Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/Cmjqxtw5xzvhyUNdHCiwzU8qpu8.roa
File:                     Cmjqxtw5xzvhyUNdHCiwzU8qpu8.roa (raw, json)
Hash identifier:          lw4pDy0L4CEYwanQ2NA5xRRYslDOBeS5Utei4Pj3ddU=
Subject key identifier:   0A:68:EA:C6:DC:39:C7:3B:E1:C9:43:5D:1C:28:B0:CD:4F:2A:A6:EF
Certificate issuer:       /CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Certificate serial:       018CC79530E7C928A5F68280028291568EA8
Authority key identifier: 22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/Cmjqxtw5xzvhyUNdHCiwzU8qpu8.roa
Signing time:             Tue 02 Jan 2024 00:31:32 +0000
ROA not before:           Tue 02 Jan 2024 00:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13213
IP address blocks:        91.236.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:30:e7:c9:28:a5:f6:82:80:02:82:91:56:8e:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
        Validity
            Not Before: Jan  2 00:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a68eac6dc39c73be1c9435d1c28b0cd4f2aa6ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:5a:23:fa:fc:18:2c:be:7a:a3:59:df:33:e2:
                    0f:80:c9:87:3d:f3:06:ac:aa:52:7f:24:af:e8:28:
                    67:3d:ea:f2:f7:d6:c4:bb:c3:33:30:a0:9f:06:41:
                    b7:54:5d:7a:d8:25:5c:49:a4:80:83:41:59:99:af:
                    cf:03:27:66:bb:f0:35:ea:65:0f:a3:4e:04:31:5b:
                    a1:f8:4f:fa:81:39:99:ba:96:a3:c9:86:e6:e7:d9:
                    e8:da:87:45:24:70:29:2f:9f:ca:f0:c0:60:ce:39:
                    02:2e:c8:8f:d9:ea:ac:9a:7d:17:97:07:d5:b2:f7:
                    56:c6:4c:65:32:a4:b6:c5:93:cd:0c:42:f4:c9:82:
                    f9:1c:29:1a:99:37:32:36:20:7a:f0:78:02:d7:a3:
                    3d:73:f8:d5:58:3c:a9:ff:cd:5f:e1:60:c0:d5:fa:
                    73:5b:5a:10:cd:01:64:ae:29:77:df:7a:42:6e:63:
                    09:a9:fb:0b:69:a1:49:61:89:4d:09:93:d2:d0:e9:
                    93:51:2e:55:06:b9:e5:f9:30:e3:6a:8c:eb:bd:5f:
                    dd:0a:aa:ae:00:b9:5f:45:63:44:1b:01:5a:1a:2d:
                    f8:6a:90:46:f1:82:68:79:89:d9:93:7f:30:d5:72:
                    ba:89:d8:3a:8e:b4:7e:e2:0c:17:3a:f0:fe:62:26:
                    6c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:68:EA:C6:DC:39:C7:3B:E1:C9:43:5D:1C:28:B0:CD:4F:2A:A6:EF
            X509v3 Authority Key Identifier:
                keyid:22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/Cmjqxtw5xzvhyUNdHCiwzU8qpu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:52:f8:f1:0c:0c:a8:05:c9:fb:ca:dd:64:92:a1:69:f3:94:
         03:64:d5:37:51:0a:38:8d:86:fd:e0:5f:82:ec:f3:d8:ba:fa:
         85:8b:22:71:b1:a2:ce:34:1b:f1:31:0b:c9:09:41:fd:88:01:
         05:12:c1:1b:2c:4d:32:1a:3d:63:a1:36:21:ab:14:77:d7:90:
         24:e8:37:4a:e7:0d:db:44:a5:3f:41:44:c5:dc:92:93:e6:41:
         5d:ea:2f:18:b8:98:0e:7f:25:c3:13:5d:8e:01:13:98:63:c9:
         ea:36:97:30:69:6a:f2:f1:6f:76:27:8c:64:42:ac:2d:9e:6b:
         3d:70:39:4f:7f:dc:97:b0:bb:77:78:e9:31:0b:0c:e5:34:45:
         06:52:f4:78:ef:f9:b4:2e:37:70:db:b7:61:cf:8b:11:14:9e:
         01:4d:8e:a6:51:ec:c1:9e:44:ef:9c:f7:88:e8:60:68:5b:ca:
         7a:96:7a:5f:6d:b8:e8:93:ac:ac:8f:a1:63:0d:ab:14:ff:02:
         22:1b:96:ab:fb:ee:af:75:59:13:92:b8:10:be:a5:42:69:f5:
         48:b4:aa:c5:13:fc:ca:5d:b5:cf:18:30:74:e2:d4:03:b4:3d:
         df:62:19:8c:4f:90:c2:e7:dd:aa:64:76:78:58:79:1c:d4:4a:
         18:b8:ee:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTDnySil9oKAAoKRVo6oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjJjMmU3YmMxZGE1NGQ5MTljYTViNTk0MWQzNzg4OTJi
MmNjYjIwHhcNMjQwMTAyMDAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTY4ZWFjNmRjMzljNzNiZTFjOTQzNWQxYzI4YjBjZDRmMmFhNmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11oj+vwYLL56o1nfM+IPgMmHPfMG
rKpSfySv6ChnPery99bEu8MzMKCfBkG3VF162CVcSaSAg0FZma/PAydmu/A16mUP
o04EMVuh+E/6gTmZupajyYbm59no2odFJHApL5/K8MBgzjkCLsiP2eqsmn0XlwfV
svdWxkxlMqS2xZPNDEL0yYL5HCkamTcyNiB68HgC16M9c/jVWDyp/81f4WDA1fpz
W1oQzQFkril333pCbmMJqfsLaaFJYYlNCZPS0OmTUS5VBrnl+TDjaozrvV/dCqqu
ALlfRWNEGwFaGi34apBG8YJoeYnZk38w1XK6idg6jrR+4gwXOvD+YiZs/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApo6sbcOcc74clDXRwosM1PKqbvMB8GA1UdIwQY
MBaAFCLywue8HaVNkZyltZQdN4iSssyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUt
MDJkZWY2ZTg0YzkxLzEvQ21qcXh0dzV4enZoeVVOZEhDaXd6VThxcHU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUtMDJkZWY2ZTg0Yzkx
LzEvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+xZMA0G
CSqGSIb3DQEBCwUAA4IBAQBuUvjxDAyoBcn7yt1kkqFp85QDZNU3UQo4jYb94F+C
7PPYuvqFiyJxsaLONBvxMQvJCUH9iAEFEsEbLE0yGj1joTYhqxR315Ak6DdK5w3b
RKU/QUTF3JKT5kFd6i8YuJgOfyXDE12OAROYY8nqNpcwaWry8W92J4xkQqwtnms9
cDlPf9yXsLt3eOkxCwzlNEUGUvR47/m0Ljdw27dhz4sRFJ4BTY6mUezBnkTvnPeI
6GBoW8p6lnpfbbjok6ysj6FjDasU/wIiG5ar++6vdVkTkrgQvqVCafVItKrFE/zK
XbXPGDB04tQDtD3fYhmMT5DC592qZHZ4WHkc1EoYuO7E
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:34:49 2024 by rpki-client on console-fra.rpki-client.org