Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/cdmuUHczpXyC1DXvPy4Ru_f8FxM.roa
File:                     cdmuUHczpXyC1DXvPy4Ru_f8FxM.roa (raw, json)
Hash identifier:          ro9Oeef36zRaiSzSVRDg9DcXhFXPBGzX3nKad3BtF8Q=
Subject key identifier:   71:D9:AE:50:77:33:A5:7C:82:D4:35:EF:3F:2E:11:BB:F7:FC:17:13
Certificate issuer:       /CN=143cdee146b13b9667deff3f7b30e9a1aa334c83
Certificate serial:       018CC8DD05312573F10536D1C7D849EF855A
Authority key identifier: 14:3C:DE:E1:46:B1:3B:96:67:DE:FF:3F:7B:30:E9:A1:AA:33:4C:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FDze4UaxO5Zn3v8_ezDpoaozTIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/cdmuUHczpXyC1DXvPy4Ru_f8FxM.roa
Signing time:             Tue 02 Jan 2024 06:29:37 +0000
ROA not before:           Tue 02 Jan 2024 06:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198251
IP address blocks:        91.232.240.0/24 maxlen: 24
                          91.232.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/FDze4UaxO5Zn3v8_ezDpoaozTIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/FDze4UaxO5Zn3v8_ezDpoaozTIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FDze4UaxO5Zn3v8_ezDpoaozTIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:05:31:25:73:f1:05:36:d1:c7:d8:49:ef:85:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=143cdee146b13b9667deff3f7b30e9a1aa334c83
        Validity
            Not Before: Jan  2 06:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71d9ae507733a57c82d435ef3f2e11bbf7fc1713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:da:00:84:1b:db:91:75:74:bb:f2:78:20:af:
                    1e:b7:43:e8:3e:20:66:fc:95:2b:1b:d1:9f:6a:60:
                    9d:3f:00:c5:31:98:bd:26:82:31:3f:48:bb:17:80:
                    73:21:64:b0:97:bb:92:44:a9:81:8a:17:b3:39:86:
                    e8:a8:65:6b:35:c5:a5:99:22:b6:ca:c6:ca:56:24:
                    44:2d:72:21:77:59:1a:d0:3f:bb:e5:ea:68:07:37:
                    5b:2e:6d:54:6f:39:f0:0e:3f:3a:b8:09:20:13:24:
                    26:41:97:f8:5b:e6:a9:50:e1:7c:64:d3:bb:59:e0:
                    be:8a:c9:c0:4b:0d:da:93:37:6b:ef:39:31:77:ef:
                    db:a7:34:23:f2:36:f5:01:b2:e0:6b:8f:d2:63:02:
                    c1:7b:2c:1f:0e:13:30:50:db:e0:1e:02:04:91:41:
                    f7:e7:b6:81:42:31:5c:27:43:9f:43:eb:f4:35:22:
                    c7:32:5a:1c:49:fa:b1:db:5a:d9:d3:59:4d:38:a7:
                    64:d7:aa:ad:52:fa:6b:89:d1:d1:f4:47:7f:d7:f6:
                    9d:fd:d5:84:cc:c5:7f:fe:ea:95:bf:ec:e6:be:bf:
                    8f:b9:c4:01:ea:a3:19:63:39:ea:51:8b:50:05:9d:
                    29:a0:36:94:df:19:03:92:b7:cd:4a:5a:53:7a:ff:
                    8a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D9:AE:50:77:33:A5:7C:82:D4:35:EF:3F:2E:11:BB:F7:FC:17:13
            X509v3 Authority Key Identifier:
                keyid:14:3C:DE:E1:46:B1:3B:96:67:DE:FF:3F:7B:30:E9:A1:AA:33:4C:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FDze4UaxO5Zn3v8_ezDpoaozTIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/cdmuUHczpXyC1DXvPy4Ru_f8FxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/1ca39c-201c-41fd-9cb0-8236e57264bf/1/FDze4UaxO5Zn3v8_ezDpoaozTIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:f1:2c:ff:08:a0:4b:4d:2b:ed:6d:50:8f:b4:5d:83:e8:a8:
         2b:b1:92:72:89:bb:98:28:0c:0f:40:06:05:db:0f:d0:3a:8f:
         3d:a9:fb:f9:7b:93:4d:96:a9:3d:14:ed:af:62:00:00:35:8f:
         59:f6:83:18:f7:49:2c:01:27:dd:96:14:5c:a6:cf:38:bc:a7:
         f0:3d:1e:6f:37:0a:75:1d:fd:ae:9e:3c:56:47:1e:d5:dc:e4:
         05:1c:79:c9:c5:1d:de:5b:a3:f9:5e:c3:72:56:8c:32:21:92:
         b5:ea:96:db:35:5b:3e:a8:05:c9:ec:4d:24:98:fc:ea:3d:74:
         d4:e4:ac:b4:11:b1:8a:eb:10:55:2a:f6:34:d2:b3:13:47:2c:
         a5:0b:9d:af:31:3b:f0:f4:97:a1:2d:bc:d1:97:9a:97:1d:e0:
         bb:db:25:2d:29:67:47:30:fe:00:a7:82:84:21:2d:f5:dc:39:
         d4:77:13:43:9b:e5:24:2c:49:5c:73:ba:95:38:19:45:ad:d7:
         b3:62:67:1f:35:5e:8b:2b:30:e7:e4:50:db:d5:ac:7d:17:3f:
         bd:02:79:b8:16:c0:f2:38:f5:73:97:82:29:ed:ec:30:55:d5:
         f4:50:aa:94:28:18:84:bd:d4:5c:ce:b2:05:62:54:08:61:d0:
         eb:81:ce:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3QUxJXPxBTbRx9hJ74VaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0M2NkZWUxNDZiMTNiOTY2N2RlZmYzZjdiMzBlOWExYWEz
MzRjODMwHhcNMjQwMTAyMDYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWQ5YWU1MDc3MzNhNTdjODJkNDM1ZWYzZjJlMTFiYmY3ZmMxNzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4toAhBvbkXV0u/J4IK8et0PoPiBm
/JUrG9GfamCdPwDFMZi9JoIxP0i7F4BzIWSwl7uSRKmBihezOYboqGVrNcWlmSK2
ysbKViRELXIhd1ka0D+75epoBzdbLm1UbznwDj86uAkgEyQmQZf4W+apUOF8ZNO7
WeC+isnASw3akzdr7zkxd+/bpzQj8jb1AbLga4/SYwLBeywfDhMwUNvgHgIEkUH3
57aBQjFcJ0OfQ+v0NSLHMlocSfqx21rZ01lNOKdk16qtUvpridHR9Ed/1/ad/dWE
zMV//uqVv+zmvr+PucQB6qMZYznqUYtQBZ0poDaU3xkDkrfNSlpTev+KuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHZrlB3M6V8gtQ17z8uEbv3/BcTMB8GA1UdIwQY
MBaAFBQ83uFGsTuWZ97/P3sw6aGqM0yDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkR6ZTRVYXhPNVpuM3Y4X2V6RHBvYW96VElNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8xY2EzOWMtMjAxYy00MWZkLTljYjAt
ODIzNmU1NzI2NGJmLzEvY2RtdVVIY3pwWHlDMURYdlB5NFJ1X2Y4RnhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8xY2EzOWMtMjAxYy00MWZkLTljYjAtODIzNmU1NzI2NGJm
LzEvRkR6ZTRVYXhPNVpuM3Y4X2V6RHBvYW96VElNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+jwMA0G
CSqGSIb3DQEBCwUAA4IBAQBT8Sz/CKBLTSvtbVCPtF2D6KgrsZJyibuYKAwPQAYF
2w/QOo89qfv5e5NNlqk9FO2vYgAANY9Z9oMY90ksASfdlhRcps84vKfwPR5vNwp1
Hf2unjxWRx7V3OQFHHnJxR3eW6P5XsNyVowyIZK16pbbNVs+qAXJ7E0kmPzqPXTU
5Ky0EbGK6xBVKvY00rMTRyylC52vMTvw9JehLbzRl5qXHeC72yUtKWdHMP4Ap4KE
IS313DnUdxNDm+UkLElcc7qVOBlFrdezYmcfNV6LKzDn5FDb1ax9Fz+9Anm4FsDy
OPVzl4Ip7ewwVdX0UKqUKBiEvdRczrIFYlQIYdDrgc71
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:16:40 2024 by rpki-client on console-fra.rpki-client.org