Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/327742-8156-4fa4-9bd5-2120fd0575ff/1/MXWxFx8oAF0A589C78e9zL6VfpY.roa
File:                     MXWxFx8oAF0A589C78e9zL6VfpY.roa (raw, json)
Hash identifier:          8JLaRzmKzWvXBrTMgTAJr5dH5Pw6xDKVwRDDr2we+9w=
Subject key identifier:   31:75:B1:17:1F:28:00:5D:00:E7:CF:42:EF:C7:BD:CC:BE:95:7E:96
Certificate issuer:       /CN=2e45f8d62c742ea07dcbf8c57d58ccf5d28e3eb9
Certificate serial:       019131D984E6336F3C993BB80057E15F2473
Authority key identifier: 2E:45:F8:D6:2C:74:2E:A0:7D:CB:F8:C5:7D:58:CC:F5:D2:8E:3E:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkX41ix0LqB9y_jFfVjM9dKOPrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/327742-8156-4fa4-9bd5-2120fd0575ff/1/MXWxFx8oAF0A589C78e9zL6VfpY.roa
Signing time:             Thu 08 Aug 2024 11:57:04 +0000
ROA not before:           Thu 08 Aug 2024 11:57:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        91.208.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/327742-8156-4fa4-9bd5-2120fd0575ff/1/LkX41ix0LqB9y_jFfVjM9dKOPrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/327742-8156-4fa4-9bd5-2120fd0575ff/1/LkX41ix0LqB9y_jFfVjM9dKOPrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LkX41ix0LqB9y_jFfVjM9dKOPrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:31:d9:84:e6:33:6f:3c:99:3b:b8:00:57:e1:5f:24:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e45f8d62c742ea07dcbf8c57d58ccf5d28e3eb9
        Validity
            Not Before: Aug  8 11:57:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3175b1171f28005d00e7cf42efc7bdccbe957e96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:73:88:13:10:95:05:45:26:c7:8a:66:6a:ef:
                    20:37:8c:f3:34:7e:67:cc:ef:2d:30:b9:03:f6:81:
                    9e:d1:80:6b:d1:ea:6c:7e:70:73:b5:5b:24:2e:55:
                    e1:f8:7f:7f:a6:3d:4f:ee:6f:89:59:86:e5:b6:79:
                    e2:8d:7b:40:f0:82:c6:e1:68:9c:8c:cd:42:fd:df:
                    2a:71:f5:41:bf:d5:3e:28:ec:88:c4:e3:6e:9e:31:
                    5e:84:4a:75:56:4a:d5:11:47:82:f4:62:1b:8d:6f:
                    2c:4f:9c:12:72:bb:6b:77:f5:40:29:8b:ca:94:7c:
                    ed:fd:b6:40:d7:25:97:38:31:5d:e3:cf:a2:19:83:
                    62:7c:4b:7e:b2:50:84:22:11:f3:7b:60:18:cb:e6:
                    54:4a:9b:15:e6:a5:54:52:56:0c:4a:18:1a:f6:7e:
                    99:66:0c:3b:94:c0:57:ee:25:0d:95:ec:fc:ad:94:
                    93:36:0f:2a:0f:92:25:d9:35:01:25:20:c4:99:08:
                    8e:60:ef:97:11:b3:d8:09:74:3a:46:28:5b:d4:50:
                    a6:84:1e:93:c5:7e:51:04:62:41:e9:c5:51:f5:bf:
                    d6:12:6a:d3:35:6f:fb:26:68:19:7a:45:bf:b0:e0:
                    7d:e9:4f:23:f2:dd:c6:0d:a2:81:76:63:ee:a8:7a:
                    d3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:75:B1:17:1F:28:00:5D:00:E7:CF:42:EF:C7:BD:CC:BE:95:7E:96
            X509v3 Authority Key Identifier:
                keyid:2E:45:F8:D6:2C:74:2E:A0:7D:CB:F8:C5:7D:58:CC:F5:D2:8E:3E:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkX41ix0LqB9y_jFfVjM9dKOPrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/327742-8156-4fa4-9bd5-2120fd0575ff/1/MXWxFx8oAF0A589C78e9zL6VfpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/327742-8156-4fa4-9bd5-2120fd0575ff/1/LkX41ix0LqB9y_jFfVjM9dKOPrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:0d:b6:25:8b:95:0e:fd:69:14:ae:b5:02:77:e5:72:b9:11:
         35:0b:dc:c1:f7:6e:b5:3b:e6:e6:93:ff:15:f6:a6:09:54:a4:
         6e:a5:58:e8:55:90:fc:63:4c:d1:f3:0e:b4:f4:ed:51:11:eb:
         b5:34:39:d8:f2:f6:fe:41:9c:98:83:8b:e6:bc:32:9c:7f:2a:
         cb:4d:f6:2b:a0:b2:44:60:cf:01:df:5f:9c:36:ba:dc:00:fc:
         fa:68:a2:82:2e:77:c1:e1:8e:d6:14:30:1a:a7:47:88:ca:53:
         0a:15:f9:95:5b:67:bb:22:97:b0:ff:e6:4d:49:57:a9:a7:5e:
         f7:f9:b4:e1:be:1c:fa:e4:85:4f:0f:9d:e0:d4:ba:dc:9a:ef:
         2f:b6:46:ea:5b:6d:c6:f1:2b:13:48:af:3e:da:37:f9:52:46:
         2e:d0:1d:46:e2:91:bf:69:ad:e0:d3:0a:3c:b7:f6:5b:ed:55:
         48:fc:50:54:af:0b:db:d3:df:9a:b1:f8:e0:51:b6:1c:3b:f8:
         0b:12:cd:7c:c9:f5:6d:2b:43:4e:a6:84:a7:2c:fc:46:71:39:
         0c:91:ee:54:bd:cb:88:e2:52:e4:a8:90:47:d5:44:46:7b:3c:
         c5:80:0c:3a:3c:83:2c:7c:70:fd:30:3e:8a:71:9e:36:16:db:
         c4:b9:5d:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEx2YTmM288mTu4AFfhXyRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNDVmOGQ2MmM3NDJlYTA3ZGNiZjhjNTdkNThjY2Y1ZDI4
ZTNlYjkwHhcNMjQwODA4MTE1NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTc1YjExNzFmMjgwMDVkMDBlN2NmNDJlZmM3YmRjY2JlOTU3ZTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4XOIExCVBUUmx4pmau8gN4zzNH5n
zO8tMLkD9oGe0YBr0epsfnBztVskLlXh+H9/pj1P7m+JWYbltnnijXtA8ILG4Wic
jM1C/d8qcfVBv9U+KOyIxONunjFehEp1VkrVEUeC9GIbjW8sT5wScrtrd/VAKYvK
lHzt/bZA1yWXODFd48+iGYNifEt+slCEIhHze2AYy+ZUSpsV5qVUUlYMShga9n6Z
Zgw7lMBX7iUNlez8rZSTNg8qD5Il2TUBJSDEmQiOYO+XEbPYCXQ6Rihb1FCmhB6T
xX5RBGJB6cVR9b/WEmrTNW/7JmgZekW/sOB96U8j8t3GDaKBdmPuqHrThwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDF1sRcfKABdAOfPQu/Hvcy+lX6WMB8GA1UdIwQY
MBaAFC5F+NYsdC6gfcv4xX1YzPXSjj65MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGtYNDFpeDBMcUI5eV9qRmZWak05ZEtPUHJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8zMjc3NDItODE1Ni00ZmE0LTliZDUt
MjEyMGZkMDU3NWZmLzEvTVhXeEZ4OG9BRjBBNTg5Qzc4ZTl6TDZWZnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8zMjc3NDItODE1Ni00ZmE0LTliZDUtMjEyMGZkMDU3NWZm
LzEvTGtYNDFpeDBMcUI5eV9qRmZWak05ZEtPUHJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9CtMA0G
CSqGSIb3DQEBCwUAA4IBAQCWDbYli5UO/WkUrrUCd+VyuRE1C9zB9261O+bmk/8V
9qYJVKRupVjoVZD8Y0zR8w609O1REeu1NDnY8vb+QZyYg4vmvDKcfyrLTfYroLJE
YM8B31+cNrrcAPz6aKKCLnfB4Y7WFDAap0eIylMKFfmVW2e7Ipew/+ZNSVepp173
+bThvhz65IVPD53g1Lrcmu8vtkbqW23G8SsTSK8+2jf5UkYu0B1G4pG/aa3g0wo8
t/Zb7VVI/FBUrwvb09+asfjgUbYcO/gLEs18yfVtK0NOpoSnLPxGcTkMke5UvcuI
4lLkqJBH1URGezzFgAw6PIMsfHD9MD6KcZ42FtvEuV3N
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:42:17 2024 by rpki-client on console-fra.rpki-client.org