Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f1944b-101a-4181-a36b-2c2707736fdb/1/Ca0WFketL5hpuFocqhamKViUnT8.roa
File:                     Ca0WFketL5hpuFocqhamKViUnT8.roa (raw, json)
Hash identifier:          pgsuHNvSm3bCVnJtMa/zSfgMaoCv52BfvrtZrsFHnRw=
Subject key identifier:   09:AD:16:16:47:AD:2F:98:69:B8:5A:1C:AA:16:A6:29:58:94:9D:3F
Certificate issuer:       /CN=035e5285dedc35ab63527048b366ee553806ce04
Certificate serial:       018CC7259CFF0E16DB5A9BAF0E4F31F9BEA0
Authority key identifier: 03:5E:52:85:DE:DC:35:AB:63:52:70:48:B3:66:EE:55:38:06:CE:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A15Shd7cNatjUnBIs2buVTgGzgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f1944b-101a-4181-a36b-2c2707736fdb/1/Ca0WFketL5hpuFocqhamKViUnT8.roa
Signing time:             Mon 01 Jan 2024 22:29:40 +0000
ROA not before:           Mon 01 Jan 2024 22:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31463
IP address blocks:        91.213.208.0/24 maxlen: 24
                          91.213.217.0/24 maxlen: 24
                          91.213.215.0/24 maxlen: 24
                          91.213.220.0/24 maxlen: 24
                          2a0f:64c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f1944b-101a-4181-a36b-2c2707736fdb/1/A15Shd7cNatjUnBIs2buVTgGzgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f1944b-101a-4181-a36b-2c2707736fdb/1/A15Shd7cNatjUnBIs2buVTgGzgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A15Shd7cNatjUnBIs2buVTgGzgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:9c:ff:0e:16:db:5a:9b:af:0e:4f:31:f9:be:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=035e5285dedc35ab63527048b366ee553806ce04
        Validity
            Not Before: Jan  1 22:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09ad161647ad2f9869b85a1caa16a62958949d3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3a:79:10:c8:90:bb:f9:1f:37:cd:5b:9c:05:
                    16:42:56:ca:d3:21:f5:6a:7a:f4:03:a3:0c:e3:43:
                    ca:89:5c:3e:84:cc:f5:06:2c:36:a3:9b:36:e5:35:
                    e0:80:2f:d0:a0:e8:9d:8b:40:e1:6d:07:b7:33:9d:
                    30:52:0d:b3:cb:bf:e8:b0:e3:e0:d8:1a:f2:5f:03:
                    29:fe:ce:30:5b:b2:02:b6:70:19:f0:58:99:3a:6c:
                    b0:4f:f7:ff:06:df:01:cc:72:65:46:1c:97:47:92:
                    07:d1:2f:c2:94:db:da:4c:35:0d:27:31:f8:f8:66:
                    bf:f0:00:aa:65:ac:78:a4:c4:e9:32:0d:73:7b:68:
                    d0:5a:0d:86:c2:51:27:b1:c1:eb:9f:5f:20:80:7a:
                    07:84:61:41:c9:7c:79:94:43:23:7f:99:0a:0c:40:
                    c9:68:21:2f:ca:5a:d7:30:a4:43:37:39:5c:f4:b8:
                    6a:95:7f:84:cb:1f:34:0a:e0:3d:d4:4b:e0:59:a8:
                    1d:94:16:98:d1:6b:dd:08:7a:12:1b:a5:cd:71:5d:
                    cc:e7:cd:0c:33:fb:43:96:b9:3a:61:0b:48:53:fb:
                    27:33:8f:49:3a:c0:41:9d:78:04:40:b9:c7:9e:ff:
                    0a:9e:5e:d9:39:7b:ed:62:9c:51:19:8d:72:bd:87:
                    f3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:AD:16:16:47:AD:2F:98:69:B8:5A:1C:AA:16:A6:29:58:94:9D:3F
            X509v3 Authority Key Identifier:
                keyid:03:5E:52:85:DE:DC:35:AB:63:52:70:48:B3:66:EE:55:38:06:CE:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A15Shd7cNatjUnBIs2buVTgGzgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f1944b-101a-4181-a36b-2c2707736fdb/1/Ca0WFketL5hpuFocqhamKViUnT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f1944b-101a-4181-a36b-2c2707736fdb/1/A15Shd7cNatjUnBIs2buVTgGzgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.208.0/24
                  91.213.215.0/24
                  91.213.217.0/24
                  91.213.220.0/24
                IPv6:
                  2a0f:64c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:3a:22:c1:4c:e4:df:1e:c9:69:08:af:17:4e:e7:b8:1f:97:
         4e:c0:a3:88:e4:10:35:df:fb:e8:5f:97:78:73:73:e0:a5:66:
         01:26:ee:2c:72:c3:1a:1b:2f:46:db:a0:64:f7:e9:49:38:a2:
         98:13:33:16:4e:03:f0:58:67:fc:85:18:9e:86:89:c2:6e:6c:
         ab:dd:99:a2:2c:c7:df:85:41:5b:1a:30:79:5a:43:89:71:32:
         42:06:9f:26:54:53:07:f6:30:52:7f:43:29:8f:7f:5d:79:a9:
         89:4e:0c:5f:16:c0:49:5f:34:2f:4d:29:6c:a2:3c:47:e7:24:
         4e:f7:aa:53:d0:bf:17:3f:90:35:02:51:8f:39:ea:16:6d:98:
         b8:14:a8:b3:df:a5:b5:5b:94:42:e6:55:b6:9e:6e:ee:4b:54:
         8f:c1:55:d6:84:7a:f7:88:0d:b9:99:17:8b:09:c8:cf:98:ba:
         ba:85:f3:13:3a:1a:c4:b0:22:81:52:5f:c9:a6:0b:cf:ed:3d:
         3c:ce:2f:bd:d8:81:a9:19:4a:12:69:e8:85:17:e6:ca:73:2c:
         2b:ab:78:26:fe:16:21:ab:e7:11:84:e1:8b:78:fd:6c:4e:a3:
         40:4e:91:33:3a:5d:1b:3a:ba:b4:af:e8:2c:d1:e8:cd:b6:19:
         3a:7c:f2:c6
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzHJZz/DhbbWpuvDk8x+b6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNWU1Mjg1ZGVkYzM1YWI2MzUyNzA0OGIzNjZlZTU1Mzgw
NmNlMDQwHhcNMjQwMTAxMjIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWFkMTYxNjQ3YWQyZjk4NjliODVhMWNhYTE2YTYyOTU4OTQ5ZDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjp5EMiQu/kfN81bnAUWQlbK0yH1
anr0A6MM40PKiVw+hMz1Biw2o5s25TXggC/QoOidi0DhbQe3M50wUg2zy7/osOPg
2BryXwMp/s4wW7ICtnAZ8FiZOmywT/f/Bt8BzHJlRhyXR5IH0S/ClNvaTDUNJzH4
+Ga/8ACqZax4pMTpMg1ze2jQWg2GwlEnscHrn18ggHoHhGFByXx5lEMjf5kKDEDJ
aCEvylrXMKRDNzlc9LhqlX+Eyx80CuA91EvgWagdlBaY0WvdCHoSG6XNcV3M580M
M/tDlrk6YQtIU/snM49JOsBBnXgEQLnHnv8Knl7ZOXvtYpxRGY1yvYfzOwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFAmtFhZHrS+YabhaHKoWpilYlJ0/MB8GA1UdIwQY
MBaAFANeUoXe3DWrY1JwSLNm7lU4Bs4EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTE1U2hkN2NOYXRqVW5CSXMyYnVWVGdHemdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mMTk0NGItMTAxYS00MTgxLWEzNmIt
MmMyNzA3NzM2ZmRiLzEvQ2EwV0ZrZXRMNWhwdUZvY3FoYW1LVmlVblQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mMTk0NGItMTAxYS00MTgxLWEzNmItMmMyNzA3NzM2ZmRi
LzEvQTE1U2hkN2NOYXRqVW5CSXMyYnVWVGdHemdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAW9XQAwQA
W9XXAwQAW9XZAwQAW9XcMA0EAgACMAcDBQMqD2TAMA0GCSqGSIb3DQEBCwUAA4IB
AQAmOiLBTOTfHslpCK8XTue4H5dOwKOI5BA13/voX5d4c3PgpWYBJu4scsMaGy9G
26Bk9+lJOKKYEzMWTgPwWGf8hRiehonCbmyr3ZmiLMffhUFbGjB5WkOJcTJCBp8m
VFMH9jBSf0Mpj39deamJTgxfFsBJXzQvTSlsojxH5yRO96pT0L8XP5A1AlGPOeoW
bZi4FKiz36W1W5RC5lW2nm7uS1SPwVXWhHr3iA25mReLCcjPmLq6hfMTOhrEsCKB
Ul/JpgvP7T08zi+92IGpGUoSaeiFF+bKcywrq3gm/hYhq+cRhOGLeP1sTqNATpEz
Ol0bOrq0r+gs0ejNthk6fPLG
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:53:12 2024 by rpki-client on console-fra.rpki-client.org