Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/fb2998-51f9-4adb-a323-f07a218e1cc7/1/wV5NtQmFJ9GhanQ1MQZKHGY7T7Y.roa
File:                     wV5NtQmFJ9GhanQ1MQZKHGY7T7Y.roa (raw, json)
Hash identifier:          yNlh4AeRSzc8hfhy/mmUwZtOkndLWxajDl6n6qSCx3A=
Subject key identifier:   C1:5E:4D:B5:09:85:27:D1:A1:6A:74:35:31:06:4A:1C:66:3B:4F:B6
Certificate issuer:       /CN=f25c653c6054866042a706f717b24b21fdf981a8
Certificate serial:       018CC3B7474D797306AB74BB319EC7F0469E
Authority key identifier: F2:5C:65:3C:60:54:86:60:42:A7:06:F7:17:B2:4B:21:FD:F9:81:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8lxlPGBUhmBCpwb3F7JLIf35gag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/fb2998-51f9-4adb-a323-f07a218e1cc7/1/wV5NtQmFJ9GhanQ1MQZKHGY7T7Y.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56597
IP address blocks:        91.225.240.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/fb2998-51f9-4adb-a323-f07a218e1cc7/1/8lxlPGBUhmBCpwb3F7JLIf35gag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/fb2998-51f9-4adb-a323-f07a218e1cc7/1/8lxlPGBUhmBCpwb3F7JLIf35gag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8lxlPGBUhmBCpwb3F7JLIf35gag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:47:4d:79:73:06:ab:74:bb:31:9e:c7:f0:46:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f25c653c6054866042a706f717b24b21fdf981a8
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c15e4db5098527d1a16a743531064a1c663b4fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a7:90:6a:ad:bd:35:d3:0f:48:6e:2d:85:60:
                    45:f2:25:d5:c3:3a:43:d1:1f:ac:51:f3:9a:8e:8b:
                    ab:a7:0d:b7:b7:f7:85:7b:27:01:7e:7d:30:ee:52:
                    cb:cb:e3:af:e5:36:a0:c6:d7:4f:db:02:a2:f4:e7:
                    b9:8d:d6:1b:b7:17:94:55:f7:06:ae:ad:02:dc:ab:
                    08:9c:39:35:48:8a:5c:12:ba:ba:1e:8f:d1:39:dc:
                    20:db:e3:0d:0b:de:87:2c:a1:36:79:43:61:0b:07:
                    dd:38:e3:c0:b5:16:43:0d:7b:ae:fe:98:2f:f1:b2:
                    f3:e9:a4:7f:d0:32:d2:e3:29:3f:7d:9f:11:e0:f5:
                    24:63:fe:f2:37:0b:18:99:e4:ca:0c:21:92:6d:bd:
                    87:97:f5:89:6e:13:aa:72:49:51:06:00:5e:57:71:
                    f4:97:a5:8b:dc:75:21:a3:2a:9d:df:84:98:e8:d6:
                    a4:f5:14:0e:72:df:99:71:45:2d:50:05:80:58:7d:
                    ce:60:fe:c9:4c:88:3c:7f:8a:ea:93:66:d9:03:99:
                    c6:f3:a7:04:b0:e0:12:1f:32:dd:4f:10:48:11:d7:
                    dd:82:96:25:05:55:b6:9c:9a:f1:f1:18:d9:8b:a3:
                    4b:5c:11:ed:2e:c6:40:87:21:90:ff:aa:3f:1b:d7:
                    eb:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:5E:4D:B5:09:85:27:D1:A1:6A:74:35:31:06:4A:1C:66:3B:4F:B6
            X509v3 Authority Key Identifier:
                keyid:F2:5C:65:3C:60:54:86:60:42:A7:06:F7:17:B2:4B:21:FD:F9:81:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8lxlPGBUhmBCpwb3F7JLIf35gag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/fb2998-51f9-4adb-a323-f07a218e1cc7/1/wV5NtQmFJ9GhanQ1MQZKHGY7T7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/fb2998-51f9-4adb-a323-f07a218e1cc7/1/8lxlPGBUhmBCpwb3F7JLIf35gag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:37:fa:7c:fc:79:b1:5d:7a:e3:6d:62:9a:5f:9a:73:b6:8f:
         e7:6d:fb:32:7a:37:d6:23:c0:7d:a3:47:08:d9:52:b5:c2:aa:
         0d:0d:84:7e:56:fc:03:25:26:11:28:79:11:5e:c5:ce:2e:1c:
         7e:ef:b8:83:57:c2:55:54:50:33:05:5d:75:51:17:41:4e:36:
         28:94:2c:b6:72:2f:d7:19:4e:06:65:6c:81:a0:0c:6f:3b:b8:
         5e:a6:8a:41:65:70:65:39:c6:70:b4:a5:70:12:d0:22:d3:3e:
         30:6c:7e:73:8a:0b:49:56:68:31:74:47:10:ec:5c:b5:04:31:
         8e:6d:2a:51:46:df:61:8f:4f:a6:77:d5:36:61:0e:27:a5:f8:
         3b:64:ee:05:18:59:1f:c5:e0:89:bc:38:8c:df:8d:43:86:3d:
         78:88:16:b7:95:36:56:fe:6d:19:65:f9:83:b9:16:c6:e2:c8:
         52:c3:11:df:a4:b8:33:3c:6d:a0:da:81:10:47:10:70:48:52:
         da:0c:9f:00:8c:22:16:63:47:b5:0e:db:21:8c:8b:90:97:46:
         14:e4:8a:5a:f6:f9:0e:f7:d2:4a:15:34:f2:af:83:53:3e:b6:
         64:08:2c:27:26:fc:0e:c6:da:4a:7a:1e:d9:96:85:7b:16:10:
         7b:7e:1e:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0dNeXMGq3S7MZ7H8EaeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNWM2NTNjNjA1NDg2NjA0MmE3MDZmNzE3YjI0YjIxZmRm
OTgxYTgwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTVlNGRiNTA5ODUyN2QxYTE2YTc0MzUzMTA2NGExYzY2M2I0ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6eQaq29NdMPSG4thWBF8iXVwzpD
0R+sUfOajourpw23t/eFeycBfn0w7lLLy+Ov5TagxtdP2wKi9Oe5jdYbtxeUVfcG
rq0C3KsInDk1SIpcErq6Ho/ROdwg2+MNC96HLKE2eUNhCwfdOOPAtRZDDXuu/pgv
8bLz6aR/0DLS4yk/fZ8R4PUkY/7yNwsYmeTKDCGSbb2Hl/WJbhOqcklRBgBeV3H0
l6WL3HUhoyqd34SY6Nak9RQOct+ZcUUtUAWAWH3OYP7JTIg8f4rqk2bZA5nG86cE
sOASHzLdTxBIEdfdgpYlBVW2nJrx8RjZi6NLXBHtLsZAhyGQ/6o/G9fr9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFeTbUJhSfRoWp0NTEGShxmO0+2MB8GA1UdIwQY
MBaAFPJcZTxgVIZgQqcG9xeySyH9+YGoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGx4bFBHQlVobUJDcHdiM0Y3SkxJZjM1Z2FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9mYjI5OTgtNTFmOS00YWRiLWEzMjMt
ZjA3YTIxOGUxY2M3LzEvd1Y1TnRRbUZKOUdoYW5RMU1RWktIR1k3VDdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9mYjI5OTgtNTFmOS00YWRiLWEzMjMtZjA3YTIxOGUxY2M3
LzEvOGx4bFBHQlVobUJDcHdiM0Y3SkxJZjM1Z2FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+HwMA0G
CSqGSIb3DQEBCwUAA4IBAQAlN/p8/HmxXXrjbWKaX5pzto/nbfsyejfWI8B9o0cI
2VK1wqoNDYR+VvwDJSYRKHkRXsXOLhx+77iDV8JVVFAzBV11URdBTjYolCy2ci/X
GU4GZWyBoAxvO7hepopBZXBlOcZwtKVwEtAi0z4wbH5zigtJVmgxdEcQ7Fy1BDGO
bSpRRt9hj0+md9U2YQ4npfg7ZO4FGFkfxeCJvDiM341Dhj14iBa3lTZW/m0ZZfmD
uRbG4shSwxHfpLgzPG2g2oEQRxBwSFLaDJ8AjCIWY0e1DtshjIuQl0YU5Ipa9vkO
99JKFTTyr4NTPrZkCCwnJvwOxtpKeh7ZloV7FhB7fh5r
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:59:37 2024 by rpki-client on console-fra.rpki-client.org