Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/lJk3Drm-VEVGzbucKat8hr7csso.roa
File:                     lJk3Drm-VEVGzbucKat8hr7csso.roa (raw, json)
Hash identifier:          KjlxMoabRzVyTimuFByOyrgJp9Cb8+p/ltNSATjU24E=
Subject key identifier:   94:99:37:0E:B9:BE:54:45:46:CD:BB:9C:29:AB:7C:86:BE:DC:B2:CA
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF98306D3347CB1DAE29B4FC9C7ED
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/lJk3Drm-VEVGzbucKat8hr7csso.roa
Signing time:             Tue 02 Jan 2024 04:30:30 +0000
ROA not before:           Tue 02 Jan 2024 04:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211709
IP address blocks:        91.93.184.0/24 maxlen: 24
                          213.14.231.0/24 maxlen: 24
                          213.14.233.0/24 maxlen: 24
                          213.14.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f9:83:06:d3:34:7c:b1:da:e2:9b:4f:c9:c7:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9499370eb9be544546cdbb9c29ab7c86bedcb2ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:40:ce:6d:5a:48:98:11:61:1e:44:7b:39:a0:
                    bc:96:58:d6:16:3a:2d:d7:1a:28:09:c2:85:62:c4:
                    4c:24:83:93:37:ef:58:60:3d:7e:17:5b:f4:6b:d0:
                    da:17:19:29:0d:e9:e7:29:5e:a9:e7:a3:4c:eb:1d:
                    15:b7:fe:d9:9d:bf:13:cf:2f:46:04:41:9e:ec:b0:
                    e4:37:ed:f4:62:11:89:5f:9d:1b:4c:7f:14:5d:ec:
                    21:9f:a6:29:24:ca:5b:29:24:bb:a1:0e:4f:54:29:
                    f2:18:d3:97:ea:59:69:3e:15:f0:d4:b5:ae:cf:ee:
                    fb:04:09:91:22:18:1f:3f:16:4a:1d:ac:13:d4:f5:
                    aa:fa:56:7c:6b:60:82:96:6d:69:26:df:f7:75:b2:
                    5f:9b:49:10:74:8d:04:75:0f:4a:bd:60:96:e0:39:
                    e7:20:18:8a:49:98:ba:23:d8:f2:1e:ca:85:e9:cc:
                    95:d6:6d:63:13:72:3f:85:1c:13:99:8e:03:e9:89:
                    0f:51:67:7f:21:a8:e3:87:2f:60:bd:92:fb:6c:2a:
                    32:11:fe:89:e2:53:0c:d4:9b:a1:5a:f7:37:95:fe:
                    bc:bd:3f:f1:34:a8:d8:6d:dc:c3:0c:11:bb:51:25:
                    ed:48:fb:85:c9:4c:fb:5c:8d:0f:10:dc:dd:bb:94:
                    84:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:99:37:0E:B9:BE:54:45:46:CD:BB:9C:29:AB:7C:86:BE:DC:B2:CA
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/lJk3Drm-VEVGzbucKat8hr7csso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.93.184.0/24
                  213.14.231.0/24
                  213.14.233.0-213.14.234.255

    Signature Algorithm: sha256WithRSAEncryption
         7a:b2:6d:20:79:7c:5d:96:21:ed:10:59:85:22:ff:8b:a0:ed:
         62:f0:9f:66:52:5e:89:34:ea:c4:be:83:ef:bc:d9:99:48:d5:
         1f:5f:98:bc:01:84:ac:fc:a6:e5:e9:33:4b:82:59:68:48:e1:
         d3:b0:68:9c:c4:15:44:95:86:7c:d2:e2:40:c0:4c:fe:0b:a1:
         42:64:64:1d:44:ab:c7:a3:88:25:2a:1c:22:87:63:a1:d3:40:
         0a:f8:82:80:ff:3a:a6:cb:e4:9f:d5:14:ea:da:e7:56:fb:11:
         6b:cf:7a:06:05:e9:c5:16:6e:07:ec:30:b4:3c:22:22:0e:de:
         40:84:59:34:20:c4:3d:ac:40:06:31:87:c8:58:be:a8:97:89:
         b9:60:e0:63:4a:26:fb:a3:c5:de:20:77:4b:f0:c0:2a:f0:1d:
         1f:6f:0e:1e:fe:20:f9:c9:97:fb:78:28:d1:cc:94:c4:c1:e2:
         a7:b6:1c:ce:07:ec:35:94:18:5b:ee:21:0a:7f:99:8e:3a:00:
         39:f5:e7:9c:0a:e1:a9:b6:37:a3:52:45:18:c6:c0:86:c1:d3:
         d1:56:29:2c:35:89:b6:c5:21:42:a9:01:dc:7c:26:08:54:03:
         45:d0:4c:fb:bb:a9:d2:19:fd:3d:d5:98:79:8f:44:5c:c8:c7:
         99:25:f2:a0
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzIb/mDBtM0fLHa4ptPycftMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDk5MzcwZWI5YmU1NDQ1NDZjZGJiOWMyOWFiN2M4NmJlZGNiMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0DObVpImBFhHkR7OaC8lljWFjot
1xooCcKFYsRMJIOTN+9YYD1+F1v0a9DaFxkpDennKV6p56NM6x0Vt/7Znb8Tzy9G
BEGe7LDkN+30YhGJX50bTH8UXewhn6YpJMpbKSS7oQ5PVCnyGNOX6llpPhXw1LWu
z+77BAmRIhgfPxZKHawT1PWq+lZ8a2CClm1pJt/3dbJfm0kQdI0EdQ9KvWCW4Dnn
IBiKSZi6I9jyHsqF6cyV1m1jE3I/hRwTmY4D6YkPUWd/Iajjhy9gvZL7bCoyEf6J
4lMM1JuhWvc3lf68vT/xNKjYbdzDDBG7USXtSPuFyUz7XI0PENzdu5SEPQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJSZNw65vlRFRs27nCmrfIa+3LLKMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvbEprM0RybS1WRVZHemJ1Y0thdDhocjdjc3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAW124AwQA
1Q7nMAwDBADVDukDBADVDuowDQYJKoZIhvcNAQELBQADggEBAHqybSB5fF2WIe0Q
WYUi/4ug7WLwn2ZSXok06sS+g++82ZlI1R9fmLwBhKz8puXpM0uCWWhI4dOwaJzE
FUSVhnzS4kDATP4LoUJkZB1Eq8ejiCUqHCKHY6HTQAr4goD/OqbL5J/VFOra51b7
EWvPegYF6cUWbgfsMLQ8IiIO3kCEWTQgxD2sQAYxh8hYvqiXiblg4GNKJvujxd4g
d0vwwCrwHR9vDh7+IPnJl/t4KNHMlMTB4qe2HM4H7DWUGFvuIQp/mY46ADn155wK
4am2N6NSRRjGwIbB09FWKSw1ibbFIUKpAdx8JghUA0XQTPu7qdIZ/T3VmHmPRFzI
x5kl8qA=
-----END CERTIFICATE-----
Generated at Sun Jun 16 21:55:31 2024 by rpki-client on console-fra.rpki-client.org