Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/eGOoeHdRM4MXkUTJfeE2wlJSuaU.roa
File:                     eGOoeHdRM4MXkUTJfeE2wlJSuaU.roa (raw, json)
Hash identifier:          Dz5uG8huimTPFasoTIt8FIEB5NsbsUTHehM8UtbhkOY=
Subject key identifier:   78:63:A8:78:77:51:33:83:17:91:44:C9:7D:E1:36:C2:52:52:B9:A5
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       018CC3B742478C0E7273850D7A6070C1A82E
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/eGOoeHdRM4MXkUTJfeE2wlJSuaU.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21485
IP address blocks:        91.231.153.0/24 maxlen: 24
                          2001:67c:15ec::/48 maxlen: 48
                          2a0a:3500::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:42:47:8c:0e:72:73:85:0d:7a:60:70:c1:a8:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7863a87877513383179144c97de136c25252b9a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:6f:04:b2:89:c2:c4:ac:44:4b:48:90:9e:da:
                    bd:79:04:25:22:95:f6:8d:18:8c:4e:b6:4e:89:fe:
                    a7:ee:66:4c:92:4d:f5:b4:c7:28:b1:f3:ce:06:10:
                    9d:46:1d:1f:6e:a8:f0:bf:77:fd:dc:41:14:e0:17:
                    a6:12:57:94:3a:61:e7:a7:56:e9:b6:8f:44:6f:2d:
                    f4:a2:0b:c0:35:40:9a:7c:79:3b:38:ae:7b:df:ca:
                    84:5d:04:c4:07:33:a8:1e:58:64:e5:ff:b1:8b:44:
                    ce:43:6f:95:65:71:49:be:77:89:19:93:18:3b:99:
                    9d:2d:2b:42:9d:d8:14:c9:3b:1f:84:f9:bc:4f:59:
                    49:a0:2e:8e:e5:47:25:91:6b:2e:da:74:7e:79:a3:
                    bb:80:34:cf:54:02:f9:9d:d5:3e:09:c5:51:2a:d7:
                    05:6c:b5:9e:8f:a6:db:3c:c4:f9:99:fc:5f:a4:cf:
                    98:72:25:7f:bf:2f:02:ac:74:d8:f4:8c:63:50:a7:
                    2f:50:41:63:44:05:29:fe:1a:50:fa:48:7c:45:4a:
                    3f:14:16:70:08:b9:c9:e9:9d:52:fa:86:42:8b:33:
                    02:7d:16:a9:07:d0:6d:3d:ba:c2:f5:76:87:7d:56:
                    c9:bd:50:af:b5:d3:a3:3a:10:ed:8e:4b:c6:8b:fc:
                    2a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:63:A8:78:77:51:33:83:17:91:44:C9:7D:E1:36:C2:52:52:B9:A5
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/eGOoeHdRM4MXkUTJfeE2wlJSuaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.153.0/24
                IPv6:
                  2001:67c:15ec::/48
                  2a0a:3500::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:b8:df:d5:ff:40:f1:8d:38:38:04:54:1e:26:f1:85:65:56:
         ed:6c:6d:98:41:8f:48:48:58:d3:b9:09:49:e7:26:a7:28:dc:
         6c:03:c5:08:15:df:aa:f5:43:c0:cc:e6:76:07:a1:d4:9f:fc:
         af:51:5a:f3:f8:39:c3:d2:bd:ee:f3:ce:95:f3:fa:8a:02:1a:
         b9:39:f1:4b:8c:1b:08:d5:01:10:39:8e:8d:33:6a:81:9f:86:
         18:d3:ca:bc:20:1d:50:a7:fc:27:38:10:d1:0a:7d:27:0a:d9:
         96:95:17:3a:58:c3:b5:fa:27:83:71:b1:15:c6:2d:02:38:70:
         7c:ad:99:78:0c:fa:a1:4c:83:0b:88:6e:56:67:6c:b2:00:28:
         d9:23:9b:5e:2d:0a:e1:40:b1:49:e8:a5:dd:8b:85:74:09:3c:
         8e:40:db:8f:d4:73:69:6f:1a:c4:f6:51:89:e9:8f:f0:7b:6b:
         68:f3:23:6b:2c:4b:38:8d:dc:a4:53:db:3c:e8:a2:a6:0a:ba:
         fb:7a:08:fe:75:1e:4c:63:6c:77:98:34:9e:b4:d6:38:0b:aa:
         5b:47:3f:63:81:23:60:a6:e5:6d:e8:e3:d6:29:36:f4:61:a0:
         c9:af:1f:0c:cf:41:a9:0e:3a:7f:fe:94:b7:9f:f4:67:50:3b:
         7f:c7:3a:ed
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzDt0JHjA5yc4UNemBwwaguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODYzYTg3ODc3NTEzMzgzMTc5MTQ0Yzk3ZGUxMzZjMjUyNTJiOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq28EsonCxKxES0iQntq9eQQlIpX2
jRiMTrZOif6n7mZMkk31tMcosfPOBhCdRh0fbqjwv3f93EEU4BemEleUOmHnp1bp
to9Eby30ogvANUCafHk7OK5738qEXQTEBzOoHlhk5f+xi0TOQ2+VZXFJvneJGZMY
O5mdLStCndgUyTsfhPm8T1lJoC6O5UclkWsu2nR+eaO7gDTPVAL5ndU+CcVRKtcF
bLWej6bbPMT5mfxfpM+YciV/vy8CrHTY9IxjUKcvUEFjRAUp/hpQ+kh8RUo/FBZw
CLnJ6Z1S+oZCizMCfRapB9BtPbrC9XaHfVbJvVCvtdOjOhDtjkvGi/wqXQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFHhjqHh3UTODF5FEyX3hNsJSUrmlMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvZUdPb2VIZFJNNE1Ya1VUSmZlRTJ3bEpTdWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAW+eZMBYE
AgACMBADBwAgAQZ8FewDBQAqCjUAMA0GCSqGSIb3DQEBCwUAA4IBAQAKuN/V/0Dx
jTg4BFQeJvGFZVbtbG2YQY9ISFjTuQlJ5yanKNxsA8UIFd+q9UPAzOZ2B6HUn/yv
UVrz+DnD0r3u886V8/qKAhq5OfFLjBsI1QEQOY6NM2qBn4YY08q8IB1Qp/wnOBDR
Cn0nCtmWlRc6WMO1+ieDcbEVxi0COHB8rZl4DPqhTIMLiG5WZ2yyACjZI5teLQrh
QLFJ6KXdi4V0CTyOQNuP1HNpbxrE9lGJ6Y/we2to8yNrLEs4jdykU9s86KKmCrr7
egj+dR5MY2x3mDSetNY4C6pbRz9jgSNgpuVt6OPWKTb0YaDJrx8Mz0GpDjp//pS3
n/RnUDt/xzrt
-----END CERTIFICATE-----
Generated at Mon Nov 25 20:33:19 2024 by rpki-client on console-fra.rpki-client.org