Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/fOL13kxL2EuSxd4XjgAGrK7aESE.roa
File:                     fOL13kxL2EuSxd4XjgAGrK7aESE.roa (raw, json)
Hash identifier:          P3DrVqkAqg9E/s9aGvsA2HAezysvaBeyKy8A8Kxst5A=
Subject key identifier:   7C:E2:F5:DE:4C:4B:D8:4B:92:C5:DE:17:8E:00:06:AC:AE:DA:11:21
Certificate issuer:       /CN=f341cfec38131f83ae3df6998fa02837585c91dd
Certificate serial:       018CC348AACEF427BA3A676AE2776A18386D
Authority key identifier: F3:41:CF:EC:38:13:1F:83:AE:3D:F6:99:8F:A0:28:37:58:5C:91:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80HP7DgTH4OuPfaZj6AoN1hckd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/fOL13kxL2EuSxd4XjgAGrK7aESE.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196610
IP address blocks:        91.214.253.0/24 maxlen: 24
                          91.214.253.0/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/80HP7DgTH4OuPfaZj6AoN1hckd0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/80HP7DgTH4OuPfaZj6AoN1hckd0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80HP7DgTH4OuPfaZj6AoN1hckd0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:aa:ce:f4:27:ba:3a:67:6a:e2:77:6a:18:38:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f341cfec38131f83ae3df6998fa02837585c91dd
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ce2f5de4c4bd84b92c5de178e0006acaeda1121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:67:8f:2b:89:51:3d:33:71:23:9a:c3:c5:6e:
                    03:78:7f:c5:d9:b7:85:28:14:c3:93:9d:87:26:7f:
                    5b:1f:bd:7b:28:d1:d6:4b:ce:1e:bb:ef:ae:ca:2b:
                    68:0e:f3:00:a4:83:a7:1e:77:e8:f2:ac:0b:6b:3c:
                    de:30:a8:dc:d5:a8:cc:a2:af:75:d8:5c:d9:e1:cf:
                    30:4b:8b:55:17:a9:e8:53:7b:49:62:fd:a9:be:1d:
                    4b:f2:a8:cb:a6:da:4e:3c:e6:14:a4:95:72:c8:23:
                    b6:a7:e9:5d:39:e0:90:d1:2d:77:cc:5b:6a:7b:1f:
                    46:2b:c6:c9:4f:ec:db:24:8f:e8:ef:bd:d8:45:28:
                    df:22:d0:06:2e:7f:42:0b:c8:c0:b7:20:e1:a0:07:
                    8e:cc:ae:5a:89:a2:36:df:c8:09:ef:5a:11:f9:27:
                    5b:72:bc:48:2b:d5:ec:2b:f6:63:48:b6:e5:c5:64:
                    51:84:f4:a8:7a:cb:9b:41:cc:fa:14:1e:79:86:25:
                    b6:92:1c:3d:ee:01:c3:0f:7a:12:ee:a3:94:ad:26:
                    ea:b5:86:2a:cf:04:bd:9c:d2:d4:1f:fe:cc:94:fc:
                    b6:51:e0:be:d9:3b:8c:a5:03:cc:ec:9b:a1:01:09:
                    d9:01:c4:c8:99:9e:eb:d9:d7:bc:5b:a6:b0:55:0a:
                    04:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E2:F5:DE:4C:4B:D8:4B:92:C5:DE:17:8E:00:06:AC:AE:DA:11:21
            X509v3 Authority Key Identifier:
                keyid:F3:41:CF:EC:38:13:1F:83:AE:3D:F6:99:8F:A0:28:37:58:5C:91:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80HP7DgTH4OuPfaZj6AoN1hckd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/fOL13kxL2EuSxd4XjgAGrK7aESE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/22f851-77ee-4d64-a95e-09afb7d6fb16/1/80HP7DgTH4OuPfaZj6AoN1hckd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:91:d8:78:4a:31:71:e3:24:62:4b:9f:af:98:54:3d:c2:7c:
         1d:34:b2:2f:97:55:23:95:71:22:ba:60:11:8b:31:bb:ce:7a:
         10:4f:83:3b:ad:af:69:47:dc:10:5f:ab:3e:74:83:55:48:7c:
         20:24:24:9d:76:50:06:e5:2c:33:34:cc:76:09:9f:d9:65:21:
         6b:ee:9f:a0:7d:fb:d1:50:20:3a:bf:d0:72:b6:78:cb:9f:b9:
         36:0f:de:34:5a:09:03:5e:e6:bc:56:55:9f:97:8f:7d:7b:57:
         18:83:d9:5b:66:26:62:ad:6b:fa:0b:df:ed:3d:34:43:ed:c3:
         08:0f:1d:a5:f0:3d:c2:0b:69:c8:09:ad:7c:01:cd:46:bc:bc:
         7c:df:b7:81:b0:88:0c:87:bf:03:71:f1:1a:5f:16:13:96:22:
         d5:98:b7:93:c1:e9:65:48:28:70:98:2e:d4:5c:d0:f6:31:e4:
         07:b7:24:5a:64:f7:ed:85:3e:de:1d:4a:ba:c6:62:13:10:14:
         20:f1:d3:26:fa:1f:90:74:7e:52:b7:b4:47:a4:23:76:7d:10:
         32:3f:f9:4a:45:f2:99:f5:bf:40:b2:9a:46:e9:e6:6f:2c:7c:
         90:31:4a:a1:55:db:45:83:52:9d:52:7d:45:f7:f8:44:2e:66:
         fb:24:42:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKrO9Ce6Omdq4ndqGDhtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDFjZmVjMzgxMzFmODNhZTNkZjY5OThmYTAyODM3NTg1
YzkxZGQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2UyZjVkZTRjNGJkODRiOTJjNWRlMTc4ZTAwMDZhY2FlZGExMTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWePK4lRPTNxI5rDxW4DeH/F2beF
KBTDk52HJn9bH717KNHWS84eu++uyitoDvMApIOnHnfo8qwLazzeMKjc1ajMoq91
2FzZ4c8wS4tVF6noU3tJYv2pvh1L8qjLptpOPOYUpJVyyCO2p+ldOeCQ0S13zFtq
ex9GK8bJT+zbJI/o773YRSjfItAGLn9CC8jAtyDhoAeOzK5aiaI238gJ71oR+Sdb
crxIK9XsK/ZjSLblxWRRhPSoesubQcz6FB55hiW2khw97gHDD3oS7qOUrSbqtYYq
zwS9nNLUH/7MlPy2UeC+2TuMpQPM7JuhAQnZAcTImZ7r2de8W6awVQoE8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzi9d5MS9hLksXeF44ABqyu2hEhMB8GA1UdIwQY
MBaAFPNBz+w4Ex+Drj32mY+gKDdYXJHdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBIUDdEZ1RINE91UGZhWmo2QW9OMWhja2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yMmY4NTEtNzdlZS00ZDY0LWE5NWUt
MDlhZmI3ZDZmYjE2LzEvZk9MMTNreEwyRXVTeGQ0WGpnQUdySzdhRVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yMmY4NTEtNzdlZS00ZDY0LWE5NWUtMDlhZmI3ZDZmYjE2
LzEvODBIUDdEZ1RINE91UGZhWmo2QW9OMWhja2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9b9MA0G
CSqGSIb3DQEBCwUAA4IBAQAqkdh4SjFx4yRiS5+vmFQ9wnwdNLIvl1UjlXEiumAR
izG7znoQT4M7ra9pR9wQX6s+dINVSHwgJCSddlAG5SwzNMx2CZ/ZZSFr7p+gffvR
UCA6v9BytnjLn7k2D940WgkDXua8VlWfl499e1cYg9lbZiZirWv6C9/tPTRD7cMI
Dx2l8D3CC2nICa18Ac1GvLx837eBsIgMh78DcfEaXxYTliLVmLeTwellSChwmC7U
XND2MeQHtyRaZPfthT7eHUq6xmITEBQg8dMm+h+QdH5St7RHpCN2fRAyP/lKRfKZ
9b9AsppG6eZvLHyQMUqhVdtFg1KdUn1F9/hELmb7JEIO
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:54 2024 by rpki-client on console-ams.rpki-client.org