Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/0bABeRMYuX78NRzSkd775HwUjOY.roa
File:                     0bABeRMYuX78NRzSkd775HwUjOY.roa (raw, json)
Hash identifier:          nllE3FYcFKI4zij4iqpDVyUZWzElLtQMpa+khJGZDf4=
Subject key identifier:   D1:B0:01:79:13:18:B9:7E:FC:35:1C:D2:91:DE:FB:E4:7C:14:8C:E6
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       018F386F6C83FFBCF4EBE2AD52B67DF04A99
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/0bABeRMYuX78NRzSkd775HwUjOY.roa
Signing time:             Thu 02 May 2024 08:32:57 +0000
ROA not before:           Thu 02 May 2024 08:32:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        91.149.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:6f:6c:83:ff:bc:f4:eb:e2:ad:52:b6:7d:f0:4a:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: May  2 08:32:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1b001791318b97efc351cd291defbe47c148ce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ec:e5:35:2b:d7:ef:d3:b4:ae:13:ed:35:1d:
                    8c:ad:a6:c0:f3:00:3b:f3:8f:0a:f9:5f:ec:12:4e:
                    cf:cc:39:de:e0:65:8f:cb:44:e8:ec:58:65:0c:02:
                    87:13:b2:23:86:fe:e1:9c:a2:71:cb:01:a1:fb:6e:
                    76:16:79:42:74:48:e9:eb:62:bb:d3:ae:52:4e:d5:
                    6c:4a:e9:dd:f6:95:c6:e4:b4:d0:6d:af:50:6e:7a:
                    71:69:b8:57:bd:6a:95:cf:66:ad:0f:da:39:44:d7:
                    db:17:e4:52:7d:8b:35:d4:29:44:d4:3e:df:28:37:
                    93:99:5a:f3:e7:d2:8c:ab:f1:86:f4:8a:c7:97:f0:
                    f6:a8:78:c7:17:4f:ce:77:7b:ea:16:49:bd:c8:ba:
                    fd:a1:12:ae:5b:4a:97:c1:da:4d:b1:26:f1:ef:37:
                    b1:e4:25:8f:9f:72:52:23:5e:96:bf:0c:0c:46:55:
                    98:22:bb:59:d7:40:63:a8:f5:4f:dc:aa:ed:b8:d8:
                    ca:c0:1b:21:ec:95:d7:84:7c:88:b9:1f:22:31:6b:
                    7a:04:88:91:8b:27:cd:0f:91:78:d0:3b:02:00:c9:
                    03:f4:ff:6a:f3:4e:b9:25:a4:07:b1:5c:8c:83:e2:
                    a5:9f:54:6b:4e:b9:29:51:a5:3e:2f:3c:20:d6:17:
                    08:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B0:01:79:13:18:B9:7E:FC:35:1C:D2:91:DE:FB:E4:7C:14:8C:E6
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/0bABeRMYuX78NRzSkd775HwUjOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:39:a4:73:15:56:e7:5c:29:40:ba:cd:4a:90:d6:15:96:6e:
         3e:67:ff:71:ae:21:8c:b9:5f:39:2a:12:b4:1e:ce:5f:9d:b5:
         2a:25:f1:9b:d7:7d:9f:fc:de:37:48:cd:6f:cd:b7:80:56:8a:
         4a:69:cb:65:51:1d:03:f9:95:da:0b:70:cf:c9:5d:b1:ac:f1:
         d1:3b:d1:0a:df:37:1b:62:cd:65:af:40:ea:9a:95:7f:d5:cf:
         98:14:ad:bc:a1:84:e4:6a:a4:56:44:4c:81:9a:4b:f0:35:ef:
         78:b8:5d:e0:d5:22:80:94:89:47:46:b4:d7:ce:ea:92:09:73:
         eb:96:2d:f5:bb:d7:a0:72:6d:e1:7c:c4:d9:79:8d:c5:67:40:
         b8:17:08:4c:6a:00:53:96:0b:56:70:c9:23:c8:e9:e0:dd:91:
         57:df:e3:d4:38:74:89:d9:e4:3d:39:36:35:af:e6:68:ff:f7:
         68:f0:66:6a:d0:05:76:03:f5:d5:39:3a:ee:23:ff:49:e6:37:
         ac:bc:0c:7a:a8:e9:ad:55:0d:5a:a9:b0:31:bb:c8:6e:3c:ea:
         df:44:6f:bf:6a:7e:4f:6d:ff:02:79:48:c9:9d:6d:61:ea:a6:
         d8:39:b1:d5:96:85:5c:44:9f:92:f6:4e:a5:86:23:96:5e:f8:
         ca:f9:73:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY84b2yD/7z06+KtUrZ98EqZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjQwNTAyMDgzMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWIwMDE3OTEzMThiOTdlZmMzNTFjZDI5MWRlZmJlNDdjMTQ4Y2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwezlNSvX79O0rhPtNR2MrabA8wA7
848K+V/sEk7PzDne4GWPy0To7FhlDAKHE7Ijhv7hnKJxywGh+252FnlCdEjp62K7
065STtVsSund9pXG5LTQba9QbnpxabhXvWqVz2atD9o5RNfbF+RSfYs11ClE1D7f
KDeTmVrz59KMq/GG9IrHl/D2qHjHF0/Od3vqFkm9yLr9oRKuW0qXwdpNsSbx7zex
5CWPn3JSI16WvwwMRlWYIrtZ10BjqPVP3KrtuNjKwBsh7JXXhHyIuR8iMWt6BIiR
iyfND5F40DsCAMkD9P9q8065JaQHsVyMg+Kln1RrTrkpUaU+Lzwg1hcIbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGwAXkTGLl+/DUc0pHe++R8FIzmMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvMGJBQmVSTVl1WDc4TlJ6U2tkNzc1SHdVak9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5XAMA0G
CSqGSIb3DQEBCwUAA4IBAQAmOaRzFVbnXClAus1KkNYVlm4+Z/9xriGMuV85KhK0
Hs5fnbUqJfGb132f/N43SM1vzbeAVopKactlUR0D+ZXaC3DPyV2xrPHRO9EK3zcb
Ys1lr0DqmpV/1c+YFK28oYTkaqRWREyBmkvwNe94uF3g1SKAlIlHRrTXzuqSCXPr
li31u9egcm3hfMTZeY3FZ0C4FwhMagBTlgtWcMkjyOng3ZFX3+PUOHSJ2eQ9OTY1
r+Zo//do8GZq0AV2A/XVOTruI/9J5jesvAx6qOmtVQ1aqbAxu8huPOrfRG+/an5P
bf8CeUjJnW1h6qbYObHVloVcRJ+S9k6lhiOWXvjK+XPl
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:38:42 2024 by rpki-client on console-fra.rpki-client.org