Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/ns41oIrvCe6pqJNELUQVtfrgQV8.roa
File:                     ns41oIrvCe6pqJNELUQVtfrgQV8.roa (raw, json)
Hash identifier:          txML0qbumN49GtOJCWZrNq746xSJvcXMA9aDoCb+xAE=
Subject key identifier:   9E:CE:35:A0:8A:EF:09:EE:A9:A8:93:44:2D:44:15:B5:FA:E0:41:5F
Certificate issuer:       /CN=f82554a856a422b061ae64c577630f91d408cd4a
Certificate serial:       018CC94D4614C3C1C4A56A4179EF82999674
Authority key identifier: F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/ns41oIrvCe6pqJNELUQVtfrgQV8.roa
Signing time:             Tue 02 Jan 2024 08:32:13 +0000
ROA not before:           Tue 02 Jan 2024 08:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199881
IP address blocks:        89.234.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:46:14:c3:c1:c4:a5:6a:41:79:ef:82:99:96:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f82554a856a422b061ae64c577630f91d408cd4a
        Validity
            Not Before: Jan  2 08:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ece35a08aef09eea9a893442d4415b5fae0415f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3e:ba:c2:5e:ce:96:b6:b1:ad:cc:2a:ea:af:
                    44:0f:e1:cd:44:a2:93:c3:10:99:a2:29:88:de:f6:
                    ba:32:51:c2:8f:4d:e1:95:e2:5f:34:8e:57:0d:a5:
                    8e:4d:52:6c:d5:96:3d:19:01:47:e0:ea:be:ed:1f:
                    46:9a:9e:15:a1:63:66:94:4d:c2:c6:13:a2:36:79:
                    ee:03:a6:e3:d9:e4:d8:67:2a:11:82:fb:27:19:19:
                    14:fc:37:47:12:18:00:d4:15:79:5c:f8:b9:06:1b:
                    81:63:44:4d:a1:b4:03:03:12:a9:d9:49:21:52:24:
                    ff:1b:cf:ba:6e:dc:8c:20:09:47:aa:21:a5:65:78:
                    f5:f7:21:d4:a7:53:1f:fe:64:0b:a5:98:bc:60:00:
                    7c:f6:58:75:38:4a:3e:52:f8:53:20:7d:53:32:04:
                    53:9f:cb:0c:ac:f0:0f:3d:0a:fd:3c:50:9e:a0:4a:
                    7c:2e:02:83:f9:2e:99:34:01:ca:8a:04:69:f5:41:
                    6d:e6:4f:d9:1f:c6:77:4d:dd:f0:06:7a:f0:d3:64:
                    fa:e6:3b:a7:ca:31:86:3d:4b:a4:b6:71:b3:d1:bd:
                    0a:1c:de:3c:94:08:fc:d9:42:6c:a4:70:a6:d6:18:
                    75:51:72:0d:bf:66:f2:4d:2d:94:04:fd:2b:d7:e0:
                    a9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:CE:35:A0:8A:EF:09:EE:A9:A8:93:44:2D:44:15:B5:FA:E0:41:5F
            X509v3 Authority Key Identifier:
                keyid:F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/ns41oIrvCe6pqJNELUQVtfrgQV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.234.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:f0:56:b0:23:39:37:df:73:a8:ac:3a:76:b6:ab:14:4e:3a:
         6a:6d:59:96:3f:6d:c2:75:77:5d:8c:f6:08:10:ac:fd:7f:79:
         70:64:61:af:c0:23:a6:fc:16:4b:c4:85:76:7b:64:72:b8:df:
         ae:d5:60:91:ab:44:46:22:cc:15:cd:b1:21:6b:f0:2a:67:95:
         5e:30:16:57:41:78:48:45:0e:06:7a:d6:66:1a:64:ea:42:de:
         98:f1:8c:a3:3f:ec:5e:68:13:6b:e9:7c:9a:a4:fe:b5:24:5a:
         60:56:19:bd:bb:b5:46:53:22:94:10:0b:7d:5c:60:9e:69:18:
         c8:5e:5d:0c:4e:8a:c2:e6:e7:7c:14:32:8e:b3:0c:b8:e4:f9:
         e2:27:0a:91:7a:e0:8d:26:d3:b4:18:28:38:71:26:2b:84:ff:
         88:4d:1f:77:c4:c3:bd:03:48:b6:9a:db:ec:b7:94:a1:92:90:
         66:3b:0c:e5:00:4b:2c:89:2e:86:a1:84:a0:79:e6:e6:99:9d:
         a5:3d:a7:26:89:d4:99:77:44:f1:8e:bf:30:e3:e8:d2:30:c1:
         dc:91:d8:24:1d:7d:f1:8c:c0:6e:9b:0c:01:ee:3e:bd:86:87:
         b4:1e:ae:87:f8:60:e0:2e:af:99:bc:12:06:8f:f0:42:37:87:
         0c:1e:5a:a1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTUYUw8HEpWpBee+CmZZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjU1NGE4NTZhNDIyYjA2MWFlNjRjNTc3NjMwZjkxZDQw
OGNkNGEwHhcNMjQwMTAyMDgzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWNlMzVhMDhhZWYwOWVlYTlhODkzNDQyZDQ0MTViNWZhZTA0MTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqz66wl7Olraxrcwq6q9ED+HNRKKT
wxCZoimI3va6MlHCj03hleJfNI5XDaWOTVJs1ZY9GQFH4Oq+7R9Gmp4VoWNmlE3C
xhOiNnnuA6bj2eTYZyoRgvsnGRkU/DdHEhgA1BV5XPi5BhuBY0RNobQDAxKp2Ukh
UiT/G8+6btyMIAlHqiGlZXj19yHUp1Mf/mQLpZi8YAB89lh1OEo+UvhTIH1TMgRT
n8sMrPAPPQr9PFCeoEp8LgKD+S6ZNAHKigRp9UFt5k/ZH8Z3Td3wBnrw02T65jun
yjGGPUuktnGz0b0KHN48lAj82UJspHCm1hh1UXINv2byTS2UBP0r1+CppwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJ7ONaCK7wnuqaiTRC1EFbX64EFfMB8GA1UdIwQY
MBaAFPglVKhWpCKwYa5kxXdjD5HUCM1KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DVlVxRmFrSXJCaHJtVEZkMk1Qa2RRSXpVby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNm
LTk2NWQ2ZDYwM2JmYS8xL25zNDFvSXJ2Q2U2cHFKTkVMVVFWdGZyZ1FWOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNmLTk2NWQ2ZDYwM2Jm
YS8xLzEtQ1ZVcUZha0lyQmhybVRGZDJNUGtkUUl6VW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZ6oQw
DQYJKoZIhvcNAQELBQADggEBAAjwVrAjOTffc6isOna2qxROOmptWZY/bcJ1d12M
9ggQrP1/eXBkYa/AI6b8FkvEhXZ7ZHK4367VYJGrREYizBXNsSFr8CpnlV4wFldB
eEhFDgZ61mYaZOpC3pjxjKM/7F5oE2vpfJqk/rUkWmBWGb27tUZTIpQQC31cYJ5p
GMheXQxOisLm53wUMo6zDLjk+eInCpF64I0m07QYKDhxJiuE/4hNH3fEw70DSLaa
2+y3lKGSkGY7DOUASyyJLoahhKB55uaZnaU9pyaJ1Jl3RPGOvzDj6NIwwdyR2CQd
ffGMwG6bDAHuPr2Gh7Qerof4YOAur5m8EgaP8EI3hwweWqE=
-----END CERTIFICATE-----
Generated at Tue Nov 26 15:34:33 2024 by rpki-client on console-fra.rpki-client.org