Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/I601BXbKmZuZ40s2TXYQbM3B1wQ.roa
File:                     I601BXbKmZuZ40s2TXYQbM3B1wQ.roa (raw, json)
Hash identifier:          OoRUPqOUem4DbsiZfdZ6+xJU5Ruat495jW9i1EDG5k8=
Subject key identifier:   23:AD:35:05:76:CA:99:9B:99:E3:4B:36:4D:76:10:6C:CD:C1:D7:04
Certificate issuer:       /CN=926587a7c42c261fa254b0b82e7bc0719cc64812
Certificate serial:       0192543407DDBCB990D2C24D1997AED52822
Authority key identifier: 92:65:87:A7:C4:2C:26:1F:A2:54:B0:B8:2E:7B:C0:71:9C:C6:48:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/I601BXbKmZuZ40s2TXYQbM3B1wQ.roa
Signing time:             Thu 03 Oct 2024 21:05:48 +0000
ROA not before:           Thu 03 Oct 2024 21:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207388
IP address blocks:        91.239.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:54:34:07:dd:bc:b9:90:d2:c2:4d:19:97:ae:d5:28:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=926587a7c42c261fa254b0b82e7bc0719cc64812
        Validity
            Not Before: Oct  3 21:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23ad350576ca999b99e34b364d76106ccdc1d704
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cd:8d:24:27:28:c4:1e:c7:4e:ec:df:9d:67:
                    eb:5c:9f:56:69:3e:90:28:9b:4f:90:43:2c:c0:63:
                    e0:3d:6a:5f:ea:20:8a:79:c0:e5:14:f4:b0:5e:f1:
                    3c:52:59:07:fd:91:46:8a:d0:ce:a0:59:c1:8e:6a:
                    15:3d:c2:b8:54:bf:1f:a0:2f:de:fc:cc:41:8c:e8:
                    ed:ab:91:76:71:93:7c:b0:e1:40:bf:64:b0:b9:41:
                    53:05:28:59:1f:fc:a7:40:1e:e9:42:4d:9d:33:53:
                    ae:07:30:74:d9:c3:1d:ad:33:d4:65:42:46:29:b2:
                    0d:2a:fa:31:b6:04:1b:10:4b:42:ec:94:cb:01:ec:
                    3a:34:d7:15:dc:5a:63:f3:08:8a:b6:a6:e4:cd:22:
                    87:9d:54:f0:f1:da:80:5d:17:24:3e:75:1c:9a:0a:
                    b4:86:7e:c4:2e:36:57:1e:16:e6:ac:f9:1e:fc:5c:
                    28:3b:78:74:de:1c:13:34:47:f3:6f:58:ed:6d:fb:
                    3d:1b:f6:90:22:16:ac:b4:8e:75:b3:ab:a1:49:fb:
                    d2:cf:3f:30:ba:2e:a8:3e:de:91:03:cf:74:2b:7b:
                    cc:bb:9a:0d:cf:99:e4:2a:43:84:58:ab:7e:f7:2a:
                    88:bd:0e:3b:55:93:26:9e:5a:fc:5b:2e:36:01:3c:
                    a4:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:AD:35:05:76:CA:99:9B:99:E3:4B:36:4D:76:10:6C:CD:C1:D7:04
            X509v3 Authority Key Identifier:
                keyid:92:65:87:A7:C4:2C:26:1F:A2:54:B0:B8:2E:7B:C0:71:9C:C6:48:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/I601BXbKmZuZ40s2TXYQbM3B1wQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:1f:5b:9e:84:b5:df:15:c6:e0:9a:82:b6:b8:d9:43:84:62:
         85:0f:55:fa:62:6f:12:78:c9:03:61:4f:38:10:53:40:22:c3:
         16:b6:63:5f:05:62:05:6c:03:39:ab:33:bb:9f:e7:0b:33:6c:
         a4:48:40:39:1a:24:30:db:ba:d4:af:98:0f:df:0c:34:bd:6f:
         94:fc:ef:0a:38:32:cb:82:0e:f0:df:76:0a:13:02:4e:40:7f:
         65:e5:81:f3:b4:e9:63:19:6a:f6:22:a8:11:2c:fb:4e:b5:53:
         db:d7:55:1e:e6:43:24:6d:46:82:54:5d:51:02:fd:76:98:76:
         6f:18:57:f0:08:c2:ea:ec:3e:07:fd:e6:8c:93:86:83:41:78:
         5b:51:16:08:cd:52:4f:a3:f1:12:5a:da:5b:a4:95:05:2c:21:
         60:4d:71:70:8c:6d:ad:46:a5:71:fd:b8:4f:e7:22:90:0b:9f:
         f0:e6:25:de:75:2a:5b:0b:76:26:91:77:7c:0f:af:1f:79:ad:
         18:00:bb:38:a7:7b:79:08:53:35:76:3e:a1:92:a5:f9:11:9b:
         e9:f5:4d:33:83:c7:d4:0e:ee:a8:de:ac:c9:72:ca:e2:9f:6b:
         eb:9a:c9:36:4d:08:f6:da:12:45:80:1b:4f:23:93:9f:6a:a2:
         6e:fc:77:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJUNAfdvLmQ0sJNGZeu1SgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNjU4N2E3YzQyYzI2MWZhMjU0YjBiODJlN2JjMDcxOWNj
NjQ4MTIwHhcNMjQxMDAzMjEwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2FkMzUwNTc2Y2E5OTliOTllMzRiMzY0ZDc2MTA2Y2NkYzFkNzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs2NJCcoxB7HTuzfnWfrXJ9WaT6Q
KJtPkEMswGPgPWpf6iCKecDlFPSwXvE8UlkH/ZFGitDOoFnBjmoVPcK4VL8foC/e
/MxBjOjtq5F2cZN8sOFAv2SwuUFTBShZH/ynQB7pQk2dM1OuBzB02cMdrTPUZUJG
KbINKvoxtgQbEEtC7JTLAew6NNcV3Fpj8wiKtqbkzSKHnVTw8dqAXRckPnUcmgq0
hn7ELjZXHhbmrPke/FwoO3h03hwTNEfzb1jtbfs9G/aQIhastI51s6uhSfvSzz8w
ui6oPt6RA890K3vMu5oNz5nkKkOEWKt+9yqIvQ47VZMmnlr8Wy42ATyk0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOtNQV2ypmbmeNLNk12EGzNwdcEMB8GA1UdIwQY
MBaAFJJlh6fELCYfolSwuC57wHGcxkgSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva21XSHA4UXNKaC1pVkxDNExudkFjWnpHU0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9iZDIwMDUtZmI3Yi00MDUyLWIzZjIt
ODhmYTNiNmViMDA2LzEvSTYwMUJYYkttWnVaNDBzMlRYWVFiTTNCMXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9iZDIwMDUtZmI3Yi00MDUyLWIzZjItODhmYTNiNmViMDA2
LzEva21XSHA4UXNKaC1pVkxDNExudkFjWnpHU0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/YMA0G
CSqGSIb3DQEBCwUAA4IBAQClH1uehLXfFcbgmoK2uNlDhGKFD1X6Ym8SeMkDYU84
EFNAIsMWtmNfBWIFbAM5qzO7n+cLM2ykSEA5GiQw27rUr5gP3ww0vW+U/O8KODLL
gg7w33YKEwJOQH9l5YHztOljGWr2IqgRLPtOtVPb11Ue5kMkbUaCVF1RAv12mHZv
GFfwCMLq7D4H/eaMk4aDQXhbURYIzVJPo/ESWtpbpJUFLCFgTXFwjG2tRqVx/bhP
5yKQC5/w5iXedSpbC3YmkXd8D68fea0YALs4p3t5CFM1dj6hkqX5EZvp9U0zg8fU
Du6o3qzJcsrin2vrmsk2TQj22hJFgBtPI5OfaqJu/Hcd
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:45:53 2024 by rpki-client on console-fra.rpki-client.org