Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/EcM90ZQyydTCn7dRplZnvyJEL-c.roa
File:                     EcM90ZQyydTCn7dRplZnvyJEL-c.roa (raw, json)
Hash identifier:          EZ2t33SbdutwwEKKxtBBYnuH20K0oZgPBW6QoGpkPZQ=
Subject key identifier:   11:C3:3D:D1:94:32:C9:D4:C2:9F:B7:51:A6:56:67:BF:22:44:2F:E7
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       018CC86FE8050D69EB674644ADE4F415A059
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/EcM90ZQyydTCn7dRplZnvyJEL-c.roa
Signing time:             Tue 02 Jan 2024 04:30:26 +0000
ROA not before:           Tue 02 Jan 2024 04:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39810
IP address blocks:        89.187.0.0/23 maxlen: 24
                          89.187.2.0/24 maxlen: 24
                          89.187.3.0/24 maxlen: 24
                          2a10:e400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:e8:05:0d:69:eb:67:46:44:ad:e4:f4:15:a0:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  2 04:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11c33dd19432c9d4c29fb751a65667bf22442fe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4a:3a:65:df:47:b9:d7:cc:aa:9f:58:43:9d:
                    3c:d6:9b:1a:a8:04:91:8b:fc:ee:37:1d:60:bf:04:
                    77:0b:98:b5:99:75:e0:92:bb:45:2e:f5:68:59:95:
                    f2:9b:1f:d5:35:de:dc:31:3e:87:e2:0b:d2:65:6c:
                    6b:b3:63:8e:bb:f2:38:14:67:7f:b7:dc:0b:3e:9c:
                    8d:ce:3b:90:dc:f8:d5:cc:ad:08:59:a8:91:aa:56:
                    ee:72:55:06:a5:7e:95:0f:1e:e4:15:84:38:94:43:
                    a9:99:60:7f:e2:f1:e2:13:f5:6f:8c:31:c4:41:6d:
                    ad:1d:88:fb:cb:4d:06:6a:2c:01:df:47:7f:33:af:
                    7c:11:44:99:54:f9:1e:c7:54:d7:8b:f8:88:f5:99:
                    b6:fc:11:92:b2:ae:6d:f1:19:84:b8:f7:f4:6b:16:
                    7e:37:f1:4e:59:10:ac:b8:aa:7e:8c:de:09:8a:5c:
                    44:91:a2:68:56:f7:6a:3c:d5:68:74:6e:a3:06:52:
                    6b:f6:9b:ea:7c:73:7b:4a:60:c6:f2:05:26:04:b3:
                    20:9f:3b:82:ed:80:dd:04:3f:00:f3:97:56:aa:62:
                    aa:d6:48:c0:44:93:8b:11:3b:31:b3:21:61:d9:e5:
                    78:51:97:8b:db:10:85:78:cd:13:14:a3:2f:41:2e:
                    c3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:C3:3D:D1:94:32:C9:D4:C2:9F:B7:51:A6:56:67:BF:22:44:2F:E7
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/EcM90ZQyydTCn7dRplZnvyJEL-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.0.0/22
                IPv6:
                  2a10:e400::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:84:ff:fd:d2:36:6e:9c:a0:46:11:bc:55:fb:71:c2:c3:3c:
         08:5c:0d:0d:37:f6:ce:44:67:18:81:b7:72:81:c5:d9:35:84:
         8a:d9:85:76:bb:2c:e4:57:75:f6:51:bb:66:01:32:0c:bd:9b:
         a4:e1:57:5f:bb:12:d3:64:29:9b:8d:e2:f9:ef:0a:79:d4:c4:
         ef:34:96:bf:35:fe:0c:7c:81:91:01:c9:bf:12:51:af:9e:ed:
         6d:0b:74:64:0a:79:b6:4c:54:13:a8:f4:af:d6:77:a3:d5:ef:
         cf:61:23:85:2d:05:79:b6:06:52:98:18:b7:e5:0f:a1:5e:70:
         56:ce:35:34:84:82:6c:7d:dc:46:2b:a1:ea:51:f9:82:98:30:
         25:71:2d:2b:37:0c:6b:89:10:42:46:79:0a:31:4e:85:f6:86:
         b0:4e:af:55:8b:8a:5e:d5:ee:01:8a:d3:09:c2:7b:92:55:10:
         c8:2e:5c:d6:9c:e1:71:52:7b:b5:8c:56:14:64:2c:47:8b:9f:
         68:96:12:fb:b7:42:09:fc:83:bc:78:20:c7:a0:38:09:ea:09:
         52:06:f3:14:33:e9:34:72:0a:b1:47:ca:60:16:57:30:8e:d1:
         00:a3:42:8d:57:49:de:c3:11:6b:35:3b:66:62:29:96:1e:6e:
         d2:da:31:23
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb+gFDWnrZ0ZEreT0FaBZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjQwMTAyMDQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWMzM2RkMTk0MzJjOWQ0YzI5ZmI3NTFhNjU2NjdiZjIyNDQyZmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0o6Zd9HudfMqp9YQ5081psaqASR
i/zuNx1gvwR3C5i1mXXgkrtFLvVoWZXymx/VNd7cMT6H4gvSZWxrs2OOu/I4FGd/
t9wLPpyNzjuQ3PjVzK0IWaiRqlbuclUGpX6VDx7kFYQ4lEOpmWB/4vHiE/VvjDHE
QW2tHYj7y00GaiwB30d/M698EUSZVPkex1TXi/iI9Zm2/BGSsq5t8RmEuPf0axZ+
N/FOWRCsuKp+jN4JilxEkaJoVvdqPNVodG6jBlJr9pvqfHN7SmDG8gUmBLMgnzuC
7YDdBD8A85dWqmKq1kjARJOLETsxsyFh2eV4UZeL2xCFeM0TFKMvQS7D2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBHDPdGUMsnUwp+3UaZWZ78iRC/nMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvRWNNOTBaUXl5ZFRDbjdkUnBsWm52eUpFTC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCWbsAMA0E
AgACMAcDBQMqEOQAMA0GCSqGSIb3DQEBCwUAA4IBAQAthP/90jZunKBGEbxV+3HC
wzwIXA0NN/bORGcYgbdygcXZNYSK2YV2uyzkV3X2UbtmATIMvZuk4VdfuxLTZCmb
jeL57wp51MTvNJa/Nf4MfIGRAcm/ElGvnu1tC3RkCnm2TFQTqPSv1nej1e/PYSOF
LQV5tgZSmBi35Q+hXnBWzjU0hIJsfdxGK6HqUfmCmDAlcS0rNwxriRBCRnkKMU6F
9oawTq9Vi4pe1e4BitMJwnuSVRDILlzWnOFxUnu1jFYUZCxHi59olhL7t0IJ/IO8
eCDHoDgJ6glSBvMUM+k0cgqxR8pgFlcwjtEAo0KNV0newxFrNTtmYimWHm7S2jEj
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:55:47 2024 by rpki-client on console-fra.rpki-client.org