Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/BfqmmtYmqYuArDUKy7o7y3-o8cU.roa
File:                     BfqmmtYmqYuArDUKy7o7y3-o8cU.roa (raw, json)
Hash identifier:          1xNaPJGkuqt18QN9Q7a2gkIyy1ndibL0j4REaz18DyY=
Subject key identifier:   05:FA:A6:9A:D6:26:A9:8B:80:AC:35:0A:CB:BA:3B:CB:7F:A8:F1:C5
Certificate issuer:       /CN=f966238becd356df87d0c630248123f8f219e18c
Certificate serial:       018E2DC05C83D5E01FA3823844C3AC3DF6E3
Authority key identifier: F9:66:23:8B:EC:D3:56:DF:87:D0:C6:30:24:81:23:F8:F2:19:E1:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/BfqmmtYmqYuArDUKy7o7y3-o8cU.roa
Signing time:             Mon 11 Mar 2024 13:42:45 +0000
ROA not before:           Mon 11 Mar 2024 13:42:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35493
IP address blocks:        91.237.168.0/23 maxlen: 23
                          91.237.170.0/24 maxlen: 24
                          185.90.164.0/22 maxlen: 22
                          2a05:e300::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:c0:5c:83:d5:e0:1f:a3:82:38:44:c3:ac:3d:f6:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f966238becd356df87d0c630248123f8f219e18c
        Validity
            Not Before: Mar 11 13:42:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05faa69ad626a98b80ac350acbba3bcb7fa8f1c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5f:9f:0d:5c:6b:ea:6b:88:6b:74:c7:64:a0:
                    c8:9f:25:98:a5:a6:e5:11:1f:6e:62:b6:6c:92:8a:
                    79:1e:be:d4:3f:18:14:ad:c2:43:3f:26:ea:2c:68:
                    ef:cd:d9:37:8e:a3:57:12:eb:0d:c3:a7:d9:5b:96:
                    83:63:f9:6b:ee:66:5d:4a:48:84:15:a0:c4:26:75:
                    b3:ac:47:90:1c:89:cf:53:c1:e6:73:74:9d:66:04:
                    9a:f9:b8:34:00:36:f8:45:c8:26:35:76:92:f6:50:
                    1c:9e:13:46:7a:e3:24:11:63:09:5a:03:dd:3d:69:
                    31:59:1e:52:50:e5:ea:f7:9e:ec:b7:a1:fb:32:ac:
                    14:54:75:f7:12:55:25:5a:f7:9f:c5:fd:1c:f9:85:
                    ac:6b:46:4f:72:7a:00:16:2d:63:f0:90:8b:31:d8:
                    f5:02:43:3c:06:6d:b5:1f:6a:b0:0e:69:0b:e9:d5:
                    ed:b2:33:de:bf:0e:03:71:c7:d7:b7:c6:6a:6c:67:
                    21:a9:81:f2:2f:f9:77:3f:90:f2:c8:a6:84:0c:15:
                    03:37:1c:73:97:14:51:73:53:02:2d:eb:d5:8c:1f:
                    06:6d:7c:bd:73:37:0f:45:02:53:99:13:fd:bb:f2:
                    7c:f1:ea:23:4d:ad:ad:42:a0:3a:9a:f0:6b:a7:ce:
                    ce:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:FA:A6:9A:D6:26:A9:8B:80:AC:35:0A:CB:BA:3B:CB:7F:A8:F1:C5
            X509v3 Authority Key Identifier:
                keyid:F9:66:23:8B:EC:D3:56:DF:87:D0:C6:30:24:81:23:F8:F2:19:E1:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/BfqmmtYmqYuArDUKy7o7y3-o8cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a8ece7-2b6c-4451-8b3d-332dbd9a60af/1/1-WYji-zTVt-H0MYwJIEj-PIZ4Yw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.168.0-91.237.170.255
                  185.90.164.0/22
                IPv6:
                  2a05:e300::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:09:ca:81:63:c4:50:2a:0c:b0:26:23:b0:37:cf:17:17:3c:
         1c:9b:ec:84:d9:ea:b5:ca:01:0c:0f:2c:18:b9:bc:9d:9b:3f:
         59:a6:db:bf:cd:a9:62:4b:6b:1f:a9:00:ca:c9:cc:6d:bf:c2:
         1c:16:59:bb:74:df:09:7e:50:50:9b:a4:9f:3b:38:d3:fc:a1:
         aa:5c:27:d3:d7:2c:c2:61:39:3d:1e:86:26:8c:f4:95:7c:1a:
         ea:4d:b4:b4:2b:bc:06:b0:ad:ba:cc:f5:85:8c:45:87:34:cf:
         7a:de:95:c1:fc:6f:c5:4a:8c:00:54:6a:22:f7:8c:6d:95:aa:
         7c:19:cb:01:87:01:3d:d4:6d:77:c3:9d:79:9b:8f:c7:3f:8c:
         be:ae:9a:8e:2f:f3:01:55:6a:10:9a:f1:65:fe:34:1f:bf:e1:
         d1:76:db:f8:d6:31:52:1f:3e:a4:be:17:df:6e:48:09:5e:c8:
         69:85:b5:66:a0:97:26:d4:ae:ac:a6:6b:d4:14:0b:ad:4d:4b:
         db:6c:29:7d:3f:bd:b8:b0:2d:a7:53:8e:5a:63:47:08:34:38:
         71:8f:5d:90:5c:35:05:a5:a1:4e:6b:c6:4a:53:af:05:ad:9f:
         d4:5f:4c:67:ca:9e:00:93:d7:bd:f7:86:46:be:aa:4f:b9:87:
         11:fb:ab:14
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAY4twFyD1eAfo4I4RMOsPfbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NjYyMzhiZWNkMzU2ZGY4N2QwYzYzMDI0ODEyM2Y4ZjIx
OWUxOGMwHhcNMjQwMzExMTM0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWZhYTY5YWQ2MjZhOThiODBhYzM1MGFjYmJhM2JjYjdmYThmMWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV+fDVxr6muIa3THZKDInyWYpabl
ER9uYrZskop5Hr7UPxgUrcJDPybqLGjvzdk3jqNXEusNw6fZW5aDY/lr7mZdSkiE
FaDEJnWzrEeQHInPU8Hmc3SdZgSa+bg0ADb4RcgmNXaS9lAcnhNGeuMkEWMJWgPd
PWkxWR5SUOXq957st6H7MqwUVHX3ElUlWvefxf0c+YWsa0ZPcnoAFi1j8JCLMdj1
AkM8Bm21H2qwDmkL6dXtsjPevw4DccfXt8ZqbGchqYHyL/l3P5DyyKaEDBUDNxxz
lxRRc1MCLevVjB8GbXy9czcPRQJTmRP9u/J88eojTa2tQqA6mvBrp87OZQIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFAX6pprWJqmLgKw1Csu6O8t/qPHFMB8GA1UdIwQY
MBaAFPlmI4vs01bfh9DGMCSBI/jyGeGMMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1XWWppLXpUVnQtSDBNWXdKSUVqLVBJWjRZdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjcvYThlY2U3LTJiNmMtNDQ1MS04YjNk
LTMzMmRiZDlhNjBhZi8xL0JmcW1tdFltcVl1QXJEVUt5N283eTMtbzhjVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjcvYThlY2U3LTJiNmMtNDQ1MS04YjNkLTMzMmRiZDlhNjBh
Zi8xLzEtV1lqaS16VFZ0LUgwTVl3SklFai1QSVo0WXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPAYIKwYBBQUHAQcBAf8ELTArMBoEAgABMBQwDAMEA1vt
qAMEAFvtqgMEArlapDANBAIAAjAHAwUDKgXjADANBgkqhkiG9w0BAQsFAAOCAQEA
rAnKgWPEUCoMsCYjsDfPFxc8HJvshNnqtcoBDA8sGLm8nZs/Wabbv82pYktrH6kA
ysnMbb/CHBZZu3TfCX5QUJuknzs40/yhqlwn09cswmE5PR6GJoz0lXwa6k20tCu8
BrCtusz1hYxFhzTPet6VwfxvxUqMAFRqIveMbZWqfBnLAYcBPdRtd8OdeZuPxz+M
vq6aji/zAVVqEJrxZf40H7/h0Xbb+NYxUh8+pL4X325ICV7IaYW1ZqCXJtSurKZr
1BQLrU1L22wpfT+9uLAtp1OOWmNHCDQ4cY9dkFw1BaWhTmvGSlOvBa2f1F9MZ8qe
AJPXvfeGRr6qT7mHEfurFA==
-----END CERTIFICATE-----
Generated at Tue Dec 3 14:55:10 2024 by rpki-client on console-fra.rpki-client.org