Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/9ZH69W1YnakgeGpdaURJ6q7krXA.roa
File:                     9ZH69W1YnakgeGpdaURJ6q7krXA.roa (raw, json)
Hash identifier:          i0nXid7GwGZoweaIfT9l5LaH9hT+4Mewie6yGeAN0rM=
Subject key identifier:   F5:91:FA:F5:6D:58:9D:A9:20:78:6A:5D:69:44:49:EA:AE:E4:AD:70
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018CC56DF940BF219603D558211DED347311
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/9ZH69W1YnakgeGpdaURJ6q7krXA.roa
Signing time:             Mon 01 Jan 2024 14:29:27 +0000
ROA not before:           Mon 01 Jan 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206760
IP address blocks:        91.107.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f9:40:bf:21:96:03:d5:58:21:1d:ed:34:73:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Jan  1 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f591faf56d589da920786a5d694449eaaee4ad70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5d:52:b9:53:12:d1:22:c8:b7:3a:97:13:e8:
                    81:a1:11:31:b5:85:5b:55:ba:de:80:fd:30:62:bd:
                    f4:79:0e:22:3a:75:6f:c6:ec:92:b0:55:b8:14:56:
                    6c:06:ef:6a:cc:1d:cf:84:7b:89:2d:1d:c4:06:a5:
                    ec:30:01:7b:8e:37:75:c9:a8:9f:0b:02:77:0c:88:
                    b7:fa:e0:24:a0:9b:58:b2:14:bf:c1:69:6f:a3:8f:
                    c1:4e:24:7f:4c:88:26:42:47:5f:c3:4c:f7:9d:84:
                    e2:99:59:c1:7c:99:7d:ae:35:7d:7f:30:1e:00:9d:
                    ba:c3:e4:62:fc:d5:ce:0a:5a:58:3a:b4:4c:f1:de:
                    7b:80:30:50:1a:57:0b:bd:9d:a8:17:b3:c8:0d:97:
                    97:ac:be:08:c0:7f:a8:36:bb:5a:41:bd:c0:08:f1:
                    b3:24:0b:4e:8d:5f:9b:74:70:f1:4e:cc:8b:3b:59:
                    21:56:b4:0d:f0:73:3e:3b:53:fb:b5:71:bc:52:d3:
                    ba:fe:a8:8d:d4:8a:42:3f:7d:bc:6b:c6:44:64:9a:
                    4d:c4:ca:4d:d8:06:b0:b3:1e:92:12:c4:b2:82:e3:
                    6f:32:de:6c:4a:31:72:60:d3:fa:53:09:bf:9b:7b:
                    af:9f:7c:d1:39:51:f9:b0:84:a9:56:ea:91:42:4f:
                    0f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:91:FA:F5:6D:58:9D:A9:20:78:6A:5D:69:44:49:EA:AE:E4:AD:70
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/9ZH69W1YnakgeGpdaURJ6q7krXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.107.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:6e:15:ce:43:24:fb:f5:d7:20:b8:44:0f:6c:22:86:8f:7f:
         d2:4a:37:10:6a:ec:c5:e0:85:a9:52:4d:2c:28:f7:21:42:27:
         5a:f8:a1:62:ee:d1:60:a4:0d:08:ec:eb:46:60:c9:76:05:96:
         4f:bb:6b:3d:23:dd:0e:74:c9:47:17:4e:c2:0c:18:6f:84:21:
         ec:ce:66:d0:ea:f1:26:84:e4:e7:57:00:c3:2d:4a:67:3d:e9:
         c7:71:26:00:e8:68:ba:59:e4:ff:bf:69:29:fe:b3:fa:c2:3c:
         67:2c:55:07:ce:fb:56:71:89:d8:93:36:d5:f2:46:86:3b:26:
         e9:17:09:d8:30:52:ac:92:76:ef:62:54:eb:7f:77:c6:9b:c2:
         84:60:6c:35:bc:86:73:73:10:fc:62:ae:d3:7f:85:a2:2b:47:
         f9:8a:ad:c7:69:bb:08:c4:19:75:b1:67:76:b2:7b:c5:37:e8:
         8b:50:3e:30:42:cd:c6:ea:46:83:20:8c:d7:7c:f3:22:c4:75:
         ba:77:eb:20:a9:43:2c:66:0b:69:d7:21:5d:97:62:6c:4d:ce:
         70:1a:2e:42:c5:e0:6b:c8:b6:3a:27:da:61:e8:a1:8b:cf:4f:
         f1:e9:2f:81:ed:f1:75:90:19:ee:cb:7c:17:7b:fd:1d:58:e8:
         86:e9:3f:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbflAvyGWA9VYIR3tNHMRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwMTAxMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTkxZmFmNTZkNTg5ZGE5MjA3ODZhNWQ2OTQ0NDllYWFlZTRhZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnF1SuVMS0SLItzqXE+iBoRExtYVb
VbregP0wYr30eQ4iOnVvxuySsFW4FFZsBu9qzB3PhHuJLR3EBqXsMAF7jjd1yaif
CwJ3DIi3+uAkoJtYshS/wWlvo4/BTiR/TIgmQkdfw0z3nYTimVnBfJl9rjV9fzAe
AJ26w+Ri/NXOClpYOrRM8d57gDBQGlcLvZ2oF7PIDZeXrL4IwH+oNrtaQb3ACPGz
JAtOjV+bdHDxTsyLO1khVrQN8HM+O1P7tXG8UtO6/qiN1IpCP328a8ZEZJpNxMpN
2Aawsx6SEsSyguNvMt5sSjFyYNP6Uwm/m3uvn3zROVH5sISpVuqRQk8PcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWR+vVtWJ2pIHhqXWlESequ5K1wMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvOVpINjlXMVluYWtnZUdwZGFVUko2cTdrclhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2t2MA0G
CSqGSIb3DQEBCwUAA4IBAQBNbhXOQyT79dcguEQPbCKGj3/SSjcQauzF4IWpUk0s
KPchQida+KFi7tFgpA0I7OtGYMl2BZZPu2s9I90OdMlHF07CDBhvhCHszmbQ6vEm
hOTnVwDDLUpnPenHcSYA6Gi6WeT/v2kp/rP6wjxnLFUHzvtWcYnYkzbV8kaGOybp
FwnYMFKsknbvYlTrf3fGm8KEYGw1vIZzcxD8Yq7Tf4WiK0f5iq3HabsIxBl1sWd2
snvFN+iLUD4wQs3G6kaDIIzXfPMixHW6d+sgqUMsZgtp1yFdl2JsTc5wGi5CxeBr
yLY6J9ph6KGLz0/x6S+B7fF1kBnuy3wXe/0dWOiG6T8p
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:23:10 2024 by rpki-client on console-ams.rpki-client.org