Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/bsNGGASYs4KJmDThTiHCnUFqAhw.roa
File:                     bsNGGASYs4KJmDThTiHCnUFqAhw.roa (raw, json)
Hash identifier:          O4dfXusahvfNtswh+t3hOrvJ5jDc1hP3XJHVhs45lNk=
Subject key identifier:   6E:C3:46:18:04:98:B3:82:89:98:34:E1:4E:21:C2:9D:41:6A:02:1C
Certificate issuer:       /CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
Certificate serial:       018CC56E83F19CE790B2310465BDE52113D5
Authority key identifier: 33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/bsNGGASYs4KJmDThTiHCnUFqAhw.roa
Signing time:             Mon 01 Jan 2024 14:30:03 +0000
ROA not before:           Mon 01 Jan 2024 14:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213134
IP address blocks:        91.201.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:83:f1:9c:e7:90:b2:31:04:65:bd:e5:21:13:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331ed3d7ba511ca6002d845b3c0aa8111a3559cf
        Validity
            Not Before: Jan  1 14:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ec346180498b382899834e14e21c29d416a021c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:8b:89:44:4c:6e:6f:e3:1f:71:80:49:79:4d:
                    8d:ae:9f:9f:04:02:95:9f:bd:00:87:e9:5d:6e:7d:
                    16:5c:18:27:cd:76:4d:ef:2b:92:52:18:07:40:c3:
                    92:49:d4:ae:f2:e6:ef:39:62:4b:7e:57:18:97:63:
                    ba:07:95:63:cb:b2:aa:5e:9d:f2:0b:71:f6:ea:ff:
                    d2:69:3a:99:3a:fb:9e:d6:29:48:f6:73:d3:1d:ab:
                    25:90:28:e9:3e:cd:78:db:87:e2:1a:8d:ed:36:16:
                    ce:cf:29:92:ca:6b:75:1e:08:06:82:60:36:dd:2d:
                    c4:fc:f8:d8:b8:a9:f9:a5:71:83:af:81:81:73:08:
                    57:15:7c:91:3d:bd:09:eb:0c:5a:81:56:fa:aa:a2:
                    92:1f:e8:ae:0e:44:d9:32:d7:72:b8:58:c6:2c:5a:
                    f8:cd:a6:11:27:7e:33:51:f7:b3:fa:23:25:f6:68:
                    c4:0b:c6:27:74:aa:b9:98:08:e9:e9:1c:13:66:d0:
                    30:51:c7:33:94:a8:e5:bb:1e:b3:57:48:99:d3:d3:
                    59:8b:d8:b7:08:0f:05:ce:7e:52:0c:38:93:a0:aa:
                    70:39:c2:42:ff:d3:32:ac:5b:73:08:f6:20:ac:ae:
                    2c:f7:d1:c3:85:b6:93:da:e5:f1:10:22:76:ea:8e:
                    29:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C3:46:18:04:98:B3:82:89:98:34:E1:4E:21:C2:9D:41:6A:02:1C
            X509v3 Authority Key Identifier:
                keyid:33:1E:D3:D7:BA:51:1C:A6:00:2D:84:5B:3C:0A:A8:11:1A:35:59:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mx7T17pRHKYALYRbPAqoERo1Wc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/bsNGGASYs4KJmDThTiHCnUFqAhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/feaa1b-b7c1-4b48-9594-baf24dd5839f/1/Mx7T17pRHKYALYRbPAqoERo1Wc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:aa:51:f9:ac:de:ce:be:1d:7d:11:fb:e8:5a:26:41:f3:63:
         54:28:8d:10:84:05:99:3f:18:6d:f5:38:cd:8b:9c:c2:c7:77:
         35:24:1d:d0:e0:be:3d:4f:f4:61:3d:c6:93:3e:14:82:af:59:
         8b:fe:e9:c4:41:97:17:55:e5:2a:fe:9a:44:a3:01:f1:54:3d:
         9f:d9:31:f0:be:05:ab:6b:48:66:08:77:30:1b:86:2f:83:b0:
         57:f8:e5:b5:58:72:92:d0:c2:e8:b0:59:d0:d6:37:a3:bd:dd:
         47:5e:4a:06:fe:d8:cc:89:ef:bf:bd:60:20:bd:cd:0b:3d:ef:
         39:5d:7b:01:2c:20:50:a9:e4:8d:56:a2:16:1f:3b:76:74:68:
         58:33:aa:c1:db:12:84:0a:77:86:e6:0a:43:d3:fc:29:b0:bc:
         14:75:3b:04:19:6f:bf:86:62:4d:16:7a:ad:94:76:47:e6:7a:
         10:98:eb:10:a3:ec:e1:c7:1f:12:d1:73:52:0c:45:3d:b1:c2:
         12:85:e7:71:72:6a:dd:66:04:46:0a:98:f1:0a:d8:4f:e9:b9:
         f6:e6:2b:05:4d:f2:90:d6:06:d7:17:bf:6e:50:5e:57:7e:92:
         f8:43:99:3c:09:2f:c6:8c:86:e4:25:05:5b:37:32:4d:e0:9f:
         38:c5:2b:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFboPxnOeQsjEEZb3lIRPVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWVkM2Q3YmE1MTFjYTYwMDJkODQ1YjNjMGFhODExMWEz
NTU5Y2YwHhcNMjQwMTAxMTQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWMzNDYxODA0OThiMzgyODk5ODM0ZTE0ZTIxYzI5ZDQxNmEwMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4uJRExub+MfcYBJeU2Nrp+fBAKV
n70Ah+ldbn0WXBgnzXZN7yuSUhgHQMOSSdSu8ubvOWJLflcYl2O6B5Vjy7KqXp3y
C3H26v/SaTqZOvue1ilI9nPTHaslkCjpPs1424fiGo3tNhbOzymSymt1HggGgmA2
3S3E/PjYuKn5pXGDr4GBcwhXFXyRPb0J6wxagVb6qqKSH+iuDkTZMtdyuFjGLFr4
zaYRJ34zUfez+iMl9mjEC8YndKq5mAjp6RwTZtAwUcczlKjlux6zV0iZ09NZi9i3
CA8Fzn5SDDiToKpwOcJC/9MyrFtzCPYgrK4s99HDhbaT2uXxECJ26o4pbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7DRhgEmLOCiZg04U4hwp1BagIcMB8GA1UdIwQY
MBaAFDMe09e6URymAC2EWzwKqBEaNVnPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXg3VDE3cFJIS1lBTFlSYlBBcW9FUm8xV2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9mZWFhMWItYjdjMS00YjQ4LTk1OTQt
YmFmMjRkZDU4MzlmLzEvYnNOR0dBU1lzNEtKbURUaFRpSENuVUZxQWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9mZWFhMWItYjdjMS00YjQ4LTk1OTQtYmFmMjRkZDU4Mzlm
LzEvTXg3VDE3cFJIS1lBTFlSYlBBcW9FUm8xV2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8nEMA0G
CSqGSIb3DQEBCwUAA4IBAQCEqlH5rN7Ovh19EfvoWiZB82NUKI0QhAWZPxht9TjN
i5zCx3c1JB3Q4L49T/RhPcaTPhSCr1mL/unEQZcXVeUq/ppEowHxVD2f2THwvgWr
a0hmCHcwG4Yvg7BX+OW1WHKS0MLosFnQ1jejvd1HXkoG/tjMie+/vWAgvc0LPe85
XXsBLCBQqeSNVqIWHzt2dGhYM6rB2xKECneG5gpD0/wpsLwUdTsEGW+/hmJNFnqt
lHZH5noQmOsQo+zhxx8S0XNSDEU9scIShedxcmrdZgRGCpjxCthP6bn25isFTfKQ
1gbXF79uUF5XfpL4Q5k8CS/GjIbkJQVbNzJN4J84xSvf
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:18:45 2024 by rpki-client on console-fra.rpki-client.org