:9e:42:3e:a0:2c:0c:3c:14:6d:d4:c6:70:45:4d:96:d8:73:
         e0:6c:32:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAHDRkabowpgw7AcYWxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NTM0NjQzZWM0ODI2YjQzOTQxN2ZkYjNjYjJjNDkzZTYx
Zjk0OWUwHhcNMjQwMTAyMTAzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGYzZmEyMjBlYzk0NzQwNDhlYjNhMTVkMzg0ZGMxNjE2Y2U3NGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzi7wegyv72sVLFDAMV7NJbLPduG
GQh/Rox3LqEDeixyEarjy5SesY+ilz2QChrERUF9f2rKOI2CwCnaa8893bGWGgAV
gNjkwVF9o+uQyM9xkMd09q/eCOOdOcAdaxhAwWSnrZhjOUIbXk28NRT0CJ7SBn3L
6u0LCJynV6d5p/H9Oh/WiIv6P68poq74J3wMY3OXvNzkCYvqjreLWGe76OQnBVa+
ncI99UsKffIVu37fG2ANTKUg8hJTzUX6f7YHn+X3v9tYD59dEhpbGHipcCVxSTaz
KD/cQHEtrciM6oWbxWN8Hb+Fx/tIkrudAvD8p6veceRZpdisxAPzDmgiZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODz+iIOyUdASOs6FdOE3BYWznSzMB8GA1UdIwQY
MBaAFOhTRkPsSCa0OUF/2zyyxJPmH5SeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkZOR1EteElKclE1UVhfYlBMTEVrLVlmbEo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi84M2NhZTYtNWJjYi00OGM0LThlYmQt
MjlkZTQ4ZWUwMGI5LzEvNFBQNklnN0pSMEJJNnpvVjA0VGNGaGJPZExNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi84M2NhZTYtNWJjYi00OGM0LThlYmQtMjlkZTQ4ZWUwMGI5
LzEvNkZOR1EteElKclE1UVhfYlBMTEVrLVlmbEo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+H8MA0G
CSqGSIb3DQEBCwUAA4IBAQAiMJ+9bW1MUvCTjdAScYXMmhA4t3umqyAnlZ936n3v
JR18s26rCypfVMDgmsqfqntqcAkrFS3x5S7uXPFqZqTAHf1U059NDYK8hTyHCAMQ
LRAZqxXdikAra8biQ4kS0phoZOGaOEgWjzxZeXW4apU8i1dvcLg7XwJkbQ5W4Tzo
apNgOBIungqpCcDkiiPVsU+1kJaw0MknJOgU5d7BrsSi4/SDRYU7Nwb6vEec0dj3
Atc2mAwYuErJ+hfy3lkvamNQcLMrujcJOhi5dy9/bFHwaUwGc0yX7cyNOxtT624v
D7rb6+Rgnh4YFk22nkI+oCwMPBRt1MZwRU2W2HPgbDLN
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:48:59 2024 by rpki-client on console-fra.rpki-client.org