Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/yEWZ4VYL76v6CXOJZTzc32REVU4.roa
File:                     yEWZ4VYL76v6CXOJZTzc32REVU4.roa (raw, json)
Hash identifier:          oBb7YT9vlq0MEgGYYB2TO36gjMVOVGIRSUTZDLpyMuk=
Subject key identifier:   C8:45:99:E1:56:0B:EF:AB:FA:09:73:89:65:3C:DC:DF:64:44:55:4E
Certificate issuer:       /CN=41dd1ce4eeb92ff53b633892fd457b011e1171f1
Certificate serial:       018ECD3F62C3B632F6EE42865A285C252B93
Authority key identifier: 41:DD:1C:E4:EE:B9:2F:F5:3B:63:38:92:FD:45:7B:01:1E:11:71:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qd0c5O65L_U7YziS_UV7AR4RcfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/yEWZ4VYL76v6CXOJZTzc32REVU4.roa
Signing time:             Thu 11 Apr 2024 13:01:07 +0000
ROA not before:           Thu 11 Apr 2024 13:01:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62359
IP address blocks:        91.242.173.0/24 maxlen: 24
                          2001:67c:6d8::/48 maxlen: 48
                          2a14:30c1::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/Qd0c5O65L_U7YziS_UV7AR4RcfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/Qd0c5O65L_U7YziS_UV7AR4RcfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qd0c5O65L_U7YziS_UV7AR4RcfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cd:3f:62:c3:b6:32:f6:ee:42:86:5a:28:5c:25:2b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41dd1ce4eeb92ff53b633892fd457b011e1171f1
        Validity
            Not Before: Apr 11 13:01:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c84599e1560befabfa097389653cdcdf6444554e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9b:07:b4:e9:54:5e:18:03:b1:fb:48:9c:a1:
                    d9:50:2d:e4:66:a0:78:06:1e:cf:da:4f:e4:6b:ed:
                    34:1d:e9:94:d3:d0:db:86:6b:00:22:32:00:9f:98:
                    cb:9e:6b:b1:38:28:81:56:bd:91:ee:c4:4d:c6:2f:
                    9d:10:ed:34:01:44:95:e7:68:34:db:b1:f1:7c:32:
                    fd:aa:09:7b:41:0c:e2:c5:32:7a:82:7c:d0:97:4a:
                    41:22:f7:19:43:9f:e5:45:a6:53:d5:a9:d7:b3:c6:
                    d5:24:f0:8f:27:4e:03:d9:94:71:e8:1d:25:54:6a:
                    e1:fb:ed:f0:9f:3e:fd:7c:de:4a:a8:b1:b6:2a:4a:
                    6f:64:09:c3:1f:b0:8c:a3:b2:13:6f:99:37:64:6a:
                    47:32:b1:bc:3e:82:22:1d:1a:f7:3c:aa:aa:27:a2:
                    24:54:22:ca:19:26:a0:3b:35:3b:49:85:f8:9c:bd:
                    fc:d5:64:c7:79:7b:40:fe:83:99:8b:35:94:00:7d:
                    87:ea:8e:6f:80:2d:0a:de:81:67:98:a4:6d:06:60:
                    ba:4f:4b:03:12:cf:42:4d:96:53:35:68:84:7b:d4:
                    5a:8b:e5:a2:a7:d9:8e:5d:80:45:58:e6:e0:12:a7:
                    a4:2a:82:18:47:99:ea:e8:e3:fb:e1:d3:d5:12:25:
                    1e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:45:99:E1:56:0B:EF:AB:FA:09:73:89:65:3C:DC:DF:64:44:55:4E
            X509v3 Authority Key Identifier:
                keyid:41:DD:1C:E4:EE:B9:2F:F5:3B:63:38:92:FD:45:7B:01:1E:11:71:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qd0c5O65L_U7YziS_UV7AR4RcfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/yEWZ4VYL76v6CXOJZTzc32REVU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/Qd0c5O65L_U7YziS_UV7AR4RcfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.173.0/24
                IPv6:
                  2001:67c:6d8::/48
                  2a14:30c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:47:52:2c:0f:5e:f4:e3:ee:4b:7e:67:4f:a7:18:09:78:0b:
         73:77:a2:7b:e6:44:8b:18:fd:b6:0f:52:71:02:34:b9:13:4f:
         47:a0:ae:96:c6:27:97:b9:69:3f:7d:19:6e:5f:15:f9:d8:89:
         af:24:34:6e:cf:b6:21:b1:02:09:83:05:0b:91:fc:79:27:52:
         50:f1:5b:bb:85:66:1c:88:3d:c4:06:32:8f:87:a9:1d:58:5b:
         f2:41:ea:40:b3:12:d1:49:f1:41:34:3e:39:17:13:87:ef:ea:
         25:57:a4:e5:4b:81:d0:23:53:88:00:76:0c:59:6b:c1:f6:d0:
         7e:50:b6:d6:3d:1a:27:f7:52:52:79:80:e6:bc:16:e6:08:d5:
         cd:9f:62:e2:b4:4d:d4:6e:a5:ee:00:9e:7e:fb:67:e1:9a:6f:
         b2:d6:3e:dc:de:a3:47:47:80:84:6a:84:83:4f:7a:53:d0:33:
         61:19:1c:36:17:1d:b2:c8:74:86:95:16:54:cd:9c:a9:2f:4c:
         03:45:5e:b7:b4:13:d0:25:ec:9c:ab:4f:d0:c5:66:0c:a7:9a:
         91:99:c3:27:5e:1f:ab:a4:e7:55:f3:7b:80:1b:ea:50:38:9a:
         e7:fd:4c:72:c9:24:ab:7d:7c:f2:87:7a:28:f5:9c:5b:a9:75:
         41:26:c9:48
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY7NP2LDtjL27kKGWihcJSuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZGQxY2U0ZWViOTJmZjUzYjYzMzg5MmZkNDU3YjAxMWUx
MTcxZjEwHhcNMjQwNDExMTMwMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODQ1OTllMTU2MGJlZmFiZmEwOTczODk2NTNjZGNkZjY0NDQ1NTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZsHtOlUXhgDsftInKHZUC3kZqB4
Bh7P2k/ka+00HemU09DbhmsAIjIAn5jLnmuxOCiBVr2R7sRNxi+dEO00AUSV52g0
27HxfDL9qgl7QQzixTJ6gnzQl0pBIvcZQ5/lRaZT1anXs8bVJPCPJ04D2ZRx6B0l
VGrh++3wnz79fN5KqLG2KkpvZAnDH7CMo7ITb5k3ZGpHMrG8PoIiHRr3PKqqJ6Ik
VCLKGSagOzU7SYX4nL381WTHeXtA/oOZizWUAH2H6o5vgC0K3oFnmKRtBmC6T0sD
Es9CTZZTNWiEe9Rai+Wip9mOXYBFWObgEqekKoIYR5nq6OP74dPVEiUe5wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMhFmeFWC++r+glziWU83N9kRFVOMB8GA1UdIwQY
MBaAFEHdHOTuuS/1O2M4kv1FewEeEXHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWQwYzVPNjVMX1U3WXppU19VVjdBUjRSY2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xYWNjNjEtYjk1YS00MDZlLTgwZmMt
ODg1MjFhZDk5YzdlLzEveUVXWjRWWUw3NnY2Q1hPSlpUemMzMlJFVlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xYWNjNjEtYjk1YS00MDZlLTgwZmMtODg1MjFhZDk5Yzdl
LzEvUWQwYzVPNjVMX1U3WXppU19VVjdBUjRSY2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAW/KtMBYE
AgACMBADBwAgAQZ8BtgDBQAqFDDBMA0GCSqGSIb3DQEBCwUAA4IBAQAwR1IsD170
4+5LfmdPpxgJeAtzd6J75kSLGP22D1JxAjS5E09HoK6WxieXuWk/fRluXxX52Imv
JDRuz7YhsQIJgwULkfx5J1JQ8Vu7hWYciD3EBjKPh6kdWFvyQepAsxLRSfFBND45
FxOH7+olV6TlS4HQI1OIAHYMWWvB9tB+ULbWPRon91JSeYDmvBbmCNXNn2LitE3U
bqXuAJ5++2fhmm+y1j7c3qNHR4CEaoSDT3pT0DNhGRw2Fx2yyHSGlRZUzZypL0wD
RV63tBPQJeycq0/QxWYMp5qRmcMnXh+rpOdV83uAG+pQOJrn/UxyySSrfXzyh3oo
9ZxbqXVBJslI
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:31:48 2024 by rpki-client on console-fra.rpki-client.org