Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/d0c45c-2a8d-4c3b-809d-09bf4071aea2/1/i3oQKzukNLg6jSitsEuB-kXQErY.roa
File:                     i3oQKzukNLg6jSitsEuB-kXQErY.roa (raw, json)
Hash identifier:          fNME+ktNDegyMwCN9dpi3uDKhBMY25hIpAMficqmzFA=
Subject key identifier:   8B:7A:10:2B:3B:A4:34:B8:3A:8D:28:AD:B0:4B:81:FA:45:D0:12:B6
Certificate issuer:       /CN=d1215bfc48876c36518356efd6e280255a1dee3c
Certificate serial:       018CC8DF59245CB90DAF6403499EF21BB940
Authority key identifier: D1:21:5B:FC:48:87:6C:36:51:83:56:EF:D6:E2:80:25:5A:1D:EE:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0SFb_EiHbDZRg1bv1uKAJVod7jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/d0c45c-2a8d-4c3b-809d-09bf4071aea2/1/i3oQKzukNLg6jSitsEuB-kXQErY.roa
Signing time:             Tue 02 Jan 2024 06:32:09 +0000
ROA not before:           Tue 02 Jan 2024 06:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51083
IP address blocks:        91.216.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/d0c45c-2a8d-4c3b-809d-09bf4071aea2/1/0SFb_EiHbDZRg1bv1uKAJVod7jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/d0c45c-2a8d-4c3b-809d-09bf4071aea2/1/0SFb_EiHbDZRg1bv1uKAJVod7jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0SFb_EiHbDZRg1bv1uKAJVod7jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:59:24:5c:b9:0d:af:64:03:49:9e:f2:1b:b9:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1215bfc48876c36518356efd6e280255a1dee3c
        Validity
            Not Before: Jan  2 06:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b7a102b3ba434b83a8d28adb04b81fa45d012b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:22:72:0e:ab:92:14:19:5c:8d:1e:bb:23:65:
                    78:d3:dd:95:bb:3a:c5:0f:59:ba:a9:66:d9:5c:f1:
                    2f:e3:82:96:5b:73:35:7b:61:ad:10:f3:97:22:e3:
                    23:bc:aa:d6:ff:d2:c5:c2:d2:ef:ab:ae:70:e2:b5:
                    08:d6:3e:db:b0:76:c4:11:1f:48:ab:63:fd:f8:ec:
                    f9:8b:ac:a6:a9:22:3b:cb:c6:ed:1c:fd:ec:d4:00:
                    38:73:92:13:0e:6b:d4:e5:c2:cc:0b:3b:bc:d1:af:
                    77:af:6f:a7:f9:45:7f:c3:2c:29:e5:b4:a5:ff:1d:
                    38:bb:e5:db:f4:2b:25:b7:48:66:ac:1d:fa:e5:ef:
                    eb:53:f9:6e:23:37:3d:1e:25:78:9f:b9:54:40:40:
                    31:de:70:71:00:27:c0:be:40:70:e5:08:c5:7f:e2:
                    45:76:b6:fd:a3:05:60:af:5a:ed:95:9b:66:24:f2:
                    64:4f:21:b0:83:19:aa:15:f6:64:cf:d5:8f:b8:81:
                    07:32:ed:7f:dc:ca:5f:c6:25:07:62:d9:35:82:44:
                    97:4e:27:8f:25:77:6a:9a:0f:ae:e7:8e:bc:b9:34:
                    3f:a4:02:5c:66:53:6b:5d:65:c5:32:bf:d0:c9:3b:
                    9b:ae:9f:89:bc:f7:5a:76:32:14:78:3d:d6:8c:20:
                    63:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:7A:10:2B:3B:A4:34:B8:3A:8D:28:AD:B0:4B:81:FA:45:D0:12:B6
            X509v3 Authority Key Identifier:
                keyid:D1:21:5B:FC:48:87:6C:36:51:83:56:EF:D6:E2:80:25:5A:1D:EE:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0SFb_EiHbDZRg1bv1uKAJVod7jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d0c45c-2a8d-4c3b-809d-09bf4071aea2/1/i3oQKzukNLg6jSitsEuB-kXQErY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/d0c45c-2a8d-4c3b-809d-09bf4071aea2/1/0SFb_EiHbDZRg1bv1uKAJVod7jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c7:36:a7:e7:e5:5b:16:2b:c5:0d:64:a4:b2:f0:99:50:86:
         f3:b8:62:d9:7c:c8:d9:54:8d:a4:9b:a3:ee:7c:81:85:e8:86:
         3e:04:45:c8:c7:8e:ee:9e:99:21:0b:0f:d3:72:12:c6:15:b5:
         74:df:5e:94:6a:0d:f6:74:bf:60:20:ab:e9:c4:3e:55:17:6b:
         d1:58:90:83:11:f3:fe:27:fe:39:6e:4d:55:38:86:0e:56:17:
         15:4c:a2:cd:93:4c:c2:5b:43:df:7a:bb:8c:f2:54:b7:04:3c:
         4f:4a:69:22:33:46:f1:44:03:19:76:ce:c2:c6:2e:b1:93:d1:
         f6:5c:a7:50:23:c4:58:3b:20:fe:7a:13:9e:f4:74:f9:b1:85:
         d0:a3:99:d8:c2:d3:95:e6:04:bd:61:2b:d7:76:d2:d3:02:a9:
         bb:4e:17:6f:b7:0f:a4:ec:6c:40:62:3e:1f:0c:c9:0f:96:ae:
         d1:3b:80:9e:ea:81:4c:84:19:89:c4:00:79:ed:f1:81:52:3d:
         ab:57:ec:43:d7:80:d4:d3:ed:64:6f:56:03:8f:41:67:e7:b5:
         e6:e4:af:5f:93:79:3a:95:32:e5:69:65:5a:0c:4a:1d:87:32:
         8b:b6:7d:48:0b:68:12:dc:c2:34:24:ff:87:c0:74:d9:ac:05:
         09:c4:9a:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI31kkXLkNr2QDSZ7yG7lAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMjE1YmZjNDg4NzZjMzY1MTgzNTZlZmQ2ZTI4MDI1NWEx
ZGVlM2MwHhcNMjQwMTAyMDYzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjdhMTAyYjNiYTQzNGI4M2E4ZDI4YWRiMDRiODFmYTQ1ZDAxMmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCJyDquSFBlcjR67I2V4092VuzrF
D1m6qWbZXPEv44KWW3M1e2GtEPOXIuMjvKrW/9LFwtLvq65w4rUI1j7bsHbEER9I
q2P9+Oz5i6ymqSI7y8btHP3s1AA4c5ITDmvU5cLMCzu80a93r2+n+UV/wywp5bSl
/x04u+Xb9Cslt0hmrB365e/rU/luIzc9HiV4n7lUQEAx3nBxACfAvkBw5QjFf+JF
drb9owVgr1rtlZtmJPJkTyGwgxmqFfZkz9WPuIEHMu1/3MpfxiUHYtk1gkSXTieP
JXdqmg+u5468uTQ/pAJcZlNrXWXFMr/QyTubrp+JvPdadjIUeD3WjCBjmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIt6ECs7pDS4Oo0orbBLgfpF0BK2MB8GA1UdIwQY
MBaAFNEhW/xIh2w2UYNW79bigCVaHe48MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFNGYl9FaUhiRFpSZzFidjF1S0FKVm9kN2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9kMGM0NWMtMmE4ZC00YzNiLTgwOWQt
MDliZjQwNzFhZWEyLzEvaTNvUUt6dWtOTGc2alNpdHNFdUIta1hRRXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9kMGM0NWMtMmE4ZC00YzNiLTgwOWQtMDliZjQwNzFhZWEy
LzEvMFNGYl9FaUhiRFpSZzFidjF1S0FKVm9kN2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9huMA0G
CSqGSIb3DQEBCwUAA4IBAQBGxzan5+VbFivFDWSksvCZUIbzuGLZfMjZVI2km6Pu
fIGF6IY+BEXIx47unpkhCw/TchLGFbV0316Uag32dL9gIKvpxD5VF2vRWJCDEfP+
J/45bk1VOIYOVhcVTKLNk0zCW0PferuM8lS3BDxPSmkiM0bxRAMZds7Cxi6xk9H2
XKdQI8RYOyD+ehOe9HT5sYXQo5nYwtOV5gS9YSvXdtLTAqm7Thdvtw+k7GxAYj4f
DMkPlq7RO4Ce6oFMhBmJxAB57fGBUj2rV+xD14DU0+1kb1YDj0Fn57Xm5K9fk3k6
lTLlaWVaDEodhzKLtn1IC2gS3MI0JP+HwHTZrAUJxJoI
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:00:14 2024 by rpki-client on console-fra.rpki-client.org