Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/rem30q4QHCIzUfBSMkBg2vBRHlM.roa
File:                     rem30q4QHCIzUfBSMkBg2vBRHlM.roa (raw, json)
Hash identifier:          jnMkpTFFIIhrmN52T3g7hb23JdWjMZkSU2naBcDFc9o=
Subject key identifier:   AD:E9:B7:D2:AE:10:1C:22:33:51:F0:52:32:40:60:DA:F0:51:1E:53
Certificate issuer:       /CN=f0c113413d0df5b8fa069011eeb109f067b5579a
Certificate serial:       018E9E5AA8ACC2F7669230751CE0F4AD68C2
Authority key identifier: F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/rem30q4QHCIzUfBSMkBg2vBRHlM.roa
Signing time:             Tue 02 Apr 2024 10:28:45 +0000
ROA not before:           Tue 02 Apr 2024 10:28:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58172
IP address blocks:        91.239.101.0/24 maxlen: 24
                          128.127.98.0/24 maxlen: 24
                          128.127.99.0/24 maxlen: 24
                          128.127.100.0/24 maxlen: 24
                          128.127.101.0/24 maxlen: 24
                          128.127.102.0/24 maxlen: 24
                          128.127.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:5a:a8:ac:c2:f7:66:92:30:75:1c:e0:f4:ad:68:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c113413d0df5b8fa069011eeb109f067b5579a
        Validity
            Not Before: Apr  2 10:28:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ade9b7d2ae101c223351f052324060daf0511e53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:05:47:08:f0:27:78:ae:9a:57:7c:d0:aa:09:
                    c0:61:91:2e:b5:bc:21:d6:5a:40:d2:d2:4e:55:5e:
                    eb:fd:b0:d9:b5:f6:49:20:85:d0:97:fb:a0:85:56:
                    97:0c:fb:53:bd:98:fa:60:46:83:ce:51:e4:9e:89:
                    31:cb:f6:f6:a3:a2:dc:f0:12:88:2e:9a:e7:9e:02:
                    0c:27:24:83:8b:c5:6e:3b:c4:84:ab:64:54:bc:d4:
                    14:6f:33:94:fa:16:b9:16:19:85:2f:19:27:b0:1c:
                    17:c1:bf:aa:96:7f:b6:86:d3:93:81:3c:01:af:ff:
                    13:6d:bd:4b:c2:da:53:34:25:fe:e6:c4:33:77:12:
                    1b:d9:e9:2e:1c:cd:ce:44:a9:c5:81:d1:1e:9a:22:
                    6d:5b:07:7b:ca:a6:d7:63:96:48:22:aa:3e:31:b1:
                    ac:f7:7f:95:ae:ad:7e:7c:bf:3a:98:ea:49:a5:12:
                    cd:1c:f9:dd:f5:2f:a4:e7:0f:27:bc:87:b1:3f:33:
                    1d:09:f1:30:89:00:e2:65:fd:40:6a:ae:19:ca:f8:
                    94:6c:c1:4c:f6:56:96:0a:67:d0:28:53:3d:a1:6f:
                    a8:0c:07:52:ed:40:b7:15:ad:d9:af:f0:0d:f5:b9:
                    1f:a6:5b:d5:c9:de:fe:4b:11:96:bc:73:8f:bc:b9:
                    80:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:E9:B7:D2:AE:10:1C:22:33:51:F0:52:32:40:60:DA:F0:51:1E:53
            X509v3 Authority Key Identifier:
                keyid:F0:C1:13:41:3D:0D:F5:B8:FA:06:90:11:EE:B1:09:F0:67:B5:57:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8METQT0N9bj6BpAR7rEJ8Ge1V5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/rem30q4QHCIzUfBSMkBg2vBRHlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/c104c6-9b65-4d46-9e45-50261b11916b/1/8METQT0N9bj6BpAR7rEJ8Ge1V5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.101.0/24
                  128.127.98.0-128.127.103.255

    Signature Algorithm: sha256WithRSAEncryption
         2b:8f:4d:25:84:d7:b2:f5:a3:f8:ee:b5:60:78:c7:1d:1c:ba:
         d6:92:3f:5b:03:2e:58:b7:b4:2b:14:d8:f4:0c:73:21:b6:f6:
         b0:e3:a5:59:76:ec:07:58:36:bd:cd:a0:62:b6:fe:f0:70:cd:
         28:c2:63:6d:26:a1:48:00:dc:76:45:b0:fd:00:7f:fd:a5:18:
         db:87:7e:bf:b0:ba:55:24:93:e2:1e:0e:dd:1e:17:55:51:18:
         5e:84:7c:39:f9:16:c8:9b:fc:52:4d:e0:ed:30:85:69:fe:73:
         af:28:74:d5:96:1c:33:11:36:d2:c0:d6:13:8a:f8:67:d6:c2:
         a0:db:1e:4b:53:5a:ba:18:29:08:c0:39:85:58:8d:2a:ad:97:
         27:3e:16:ad:6f:f5:db:8a:4c:e3:46:23:5d:2a:ac:4f:0f:8a:
         c1:7e:c1:df:87:ef:12:40:ed:cb:ca:b5:50:a4:55:57:0b:b4:
         9d:ee:ac:67:a2:a5:e3:a4:1b:62:96:7e:68:fe:14:06:45:b7:
         81:bb:4a:52:b0:14:d7:42:d3:73:df:38:79:15:be:41:ac:96:
         d1:b3:b0:21:94:f2:10:0a:9d:73:2c:5f:36:10:2a:d0:66:4c:
         18:19:68:58:b6:01:15:8f:9b:46:bc:75:f5:1f:2a:d5:0a:7f:
         ce:b2:47:54
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY6eWqiswvdmkjB1HOD0rWjCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzExMzQxM2QwZGY1YjhmYTA2OTAxMWVlYjEwOWYwNjdi
NTU3OWEwHhcNMjQwNDAyMTAyODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGU5YjdkMmFlMTAxYzIyMzM1MWYwNTIzMjQwNjBkYWYwNTExZTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAVHCPAneK6aV3zQqgnAYZEutbwh
1lpA0tJOVV7r/bDZtfZJIIXQl/ughVaXDPtTvZj6YEaDzlHknokxy/b2o6Lc8BKI
LprnngIMJySDi8VuO8SEq2RUvNQUbzOU+ha5FhmFLxknsBwXwb+qln+2htOTgTwB
r/8Tbb1LwtpTNCX+5sQzdxIb2ekuHM3ORKnFgdEemiJtWwd7yqbXY5ZIIqo+MbGs
93+Vrq1+fL86mOpJpRLNHPnd9S+k5w8nvIexPzMdCfEwiQDiZf1Aaq4ZyviUbMFM
9laWCmfQKFM9oW+oDAdS7UC3Fa3Zr/AN9bkfplvVyd7+SxGWvHOPvLmAdQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFK3pt9KuEBwiM1HwUjJAYNrwUR5TMB8GA1UdIwQY
MBaAFPDBE0E9DfW4+gaQEe6xCfBntVeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUt
NTAyNjFiMTE5MTZiLzEvcmVtMzBxNFFIQ0l6VWZCU01rQmcydkJSSGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9jMTA0YzYtOWI2NS00ZDQ2LTllNDUtNTAyNjFiMTE5MTZi
LzEvOE1FVFFUME45Ymo2QnBBUjdyRUo4R2UxVjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAW+9lMAwD
BAGAf2IDBAOAf2AwDQYJKoZIhvcNAQELBQADggEBACuPTSWE17L1o/jutWB4xx0c
utaSP1sDLli3tCsU2PQMcyG29rDjpVl27AdYNr3NoGK2/vBwzSjCY20moUgA3HZF
sP0Af/2lGNuHfr+wulUkk+IeDt0eF1VRGF6EfDn5Fsib/FJN4O0whWn+c68odNWW
HDMRNtLA1hOK+GfWwqDbHktTWroYKQjAOYVYjSqtlyc+Fq1v9duKTONGI10qrE8P
isF+wd+H7xJA7cvKtVCkVVcLtJ3urGeipeOkG2KWfmj+FAZFt4G7SlKwFNdC03Pf
OHkVvkGsltGzsCGU8hAKnXMsXzYQKtBmTBgZaFi2ARWPm0a8dfUfKtUKf86yR1Q=
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:08:46 2024 by rpki-client on console-ams.rpki-client.org