Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/yCIpWBuuBwEvM_UMbKZwUV6NQJo.roa
File:                     yCIpWBuuBwEvM_UMbKZwUV6NQJo.roa (raw, json)
Hash identifier:          m0/HSfO46ugWNPD3QciEjGXX1ozXjN+wFgFeFCgfDy0=
Subject key identifier:   C8:22:29:58:1B:AE:07:01:2F:33:F5:0C:6C:A6:70:51:5E:8D:40:9A
Certificate issuer:       /CN=7001e422227fa44cc5cb95d2a9dcce0fa5b89c07
Certificate serial:       018CC3B733CD6B0DBEBFBA1E1FB8AB0AF6B5
Authority key identifier: 70:01:E4:22:22:7F:A4:4C:C5:CB:95:D2:A9:DC:CE:0F:A5:B8:9C:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/yCIpWBuuBwEvM_UMbKZwUV6NQJo.roa
Signing time:             Mon 01 Jan 2024 06:30:12 +0000
ROA not before:           Mon 01 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211238
IP address blocks:        91.227.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:33:cd:6b:0d:be:bf:ba:1e:1f:b8:ab:0a:f6:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7001e422227fa44cc5cb95d2a9dcce0fa5b89c07
        Validity
            Not Before: Jan  1 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c82229581bae07012f33f50c6ca670515e8d409a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:33:6f:2b:19:8c:64:b4:bc:8e:f2:c5:6b:ab:
                    94:47:ae:ee:56:06:77:db:0b:47:4b:b1:27:6d:f5:
                    92:87:01:eb:1c:b4:1f:86:e9:f6:e3:02:ce:c0:94:
                    91:3b:6f:f1:56:49:f9:d0:e8:0b:3c:5e:a5:e7:88:
                    ef:ed:44:7c:6b:c4:f1:75:92:ab:98:57:bc:df:ad:
                    9e:29:c2:8a:82:79:55:38:22:6a:c6:e9:48:2f:70:
                    a6:a1:89:df:4a:ec:9a:11:08:5c:ff:82:26:e5:35:
                    8c:21:71:22:7d:d4:63:5b:c3:27:1f:c9:80:4f:bd:
                    29:ee:59:f0:b4:74:99:94:e9:00:a2:19:a6:85:a8:
                    92:64:c8:b0:28:14:9d:8a:1e:bc:c4:13:90:2b:69:
                    0f:3f:f2:44:c7:c3:3d:50:93:8d:2e:4f:08:e4:76:
                    57:5d:82:23:dc:86:5b:92:97:b3:f4:71:a1:f0:08:
                    12:23:dc:2c:ae:c2:7d:32:7b:d4:74:59:5e:01:18:
                    5a:f5:c1:b4:06:4e:3f:7b:13:85:dd:1f:49:a8:94:
                    c4:1c:1b:36:56:2f:01:eb:ca:04:d8:57:2c:d6:90:
                    79:fa:ac:0d:06:fe:aa:97:fd:52:1f:4b:7c:ed:71:
                    c9:5e:fd:f7:23:ef:d4:8d:22:bc:19:c0:9f:05:b7:
                    f8:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:22:29:58:1B:AE:07:01:2F:33:F5:0C:6C:A6:70:51:5E:8D:40:9A
            X509v3 Authority Key Identifier:
                keyid:70:01:E4:22:22:7F:A4:4C:C5:CB:95:D2:A9:DC:CE:0F:A5:B8:9C:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/yCIpWBuuBwEvM_UMbKZwUV6NQJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:59:1e:07:07:6a:19:a2:66:c3:76:26:9a:6d:bc:f1:ce:9b:
         d8:f7:45:59:4d:1f:08:10:e7:3b:ae:a0:d1:5b:b4:dc:a2:13:
         c8:96:9f:72:9e:21:f8:92:8e:86:1e:76:56:d2:6c:58:c3:bf:
         bb:aa:2b:a5:2a:c2:f7:a9:5f:9e:9f:ac:68:c5:fd:87:6a:0d:
         2d:da:ae:41:80:60:e1:3b:e1:5a:ea:dd:f0:e0:4d:f5:41:92:
         35:6e:3d:04:16:a6:d1:73:37:8c:90:ab:62:f7:c7:36:96:3d:
         5e:ba:20:35:92:e7:26:2b:f8:3b:83:a7:54:9f:fd:ce:3f:81:
         ff:03:4d:0d:41:20:72:02:d6:30:b2:66:bf:6c:fe:ce:30:ec:
         dc:78:7d:8e:49:f3:64:36:88:24:45:8b:d0:5b:33:25:e0:3b:
         55:dd:9a:81:e2:73:35:87:51:7a:9c:09:8d:57:6a:65:34:27:
         37:e7:9d:de:e8:2c:40:7d:f7:21:7b:dd:bf:74:ad:b6:8a:96:
         6d:73:48:62:e4:af:e6:6d:1a:0e:f8:d4:b7:8b:90:91:16:d1:
         98:86:08:23:bb:59:d3:51:71:70:66:f4:77:e7:fd:ed:ed:c1:
         2f:ff:6f:ca:f9:f0:ae:33:8f:d4:47:26:95:18:44:0b:e7:b7:
         29:f4:07:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzPNaw2+v7oeH7irCva1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMDFlNDIyMjI3ZmE0NGNjNWNiOTVkMmE5ZGNjZTBmYTVi
ODljMDcwHhcNMjQwMTAxMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODIyMjk1ODFiYWUwNzAxMmYzM2Y1MGM2Y2E2NzA1MTVlOGQ0MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDNvKxmMZLS8jvLFa6uUR67uVgZ3
2wtHS7EnbfWShwHrHLQfhun24wLOwJSRO2/xVkn50OgLPF6l54jv7UR8a8TxdZKr
mFe8362eKcKKgnlVOCJqxulIL3CmoYnfSuyaEQhc/4Im5TWMIXEifdRjW8MnH8mA
T70p7lnwtHSZlOkAohmmhaiSZMiwKBSdih68xBOQK2kPP/JEx8M9UJONLk8I5HZX
XYIj3IZbkpez9HGh8AgSI9wsrsJ9MnvUdFleARha9cG0Bk4/exOF3R9JqJTEHBs2
Vi8B68oE2Fcs1pB5+qwNBv6ql/1SH0t87XHJXv33I+/UjSK8GcCfBbf4dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgiKVgbrgcBLzP1DGymcFFejUCaMB8GA1UdIwQY
MBaAFHAB5CIif6RMxcuV0qnczg+luJwHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0FIa0lpSl9wRXpGeTVYU3Fkek9ENlc0bkFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85OTJkMDMtODgzYi00MDRkLTg4N2Ut
ZjI0MzVkNWNmMzdiLzEveUNJcFdCdXVCd0V2TV9VTWJLWndVVjZOUUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My85OTJkMDMtODgzYi00MDRkLTg4N2UtZjI0MzVkNWNmMzdi
LzEvY0FIa0lpSl9wRXpGeTVYU3Fkek9ENlc0bkFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+OoMA0G
CSqGSIb3DQEBCwUAA4IBAQBOWR4HB2oZombDdiaabbzxzpvY90VZTR8IEOc7rqDR
W7TcohPIlp9yniH4ko6GHnZW0mxYw7+7qiulKsL3qV+en6xoxf2Hag0t2q5BgGDh
O+Fa6t3w4E31QZI1bj0EFqbRczeMkKti98c2lj1euiA1kucmK/g7g6dUn/3OP4H/
A00NQSByAtYwsma/bP7OMOzceH2OSfNkNogkRYvQWzMl4DtV3ZqB4nM1h1F6nAmN
V2plNCc3553e6CxAffche92/dK22ipZtc0hi5K/mbRoO+NS3i5CRFtGYhggju1nT
UXFwZvR35/3t7cEv/2/K+fCuM4/URyaVGEQL57cp9Afb
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:06:47 2024 by rpki-client on console-ams.rpki-client.org