Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/BsICvqfn6GTBFe3b5zJYcS9zqaM.roa
File:                     BsICvqfn6GTBFe3b5zJYcS9zqaM.roa (raw, json)
Hash identifier:          7diKlsoIjqHCqxreFPBOEgdVxXWkdyd5S9QNWpZUGK0=
Subject key identifier:   06:C2:02:BE:A7:E7:E8:64:C1:15:ED:DB:E7:32:58:71:2F:73:A9:A3
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBCF060D45FFA542CB7371C103426D
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/BsICvqfn6GTBFe3b5zJYcS9zqaM.roa
Signing time:             Tue 02 Jan 2024 10:32:57 +0000
ROA not before:           Tue 02 Jan 2024 10:32:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42759
IP address blocks:        91.120.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:cf:06:0d:45:ff:a5:42:cb:73:71:c1:03:42:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06c202bea7e7e864c115eddbe73258712f73a9a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a2:7e:a6:a7:a2:c3:96:a8:f2:47:3c:80:f2:
                    8a:ff:b7:1a:6a:c0:9f:ae:80:33:1a:f7:41:46:81:
                    48:16:cb:5b:49:d7:47:2a:f9:38:73:29:e9:b3:e1:
                    42:a9:9c:8f:c2:70:38:5a:2a:0f:a8:65:a5:cd:43:
                    a2:25:44:7d:eb:dc:b3:73:f2:40:15:d0:41:6f:7e:
                    8b:e1:62:1d:ea:46:f5:11:ed:c2:43:c6:be:6e:ee:
                    d0:3c:78:21:e4:a6:6c:9f:71:55:4c:7e:fa:29:7d:
                    22:a0:af:7f:aa:5c:20:af:8a:4f:f2:4c:53:29:91:
                    82:bb:e5:17:a3:1b:73:48:0e:3b:e4:46:17:7c:f8:
                    02:b9:ed:32:2d:a3:4b:79:4a:77:e2:13:a2:d4:48:
                    13:f9:bc:d3:88:34:42:3e:4e:69:fb:5f:71:e1:46:
                    0e:e8:cd:f4:a6:72:8c:4c:11:ba:39:6d:ed:4b:39:
                    6b:3d:f2:f8:30:79:d5:e5:5c:9f:6f:05:27:0b:b4:
                    17:19:47:ee:7f:1e:9a:cb:e6:a3:e0:26:dd:4c:ad:
                    de:a1:01:39:c0:2b:55:6e:79:f6:30:1b:43:8a:5b:
                    1e:aa:85:4a:73:4d:36:ca:b5:aa:c4:8e:87:fa:b9:
                    77:ff:ac:72:b1:18:ec:e6:c4:d3:7c:42:91:97:80:
                    fe:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C2:02:BE:A7:E7:E8:64:C1:15:ED:DB:E7:32:58:71:2F:73:A9:A3
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/BsICvqfn6GTBFe3b5zJYcS9zqaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.120.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:23:7f:3d:0e:da:fb:31:80:de:ba:b2:2c:ba:01:a3:63:17:
         4d:d2:18:a5:c1:ef:64:bf:57:e7:bb:5f:66:db:a1:95:ae:d5:
         2e:13:ff:10:f1:f4:39:93:b0:cd:5b:cc:7d:88:6d:ac:d8:ca:
         78:f4:5e:fe:17:c7:c2:3a:32:69:13:cd:4c:aa:d4:46:65:44:
         9d:8f:49:1c:cb:42:0f:08:f5:6c:e9:9d:b5:ba:c5:a7:85:69:
         02:98:26:b1:55:3a:1f:8e:9f:b4:99:01:48:25:ac:5e:a2:f7:
         c6:b6:59:68:2a:b2:d0:34:7a:c2:8e:4d:7f:a8:0f:b6:33:67:
         b5:30:ce:0a:06:2b:52:9d:47:a2:a2:2d:09:06:fb:d4:dc:de:
         02:27:1f:a0:8f:a2:e8:47:aa:4a:b9:28:49:05:a8:41:42:d7:
         68:f3:58:9f:1d:79:1f:5d:cb:1a:a2:72:cf:d5:d6:cd:51:9b:
         f7:d1:58:0c:bf:5d:29:33:9c:3e:f0:25:87:7b:26:c3:e7:29:
         17:16:6b:88:a6:bc:8f:85:b2:84:03:8a:5f:6b:23:a2:b4:5e:
         2a:0d:da:ef:d0:64:6b:32:11:48:27:d4:aa:8b:1d:bd:b1:0c:
         58:34:b1:8b:0d:8e:c9:03:36:b8:31:c6:02:ee:57:a3:29:af:
         79:71:99:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu88GDUX/pULLc3HBA0JtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmMyMDJiZWE3ZTdlODY0YzExNWVkZGJlNzMyNTg3MTJmNzNhOWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6J+pqeiw5ao8kc8gPKK/7caasCf
roAzGvdBRoFIFstbSddHKvk4cynps+FCqZyPwnA4WioPqGWlzUOiJUR969yzc/JA
FdBBb36L4WId6kb1Ee3CQ8a+bu7QPHgh5KZsn3FVTH76KX0ioK9/qlwgr4pP8kxT
KZGCu+UXoxtzSA475EYXfPgCue0yLaNLeUp34hOi1EgT+bzTiDRCPk5p+19x4UYO
6M30pnKMTBG6OW3tSzlrPfL4MHnV5VyfbwUnC7QXGUfufx6ay+aj4CbdTK3eoQE5
wCtVbnn2MBtDilseqoVKc002yrWqxI6H+rl3/6xysRjs5sTTfEKRl4D+ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbCAr6n5+hkwRXt2+cyWHEvc6mjMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvQnNJQ3ZxZm42R1RCRmUzYjV6SlljUzl6cWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3gxMA0G
CSqGSIb3DQEBCwUAA4IBAQBeI389Dtr7MYDeurIsugGjYxdN0hilwe9kv1fnu19m
26GVrtUuE/8Q8fQ5k7DNW8x9iG2s2Mp49F7+F8fCOjJpE81MqtRGZUSdj0kcy0IP
CPVs6Z21usWnhWkCmCaxVTofjp+0mQFIJaxeovfGtlloKrLQNHrCjk1/qA+2M2e1
MM4KBitSnUeioi0JBvvU3N4CJx+gj6LoR6pKuShJBahBQtdo81ifHXkfXcsaonLP
1dbNUZv30VgMv10pM5w+8CWHeybD5ykXFmuIpryPhbKEA4pfayOitF4qDdrv0GRr
MhFIJ9Sqix29sQxYNLGLDY7JAza4McYC7lejKa95cZl7
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:25:27 2024 by rpki-client on console-fra.rpki-client.org