Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/1b40ff-b1e1-4951-9165-23bb39a83481/1/92E1DTmpGxPw9G9amVYRLQw3Sy4.roa
File:                     92E1DTmpGxPw9G9amVYRLQw3Sy4.roa (raw, json)
Hash identifier:          zNANltydESKY65yz28lbz0ln2G/DUltCFEkAeKOTFO0=
Subject key identifier:   F7:61:35:0D:39:A9:1B:13:F0:F4:6F:5A:99:56:11:2D:0C:37:4B:2E
Certificate issuer:       /CN=46387c56b331ff84bc10d8ac90e1e2c16f172345
Certificate serial:       018CC94CAA0500E324802C7A314E58BA4D96
Authority key identifier: 46:38:7C:56:B3:31:FF:84:BC:10:D8:AC:90:E1:E2:C1:6F:17:23:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rjh8VrMx_4S8ENiskOHiwW8XI0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/1b40ff-b1e1-4951-9165-23bb39a83481/1/92E1DTmpGxPw9G9amVYRLQw3Sy4.roa
Signing time:             Tue 02 Jan 2024 08:31:33 +0000
ROA not before:           Tue 02 Jan 2024 08:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206012
IP address blocks:        91.198.46.0/24 maxlen: 24
                          185.90.224.0/22 maxlen: 22
                          91.192.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/1b40ff-b1e1-4951-9165-23bb39a83481/1/Rjh8VrMx_4S8ENiskOHiwW8XI0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/1b40ff-b1e1-4951-9165-23bb39a83481/1/Rjh8VrMx_4S8ENiskOHiwW8XI0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rjh8VrMx_4S8ENiskOHiwW8XI0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:aa:05:00:e3:24:80:2c:7a:31:4e:58:ba:4d:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46387c56b331ff84bc10d8ac90e1e2c16f172345
        Validity
            Not Before: Jan  2 08:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f761350d39a91b13f0f46f5a9956112d0c374b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ea:89:f6:4c:b9:23:d4:89:38:4f:28:56:79:
                    19:04:a1:d2:7a:f2:a4:29:ce:8a:da:c3:80:37:2d:
                    cd:3a:4f:80:dd:e0:d9:ea:eb:1a:b4:6a:3c:a0:5f:
                    75:e2:51:3b:71:31:10:40:a9:45:27:1a:ba:fa:39:
                    fe:be:89:ad:87:71:7b:4b:61:27:73:7e:28:da:0c:
                    13:6a:0f:d6:85:37:e4:dc:9f:ca:b5:2f:da:f2:7a:
                    49:38:92:12:81:b9:4f:7c:cd:14:eb:e2:95:60:15:
                    30:07:1a:5c:6d:98:74:23:d9:af:28:49:f7:9a:6d:
                    aa:70:94:02:1c:90:4a:8a:be:2b:fb:00:1f:d0:00:
                    7c:65:67:f4:1f:0c:c1:06:5d:94:27:e8:29:9d:df:
                    91:3d:21:0f:35:2f:0f:ab:f3:da:98:14:17:ff:4b:
                    dc:71:27:86:db:5a:8f:96:04:4f:41:60:7e:21:81:
                    e4:e0:cf:5e:fa:fa:cf:21:cb:4b:a3:17:ca:8b:bf:
                    2f:93:ef:aa:c9:8e:a0:9c:c3:5d:83:11:9a:bc:c9:
                    ef:9e:1c:51:b5:7b:08:81:61:47:e7:f8:99:d7:5f:
                    fd:7b:19:c7:b1:c6:d2:73:9a:b1:08:af:9d:57:2c:
                    b0:04:96:5d:c7:7e:55:9f:72:c6:ec:08:08:35:3f:
                    2e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:61:35:0D:39:A9:1B:13:F0:F4:6F:5A:99:56:11:2D:0C:37:4B:2E
            X509v3 Authority Key Identifier:
                keyid:46:38:7C:56:B3:31:FF:84:BC:10:D8:AC:90:E1:E2:C1:6F:17:23:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rjh8VrMx_4S8ENiskOHiwW8XI0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1b40ff-b1e1-4951-9165-23bb39a83481/1/92E1DTmpGxPw9G9amVYRLQw3Sy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1b40ff-b1e1-4951-9165-23bb39a83481/1/Rjh8VrMx_4S8ENiskOHiwW8XI0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.96.0/22
                  91.198.46.0/24
                  185.90.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:9b:84:15:31:0f:0f:00:b3:00:ae:8d:cc:29:31:6e:d4:43:
         6e:81:f8:8a:ae:56:f4:06:cb:a1:ac:4d:5d:2e:1d:ce:cd:13:
         da:6d:0a:a6:22:77:db:01:18:37:1b:44:ba:07:c3:ef:f6:a3:
         5b:59:d1:5b:0f:9b:78:80:75:f6:7b:ca:e4:46:27:b5:7e:ca:
         07:0e:42:01:10:ab:64:a9:0f:95:a1:c9:8d:58:ff:6b:df:2e:
         a9:52:7f:f5:1d:8b:a5:ee:6c:8c:ba:9e:f0:e5:4e:9d:25:3e:
         84:c1:84:0c:c2:d2:a7:35:42:19:eb:dc:ba:17:6a:a8:64:4e:
         27:5e:1e:2a:ab:2d:46:41:1d:05:81:96:e2:a7:19:9d:8a:24:
         3f:ed:bd:99:4c:0e:79:3f:5f:c8:04:c8:8c:fc:fb:be:c7:cb:
         4c:93:a0:d6:09:fe:9a:fc:d7:56:72:5f:43:97:02:34:e7:78:
         0e:39:45:ce:db:53:a7:fe:5b:ee:f4:8d:07:1e:b6:a8:4f:0a:
         bd:70:cf:f5:14:a1:d0:41:f9:80:7a:3f:4c:13:a6:a4:bf:e1:
         a2:7d:4a:a5:e5:e1:60:5e:de:ba:67:c5:eb:b7:71:77:fc:56:
         46:23:9b:d6:b9:c5:50:bb:80:bc:ec:0e:b1:88:c5:d5:01:eb:
         da:88:5c:2c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTKoFAOMkgCx6MU5Yuk2WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2Mzg3YzU2YjMzMWZmODRiYzEwZDhhYzkwZTFlMmMxNmYx
NzIzNDUwHhcNMjQwMTAyMDgzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzYxMzUwZDM5YTkxYjEzZjBmNDZmNWE5OTU2MTEyZDBjMzc0YjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOqJ9ky5I9SJOE8oVnkZBKHSevKk
Kc6K2sOANy3NOk+A3eDZ6usatGo8oF914lE7cTEQQKlFJxq6+jn+vomth3F7S2En
c34o2gwTag/WhTfk3J/KtS/a8npJOJISgblPfM0U6+KVYBUwBxpcbZh0I9mvKEn3
mm2qcJQCHJBKir4r+wAf0AB8ZWf0HwzBBl2UJ+gpnd+RPSEPNS8Pq/PamBQX/0vc
cSeG21qPlgRPQWB+IYHk4M9e+vrPIctLoxfKi78vk++qyY6gnMNdgxGavMnvnhxR
tXsIgWFH5/iZ11/9exnHscbSc5qxCK+dVyywBJZdx35Vn3LG7AgINT8uNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPdhNQ05qRsT8PRvWplWES0MN0suMB8GA1UdIwQY
MBaAFEY4fFazMf+EvBDYrJDh4sFvFyNFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmpoOFZyTXhfNFM4RU5pc2tPSGl3VzhYSTBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8xYjQwZmYtYjFlMS00OTUxLTkxNjUt
MjNiYjM5YTgzNDgxLzEvOTJFMURUbXBHeFB3OUc5YW1WWVJMUXczU3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8xYjQwZmYtYjFlMS00OTUxLTkxNjUtMjNiYjM5YTgzNDgx
LzEvUmpoOFZyTXhfNFM4RU5pc2tPSGl3VzhYSTBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8BgAwQA
W8YuAwQCuVrgMA0GCSqGSIb3DQEBCwUAA4IBAQCVm4QVMQ8PALMAro3MKTFu1ENu
gfiKrlb0BsuhrE1dLh3OzRPabQqmInfbARg3G0S6B8Pv9qNbWdFbD5t4gHX2e8rk
Rie1fsoHDkIBEKtkqQ+VocmNWP9r3y6pUn/1HYul7myMup7w5U6dJT6EwYQMwtKn
NUIZ69y6F2qoZE4nXh4qqy1GQR0FgZbipxmdiiQ/7b2ZTA55P1/IBMiM/Pu+x8tM
k6DWCf6a/NdWcl9DlwI053gOOUXO21On/lvu9I0HHraoTwq9cM/1FKHQQfmAej9M
E6akv+GifUql5eFgXt66Z8Xrt3F3/FZGI5vWucVQu4C87A6xiMXVAevaiFws
-----END CERTIFICATE-----
Generated at Sun Jun 16 13:00:25 2024 by rpki-client on console-fra.rpki-client.org