Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/721920-939b-412b-a3c5-2329d79c4ae3/1/mRTPNMawoMdETspK2oU33oh1kG0.roa
File:                     mRTPNMawoMdETspK2oU33oh1kG0.roa (raw, json)
Hash identifier:          EhKaWepSUb3nrwQpTELo6r2LK2elC2AN/Sx6f5wska4=
Subject key identifier:   99:14:CF:34:C6:B0:A0:C7:44:4E:CA:4A:DA:85:37:DE:88:75:90:6D
Certificate issuer:       /CN=d8073d06b58652f849fa8bcf3cec6b950909bd68
Certificate serial:       0190DAB2A480466AF70FDEABFEBA6F550E0F
Authority key identifier: D8:07:3D:06:B5:86:52:F8:49:FA:8B:CF:3C:EC:6B:95:09:09:BD:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Ac9BrWGUvhJ-ovPPOxrlQkJvWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/721920-939b-412b-a3c5-2329d79c4ae3/1/mRTPNMawoMdETspK2oU33oh1kG0.roa
Signing time:             Mon 22 Jul 2024 13:47:38 +0000
ROA not before:           Mon 22 Jul 2024 13:47:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61121
IP address blocks:        91.212.151.0/24 maxlen: 24
                          185.18.4.0/22 maxlen: 24
                          185.18.4.0/23 maxlen: 24
                          185.18.4.0/24 maxlen: 24
                          185.18.5.0/24 maxlen: 24
                          185.18.6.0/23 maxlen: 24
                          185.18.6.0/24 maxlen: 24
                          185.18.7.0/24 maxlen: 24
                          2a03:f1c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/721920-939b-412b-a3c5-2329d79c4ae3/1/2Ac9BrWGUvhJ-ovPPOxrlQkJvWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/721920-939b-412b-a3c5-2329d79c4ae3/1/2Ac9BrWGUvhJ-ovPPOxrlQkJvWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Ac9BrWGUvhJ-ovPPOxrlQkJvWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:da:b2:a4:80:46:6a:f7:0f:de:ab:fe:ba:6f:55:0e:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8073d06b58652f849fa8bcf3cec6b950909bd68
        Validity
            Not Before: Jul 22 13:47:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9914cf34c6b0a0c7444eca4ada8537de8875906d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f6:3c:c8:d5:f8:18:68:56:39:a5:1d:7e:48:
                    16:27:5b:2e:af:b4:55:5b:ca:25:d0:42:c5:1f:92:
                    3c:2a:f6:20:5c:76:76:23:bd:fe:fd:26:e0:5e:ae:
                    4b:fd:d5:e1:6e:1e:9a:b4:bf:d6:26:61:98:d4:f9:
                    2b:4f:1d:cd:69:b8:03:63:09:be:de:8d:d7:54:90:
                    9c:0d:4f:52:5b:21:b9:ee:12:b9:d6:32:06:19:94:
                    9e:60:77:6b:5d:5b:09:c0:00:2b:7b:95:5a:f1:64:
                    4b:b0:4b:4b:15:bd:07:b2:b0:d3:c5:c4:dc:28:90:
                    ff:c5:6b:a0:f5:aa:58:ad:9d:a6:24:82:ec:87:2b:
                    79:81:55:74:c5:65:1b:d9:65:6a:69:4d:25:53:1b:
                    72:28:05:d4:9a:eb:a6:12:5a:12:1c:3b:e5:1e:89:
                    47:b9:1a:14:bd:37:fa:66:90:5a:26:c1:08:c8:23:
                    f6:66:4e:a1:be:a3:8b:8b:53:7b:b5:54:50:05:78:
                    dd:b3:f1:68:c7:16:3b:57:d7:bb:68:ac:8f:f7:5e:
                    24:51:33:a4:f6:c1:6e:a7:d2:6a:45:eb:a5:05:b8:
                    ff:45:a5:d5:df:84:e2:6a:ba:36:6e:21:9f:c5:de:
                    45:ee:9e:a9:fc:56:87:50:d3:69:b5:08:85:65:a4:
                    32:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:14:CF:34:C6:B0:A0:C7:44:4E:CA:4A:DA:85:37:DE:88:75:90:6D
            X509v3 Authority Key Identifier:
                keyid:D8:07:3D:06:B5:86:52:F8:49:FA:8B:CF:3C:EC:6B:95:09:09:BD:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Ac9BrWGUvhJ-ovPPOxrlQkJvWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/721920-939b-412b-a3c5-2329d79c4ae3/1/mRTPNMawoMdETspK2oU33oh1kG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/721920-939b-412b-a3c5-2329d79c4ae3/1/2Ac9BrWGUvhJ-ovPPOxrlQkJvWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.151.0/24
                  185.18.4.0/22
                IPv6:
                  2a03:f1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:fa:58:36:2c:5f:09:ac:37:9a:ae:38:9d:f4:ef:71:e5:44:
         21:e0:b1:09:7a:f4:45:68:7f:16:b9:71:36:39:8b:5c:9e:7b:
         ef:28:21:f7:f8:56:a7:d0:57:d0:7f:00:b7:0c:2f:1e:4b:5b:
         76:37:7e:87:df:ae:9d:ec:00:7e:d6:f4:e9:a9:4f:4a:57:bc:
         73:07:2f:6c:db:f7:8a:cd:a4:47:53:f8:d7:f9:a9:cb:92:d0:
         a5:44:de:54:84:a8:54:9f:81:2f:fa:7e:98:d0:dd:19:99:aa:
         96:52:ee:f2:59:99:37:5d:af:5e:57:93:00:7e:fb:fc:96:38:
         e6:14:5a:c8:d6:1f:82:8b:4e:08:e5:90:13:e5:57:c1:e8:36:
         7c:43:63:af:9f:ee:45:df:f6:ef:4e:66:70:d8:6e:94:4b:37:
         f3:85:5b:a1:57:18:09:ee:5a:82:1a:80:88:6f:38:3d:4a:28:
         b0:31:53:4f:bd:d3:7b:54:0d:02:89:b6:e0:af:77:a2:ee:b6:
         70:33:c8:8c:bb:ea:49:c9:54:5b:b7:06:6e:0c:0b:47:51:54:
         ec:c1:e5:af:58:4e:ac:68:f6:bb:4d:e1:fb:1b:36:64:d1:2b:
         b6:56:4d:00:4c:bf:f2:3f:5f:f5:28:e2:aa:fd:37:ac:5d:40:
         16:14:fa:7a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZDasqSARmr3D96r/rpvVQ4PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MDczZDA2YjU4NjUyZjg0OWZhOGJjZjNjZWM2Yjk1MDkw
OWJkNjgwHhcNMjQwNzIyMTM0NzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTE0Y2YzNGM2YjBhMGM3NDQ0ZWNhNGFkYTg1MzdkZTg4NzU5MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/Y8yNX4GGhWOaUdfkgWJ1sur7RV
W8ol0ELFH5I8KvYgXHZ2I73+/SbgXq5L/dXhbh6atL/WJmGY1PkrTx3NabgDYwm+
3o3XVJCcDU9SWyG57hK51jIGGZSeYHdrXVsJwAAre5Va8WRLsEtLFb0HsrDTxcTc
KJD/xWug9apYrZ2mJILshyt5gVV0xWUb2WVqaU0lUxtyKAXUmuumEloSHDvlHolH
uRoUvTf6ZpBaJsEIyCP2Zk6hvqOLi1N7tVRQBXjds/FoxxY7V9e7aKyP914kUTOk
9sFup9JqReulBbj/RaXV34Tiaro2biGfxd5F7p6p/FaHUNNptQiFZaQyAQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJkUzzTGsKDHRE7KStqFN96IdZBtMB8GA1UdIwQY
MBaAFNgHPQa1hlL4SfqLzzzsa5UJCb1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkFjOUJyV0dVdmhKLW92UFBPeHJsUWtKdldnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83MjE5MjAtOTM5Yi00MTJiLWEzYzUt
MjMyOWQ3OWM0YWUzLzEvbVJUUE5NYXdvTWRFVHNwSzJvVTMzb2gxa0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83MjE5MjAtOTM5Yi00MTJiLWEzYzUtMjMyOWQ3OWM0YWUz
LzEvMkFjOUJyV0dVdmhKLW92UFBPeHJsUWtKdldnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9SXAwQC
uRIEMA0EAgACMAcDBQAqA/HAMA0GCSqGSIb3DQEBCwUAA4IBAQA3+lg2LF8JrDea
rjid9O9x5UQh4LEJevRFaH8WuXE2OYtcnnvvKCH3+Fan0FfQfwC3DC8eS1t2N36H
366d7AB+1vTpqU9KV7xzBy9s2/eKzaRHU/jX+anLktClRN5UhKhUn4Ev+n6Y0N0Z
maqWUu7yWZk3Xa9eV5MAfvv8ljjmFFrI1h+Ci04I5ZAT5VfB6DZ8Q2Ovn+5F3/bv
TmZw2G6USzfzhVuhVxgJ7lqCGoCIbzg9SiiwMVNPvdN7VA0Cibbgr3ei7rZwM8iM
u+pJyVRbtwZuDAtHUVTsweWvWE6saPa7TeH7GzZk0Su2Vk0ATL/yP1/1KOKq/Tes
XUAWFPp6
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:12:12 2024 by rpki-client on console-ams.rpki-client.org