Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/Z8D0OHugo_hYfN6Eujt_qVpSlTw.roa
File:                     Z8D0OHugo_hYfN6Eujt_qVpSlTw.roa (raw, json)
Hash identifier:          F8ndM5OlxqrE9bcME+Nwn2Hb8KK07/d5c+y4x5vuFXs=
Subject key identifier:   67:C0:F4:38:7B:A0:A3:F8:58:7C:DE:84:BA:3B:7F:A9:5A:52:95:3C
Certificate issuer:       /CN=ec6b71c67e1cc28078697952ad3f4f355f4e1341
Certificate serial:       018CC9BB171E9D6DD5819DA74B9E81309CCE
Authority key identifier: EC:6B:71:C6:7E:1C:C2:80:78:69:79:52:AD:3F:4F:35:5F:4E:13:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/Z8D0OHugo_hYfN6Eujt_qVpSlTw.roa
Signing time:             Tue 02 Jan 2024 10:32:10 +0000
ROA not before:           Tue 02 Jan 2024 10:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        91.237.101.0/24 maxlen: 24
                          91.237.100.0/24 maxlen: 24
                          91.237.100.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:17:1e:9d:6d:d5:81:9d:a7:4b:9e:81:30:9c:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b71c67e1cc28078697952ad3f4f355f4e1341
        Validity
            Not Before: Jan  2 10:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67c0f4387ba0a3f8587cde84ba3b7fa95a52953c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:a4:2a:84:b4:05:5c:b1:06:72:3c:62:a5:22:
                    d7:0a:14:f7:c0:7d:e8:32:3d:51:76:36:a3:0e:63:
                    d9:5c:7a:8d:cc:b1:4c:82:2a:2b:50:77:5b:5c:ba:
                    ff:6e:16:ec:7b:3a:1c:86:1b:22:42:d5:76:1f:9f:
                    30:1d:c0:41:40:c4:e0:52:55:19:80:a2:79:11:b4:
                    fa:2e:d0:06:61:55:cd:a1:bb:d3:5b:2e:e4:ac:97:
                    ed:dd:c7:2f:3b:2d:ed:35:55:eb:b6:60:83:ed:56:
                    24:8e:54:da:cb:4e:4e:70:0b:87:c4:16:76:bb:74:
                    c0:3b:a7:ed:ac:ca:cd:78:df:1e:72:78:7d:11:27:
                    28:74:91:ab:a6:a0:e0:3a:88:a7:b2:91:3a:68:56:
                    ba:32:f5:b9:6f:17:d4:6f:fe:56:5b:f7:11:ca:1e:
                    4c:5b:95:9e:79:25:5c:65:c8:95:33:d3:fe:07:9f:
                    3b:8a:31:13:77:f4:0d:34:b8:48:90:cd:98:d5:40:
                    b4:17:e6:71:61:60:9e:40:95:d6:07:98:ad:32:3a:
                    ae:b0:07:3e:e7:ca:3a:71:ba:50:67:37:46:6d:38:
                    11:c8:c4:3a:02:ff:a9:e5:e9:09:55:db:c1:41:89:
                    d0:cf:c9:3d:30:a3:37:7c:4b:04:60:79:dc:6a:dc:
                    41:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C0:F4:38:7B:A0:A3:F8:58:7C:DE:84:BA:3B:7F:A9:5A:52:95:3C
            X509v3 Authority Key Identifier:
                keyid:EC:6B:71:C6:7E:1C:C2:80:78:69:79:52:AD:3F:4F:35:5F:4E:13:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/Z8D0OHugo_hYfN6Eujt_qVpSlTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:e0:e5:89:61:49:98:94:9a:61:19:df:97:c9:ed:9f:ac:9c:
         ac:19:38:02:e2:0b:00:85:eb:3b:79:36:88:7c:97:ea:7e:9f:
         fe:a9:d1:94:46:48:bd:62:d7:67:78:a2:18:4b:26:49:db:02:
         80:0a:db:d7:76:ba:c7:2b:95:49:3f:59:5c:41:62:d1:4f:ce:
         57:04:d5:7f:3c:4f:1c:c8:65:d4:4d:a1:a1:16:cc:27:fa:19:
         2e:23:68:bb:29:fc:07:f5:f1:12:d7:7f:9c:d2:57:aa:52:d3:
         1c:7e:c4:0c:7b:bb:54:4f:43:74:22:3e:1d:e8:ef:f8:0c:34:
         8d:44:28:fb:ef:4b:d7:21:c9:0b:09:d7:e8:13:87:98:e1:d8:
         29:88:a9:16:2a:f0:ec:65:29:a7:b2:44:e2:a4:58:23:3c:3f:
         5f:06:8c:72:59:e2:6f:a8:a2:f5:45:49:5a:49:9f:ae:91:10:
         8a:c9:be:db:6f:13:7b:53:1a:b1:a6:71:2a:ca:49:e7:0c:7a:
         76:f8:0a:c7:21:3d:ae:e0:44:11:f4:e7:3d:5f:19:77:8a:74:
         53:97:3b:d2:76:4e:cd:6e:53:d1:bb:a1:00:5a:87:95:2f:bb:
         de:b3:b6:fb:8c:ae:04:65:87:56:ba:d4:a4:f7:6d:f1:46:88:
         ad:41:3f:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuxcenW3VgZ2nS56BMJzOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI3MWM2N2UxY2MyODA3ODY5Nzk1MmFkM2Y0ZjM1NWY0
ZTEzNDEwHhcNMjQwMTAyMTAzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2MwZjQzODdiYTBhM2Y4NTg3Y2RlODRiYTNiN2ZhOTVhNTI5NTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46QqhLQFXLEGcjxipSLXChT3wH3o
Mj1RdjajDmPZXHqNzLFMgiorUHdbXLr/bhbsezochhsiQtV2H58wHcBBQMTgUlUZ
gKJ5EbT6LtAGYVXNobvTWy7krJft3ccvOy3tNVXrtmCD7VYkjlTay05OcAuHxBZ2
u3TAO6ftrMrNeN8ecnh9EScodJGrpqDgOoinspE6aFa6MvW5bxfUb/5WW/cRyh5M
W5WeeSVcZciVM9P+B587ijETd/QNNLhIkM2Y1UC0F+ZxYWCeQJXWB5itMjqusAc+
58o6cbpQZzdGbTgRyMQ6Av+p5ekJVdvBQYnQz8k9MKM3fEsEYHncatxBNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfA9Dh7oKP4WHzehLo7f6laUpU8MB8GA1UdIwQY
MBaAFOxrccZ+HMKAeGl5Uq0/TzVfThNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0eHhuNGN3b0I0YVhsU3JUOVBOVjlPRTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84N2U5NDAtZTJhMS00MzZlLWFhNzMt
ZDNmNmNkOGU0NDQ0LzEvWjhEME9IdWdvX2hZZk42RXVqdF9xVnBTbFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84N2U5NDAtZTJhMS00MzZlLWFhNzMtZDNmNmNkOGU0NDQ0
LzEvN0d0eHhuNGN3b0I0YVhsU3JUOVBOVjlPRTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+1kMA0G
CSqGSIb3DQEBCwUAA4IBAQBn4OWJYUmYlJphGd+Xye2frJysGTgC4gsAhes7eTaI
fJfqfp/+qdGURki9YtdneKIYSyZJ2wKACtvXdrrHK5VJP1lcQWLRT85XBNV/PE8c
yGXUTaGhFswn+hkuI2i7KfwH9fES13+c0leqUtMcfsQMe7tUT0N0Ij4d6O/4DDSN
RCj770vXIckLCdfoE4eY4dgpiKkWKvDsZSmnskTipFgjPD9fBoxyWeJvqKL1RUla
SZ+ukRCKyb7bbxN7UxqxpnEqyknnDHp2+ArHIT2u4EQR9Oc9Xxl3inRTlzvSdk7N
blPRu6EAWoeVL7ves7b7jK4EZYdWutSk923xRoitQT8D
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:26:43 2024 by rpki-client on console-ams.rpki-client.org