Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/0d3032-bda4-4c6b-81c9-92416007158e/1/J54GOGSbqHTQqEjRaG3LmGV5hec.roa
File:                     J54GOGSbqHTQqEjRaG3LmGV5hec.roa (raw, json)
Hash identifier:          cetie7S1G42aCZP/HLecE4899uy/3GzNs2hb8TSdgMY=
Subject key identifier:   27:9E:06:38:64:9B:A8:74:D0:A8:48:D1:68:6D:CB:98:65:79:85:E7
Certificate issuer:       /CN=c5b1182d31796fa63ec3c1d9b97cb6aaac34fdd9
Certificate serial:       018CC348F8179E478EE2630C89AE18B1CABE
Authority key identifier: C5:B1:18:2D:31:79:6F:A6:3E:C3:C1:D9:B9:7C:B6:AA:AC:34:FD:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xbEYLTF5b6Y-w8HZuXy2qqw0_dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/0d3032-bda4-4c6b-81c9-92416007158e/1/J54GOGSbqHTQqEjRaG3LmGV5hec.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44085
IP address blocks:        91.199.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/0d3032-bda4-4c6b-81c9-92416007158e/1/xbEYLTF5b6Y-w8HZuXy2qqw0_dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/0d3032-bda4-4c6b-81c9-92416007158e/1/xbEYLTF5b6Y-w8HZuXy2qqw0_dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xbEYLTF5b6Y-w8HZuXy2qqw0_dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f8:17:9e:47:8e:e2:63:0c:89:ae:18:b1:ca:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5b1182d31796fa63ec3c1d9b97cb6aaac34fdd9
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=279e0638649ba874d0a848d1686dcb98657985e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:b0:88:88:8b:de:58:0b:60:2e:17:29:01:ea:
                    d2:a5:d6:39:ec:f4:92:43:c5:a9:b8:06:e9:ff:32:
                    1d:49:a9:c7:5a:f9:6f:df:60:ef:96:85:6c:17:1a:
                    36:bd:91:69:3e:78:d5:4f:f6:ca:a1:f0:64:47:f6:
                    7a:50:77:1c:04:35:58:3e:55:56:fb:e7:00:f4:39:
                    d5:a8:b8:1a:28:36:a7:6a:52:f2:9b:35:64:0e:51:
                    8b:52:3b:3e:77:db:bf:1a:78:cc:be:bb:ae:a3:b9:
                    9c:d4:ce:fe:fb:85:36:b3:95:ac:1e:2d:a1:35:c2:
                    09:87:b9:9e:2d:41:45:6d:5d:4e:44:b5:9b:e5:78:
                    4d:6a:84:eb:c2:26:fc:a8:1b:c9:67:70:6d:5e:71:
                    07:2a:30:1c:cb:8d:34:11:75:87:8a:67:3f:19:a9:
                    27:fd:86:36:43:97:5e:c6:88:56:c1:38:3f:ff:84:
                    d2:f8:47:bc:03:11:35:66:c8:3e:9c:a3:5f:e7:b9:
                    1e:64:30:c8:3d:25:33:26:f0:28:c3:5f:18:80:54:
                    06:e8:5b:3e:47:7a:e8:2a:3a:8a:a6:29:a4:6a:6c:
                    ca:03:46:17:c3:cd:e3:a2:b0:c0:77:97:d1:0c:57:
                    c1:96:81:ff:3c:6d:72:cb:ea:6f:59:5e:09:ad:3e:
                    23:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:9E:06:38:64:9B:A8:74:D0:A8:48:D1:68:6D:CB:98:65:79:85:E7
            X509v3 Authority Key Identifier:
                keyid:C5:B1:18:2D:31:79:6F:A6:3E:C3:C1:D9:B9:7C:B6:AA:AC:34:FD:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xbEYLTF5b6Y-w8HZuXy2qqw0_dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/0d3032-bda4-4c6b-81c9-92416007158e/1/J54GOGSbqHTQqEjRaG3LmGV5hec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/0d3032-bda4-4c6b-81c9-92416007158e/1/xbEYLTF5b6Y-w8HZuXy2qqw0_dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:c2:d3:2c:3c:ae:d1:04:ae:93:f9:e5:19:1f:6b:f4:ec:26:
         64:5f:89:62:18:1c:0b:14:8c:ff:18:bf:b0:bc:19:a4:90:33:
         ae:2c:4e:ca:21:3f:7c:ed:4a:28:c0:f7:e6:1c:68:2b:46:a0:
         9d:26:71:a2:76:17:93:f0:db:b4:13:34:9c:bb:95:2c:7f:5f:
         b6:14:94:3f:d4:34:10:1e:a3:0d:1e:1d:22:9c:a7:db:99:37:
         b8:b7:20:31:ac:3e:a9:27:95:22:95:a5:2b:16:e6:21:09:5c:
         75:cf:7d:d7:1c:62:e9:8c:e8:ca:94:5c:45:cf:96:36:a0:60:
         8c:7a:88:89:c3:8b:66:33:95:e9:e6:e1:ef:97:91:6a:39:d6:
         bf:44:6e:f9:8f:c9:b7:9d:fb:10:9d:3e:ec:09:1d:14:46:9f:
         98:bc:89:d2:bb:a3:4d:94:03:e7:66:5e:8b:40:b0:e7:0d:6c:
         12:0a:16:e3:9f:9d:b6:45:a8:6a:9d:ab:e6:28:56:f6:c7:73:
         96:31:89:73:25:ef:10:90:2e:14:2b:02:34:fc:42:eb:e1:df:
         b8:67:04:f5:87:97:a8:6b:27:9b:ae:4e:ee:fe:13:9b:98:db:
         53:1a:cb:90:33:d6:3a:6c:2e:d5:3c:97:4b:2d:d4:bf:08:ed:
         bb:90:b5:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPgXnkeO4mMMia4Yscq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YjExODJkMzE3OTZmYTYzZWMzYzFkOWI5N2NiNmFhYWMz
NGZkZDkwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzllMDYzODY0OWJhODc0ZDBhODQ4ZDE2ODZkY2I5ODY1Nzk4NWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67CIiIveWAtgLhcpAerSpdY57PSS
Q8WpuAbp/zIdSanHWvlv32DvloVsFxo2vZFpPnjVT/bKofBkR/Z6UHccBDVYPlVW
++cA9DnVqLgaKDanalLymzVkDlGLUjs+d9u/GnjMvruuo7mc1M7++4U2s5WsHi2h
NcIJh7meLUFFbV1ORLWb5XhNaoTrwib8qBvJZ3BtXnEHKjAcy400EXWHimc/Gakn
/YY2Q5dexohWwTg//4TS+Ee8AxE1Zsg+nKNf57keZDDIPSUzJvAow18YgFQG6Fs+
R3roKjqKpimkamzKA0YXw83jorDAd5fRDFfBloH/PG1yy+pvWV4JrT4jwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeeBjhkm6h00KhI0Whty5hleYXnMB8GA1UdIwQY
MBaAFMWxGC0xeW+mPsPB2bl8tqqsNP3ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGJFWUxURjViNlktdzhIWnVYeTJxcXcwX2RrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8wZDMwMzItYmRhNC00YzZiLTgxYzkt
OTI0MTYwMDcxNThlLzEvSjU0R09HU2JxSFRRcUVqUmFHM0xtR1Y1aGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8wZDMwMzItYmRhNC00YzZiLTgxYzktOTI0MTYwMDcxNThl
LzEveGJFWUxURjViNlktdzhIWnVYeTJxcXcwX2RrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cXMA0G
CSqGSIb3DQEBCwUAA4IBAQBLwtMsPK7RBK6T+eUZH2v07CZkX4liGBwLFIz/GL+w
vBmkkDOuLE7KIT987UoowPfmHGgrRqCdJnGidheT8Nu0EzScu5Usf1+2FJQ/1DQQ
HqMNHh0inKfbmTe4tyAxrD6pJ5UilaUrFuYhCVx1z33XHGLpjOjKlFxFz5Y2oGCM
eoiJw4tmM5Xp5uHvl5FqOda/RG75j8m3nfsQnT7sCR0URp+YvInSu6NNlAPnZl6L
QLDnDWwSChbjn522RahqnavmKFb2x3OWMYlzJe8QkC4UKwI0/ELr4d+4ZwT1h5eo
ayebrk7u/hObmNtTGsuQM9Y6bC7VPJdLLdS/CO27kLWQ
-----END CERTIFICATE-----
Generated at Wed Nov 27 01:01:31 2024 by rpki-client on console-fra.rpki-client.org