Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/453efc-f193-427b-a498-17903a302ec0/1/OAXIQA-wV0JBz8DwqMCckaigRrg.roa
File:                     OAXIQA-wV0JBz8DwqMCckaigRrg.roa (raw, json)
Hash identifier:          BDvIEFeTH+jmJIzLzoM7c+UmSMTZ+ie/g+knpvOlM7M=
Subject key identifier:   38:05:C8:40:0F:B0:57:42:41:CF:C0:F0:A8:C0:9C:91:A8:A0:46:B8
Certificate issuer:       /CN=7e04619ab0f1209b70f10598c69944bf34dbf232
Certificate serial:       018CC94CF7ADC225EBE42CBEBBD87EF7718B
Authority key identifier: 7E:04:61:9A:B0:F1:20:9B:70:F1:05:98:C6:99:44:BF:34:DB:F2:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fgRhmrDxIJtw8QWYxplEvzTb8jI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/453efc-f193-427b-a498-17903a302ec0/1/OAXIQA-wV0JBz8DwqMCckaigRrg.roa
Signing time:             Tue 02 Jan 2024 08:31:53 +0000
ROA not before:           Tue 02 Jan 2024 08:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44395
IP address blocks:        91.210.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/453efc-f193-427b-a498-17903a302ec0/1/fgRhmrDxIJtw8QWYxplEvzTb8jI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/453efc-f193-427b-a498-17903a302ec0/1/fgRhmrDxIJtw8QWYxplEvzTb8jI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fgRhmrDxIJtw8QWYxplEvzTb8jI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:f7:ad:c2:25:eb:e4:2c:be:bb:d8:7e:f7:71:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e04619ab0f1209b70f10598c69944bf34dbf232
        Validity
            Not Before: Jan  2 08:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3805c8400fb0574241cfc0f0a8c09c91a8a046b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e0:ef:86:3b:b9:74:2a:f3:33:13:9b:57:0c:
                    7d:55:39:c6:f9:67:3c:45:77:d3:df:65:ab:29:9c:
                    0e:b7:49:65:83:b2:78:f1:18:37:ad:f2:03:ad:70:
                    9a:83:2b:ab:6b:11:f4:57:15:ed:6f:91:ca:b7:29:
                    58:bd:17:9a:51:6c:26:1c:1a:d3:f5:62:05:fa:87:
                    bb:51:26:c8:6e:9a:b6:1d:94:0f:5f:fc:dc:d7:cd:
                    3b:3b:80:7e:2b:a4:5f:90:62:7b:f5:f7:e7:11:6e:
                    c1:b7:d7:04:93:25:85:c4:67:5d:34:65:9d:cc:70:
                    66:57:77:76:58:b4:e9:fa:ad:13:94:d2:d3:cf:3e:
                    ec:33:90:b5:4d:10:97:90:e3:ff:77:25:d6:8e:71:
                    04:3c:63:70:86:12:d1:15:62:14:87:79:fe:1b:51:
                    db:d1:40:48:f6:b3:84:b1:7e:08:24:d8:a5:ad:7f:
                    d7:fd:f5:c3:c1:41:da:3d:ef:22:b0:b0:fc:55:c4:
                    7c:46:dc:82:7c:5d:cf:07:98:fe:2f:b8:d8:86:88:
                    e2:fd:03:77:3b:cd:15:46:b9:15:1c:96:69:01:33:
                    99:cd:35:86:0b:25:9d:c0:20:eb:89:f9:4a:66:38:
                    73:5a:7e:a8:91:79:82:88:67:f7:40:b3:a9:a5:ac:
                    e5:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:05:C8:40:0F:B0:57:42:41:CF:C0:F0:A8:C0:9C:91:A8:A0:46:B8
            X509v3 Authority Key Identifier:
                keyid:7E:04:61:9A:B0:F1:20:9B:70:F1:05:98:C6:99:44:BF:34:DB:F2:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fgRhmrDxIJtw8QWYxplEvzTb8jI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/453efc-f193-427b-a498-17903a302ec0/1/OAXIQA-wV0JBz8DwqMCckaigRrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/453efc-f193-427b-a498-17903a302ec0/1/fgRhmrDxIJtw8QWYxplEvzTb8jI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:69:ed:e5:95:0e:53:fb:50:d2:d5:b7:43:c6:0e:55:e9:c6:
         5c:fd:ba:7f:f6:2f:26:6c:96:9b:c9:e7:0c:11:7d:c1:c1:29:
         80:b9:25:75:38:28:96:b8:d8:c0:47:4e:8e:54:c6:c0:46:3e:
         72:46:f3:c0:d9:4e:1a:c3:c8:1c:ca:bc:4e:ed:f3:5a:16:f1:
         89:a1:f1:ee:63:34:69:d9:ec:96:6c:e0:32:27:1e:75:68:4f:
         2d:79:90:93:94:5f:64:4d:dc:ca:ba:c7:bf:fc:a1:a9:d4:9a:
         b2:b9:2b:aa:0b:13:ea:f7:cd:94:6c:b0:04:e3:e4:6f:0d:37:
         e5:94:9d:c9:0f:ce:05:38:0a:fb:e4:1d:c0:0c:cf:20:44:ac:
         44:90:85:63:dc:97:9e:11:5f:31:da:7e:f8:0f:e7:67:d7:d4:
         93:3c:ca:b9:b9:e8:4a:d8:87:61:03:96:d2:8a:4d:bf:de:36:
         6a:97:b7:1b:e8:48:92:3b:bc:d7:d6:ec:fc:73:a7:71:77:7f:
         cd:ff:70:3b:fc:4b:c1:46:3b:f2:12:c3:9c:24:75:9e:0e:9d:
         26:40:fa:9b:e4:d5:a6:51:7c:b6:4c:39:1b:98:91:ef:14:9e:
         c3:89:91:c9:b4:05:d8:54:38:37:12:a8:0c:f0:73:d8:85:88:
         8d:a9:bf:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTPetwiXr5Cy+u9h+93GLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMDQ2MTlhYjBmMTIwOWI3MGYxMDU5OGM2OTk0NGJmMzRk
YmYyMzIwHhcNMjQwMTAyMDgzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODA1Yzg0MDBmYjA1NzQyNDFjZmMwZjBhOGMwOWM5MWE4YTA0NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtODvhju5dCrzMxObVwx9VTnG+Wc8
RXfT32WrKZwOt0llg7J48Rg3rfIDrXCagyuraxH0VxXtb5HKtylYvReaUWwmHBrT
9WIF+oe7USbIbpq2HZQPX/zc1807O4B+K6RfkGJ79ffnEW7Bt9cEkyWFxGddNGWd
zHBmV3d2WLTp+q0TlNLTzz7sM5C1TRCXkOP/dyXWjnEEPGNwhhLRFWIUh3n+G1Hb
0UBI9rOEsX4IJNilrX/X/fXDwUHaPe8isLD8VcR8RtyCfF3PB5j+L7jYhoji/QN3
O80VRrkVHJZpATOZzTWGCyWdwCDriflKZjhzWn6okXmCiGf3QLOppazlMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgFyEAPsFdCQc/A8KjAnJGooEa4MB8GA1UdIwQY
MBaAFH4EYZqw8SCbcPEFmMaZRL802/IyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmdSaG1yRHhJSnR3OFFXWXhwbEV2elRiOGpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi80NTNlZmMtZjE5My00MjdiLWE0OTgt
MTc5MDNhMzAyZWMwLzEvT0FYSVFBLXdWMEpCejhEd3FNQ2NrYWlnUnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi80NTNlZmMtZjE5My00MjdiLWE0OTgtMTc5MDNhMzAyZWMw
LzEvZmdSaG1yRHhJSnR3OFFXWXhwbEV2elRiOGpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9IoMA0G
CSqGSIb3DQEBCwUAA4IBAQAjae3llQ5T+1DS1bdDxg5V6cZc/bp/9i8mbJabyecM
EX3BwSmAuSV1OCiWuNjAR06OVMbARj5yRvPA2U4aw8gcyrxO7fNaFvGJofHuYzRp
2eyWbOAyJx51aE8teZCTlF9kTdzKuse//KGp1JqyuSuqCxPq982UbLAE4+RvDTfl
lJ3JD84FOAr75B3ADM8gRKxEkIVj3JeeEV8x2n74D+dn19STPMq5uehK2IdhA5bS
ik2/3jZql7cb6EiSO7zX1uz8c6dxd3/N/3A7/EvBRjvyEsOcJHWeDp0mQPqb5NWm
UXy2TDkbmJHvFJ7DiZHJtAXYVDg3EqgM8HPYhYiNqb/c
-----END CERTIFICATE-----
Generated at Sat Nov 23 17:13:25 2024 by rpki-client on console-ams.rpki-client.org