Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/2dafbc-52ee-4c7b-b006-a786cebe20d3/1/gHM6xuAr69APYekQj0DwqbGY8yo.roa
File:                     gHM6xuAr69APYekQj0DwqbGY8yo.roa (raw, json)
Hash identifier:          VTMKW5xoxQwrL4XabkecmVnlryJsQoaHdO9PCCL8XCg=
Subject key identifier:   80:73:3A:C6:E0:2B:EB:D0:0F:61:E9:10:8F:40:F0:A9:B1:98:F3:2A
Certificate issuer:       /CN=2ebff6cfb8326b447295a11b107868212e665fdd
Certificate serial:       018CC80183905E7163F816F80D2EF9339CE1
Authority key identifier: 2E:BF:F6:CF:B8:32:6B:44:72:95:A1:1B:10:78:68:21:2E:66:5F:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lr_2z7gya0RylaEbEHhoIS5mX90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/2dafbc-52ee-4c7b-b006-a786cebe20d3/1/gHM6xuAr69APYekQj0DwqbGY8yo.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56428
IP address blocks:        91.223.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/2dafbc-52ee-4c7b-b006-a786cebe20d3/1/Lr_2z7gya0RylaEbEHhoIS5mX90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/2dafbc-52ee-4c7b-b006-a786cebe20d3/1/Lr_2z7gya0RylaEbEHhoIS5mX90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lr_2z7gya0RylaEbEHhoIS5mX90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:83:90:5e:71:63:f8:16:f8:0d:2e:f9:33:9c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ebff6cfb8326b447295a11b107868212e665fdd
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80733ac6e02bebd00f61e9108f40f0a9b198f32a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f6:97:d3:d7:4f:54:a0:64:7e:38:b4:77:4d:
                    81:89:ce:84:4a:44:8d:1a:fe:15:9f:e5:c1:5e:74:
                    d1:ca:a2:9f:29:83:7e:36:21:9b:c0:1f:b8:5f:31:
                    9f:6f:db:82:e2:6d:d5:45:02:79:b7:75:49:27:5f:
                    4c:cc:00:e1:65:83:81:a0:bf:85:48:3a:8a:81:30:
                    09:91:bd:41:e7:ea:89:c4:97:92:1e:78:68:d2:b0:
                    8d:b6:85:04:38:a6:f4:8f:a2:f0:4a:83:4e:b4:9b:
                    be:87:63:79:dc:13:de:74:16:d8:84:43:e8:c5:9d:
                    c6:1f:7d:b6:1c:d2:b4:2b:ff:0a:f9:9a:56:54:6d:
                    80:18:85:18:0f:d5:05:0e:50:8f:a4:96:b1:a9:11:
                    c7:55:5b:e0:2f:46:6c:89:bc:94:fc:0f:16:df:c5:
                    81:13:30:b8:82:7c:92:d6:93:f6:19:9e:99:64:90:
                    ec:dd:bf:f3:9e:1b:88:22:31:e3:f5:c4:15:11:13:
                    dd:03:62:61:ae:4a:b7:22:35:f2:09:67:c9:a3:2f:
                    c3:c8:5d:f7:eb:5b:1c:de:57:eb:51:1c:3c:a1:9c:
                    19:78:10:d2:30:24:52:46:8a:9a:d4:7d:90:64:6a:
                    34:27:ce:39:b4:0b:52:5a:9c:0c:ba:37:f0:34:51:
                    00:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:73:3A:C6:E0:2B:EB:D0:0F:61:E9:10:8F:40:F0:A9:B1:98:F3:2A
            X509v3 Authority Key Identifier:
                keyid:2E:BF:F6:CF:B8:32:6B:44:72:95:A1:1B:10:78:68:21:2E:66:5F:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lr_2z7gya0RylaEbEHhoIS5mX90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/2dafbc-52ee-4c7b-b006-a786cebe20d3/1/gHM6xuAr69APYekQj0DwqbGY8yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/2dafbc-52ee-4c7b-b006-a786cebe20d3/1/Lr_2z7gya0RylaEbEHhoIS5mX90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:bc:36:fd:e3:95:42:e3:f6:35:e1:50:25:88:32:39:18:87:
         6e:64:d0:52:44:a1:1d:ae:0a:e1:62:2a:fe:84:27:e0:03:c1:
         49:33:cd:fa:7b:66:1e:5d:f7:e4:60:1e:c1:84:9c:86:7c:ad:
         91:6e:41:ac:59:9b:58:ed:25:9f:0e:2e:32:a4:a0:29:95:84:
         65:d1:f3:f2:11:d0:ea:61:62:cd:97:0e:cb:65:63:6a:6f:7f:
         7d:d0:cc:f6:e4:00:f1:90:b3:c5:5f:80:40:7b:00:05:e3:c0:
         36:1d:b8:a7:77:58:0d:a9:d9:9c:0c:f4:1b:8c:1b:e1:e2:78:
         32:ad:37:3c:10:66:e1:ec:f3:31:fe:6c:31:f4:3c:9f:66:5f:
         3f:e0:e9:e7:e9:38:a4:a6:0a:3e:a8:92:cf:1d:cb:03:1c:e9:
         5a:84:60:3d:67:7e:4b:a1:f4:32:c5:ae:06:eb:2e:5c:d8:d5:
         6e:cd:19:1f:72:96:9a:cf:b3:c0:90:9e:6c:1d:dd:03:2c:10:
         b3:b9:61:68:7b:43:8b:08:bc:6f:70:b6:d1:50:50:9d:15:b0:
         2b:4c:03:54:35:f7:9f:9f:5f:7c:3c:c2:30:90:01:fc:b9:2c:
         f4:51:31:93:25:d8:04:27:5d:77:79:b7:6f:28:cf:c4:c9:03:
         3e:be:54:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYOQXnFj+Bb4DS75M5zhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYmZmNmNmYjgzMjZiNDQ3Mjk1YTExYjEwNzg2ODIxMmU2
NjVmZGQwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDczM2FjNmUwMmJlYmQwMGY2MWU5MTA4ZjQwZjBhOWIxOThmMzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfaX09dPVKBkfji0d02Bic6ESkSN
Gv4Vn+XBXnTRyqKfKYN+NiGbwB+4XzGfb9uC4m3VRQJ5t3VJJ19MzADhZYOBoL+F
SDqKgTAJkb1B5+qJxJeSHnho0rCNtoUEOKb0j6LwSoNOtJu+h2N53BPedBbYhEPo
xZ3GH322HNK0K/8K+ZpWVG2AGIUYD9UFDlCPpJaxqRHHVVvgL0ZsibyU/A8W38WB
EzC4gnyS1pP2GZ6ZZJDs3b/znhuIIjHj9cQVERPdA2Jhrkq3IjXyCWfJoy/DyF33
61sc3lfrURw8oZwZeBDSMCRSRoqa1H2QZGo0J845tAtSWpwMujfwNFEAMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBzOsbgK+vQD2HpEI9A8KmxmPMqMB8GA1UdIwQY
MBaAFC6/9s+4MmtEcpWhGxB4aCEuZl/dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHJfMno3Z3lhMFJ5bGFFYkVIaG9JUzVtWDkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yZGFmYmMtNTJlZS00YzdiLWIwMDYt
YTc4NmNlYmUyMGQzLzEvZ0hNNnh1QXI2OUFQWWVrUWowRHdxYkdZOHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yZGFmYmMtNTJlZS00YzdiLWIwMDYtYTc4NmNlYmUyMGQz
LzEvTHJfMno3Z3lhMFJ5bGFFYkVIaG9JUzVtWDkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+IMA0G
CSqGSIb3DQEBCwUAA4IBAQACvDb945VC4/Y14VAliDI5GIduZNBSRKEdrgrhYir+
hCfgA8FJM836e2YeXffkYB7BhJyGfK2RbkGsWZtY7SWfDi4ypKAplYRl0fPyEdDq
YWLNlw7LZWNqb3990Mz25ADxkLPFX4BAewAF48A2Hbind1gNqdmcDPQbjBvh4ngy
rTc8EGbh7PMx/mwx9DyfZl8/4Onn6Tikpgo+qJLPHcsDHOlahGA9Z35LofQyxa4G
6y5c2NVuzRkfcpaaz7PAkJ5sHd0DLBCzuWFoe0OLCLxvcLbRUFCdFbArTANUNfef
n198PMIwkAH8uSz0UTGTJdgEJ113ebdvKM/EyQM+vlQi
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:03:02 2024 by rpki-client on console-fra.rpki-client.org