Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/2e4f3f-5526-4520-8313-16ff723af335/1/4GuHaXmkQr73kkO3GeWsPewisYw.roa
File:                     4GuHaXmkQr73kkO3GeWsPewisYw.roa (raw, json)
Hash identifier:          8Rac4nTwQ5GAjCtQEa+a09Dh8NNf9nrl5L/HWN++UpY=
Subject key identifier:   E0:6B:87:69:79:A4:42:BE:F7:92:43:B7:19:E5:AC:3D:EC:22:B1:8C
Certificate issuer:       /CN=67d045c13c03dcb373d2a7d85d1e01b6e0ac7e1c
Certificate serial:       018CC492EC15F3BC863D446E42F070711E05
Authority key identifier: 67:D0:45:C1:3C:03:DC:B3:73:D2:A7:D8:5D:1E:01:B6:E0:AC:7E:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z9BFwTwD3LNz0qfYXR4BtuCsfhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/2e4f3f-5526-4520-8313-16ff723af335/1/4GuHaXmkQr73kkO3GeWsPewisYw.roa
Signing time:             Mon 01 Jan 2024 10:30:12 +0000
ROA not before:           Mon 01 Jan 2024 10:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43007
IP address blocks:        91.194.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/2e4f3f-5526-4520-8313-16ff723af335/1/Z9BFwTwD3LNz0qfYXR4BtuCsfhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/2e4f3f-5526-4520-8313-16ff723af335/1/Z9BFwTwD3LNz0qfYXR4BtuCsfhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z9BFwTwD3LNz0qfYXR4BtuCsfhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:ec:15:f3:bc:86:3d:44:6e:42:f0:70:71:1e:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67d045c13c03dcb373d2a7d85d1e01b6e0ac7e1c
        Validity
            Not Before: Jan  1 10:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e06b876979a442bef79243b719e5ac3dec22b18c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:40:63:19:b0:1e:89:51:ed:50:42:3f:0e:77:
                    5a:ba:83:54:95:9f:8f:4e:a4:90:90:b7:d7:13:52:
                    2e:87:55:95:45:f0:82:e5:4c:8b:61:5b:1e:01:3e:
                    3c:91:cd:2c:40:22:73:c2:e4:33:65:0e:9a:ce:f0:
                    a7:d7:6c:0c:aa:b5:7e:83:39:f8:d6:88:e8:f4:6d:
                    2d:8a:0d:3d:3c:4e:b3:0f:73:9d:47:0b:7e:fe:5a:
                    ab:d6:06:2e:69:e2:bf:92:ca:32:c2:e4:f1:9f:01:
                    72:10:15:ac:6b:da:2a:1a:07:78:3c:69:27:7d:94:
                    09:6a:58:c7:d2:52:dc:58:c1:62:81:49:60:9e:a5:
                    10:3c:32:d4:93:2e:c2:92:6f:c6:ae:9f:8f:45:fd:
                    15:b2:47:53:52:51:e0:6d:c2:93:05:70:fd:b6:04:
                    ef:6f:85:fa:d5:2c:90:6b:93:92:72:1e:27:e6:b7:
                    61:f6:5e:ca:b5:91:ee:44:63:44:f6:be:e6:89:4b:
                    85:a0:1a:54:ea:de:3b:be:73:a4:da:0a:ae:c7:2c:
                    f9:be:c1:e1:19:4e:8d:b1:17:5f:34:7f:a5:28:2e:
                    85:bc:01:7f:2f:cb:6a:6d:da:48:29:d1:43:f7:8c:
                    9a:c0:b1:54:17:ef:ec:67:c0:f3:94:b4:7a:08:b5:
                    11:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:6B:87:69:79:A4:42:BE:F7:92:43:B7:19:E5:AC:3D:EC:22:B1:8C
            X509v3 Authority Key Identifier:
                keyid:67:D0:45:C1:3C:03:DC:B3:73:D2:A7:D8:5D:1E:01:B6:E0:AC:7E:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z9BFwTwD3LNz0qfYXR4BtuCsfhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/2e4f3f-5526-4520-8313-16ff723af335/1/4GuHaXmkQr73kkO3GeWsPewisYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/2e4f3f-5526-4520-8313-16ff723af335/1/Z9BFwTwD3LNz0qfYXR4BtuCsfhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:e8:d2:11:49:10:27:fe:e9:8b:42:0f:8d:34:80:63:ac:37:
         36:86:8a:4e:03:3f:9c:b6:8e:fd:85:2d:6b:b1:86:f2:61:a0:
         a0:f1:a5:fd:44:c7:c2:ff:95:4b:87:80:71:02:ab:da:89:ba:
         1c:3f:5f:70:db:50:8a:22:f2:3a:84:b8:b4:f6:6a:b3:b5:3e:
         21:df:fb:f8:3d:69:df:08:d2:f9:5a:48:ab:c9:ca:3f:0e:55:
         0a:5d:54:0d:72:36:2c:59:b1:ce:e5:1f:90:b9:6c:d4:fa:29:
         eb:53:c6:15:75:35:9a:5f:11:bb:41:97:eb:36:95:7d:fd:ab:
         84:42:37:2e:47:c9:1a:8e:9b:2f:9f:34:ee:02:b9:aa:9b:c5:
         c1:5a:01:d9:8e:5b:9e:43:dd:2f:f5:b9:e3:b2:4e:40:f0:9d:
         fe:fb:9d:50:12:63:58:41:b4:76:ec:11:c7:59:d3:e7:25:26:
         79:be:a2:ea:6b:63:82:3e:11:55:4e:20:e4:4e:64:32:77:d0:
         97:d5:cf:ae:8c:19:c3:a0:40:27:f4:2e:84:8f:82:cd:2b:8a:
         38:03:bb:67:02:08:bb:1d:74:d8:fb:48:ea:11:03:e4:c3:47:
         e9:ab:ee:18:9c:ad:83:84:14:cc:cd:98:b1:ec:a8:df:09:2c:
         08:fb:37:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuwV87yGPURuQvBwcR4FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZDA0NWMxM2MwM2RjYjM3M2QyYTdkODVkMWUwMWI2ZTBh
YzdlMWMwHhcNMjQwMTAxMTAzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDZiODc2OTc5YTQ0MmJlZjc5MjQzYjcxOWU1YWMzZGVjMjJiMThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEBjGbAeiVHtUEI/DndauoNUlZ+P
TqSQkLfXE1Iuh1WVRfCC5UyLYVseAT48kc0sQCJzwuQzZQ6azvCn12wMqrV+gzn4
1ojo9G0tig09PE6zD3OdRwt+/lqr1gYuaeK/ksoywuTxnwFyEBWsa9oqGgd4PGkn
fZQJaljH0lLcWMFigUlgnqUQPDLUky7Ckm/Grp+PRf0VskdTUlHgbcKTBXD9tgTv
b4X61SyQa5OSch4n5rdh9l7KtZHuRGNE9r7miUuFoBpU6t47vnOk2gquxyz5vsHh
GU6NsRdfNH+lKC6FvAF/L8tqbdpIKdFD94yawLFUF+/sZ8DzlLR6CLURXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBrh2l5pEK+95JDtxnlrD3sIrGMMB8GA1UdIwQY
MBaAFGfQRcE8A9yzc9Kn2F0eAbbgrH4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjlCRndUd0QzTE56MHFmWVhSNEJ0dUNzZmh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8yZTRmM2YtNTUyNi00NTIwLTgzMTMt
MTZmZjcyM2FmMzM1LzEvNEd1SGFYbWtRcjcza2tPM0dlV3NQZXdpc1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8yZTRmM2YtNTUyNi00NTIwLTgzMTMtMTZmZjcyM2FmMzM1
LzEvWjlCRndUd0QzTE56MHFmWVhSNEJ0dUNzZmh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8IcMA0G
CSqGSIb3DQEBCwUAA4IBAQCP6NIRSRAn/umLQg+NNIBjrDc2hopOAz+cto79hS1r
sYbyYaCg8aX9RMfC/5VLh4BxAqvaibocP19w21CKIvI6hLi09mqztT4h3/v4PWnf
CNL5Wkiryco/DlUKXVQNcjYsWbHO5R+QuWzU+inrU8YVdTWaXxG7QZfrNpV9/auE
QjcuR8kajpsvnzTuArmqm8XBWgHZjlueQ90v9bnjsk5A8J3++51QEmNYQbR27BHH
WdPnJSZ5vqLqa2OCPhFVTiDkTmQyd9CX1c+ujBnDoEAn9C6Ej4LNK4o4A7tnAgi7
HXTY+0jqEQPkw0fpq+4YnK2DhBTMzZix7KjfCSwI+zeE
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:41:34 2024 by rpki-client on console-fra.rpki-client.org