Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/9c0b2e-7be9-4bc4-9320-b2247b3a52d8/1/UlaNdagBuG_pDXeMTm-5TI4_qyQ.roa
File:                     UlaNdagBuG_pDXeMTm-5TI4_qyQ.roa (raw, json)
Hash identifier:          eRhCTWO1Wx5Kb+x2/y+f7OIsV1vRRcb9H8D864hJhFw=
Subject key identifier:   52:56:8D:75:A8:01:B8:6F:E9:0D:77:8C:4E:6F:B9:4C:8E:3F:AB:24
Certificate issuer:       /CN=0aae1a6058bbdcd0835068e3b4f9de51f2bd9057
Certificate serial:       018CC79374175E84CA8A8EB1BA5B0DFF7539
Authority key identifier: 0A:AE:1A:60:58:BB:DC:D0:83:50:68:E3:B4:F9:DE:51:F2:BD:90:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cq4aYFi73NCDUGjjtPneUfK9kFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/9c0b2e-7be9-4bc4-9320-b2247b3a52d8/1/UlaNdagBuG_pDXeMTm-5TI4_qyQ.roa
Signing time:             Tue 02 Jan 2024 00:29:38 +0000
ROA not before:           Tue 02 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44524
IP address blocks:        91.199.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/9c0b2e-7be9-4bc4-9320-b2247b3a52d8/1/Cq4aYFi73NCDUGjjtPneUfK9kFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/9c0b2e-7be9-4bc4-9320-b2247b3a52d8/1/Cq4aYFi73NCDUGjjtPneUfK9kFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cq4aYFi73NCDUGjjtPneUfK9kFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:74:17:5e:84:ca:8a:8e:b1:ba:5b:0d:ff:75:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0aae1a6058bbdcd0835068e3b4f9de51f2bd9057
        Validity
            Not Before: Jan  2 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52568d75a801b86fe90d778c4e6fb94c8e3fab24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a0:19:f9:b1:f9:50:02:2a:43:8f:83:83:58:
                    c3:a7:86:42:b9:53:2e:8d:f3:85:2e:f3:9f:3b:58:
                    4e:3e:31:08:53:37:fb:dd:39:ac:06:6d:78:51:2f:
                    6c:8a:e2:55:eb:a7:86:1e:a7:0e:af:24:8a:da:2b:
                    d6:11:49:dd:c4:5a:34:4a:5a:81:12:be:b0:35:02:
                    7d:f3:fd:c4:65:a1:04:21:11:40:f2:6f:9f:11:32:
                    60:57:15:46:37:68:cd:8b:fe:37:e5:1f:90:7f:59:
                    88:1d:f6:e1:5f:e4:50:dc:dd:9a:d7:63:36:6b:6a:
                    cc:6e:96:3d:7f:0b:eb:12:8c:9c:1f:69:d3:9a:25:
                    07:3e:d9:fe:5d:8c:17:1a:33:6c:b4:b6:58:5d:2d:
                    11:e7:a6:9f:c5:2e:fe:ab:0c:60:2b:bd:5d:28:8f:
                    07:ed:e0:74:c7:7c:e0:f4:49:5a:24:f2:d5:04:79:
                    1a:86:55:a2:9e:59:b4:3c:6d:76:9b:8b:3c:5c:b4:
                    62:13:d1:6f:96:7e:b9:b4:ba:85:bb:23:de:22:34:
                    51:6d:fb:e7:86:ff:67:4c:b6:ae:46:9b:dc:fb:e0:
                    67:bb:bb:86:f9:4b:07:04:bc:51:89:fb:da:2b:4e:
                    a4:d9:ea:f9:17:ce:26:37:86:90:99:80:d1:48:88:
                    14:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:56:8D:75:A8:01:B8:6F:E9:0D:77:8C:4E:6F:B9:4C:8E:3F:AB:24
            X509v3 Authority Key Identifier:
                keyid:0A:AE:1A:60:58:BB:DC:D0:83:50:68:E3:B4:F9:DE:51:F2:BD:90:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cq4aYFi73NCDUGjjtPneUfK9kFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/9c0b2e-7be9-4bc4-9320-b2247b3a52d8/1/UlaNdagBuG_pDXeMTm-5TI4_qyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/9c0b2e-7be9-4bc4-9320-b2247b3a52d8/1/Cq4aYFi73NCDUGjjtPneUfK9kFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:7c:bf:08:7f:eb:09:8c:76:20:f0:82:93:75:05:8a:88:b8:
         a1:c0:31:df:56:f0:c5:f0:0b:47:ea:8d:f7:d4:a9:6f:f4:89:
         fc:8e:e9:fb:07:36:9b:59:86:57:bf:ec:5c:f0:46:5a:a9:da:
         9a:44:89:48:54:c5:c7:60:dc:78:af:5d:79:f4:35:a8:34:53:
         db:e1:eb:ce:8e:c8:82:1f:76:43:d9:86:aa:65:ad:1e:ca:06:
         e6:56:15:e8:cb:dd:3b:af:0d:72:31:65:92:23:f6:55:4a:51:
         bf:d7:19:41:23:5f:fa:4b:c2:62:a1:b5:6e:c4:fa:a1:d9:e8:
         c7:e2:1c:e9:bc:c4:cd:2a:cf:b2:78:b0:bf:22:a6:13:45:03:
         a3:17:4e:46:39:95:e9:9d:26:dc:5c:ed:80:3b:45:55:9d:96:
         f2:bf:af:9b:be:62:33:f4:e9:a9:a4:63:09:0f:62:0d:94:41:
         ce:87:36:a9:b2:43:bb:fe:40:00:14:bf:c6:ad:d2:e7:7f:95:
         54:34:2c:ec:2a:39:9a:20:fd:fc:bc:0f:a1:53:4d:95:a2:74:
         3d:3e:ef:97:dc:4c:6d:d4:38:18:7f:c5:97:18:22:ad:40:9d:
         00:df:e4:10:69:2c:2e:f0:b8:ab:08:8b:d4:a7:33:74:20:d7:
         49:3d:55:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk3QXXoTKio6xulsN/3U5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhYWUxYTYwNThiYmRjZDA4MzUwNjhlM2I0ZjlkZTUxZjJi
ZDkwNTcwHhcNMjQwMTAyMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjU2OGQ3NWE4MDFiODZmZTkwZDc3OGM0ZTZmYjk0YzhlM2ZhYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqAZ+bH5UAIqQ4+Dg1jDp4ZCuVMu
jfOFLvOfO1hOPjEIUzf73TmsBm14US9siuJV66eGHqcOrySK2ivWEUndxFo0SlqB
Er6wNQJ98/3EZaEEIRFA8m+fETJgVxVGN2jNi/435R+Qf1mIHfbhX+RQ3N2a12M2
a2rMbpY9fwvrEoycH2nTmiUHPtn+XYwXGjNstLZYXS0R56afxS7+qwxgK71dKI8H
7eB0x3zg9ElaJPLVBHkahlWinlm0PG12m4s8XLRiE9Fvln65tLqFuyPeIjRRbfvn
hv9nTLauRpvc++Bnu7uG+UsHBLxRifvaK06k2er5F84mN4aQmYDRSIgUvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJWjXWoAbhv6Q13jE5vuUyOP6skMB8GA1UdIwQY
MBaAFAquGmBYu9zQg1Bo47T53lHyvZBXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3E0YVlGaTczTkNEVUdqanRQbmVVZks5a0ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny85YzBiMmUtN2JlOS00YmM0LTkzMjAt
YjIyNDdiM2E1MmQ4LzEvVWxhTmRhZ0J1R19wRFhlTVRtLTVUSTRfcXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny85YzBiMmUtN2JlOS00YmM0LTkzMjAtYjIyNDdiM2E1MmQ4
LzEvQ3E0YVlGaTczTkNEVUdqanRQbmVVZks5a0ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8eOMA0G
CSqGSIb3DQEBCwUAA4IBAQBrfL8If+sJjHYg8IKTdQWKiLihwDHfVvDF8AtH6o33
1Klv9In8jun7BzabWYZXv+xc8EZaqdqaRIlIVMXHYNx4r1159DWoNFPb4evOjsiC
H3ZD2YaqZa0eygbmVhXoy907rw1yMWWSI/ZVSlG/1xlBI1/6S8JiobVuxPqh2ejH
4hzpvMTNKs+yeLC/IqYTRQOjF05GOZXpnSbcXO2AO0VVnZbyv6+bvmIz9OmppGMJ
D2INlEHOhzapskO7/kAAFL/GrdLnf5VUNCzsKjmaIP38vA+hU02VonQ9Pu+X3Ext
1DgYf8WXGCKtQJ0A3+QQaSwu8LirCIvUpzN0INdJPVVV
-----END CERTIFICATE-----
Generated at Fri Dec 27 20:37:42 2024 by rpki-client on console-fra.rpki-client.org