Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/3997ea-204a-4efd-85d6-2d7fd0fb22ce/1/vlA_e2d-NDeL5Sb3an8msFGv_k4.roa
File:                     vlA_e2d-NDeL5Sb3an8msFGv_k4.roa (raw, json)
Hash identifier:          VSNnGjblDNDAU/QtbyZfBkpvVze0yV54yNPdgqpQtrI=
Subject key identifier:   BE:50:3F:7B:67:7E:34:37:8B:E5:26:F7:6A:7F:26:B0:51:AF:FE:4E
Certificate issuer:       /CN=4bd2b3f31a6b0a5d7c0698a37796a51d7b0cb6a4
Certificate serial:       018CCA2A09AD52D5999C2AAE4EC9CDB7724E
Authority key identifier: 4B:D2:B3:F3:1A:6B:0A:5D:7C:06:98:A3:77:96:A5:1D:7B:0C:B6:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S9Kz8xprCl18Bpijd5alHXsMtqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/3997ea-204a-4efd-85d6-2d7fd0fb22ce/1/vlA_e2d-NDeL5Sb3an8msFGv_k4.roa
Signing time:             Tue 02 Jan 2024 12:33:21 +0000
ROA not before:           Tue 02 Jan 2024 12:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197055
IP address blocks:        91.216.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/3997ea-204a-4efd-85d6-2d7fd0fb22ce/1/S9Kz8xprCl18Bpijd5alHXsMtqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/3997ea-204a-4efd-85d6-2d7fd0fb22ce/1/S9Kz8xprCl18Bpijd5alHXsMtqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S9Kz8xprCl18Bpijd5alHXsMtqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:09:ad:52:d5:99:9c:2a:ae:4e:c9:cd:b7:72:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bd2b3f31a6b0a5d7c0698a37796a51d7b0cb6a4
        Validity
            Not Before: Jan  2 12:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be503f7b677e34378be526f76a7f26b051affe4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:dc:c3:72:9f:6a:ad:98:3a:21:91:db:79:9f:
                    b2:2c:f8:45:2d:cf:c6:64:19:5c:5d:50:59:ee:d5:
                    e5:66:37:1a:a1:f7:2c:e7:de:33:2c:b8:ee:be:5c:
                    ce:fd:ba:f8:09:1a:4d:6f:81:9b:5b:a2:e0:4c:9a:
                    4a:5d:ee:aa:8d:a5:50:d0:86:c6:d6:a1:cb:1e:23:
                    36:60:4f:e5:3d:e2:c2:37:7f:cf:30:74:a8:e5:d6:
                    14:90:5f:37:32:26:7e:6a:4d:73:6d:2a:f3:73:b4:
                    5b:3c:bb:56:d3:42:b6:36:ff:92:71:bc:9e:e6:ac:
                    c4:ff:63:57:27:23:7c:19:34:64:f3:66:f7:a5:ca:
                    ad:19:29:d7:8b:30:f9:c6:ad:74:9b:b3:8a:5f:23:
                    af:b1:97:2d:89:ce:f7:3f:b2:4c:7c:46:5d:ea:f3:
                    cf:52:47:01:5f:11:16:e7:0e:8b:0d:59:fb:d2:16:
                    36:6f:52:85:84:eb:82:5d:1c:6e:4b:05:d2:7e:61:
                    cb:2c:11:4c:e6:44:c4:4c:5a:e5:e0:c9:cd:cf:e1:
                    e6:7c:53:a0:57:5f:86:fd:b0:62:de:8a:98:9d:cb:
                    74:76:5c:1b:c0:bc:15:d5:71:5c:62:a6:a0:a2:de:
                    69:4f:b6:43:46:b9:f4:78:88:3c:57:5d:ab:c7:87:
                    d4:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:50:3F:7B:67:7E:34:37:8B:E5:26:F7:6A:7F:26:B0:51:AF:FE:4E
            X509v3 Authority Key Identifier:
                keyid:4B:D2:B3:F3:1A:6B:0A:5D:7C:06:98:A3:77:96:A5:1D:7B:0C:B6:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S9Kz8xprCl18Bpijd5alHXsMtqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/3997ea-204a-4efd-85d6-2d7fd0fb22ce/1/vlA_e2d-NDeL5Sb3an8msFGv_k4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/3997ea-204a-4efd-85d6-2d7fd0fb22ce/1/S9Kz8xprCl18Bpijd5alHXsMtqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:1e:7e:48:d2:d1:0d:4d:f7:fb:4d:d2:d9:34:29:0a:2a:e0:
         0c:b2:db:7a:60:fe:3d:47:0b:11:34:9d:00:12:16:b1:a0:86:
         73:30:02:eb:6e:75:50:5e:d5:a8:17:f8:32:ef:2f:bd:2e:c3:
         03:d4:7a:92:84:6a:32:c8:23:34:31:7a:1f:8c:fb:18:d4:92:
         60:63:fc:dd:08:4f:3e:2a:86:78:96:07:de:7e:32:04:fc:ae:
         6b:5a:95:9c:a9:c2:6b:f0:a5:d9:e5:65:b5:4a:29:01:74:03:
         3d:26:db:73:a6:8d:0d:9f:d1:56:90:f6:c4:5b:8d:a2:fa:5f:
         aa:77:42:24:fe:f5:b3:dc:b8:e3:04:8a:08:44:56:a8:3c:4f:
         ff:01:a1:88:b1:c1:29:9f:7e:8d:f8:01:b7:9d:f4:94:84:e7:
         14:56:c2:6e:cc:15:00:9a:d4:7d:88:1e:21:f2:97:e9:4b:f5:
         1a:c6:70:d4:c9:5e:98:33:d0:41:cc:97:1c:1d:7f:5e:d3:01:
         12:05:08:d0:d0:28:91:3e:24:a5:80:84:a5:9b:a1:ec:37:d3:
         1f:91:83:f7:66:d9:be:31:fd:70:45:18:94:2d:a7:2e:19:4e:
         b6:ca:00:0e:fb:79:24:d8:68:94:7c:f7:84:96:ea:1f:c8:57:
         d8:1a:d2:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgmtUtWZnCquTsnNt3JOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZDJiM2YzMWE2YjBhNWQ3YzA2OThhMzc3OTZhNTFkN2Iw
Y2I2YTQwHhcNMjQwMTAyMTIzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTUwM2Y3YjY3N2UzNDM3OGJlNTI2Zjc2YTdmMjZiMDUxYWZmZTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdzDcp9qrZg6IZHbeZ+yLPhFLc/G
ZBlcXVBZ7tXlZjcaofcs594zLLjuvlzO/br4CRpNb4GbW6LgTJpKXe6qjaVQ0IbG
1qHLHiM2YE/lPeLCN3/PMHSo5dYUkF83MiZ+ak1zbSrzc7RbPLtW00K2Nv+Scbye
5qzE/2NXJyN8GTRk82b3pcqtGSnXizD5xq10m7OKXyOvsZctic73P7JMfEZd6vPP
UkcBXxEW5w6LDVn70hY2b1KFhOuCXRxuSwXSfmHLLBFM5kTETFrl4MnNz+HmfFOg
V1+G/bBi3oqYnct0dlwbwLwV1XFcYqagot5pT7ZDRrn0eIg8V12rx4fUUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5QP3tnfjQ3i+Um92p/JrBRr/5OMB8GA1UdIwQY
MBaAFEvSs/MaawpdfAaYo3eWpR17DLakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzlLejh4cHJDbDE4QnBpamQ1YWxIWHNNdHFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8zOTk3ZWEtMjA0YS00ZWZkLTg1ZDYt
MmQ3ZmQwZmIyMmNlLzEvdmxBX2UyZC1ORGVMNVNiM2FuOG1zRkd2X2s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8zOTk3ZWEtMjA0YS00ZWZkLTg1ZDYtMmQ3ZmQwZmIyMmNl
LzEvUzlLejh4cHJDbDE4QnBpamQ1YWxIWHNNdHFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9iuMA0G
CSqGSIb3DQEBCwUAA4IBAQA4Hn5I0tENTff7TdLZNCkKKuAMstt6YP49RwsRNJ0A
EhaxoIZzMALrbnVQXtWoF/gy7y+9LsMD1HqShGoyyCM0MXofjPsY1JJgY/zdCE8+
KoZ4lgfefjIE/K5rWpWcqcJr8KXZ5WW1SikBdAM9Jttzpo0Nn9FWkPbEW42i+l+q
d0Ik/vWz3LjjBIoIRFaoPE//AaGIscEpn36N+AG3nfSUhOcUVsJuzBUAmtR9iB4h
8pfpS/UaxnDUyV6YM9BBzJccHX9e0wESBQjQ0CiRPiSlgISlm6HsN9MfkYP3Ztm+
Mf1wRRiULacuGU62ygAO+3kk2GiUfPeEluofyFfYGtJl
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:41:09 2024 by rpki-client on console-fra.rpki-client.org