Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/deb874-f90b-42c4-bcd2-47bbf21eac9f/1/0VYfZFEB26ikOJ9COwbeRi2GgdY.roa
File:                     0VYfZFEB26ikOJ9COwbeRi2GgdY.roa (raw, json)
Hash identifier:          r8yv0ueMSoDoHyQNoR4OyfnU9xE7+atgKXZqF+i3Bus=
Subject key identifier:   D1:56:1F:64:51:01:DB:A8:A4:38:9F:42:3B:06:DE:46:2D:86:81:D6
Certificate issuer:       /CN=ad10cdd0b8b73304c985fde1b10e40182bf13902
Certificate serial:       018CC5DC92CE2F22ED3B2AB90F6C7F015C97
Authority key identifier: AD:10:CD:D0:B8:B7:33:04:C9:85:FD:E1:B1:0E:40:18:2B:F1:39:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rRDN0Li3MwTJhf3hsQ5AGCvxOQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/deb874-f90b-42c4-bcd2-47bbf21eac9f/1/0VYfZFEB26ikOJ9COwbeRi2GgdY.roa
Signing time:             Mon 01 Jan 2024 16:30:16 +0000
ROA not before:           Mon 01 Jan 2024 16:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57442
IP address blocks:        91.232.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/deb874-f90b-42c4-bcd2-47bbf21eac9f/1/rRDN0Li3MwTJhf3hsQ5AGCvxOQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/deb874-f90b-42c4-bcd2-47bbf21eac9f/1/rRDN0Li3MwTJhf3hsQ5AGCvxOQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rRDN0Li3MwTJhf3hsQ5AGCvxOQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:92:ce:2f:22:ed:3b:2a:b9:0f:6c:7f:01:5c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad10cdd0b8b73304c985fde1b10e40182bf13902
        Validity
            Not Before: Jan  1 16:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1561f645101dba8a4389f423b06de462d8681d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:18:b5:cc:80:5d:f7:a6:4e:61:fd:ca:03:0b:
                    39:ab:9d:a3:66:29:c0:02:9d:f0:8e:a8:1c:f9:9f:
                    0c:f9:32:ca:b6:45:89:23:93:de:6a:8a:e1:a8:f1:
                    a4:23:5c:19:3c:6c:f3:b5:1a:6e:8d:44:25:00:80:
                    d6:8d:ea:37:97:1f:d9:b8:84:20:7e:73:14:c4:4f:
                    ce:fd:45:8c:ef:53:37:7a:13:4c:94:d7:a1:3d:c1:
                    69:4e:b9:a3:37:a8:91:7d:95:42:b5:59:3a:2b:b5:
                    bd:c6:92:1d:eb:a7:70:98:c4:9c:69:13:b9:15:a4:
                    37:44:3d:ac:1b:29:67:60:5a:e3:cc:ed:f1:ea:5e:
                    53:72:5d:d5:27:07:9f:95:92:52:ca:59:f5:66:49:
                    79:1c:03:5d:62:97:77:0a:1c:9a:49:76:59:7d:a6:
                    af:b3:dd:e2:da:71:1f:e9:c3:e3:1f:36:b3:91:d8:
                    ec:51:67:0d:02:4e:ec:40:ee:33:06:93:af:54:3e:
                    8a:73:02:b2:d3:da:63:6b:6a:6d:be:21:97:98:cb:
                    c1:f1:74:26:c2:70:7a:2a:4a:e9:a7:a6:14:1e:7b:
                    07:50:9a:c4:2b:8a:1a:8d:39:bc:fc:e8:e3:7b:e4:
                    42:87:e0:60:a7:9d:5a:60:24:3b:e0:fa:47:19:a2:
                    b5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:56:1F:64:51:01:DB:A8:A4:38:9F:42:3B:06:DE:46:2D:86:81:D6
            X509v3 Authority Key Identifier:
                keyid:AD:10:CD:D0:B8:B7:33:04:C9:85:FD:E1:B1:0E:40:18:2B:F1:39:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rRDN0Li3MwTJhf3hsQ5AGCvxOQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/deb874-f90b-42c4-bcd2-47bbf21eac9f/1/0VYfZFEB26ikOJ9COwbeRi2GgdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/deb874-f90b-42c4-bcd2-47bbf21eac9f/1/rRDN0Li3MwTJhf3hsQ5AGCvxOQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:8c:e2:2e:6b:82:73:d0:3b:71:e6:cb:7a:29:3a:17:6e:22:
         af:a8:4d:2b:95:ee:ed:55:3f:95:fd:24:aa:5d:7e:de:b1:23:
         86:49:37:06:21:af:28:87:a7:4a:09:92:32:12:98:d2:76:7f:
         73:31:66:41:8e:23:dc:f4:cf:4c:42:0c:47:e0:b9:08:e0:6a:
         3c:08:26:e6:41:bc:4f:60:0c:7c:e5:35:29:0e:47:a7:46:10:
         66:69:e0:f1:9e:f5:d5:6d:cc:f5:2c:86:09:02:72:da:8d:12:
         d8:d6:b5:7e:6f:8d:e7:4a:52:e2:2c:7b:30:8b:48:10:d3:ca:
         27:46:cd:dd:9e:4b:9e:39:13:90:8a:06:2c:58:1d:20:fc:7e:
         68:e5:d1:08:c3:41:2e:6b:a0:a0:c7:c1:a3:6b:72:36:58:00:
         a1:57:bb:01:ce:ff:97:42:4f:1b:97:66:83:34:b0:5e:f1:b6:
         f8:ee:e8:95:f9:13:9e:6c:fc:00:4f:92:ae:d5:5e:8e:45:85:
         8c:a1:27:4c:9d:73:75:4b:27:98:54:e9:ec:53:a5:37:6a:5d:
         30:23:e5:16:0f:9c:20:06:d0:64:6a:68:a8:da:8a:e9:75:b0:
         96:17:f3:67:2b:ed:19:ea:16:eb:b7:d5:ab:fe:7d:d2:fe:1b:
         11:de:25:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JLOLyLtOyq5D2x/AVyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMTBjZGQwYjhiNzMzMDRjOTg1ZmRlMWIxMGU0MDE4MmJm
MTM5MDIwHhcNMjQwMTAxMTYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTU2MWY2NDUxMDFkYmE4YTQzODlmNDIzYjA2ZGU0NjJkODY4MWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRi1zIBd96ZOYf3KAws5q52jZinA
Ap3wjqgc+Z8M+TLKtkWJI5PeaorhqPGkI1wZPGzztRpujUQlAIDWjeo3lx/ZuIQg
fnMUxE/O/UWM71M3ehNMlNehPcFpTrmjN6iRfZVCtVk6K7W9xpId66dwmMScaRO5
FaQ3RD2sGylnYFrjzO3x6l5Tcl3VJweflZJSyln1Zkl5HANdYpd3ChyaSXZZfaav
s93i2nEf6cPjHzazkdjsUWcNAk7sQO4zBpOvVD6KcwKy09pja2ptviGXmMvB8XQm
wnB6Kkrpp6YUHnsHUJrEK4oajTm8/Ojje+RCh+Bgp51aYCQ74PpHGaK1UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFWH2RRAduopDifQjsG3kYthoHWMB8GA1UdIwQY
MBaAFK0QzdC4tzMEyYX94bEOQBgr8TkCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclJETjBMaTNNd1RKaGYzaHNRNUFHQ3Z4T1FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9kZWI4NzQtZjkwYi00MmM0LWJjZDIt
NDdiYmYyMWVhYzlmLzEvMFZZZlpGRUIyNmlrT0o5Q093YmVSaTJHZ2RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9kZWI4NzQtZjkwYi00MmM0LWJjZDItNDdiYmYyMWVhYzlm
LzEvclJETjBMaTNNd1RKaGYzaHNRNUFHQ3Z4T1FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+gVMA0G
CSqGSIb3DQEBCwUAA4IBAQCkjOIua4Jz0Dtx5st6KToXbiKvqE0rle7tVT+V/SSq
XX7esSOGSTcGIa8oh6dKCZIyEpjSdn9zMWZBjiPc9M9MQgxH4LkI4Go8CCbmQbxP
YAx85TUpDkenRhBmaeDxnvXVbcz1LIYJAnLajRLY1rV+b43nSlLiLHswi0gQ08on
Rs3dnkueOROQigYsWB0g/H5o5dEIw0Eua6Cgx8Gja3I2WAChV7sBzv+XQk8bl2aD
NLBe8bb47uiV+ROebPwAT5Ku1V6ORYWMoSdMnXN1SyeYVOnsU6U3al0wI+UWD5wg
BtBkamio2orpdbCWF/NnK+0Z6hbrt9Wr/n3S/hsR3iXX
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:53:21 2024 by rpki-client on console-ams.rpki-client.org