Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/150b88-88ee-4234-a5e8-aa7730b2b4f3/1/kcE19wGXmmpqRZVRXo8b9ampp68.roa
File:                     kcE19wGXmmpqRZVRXo8b9ampp68.roa (raw, json)
Hash identifier:          NcMUZWc/g5Nbg3kqCNvobD0XqpS51SpOFYEVXrv4mYU=
Subject key identifier:   91:C1:35:F7:01:97:9A:6A:6A:45:95:51:5E:8F:1B:F5:A9:A9:A7:AF
Certificate issuer:       /CN=63c657190fed73f6bbe765f4b68201fd5555e3c8
Certificate serial:       018CC2DB221484000B7438228E44A7A9FB7D
Authority key identifier: 63:C6:57:19:0F:ED:73:F6:BB:E7:65:F4:B6:82:01:FD:55:55:E3:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y8ZXGQ_tc_a752X0toIB_VVV48g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/150b88-88ee-4234-a5e8-aa7730b2b4f3/1/kcE19wGXmmpqRZVRXo8b9ampp68.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198356
IP address blocks:        91.234.24.0/23 maxlen: 23
                          91.234.24.0/24 maxlen: 24
                          91.234.24.0/22 maxlen: 22
                          91.234.26.0/24 maxlen: 24
                          91.234.26.0/23 maxlen: 23
                          91.234.27.0/24 maxlen: 24
                          91.234.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/150b88-88ee-4234-a5e8-aa7730b2b4f3/1/Y8ZXGQ_tc_a752X0toIB_VVV48g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/150b88-88ee-4234-a5e8-aa7730b2b4f3/1/Y8ZXGQ_tc_a752X0toIB_VVV48g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y8ZXGQ_tc_a752X0toIB_VVV48g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:22:14:84:00:0b:74:38:22:8e:44:a7:a9:fb:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63c657190fed73f6bbe765f4b68201fd5555e3c8
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91c135f701979a6a6a4595515e8f1bf5a9a9a7af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:1a:f7:a2:59:4e:1d:67:5a:52:02:71:00:d8:
                    6a:c1:19:20:b6:e3:24:c8:5d:eb:6d:0b:e0:f0:5b:
                    71:bb:63:df:9a:56:9a:d6:79:5e:8f:86:83:39:24:
                    3d:15:97:7c:4b:81:49:0a:36:82:73:4d:8b:09:64:
                    3f:df:30:ac:cc:54:04:d3:07:a5:d8:62:a8:48:99:
                    5a:9f:3b:5c:71:cc:fb:15:8b:2b:e3:7e:a0:88:38:
                    82:98:d3:59:62:db:f8:a9:bb:0e:f3:c5:12:c8:8f:
                    1b:d4:1f:4e:45:4d:27:d2:a8:e0:3f:a1:1a:d4:f6:
                    0c:25:24:29:9b:58:51:1b:9b:0f:f5:a7:53:26:db:
                    bc:11:37:8e:b1:5b:7f:ac:00:58:a1:4f:05:18:19:
                    c9:4f:f5:40:15:4f:08:6d:09:de:78:2b:38:93:ea:
                    0e:5c:7c:a8:11:21:56:15:e4:19:da:c6:de:17:27:
                    e2:2b:90:19:3d:c9:46:7f:23:ff:6d:d7:20:51:79:
                    69:5f:64:7f:9b:a2:53:73:6f:09:a2:9f:79:32:f2:
                    d9:09:ac:5a:6f:17:d7:cb:40:9b:2c:0e:ff:68:05:
                    70:42:74:00:a0:59:d0:4d:72:a4:0a:5f:d7:d8:ed:
                    97:35:17:6d:27:9f:aa:b9:77:f5:6d:7d:93:2f:51:
                    34:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C1:35:F7:01:97:9A:6A:6A:45:95:51:5E:8F:1B:F5:A9:A9:A7:AF
            X509v3 Authority Key Identifier:
                keyid:63:C6:57:19:0F:ED:73:F6:BB:E7:65:F4:B6:82:01:FD:55:55:E3:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y8ZXGQ_tc_a752X0toIB_VVV48g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/150b88-88ee-4234-a5e8-aa7730b2b4f3/1/kcE19wGXmmpqRZVRXo8b9ampp68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/150b88-88ee-4234-a5e8-aa7730b2b4f3/1/Y8ZXGQ_tc_a752X0toIB_VVV48g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:a5:dd:42:70:f8:94:d3:8c:d9:9a:1e:ae:b2:4d:28:fe:25:
         f4:ed:13:22:b0:06:0f:16:a1:da:8d:ab:86:35:a5:f9:63:c6:
         60:60:a9:91:4f:3d:fe:5e:61:31:0d:11:70:d5:73:b3:5d:24:
         c7:0c:17:54:23:4b:39:e6:69:8e:f7:17:8e:fe:57:97:e3:15:
         93:17:f6:9d:c2:dc:ca:df:e2:ae:fe:a2:1e:5c:c3:6a:48:6f:
         de:72:39:d9:92:ea:e0:d2:80:d9:71:5d:ff:2b:57:85:f2:3e:
         f1:88:63:79:8f:74:8e:69:48:ab:73:21:af:35:b5:8c:09:78:
         3d:26:f1:55:ce:97:b9:a5:e2:1d:cb:e1:ef:02:84:d8:1d:54:
         b5:38:28:02:f2:d9:58:da:dd:9a:fe:93:1c:28:f9:d0:ee:7a:
         db:18:c6:55:ae:bf:e7:f2:6f:14:a9:a9:c3:de:11:02:cd:a6:
         eb:7d:38:d5:57:19:b8:4f:50:fb:fc:53:65:f2:64:95:60:37:
         d5:07:5f:29:aa:3b:e2:b4:34:14:99:96:00:32:d8:31:28:96:
         6a:ae:ab:a2:5c:ca:9f:1b:2a:21:84:46:8c:88:d0:cc:07:71:
         c2:8e:de:ce:bd:21:72:7b:c5:36:fd:75:91:e7:31:36:06:5f:
         76:65:e7:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yIUhAALdDgijkSnqft9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYzY1NzE5MGZlZDczZjZiYmU3NjVmNGI2ODIwMWZkNTU1
NWUzYzgwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWMxMzVmNzAxOTc5YTZhNmE0NTk1NTE1ZThmMWJmNWE5YTlhN2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Rr3ollOHWdaUgJxANhqwRkgtuMk
yF3rbQvg8Ftxu2Pfmlaa1nlej4aDOSQ9FZd8S4FJCjaCc02LCWQ/3zCszFQE0wel
2GKoSJlanztcccz7FYsr436giDiCmNNZYtv4qbsO88USyI8b1B9ORU0n0qjgP6Ea
1PYMJSQpm1hRG5sP9adTJtu8ETeOsVt/rABYoU8FGBnJT/VAFU8IbQneeCs4k+oO
XHyoESFWFeQZ2sbeFyfiK5AZPclGfyP/bdcgUXlpX2R/m6JTc28Jop95MvLZCaxa
bxfXy0CbLA7/aAVwQnQAoFnQTXKkCl/X2O2XNRdtJ5+quXf1bX2TL1E04QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHBNfcBl5pqakWVUV6PG/WpqaevMB8GA1UdIwQY
MBaAFGPGVxkP7XP2u+dl9LaCAf1VVePIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWThaWEdRX3RjX2E3NTJYMHRvSUJfVlZWNDhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8xNTBiODgtODhlZS00MjM0LWE1ZTgt
YWE3NzMwYjJiNGYzLzEva2NFMTl3R1htbXBxUlpWUlhvOGI5YW1wcDY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8xNTBiODgtODhlZS00MjM0LWE1ZTgtYWE3NzMwYjJiNGYz
LzEvWThaWEdRX3RjX2E3NTJYMHRvSUJfVlZWNDhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+oYMA0G
CSqGSIb3DQEBCwUAA4IBAQAypd1CcPiU04zZmh6usk0o/iX07RMisAYPFqHajauG
NaX5Y8ZgYKmRTz3+XmExDRFw1XOzXSTHDBdUI0s55mmO9xeO/leX4xWTF/adwtzK
3+Ku/qIeXMNqSG/ecjnZkurg0oDZcV3/K1eF8j7xiGN5j3SOaUircyGvNbWMCXg9
JvFVzpe5peIdy+HvAoTYHVS1OCgC8tlY2t2a/pMcKPnQ7nrbGMZVrr/n8m8UqanD
3hECzabrfTjVVxm4T1D7/FNl8mSVYDfVB18pqjvitDQUmZYAMtgxKJZqrquiXMqf
GyohhEaMiNDMB3HCjt7OvSFye8U2/XWR5zE2Bl92Zef0
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:20:52 2024 by rpki-client on console-ams.rpki-client.org