Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/551847-332d-4e27-b47a-1d591bbd4060/1/9t7BRxbZO9ea05bnK3ING9oNfsE.roa
File:                     9t7BRxbZO9ea05bnK3ING9oNfsE.roa (raw, json)
Hash identifier:          950TvVnnE1m0QAAb2JXbdK7X7a5dyF27FrWfpV4WykY=
Subject key identifier:   F6:DE:C1:47:16:D9:3B:D7:9A:D3:96:E7:2B:72:0D:1B:DA:0D:7E:C1
Certificate issuer:       /CN=29c9b04016f6f02183307c17df630a0289ec5bb5
Certificate serial:       018F3E400EE9387329FD5972375936900C91
Authority key identifier: 29:C9:B0:40:16:F6:F0:21:83:30:7C:17:DF:63:0A:02:89:EC:5B:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KcmwQBb28CGDMHwX32MKAonsW7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/551847-332d-4e27-b47a-1d591bbd4060/1/9t7BRxbZO9ea05bnK3ING9oNfsE.roa
Signing time:             Fri 03 May 2024 11:38:56 +0000
ROA not before:           Fri 03 May 2024 11:38:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29286
IP address blocks:        91.102.104.0/21 maxlen: 21
                          91.102.106.0/24 maxlen: 24
                          91.102.107.0/24 maxlen: 24
                          185.20.148.0/22 maxlen: 22
                          185.20.148.0/24 maxlen: 24
                          185.20.149.0/24 maxlen: 24
                          185.20.150.0/24 maxlen: 24
                          185.20.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/551847-332d-4e27-b47a-1d591bbd4060/1/KcmwQBb28CGDMHwX32MKAonsW7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/551847-332d-4e27-b47a-1d591bbd4060/1/KcmwQBb28CGDMHwX32MKAonsW7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KcmwQBb28CGDMHwX32MKAonsW7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3e:40:0e:e9:38:73:29:fd:59:72:37:59:36:90:0c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29c9b04016f6f02183307c17df630a0289ec5bb5
        Validity
            Not Before: May  3 11:38:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6dec14716d93bd79ad396e72b720d1bda0d7ec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ec:aa:30:89:0e:49:3a:dd:50:d9:2c:6d:c2:
                    94:88:65:5b:90:1d:56:3c:45:01:8b:09:15:c8:65:
                    62:71:fa:ad:d0:7e:83:60:8e:e4:ec:e1:14:1a:9d:
                    2f:f2:fc:c1:29:e7:49:3d:c0:5a:80:7e:48:a1:11:
                    ef:78:95:27:4c:6c:8e:a4:eb:38:84:47:59:91:ba:
                    8f:c2:05:3e:bc:41:f7:e0:54:b8:8c:e1:54:29:33:
                    c8:42:55:ec:2a:5a:dd:b4:ee:30:80:86:c3:8c:53:
                    51:43:44:ab:40:24:20:b2:ae:4a:81:05:b7:fc:10:
                    c7:77:2f:e9:75:d2:d5:a8:4b:39:38:bf:f2:9a:a7:
                    da:9e:e4:1c:ee:cd:87:44:66:ba:07:fc:fd:13:50:
                    58:98:59:6f:5c:85:cb:c0:5d:08:2c:8f:40:f0:24:
                    c0:93:84:87:4f:39:a2:b2:ec:1b:89:4e:ca:d2:d1:
                    a4:f4:70:4b:16:89:4b:a3:7c:37:03:fa:53:57:e8:
                    b9:f5:5e:d4:e2:11:d3:66:9f:ed:2c:a5:8d:a1:7f:
                    e9:87:1c:7c:42:3b:79:6d:1c:82:55:3b:ed:66:92:
                    19:30:0b:4b:23:ff:87:48:30:8f:6c:5f:a6:67:16:
                    09:72:79:cb:8f:46:b0:29:5a:2c:37:10:bf:bf:c8:
                    64:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:DE:C1:47:16:D9:3B:D7:9A:D3:96:E7:2B:72:0D:1B:DA:0D:7E:C1
            X509v3 Authority Key Identifier:
                keyid:29:C9:B0:40:16:F6:F0:21:83:30:7C:17:DF:63:0A:02:89:EC:5B:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KcmwQBb28CGDMHwX32MKAonsW7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/551847-332d-4e27-b47a-1d591bbd4060/1/9t7BRxbZO9ea05bnK3ING9oNfsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/551847-332d-4e27-b47a-1d591bbd4060/1/KcmwQBb28CGDMHwX32MKAonsW7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.104.0/21
                  185.20.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:3e:7a:aa:58:84:55:fb:e0:ed:f9:41:6d:67:c2:15:22:a9:
         c5:58:16:2e:a1:f2:12:d6:97:d7:46:3f:72:d5:d2:e2:df:19:
         dd:11:74:8b:74:fa:bd:b4:5b:63:aa:0b:84:39:83:0c:84:5f:
         5d:34:5b:39:1b:df:0e:8d:55:50:4d:ba:4d:f7:36:16:db:75:
         06:18:b1:07:43:b0:97:8a:52:c4:7e:0a:44:b6:2f:fe:42:b3:
         4c:84:3f:b1:76:70:87:3a:cb:ab:37:d8:fb:12:84:4b:24:20:
         e2:03:33:43:40:c6:ea:38:44:b5:b8:b6:1f:e6:22:69:c3:1b:
         cb:50:f5:57:f8:fb:06:e8:cb:9e:b9:1b:5a:c5:61:fd:12:74:
         4d:74:d0:6f:2f:21:da:b0:28:67:c4:2f:f8:8e:f3:ca:15:60:
         ad:87:5a:cc:cb:71:a1:42:f0:99:97:32:1f:cc:0a:69:e1:25:
         cc:b6:84:1a:79:b0:99:26:57:dc:44:77:82:fa:ca:03:6f:19:
         e8:68:77:e6:ca:42:b4:6b:17:09:86:da:e7:60:5b:e3:87:e4:
         cc:c3:a2:27:79:e9:19:4f:6a:92:59:78:f5:14:c8:65:b3:c8:
         e3:09:6e:e1:ea:47:41:46:02:1e:47:91:17:8e:ca:e9:55:74:
         75:4d:e3:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8+QA7pOHMp/VlyN1k2kAyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YzliMDQwMTZmNmYwMjE4MzMwN2MxN2RmNjMwYTAyODll
YzViYjUwHhcNMjQwNTAzMTEzODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmRlYzE0NzE2ZDkzYmQ3OWFkMzk2ZTcyYjcyMGQxYmRhMGQ3ZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeyqMIkOSTrdUNksbcKUiGVbkB1W
PEUBiwkVyGVicfqt0H6DYI7k7OEUGp0v8vzBKedJPcBagH5IoRHveJUnTGyOpOs4
hEdZkbqPwgU+vEH34FS4jOFUKTPIQlXsKlrdtO4wgIbDjFNRQ0SrQCQgsq5KgQW3
/BDHdy/pddLVqEs5OL/ymqfanuQc7s2HRGa6B/z9E1BYmFlvXIXLwF0ILI9A8CTA
k4SHTzmisuwbiU7K0tGk9HBLFolLo3w3A/pTV+i59V7U4hHTZp/tLKWNoX/phxx8
Qjt5bRyCVTvtZpIZMAtLI/+HSDCPbF+mZxYJcnnLj0awKVosNxC/v8hk+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPbewUcW2TvXmtOW5ytyDRvaDX7BMB8GA1UdIwQY
MBaAFCnJsEAW9vAhgzB8F99jCgKJ7Fu1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2Ntd1FCYjI4Q0dETUh3WDMyTUtBb25zVzdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81NTE4NDctMzMyZC00ZTI3LWI0N2Et
MWQ1OTFiYmQ0MDYwLzEvOXQ3QlJ4YlpPOWVhMDVibkszSU5HOW9OZnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81NTE4NDctMzMyZC00ZTI3LWI0N2EtMWQ1OTFiYmQ0MDYw
LzEvS2Ntd1FCYjI4Q0dETUh3WDMyTUtBb25zVzdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDW2ZoAwQC
uRSUMA0GCSqGSIb3DQEBCwUAA4IBAQBOPnqqWIRV++Dt+UFtZ8IVIqnFWBYuofIS
1pfXRj9y1dLi3xndEXSLdPq9tFtjqguEOYMMhF9dNFs5G98OjVVQTbpN9zYW23UG
GLEHQ7CXilLEfgpEti/+QrNMhD+xdnCHOsurN9j7EoRLJCDiAzNDQMbqOES1uLYf
5iJpwxvLUPVX+PsG6MueuRtaxWH9EnRNdNBvLyHasChnxC/4jvPKFWCth1rMy3Gh
QvCZlzIfzApp4SXMtoQaebCZJlfcRHeC+soDbxnoaHfmykK0axcJhtrnYFvjh+TM
w6IneekZT2qSWXj1FMhls8jjCW7h6kdBRgIeR5EXjsrpVXR1TeO0
-----END CERTIFICATE-----
Generated at Tue Nov 26 05:17:36 2024 by rpki-client on console-fra.rpki-client.org