Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/9a6d83-5c2f-42be-8d76-b802052832cf/1/m4RrSU1IHeLtCyG3Bc2CRMfGH3Q.roa
File:                     m4RrSU1IHeLtCyG3Bc2CRMfGH3Q.roa (raw, json)
Hash identifier:          PxhNv3DE5Mj5ja+vjk2YkbldvNJJKQpFyfaeyTVeLzo=
Subject key identifier:   9B:84:6B:49:4D:48:1D:E2:ED:0B:21:B7:05:CD:82:44:C7:C6:1F:74
Certificate issuer:       /CN=dc7d8ed98443de6c688d174f1f0055be4de182a1
Certificate serial:       018CC5001460225752B91517E9E60CED0AE3
Authority key identifier: DC:7D:8E:D9:84:43:DE:6C:68:8D:17:4F:1F:00:55:BE:4D:E1:82:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3H2O2YRD3mxojRdPHwBVvk3hgqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/9a6d83-5c2f-42be-8d76-b802052832cf/1/m4RrSU1IHeLtCyG3Bc2CRMfGH3Q.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197831
IP address blocks:        91.234.80.0/22 maxlen: 22
                          91.228.31.0/24 maxlen: 24
                          91.228.30.0/24 maxlen: 24
                          91.228.30.0/23 maxlen: 23
                          176.104.120.0/21 maxlen: 21
                          91.244.80.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/9a6d83-5c2f-42be-8d76-b802052832cf/1/3H2O2YRD3mxojRdPHwBVvk3hgqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/9a6d83-5c2f-42be-8d76-b802052832cf/1/3H2O2YRD3mxojRdPHwBVvk3hgqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3H2O2YRD3mxojRdPHwBVvk3hgqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:14:60:22:57:52:b9:15:17:e9:e6:0c:ed:0a:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc7d8ed98443de6c688d174f1f0055be4de182a1
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b846b494d481de2ed0b21b705cd8244c7c61f74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ed:78:fd:71:cd:e9:c2:e9:6f:68:6d:0d:02:
                    ad:d5:62:33:bf:98:cf:15:f5:a8:ad:2e:c4:b4:11:
                    10:94:59:89:d0:e8:7d:91:21:03:ff:97:f2:1b:8d:
                    86:34:9a:6a:99:da:23:20:15:8d:0c:69:9a:d0:af:
                    0c:89:11:65:b5:dd:ac:c1:2c:8b:0b:94:3e:8a:fb:
                    db:24:2d:99:46:0b:19:5a:fa:f8:c6:93:bd:cb:a2:
                    3b:90:14:52:0b:f0:9c:2d:f1:77:9e:64:db:67:69:
                    d6:82:bd:a8:e2:03:d9:a8:4b:5f:a0:f2:18:a5:db:
                    b6:54:ef:2c:5e:e6:b3:3f:7f:84:a0:a1:bc:3a:ae:
                    89:c4:7e:e6:64:96:68:fa:62:e3:9e:fb:af:c6:9d:
                    22:10:2f:0e:e4:50:6d:b5:75:97:2e:f6:0c:f8:c3:
                    ee:3e:5d:b5:6e:9d:ad:2e:af:17:dc:d6:77:db:9d:
                    3c:de:c2:02:ca:b1:a1:0d:fc:c8:08:0a:63:2a:e6:
                    67:34:83:71:50:c1:0b:c4:2d:fc:44:46:43:2f:07:
                    2c:d2:e1:33:c0:e5:bf:d1:b4:af:f8:8d:50:3b:35:
                    aa:7d:4c:61:57:b2:bd:5d:4e:31:63:29:2c:c9:70:
                    20:ff:31:26:a0:96:0a:ea:75:03:1b:cf:72:8d:c8:
                    49:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:84:6B:49:4D:48:1D:E2:ED:0B:21:B7:05:CD:82:44:C7:C6:1F:74
            X509v3 Authority Key Identifier:
                keyid:DC:7D:8E:D9:84:43:DE:6C:68:8D:17:4F:1F:00:55:BE:4D:E1:82:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3H2O2YRD3mxojRdPHwBVvk3hgqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/9a6d83-5c2f-42be-8d76-b802052832cf/1/m4RrSU1IHeLtCyG3Bc2CRMfGH3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/9a6d83-5c2f-42be-8d76-b802052832cf/1/3H2O2YRD3mxojRdPHwBVvk3hgqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.30.0/23
                  91.234.80.0/22
                  91.244.80.0/20
                  176.104.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         68:7d:0f:e5:fe:d9:cd:0b:41:e8:ae:02:c3:3a:e1:ce:bd:dd:
         9a:fe:ea:f5:ab:16:22:05:db:65:bb:1d:36:7e:93:23:09:44:
         0f:98:ee:32:75:7a:38:ec:61:d7:1f:96:a5:b1:be:f4:b8:3b:
         9d:f7:4d:6e:1d:10:23:2e:35:a1:9d:64:b0:f6:86:a0:37:c8:
         ac:44:28:6e:7f:b5:9f:c4:54:d8:c4:39:47:75:9c:18:c4:50:
         c7:92:fe:b1:f1:13:ef:a8:5b:5e:82:12:9d:6e:b2:8c:5d:8b:
         3f:42:d5:cd:07:6f:7f:e2:3f:2e:59:39:0b:13:c3:17:2a:54:
         61:71:34:47:ac:ea:19:8f:f6:f6:3f:2f:de:3e:5c:3c:c4:fa:
         53:bb:44:5a:d5:14:d7:f3:a6:40:86:cb:55:25:24:a4:6b:70:
         d4:06:3c:55:b3:3f:d7:32:df:e3:5f:e1:1a:b8:15:2b:61:03:
         b4:dc:bf:34:b0:15:86:1c:93:19:e4:6e:0d:3c:77:0a:86:a5:
         df:26:7a:f9:c4:95:9c:17:59:1d:c7:ad:cd:db:2a:eb:e3:94:
         99:7e:00:cc:d2:3a:15:64:7c:7c:ef:c6:13:20:44:6b:cf:fe:
         bb:43:57:d7:7f:3b:ba:01:02:2f:ab:38:db:2c:fc:34:92:bc:
         fd:6b:91:8e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzFABRgIldSuRUX6eYM7QrjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjN2Q4ZWQ5ODQ0M2RlNmM2ODhkMTc0ZjFmMDA1NWJlNGRl
MTgyYTEwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjg0NmI0OTRkNDgxZGUyZWQwYjIxYjcwNWNkODI0NGM3YzYxZjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxe14/XHN6cLpb2htDQKt1WIzv5jP
FfWorS7EtBEQlFmJ0Oh9kSED/5fyG42GNJpqmdojIBWNDGma0K8MiRFltd2swSyL
C5Q+ivvbJC2ZRgsZWvr4xpO9y6I7kBRSC/CcLfF3nmTbZ2nWgr2o4gPZqEtfoPIY
pdu2VO8sXuazP3+EoKG8Oq6JxH7mZJZo+mLjnvuvxp0iEC8O5FBttXWXLvYM+MPu
Pl21bp2tLq8X3NZ325083sICyrGhDfzICApjKuZnNINxUMELxC38REZDLwcs0uEz
wOW/0bSv+I1QOzWqfUxhV7K9XU4xYyksyXAg/zEmoJYK6nUDG89yjchJNQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJuEa0lNSB3i7QshtwXNgkTHxh90MB8GA1UdIwQY
MBaAFNx9jtmEQ95saI0XTx8AVb5N4YKhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0gyTzJZUkQzbXhvalJkUEh3QlZ2azNoZ3FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC85YTZkODMtNWMyZi00MmJlLThkNzYt
YjgwMjA1MjgzMmNmLzEvbTRSclNVMUlIZUx0Q3lHM0JjMkNSTWZHSDNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC85YTZkODMtNWMyZi00MmJlLThkNzYtYjgwMjA1MjgzMmNm
LzEvM0gyTzJZUkQzbXhvalJkUEh3QlZ2azNoZ3FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW+QeAwQC
W+pQAwQEW/RQAwQDsGh4MA0GCSqGSIb3DQEBCwUAA4IBAQBofQ/l/tnNC0HorgLD
OuHOvd2a/ur1qxYiBdtlux02fpMjCUQPmO4ydXo47GHXH5alsb70uDud901uHRAj
LjWhnWSw9oagN8isRChuf7WfxFTYxDlHdZwYxFDHkv6x8RPvqFteghKdbrKMXYs/
QtXNB29/4j8uWTkLE8MXKlRhcTRHrOoZj/b2Py/ePlw8xPpTu0Ra1RTX86ZAhstV
JSSka3DUBjxVsz/XMt/jX+EauBUrYQO03L80sBWGHJMZ5G4NPHcKhqXfJnr5xJWc
F1kdx63N2yrr45SZfgDM0joVZHx878YTIERrz/67Q1fXfzu6AQIvqzjbLPw0krz9
a5GO
-----END CERTIFICATE-----
Generated at Sat Dec 28 03:01:40 2024 by rpki-client on console-ams.rpki-client.org