Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a76445-198a-4f85-bbf8-66cca81e6c07/1/yPt4j3qtTnzdZ6BX7sukcKzhVEI.roa
File:                     yPt4j3qtTnzdZ6BX7sukcKzhVEI.roa (raw, json)
Hash identifier:          ugs4m91RC2kNqS3HaQgvAXipuwQNrGWMDZR+FOOrkQo=
Subject key identifier:   C8:FB:78:8F:7A:AD:4E:7C:DD:67:A0:57:EE:CB:A4:70:AC:E1:54:42
Certificate issuer:       /CN=f4ac99d77a7a1c84dd47f43bb72051aa73b1aad6
Certificate serial:       018CC49379C22EAC455B25E333800F86A1F9
Authority key identifier: F4:AC:99:D7:7A:7A:1C:84:DD:47:F4:3B:B7:20:51:AA:73:B1:AA:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9KyZ13p6HITdR_Q7tyBRqnOxqtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a76445-198a-4f85-bbf8-66cca81e6c07/1/yPt4j3qtTnzdZ6BX7sukcKzhVEI.roa
Signing time:             Mon 01 Jan 2024 10:30:48 +0000
ROA not before:           Mon 01 Jan 2024 10:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203015
IP address blocks:        91.213.103.0/24 maxlen: 24
                          194.50.33.0/24 maxlen: 24
                          193.23.178.0/24 maxlen: 24
                          193.23.177.0/24 maxlen: 24
                          193.23.176.0/24 maxlen: 24
                          2a0c:82c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a76445-198a-4f85-bbf8-66cca81e6c07/1/9KyZ13p6HITdR_Q7tyBRqnOxqtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a76445-198a-4f85-bbf8-66cca81e6c07/1/9KyZ13p6HITdR_Q7tyBRqnOxqtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9KyZ13p6HITdR_Q7tyBRqnOxqtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:79:c2:2e:ac:45:5b:25:e3:33:80:0f:86:a1:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4ac99d77a7a1c84dd47f43bb72051aa73b1aad6
        Validity
            Not Before: Jan  1 10:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8fb788f7aad4e7cdd67a057eecba470ace15442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:69:d8:5a:bb:6c:1f:3c:fe:20:0c:e8:ad:b3:
                    81:7a:f0:be:d2:e2:b7:5a:a7:99:73:93:ce:d0:dc:
                    b2:9c:7a:95:b1:a4:4b:b3:84:97:20:a7:fb:49:13:
                    a8:72:ee:54:c6:5b:9a:89:d6:4b:26:16:39:19:61:
                    c9:dd:ca:98:96:16:32:65:02:92:c2:c3:dc:f0:29:
                    14:a4:b3:28:86:27:15:42:d4:e0:7c:44:ab:da:c2:
                    6c:79:ea:8a:6d:96:73:9b:d7:db:f4:c0:5b:b4:13:
                    cc:76:4b:ca:a1:84:d4:77:94:79:e1:d3:71:8a:49:
                    c6:34:a3:57:30:6d:e9:63:15:b1:79:49:e5:37:f2:
                    45:c3:ac:f5:ac:84:16:4e:66:b4:d3:e8:c0:7b:0e:
                    78:a3:b2:33:11:9b:92:63:3f:89:87:ea:58:80:82:
                    8f:30:b8:d8:b0:dd:dd:96:ed:99:ce:24:86:e5:e1:
                    8c:c2:83:43:fe:dc:06:cd:76:59:ab:e4:96:c4:b0:
                    f5:b7:ee:8b:14:36:29:66:29:5e:83:e2:66:80:29:
                    ba:0b:5c:2f:fa:b7:a6:51:ee:90:b8:be:64:86:d5:
                    4d:43:4d:76:69:9c:33:c5:2f:19:d4:c5:eb:86:1c:
                    34:63:9a:b3:15:d6:f1:3d:07:a7:7a:07:e8:0e:03:
                    40:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:FB:78:8F:7A:AD:4E:7C:DD:67:A0:57:EE:CB:A4:70:AC:E1:54:42
            X509v3 Authority Key Identifier:
                keyid:F4:AC:99:D7:7A:7A:1C:84:DD:47:F4:3B:B7:20:51:AA:73:B1:AA:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9KyZ13p6HITdR_Q7tyBRqnOxqtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a76445-198a-4f85-bbf8-66cca81e6c07/1/yPt4j3qtTnzdZ6BX7sukcKzhVEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a76445-198a-4f85-bbf8-66cca81e6c07/1/9KyZ13p6HITdR_Q7tyBRqnOxqtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.103.0/24
                  193.23.176.0-193.23.178.255
                  194.50.33.0/24
                IPv6:
                  2a0c:82c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:9f:95:22:8c:8a:17:9e:ce:52:2f:f2:aa:14:35:e8:f4:3c:
         c0:f7:b9:20:a3:89:b6:2d:66:f0:a6:d1:a2:fd:42:3f:c5:53:
         37:a3:b9:52:30:73:48:52:a0:93:c9:6b:e3:df:9f:a9:8b:eb:
         21:f8:f1:33:bc:61:d2:e6:b3:7b:d4:3c:96:95:ab:3d:68:89:
         73:d6:77:a5:ef:e9:bc:0f:54:06:75:ce:84:b0:95:9e:d4:4e:
         73:81:57:f7:f2:6e:5d:a5:b6:57:f9:8b:39:09:ce:5a:4f:ed:
         2d:3d:b2:99:3f:89:47:7e:15:f2:4e:81:c2:1e:15:a4:9b:0f:
         14:ad:89:ac:f9:75:71:b6:57:6d:72:d4:88:61:f5:e0:9b:82:
         bf:1c:a1:18:38:48:f7:93:95:8c:82:0d:de:e0:7e:2c:c8:51:
         59:cc:9d:c4:e1:3d:2f:dc:38:c4:ce:12:65:48:11:97:c8:65:
         06:9a:2e:0d:43:20:86:86:3d:15:78:56:25:90:2c:9c:8a:bb:
         8e:33:75:de:36:f2:04:a6:75:d2:47:ca:6d:23:99:62:fb:82:
         f4:e9:4d:2f:b5:ff:c1:0e:6e:f7:51:a5:c5:3f:60:4d:05:8f:
         77:6d:d2:da:1c:a4:3d:e5:9f:b9:be:4d:3e:e6:bc:8d:bc:ce:
         40:a4:6f:d9
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzEk3nCLqxFWyXjM4APhqH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YWM5OWQ3N2E3YTFjODRkZDQ3ZjQzYmI3MjA1MWFhNzNi
MWFhZDYwHhcNMjQwMTAxMTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGZiNzg4ZjdhYWQ0ZTdjZGQ2N2EwNTdlZWNiYTQ3MGFjZTE1NDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2nYWrtsHzz+IAzorbOBevC+0uK3
WqeZc5PO0NyynHqVsaRLs4SXIKf7SROocu5UxluaidZLJhY5GWHJ3cqYlhYyZQKS
wsPc8CkUpLMohicVQtTgfESr2sJseeqKbZZzm9fb9MBbtBPMdkvKoYTUd5R54dNx
iknGNKNXMG3pYxWxeUnlN/JFw6z1rIQWTma00+jAew54o7IzEZuSYz+Jh+pYgIKP
MLjYsN3dlu2ZziSG5eGMwoND/twGzXZZq+SWxLD1t+6LFDYpZileg+JmgCm6C1wv
+remUe6QuL5khtVNQ012aZwzxS8Z1MXrhhw0Y5qzFdbxPQenegfoDgNAPwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFMj7eI96rU583WegV+7LpHCs4VRCMB8GA1UdIwQY
MBaAFPSsmdd6ehyE3Uf0O7cgUapzsarWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUt5WjEzcDZISVRkUl9RN3R5QlJxbk94cXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNzY0NDUtMTk4YS00Zjg1LWJiZjgt
NjZjY2E4MWU2YzA3LzEveVB0NGozcXRUbnpkWjZCWDdzdWtjS3poVkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNzY0NDUtMTk4YS00Zjg1LWJiZjgtNjZjY2E4MWU2YzA3
LzEvOUt5WjEzcDZISVRkUl9RN3R5QlJxbk94cXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQAW9VnMAwD
BATBF7ADBADBF7IDBADCMiEwDQQCAAIwBwMFAyoMgsAwDQYJKoZIhvcNAQELBQAD
ggEBAJCflSKMiheezlIv8qoUNej0PMD3uSCjibYtZvCm0aL9Qj/FUzejuVIwc0hS
oJPJa+Pfn6mL6yH48TO8YdLms3vUPJaVqz1oiXPWd6Xv6bwPVAZ1zoSwlZ7UTnOB
V/fybl2ltlf5izkJzlpP7S09spk/iUd+FfJOgcIeFaSbDxStiaz5dXG2V21y1Ihh
9eCbgr8coRg4SPeTlYyCDd7gfizIUVnMncThPS/cOMTOEmVIEZfIZQaaLg1DIIaG
PRV4ViWQLJyKu44zdd428gSmddJHym0jmWL7gvTpTS+1/8EObvdRpcU/YE0Fj3dt
0tocpD3ln7m+TT7mvI28zkCkb9k=
-----END CERTIFICATE-----
Generated at Sat Dec 28 03:01:36 2024 by rpki-client on console-ams.rpki-client.org