Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/NM10MBaBSFAHVemX2KMm2aMJ7VE.roa
File:                     NM10MBaBSFAHVemX2KMm2aMJ7VE.roa (raw, json)
Hash identifier:          g4Cq2JShey8f6eJ/rgeeZ2wmC2GK3fY8FHhXtiFAGno=
Subject key identifier:   34:CD:74:30:16:81:48:50:07:55:E9:97:D8:A3:26:D9:A3:09:ED:51
Certificate issuer:       /CN=77b020308865c3360dab19f3a5703341864e9f50
Certificate serial:       018CC3488C20B1BEBFF19FF56B592F606276
Authority key identifier: 77:B0:20:30:88:65:C3:36:0D:AB:19:F3:A5:70:33:41:86:4E:9F:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d7AgMIhlwzYNqxnzpXAzQYZOn1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/NM10MBaBSFAHVemX2KMm2aMJ7VE.roa
Signing time:             Mon 01 Jan 2024 04:29:20 +0000
ROA not before:           Mon 01 Jan 2024 04:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22351
IP address blocks:        91.232.198.0/24 maxlen: 24
                          91.232.208.0/24 maxlen: 24
                          185.87.144.0/22 maxlen: 24
                          91.232.235.0/24 maxlen: 24
                          91.232.129.0/24 maxlen: 24
                          80.73.219.0/24 maxlen: 24
                          80.73.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/d7AgMIhlwzYNqxnzpXAzQYZOn1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/d7AgMIhlwzYNqxnzpXAzQYZOn1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d7AgMIhlwzYNqxnzpXAzQYZOn1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8c:20:b1:be:bf:f1:9f:f5:6b:59:2f:60:62:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77b020308865c3360dab19f3a5703341864e9f50
        Validity
            Not Before: Jan  1 04:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34cd7430168148500755e997d8a326d9a309ed51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:db:54:ca:ef:a0:cb:bb:88:3b:ba:ab:dc:49:
                    4c:5f:ae:fa:66:5f:e2:d6:d6:23:f3:d9:dd:da:73:
                    1a:79:9c:da:f9:e7:a0:36:56:3e:10:45:df:ba:50:
                    ad:31:ca:8b:61:d2:05:98:40:40:86:75:14:97:9b:
                    ac:f0:e6:9a:f7:d2:f5:cd:d6:0f:32:8e:b7:a3:2a:
                    2b:9b:3c:65:ca:c0:95:90:24:ee:bb:6a:0a:79:4c:
                    34:ff:18:8a:2c:78:bb:f3:ed:05:f7:a1:6d:b0:33:
                    f5:01:08:87:f2:c5:0b:02:cf:ef:64:c1:9c:00:48:
                    b9:e6:d6:5d:f2:f4:0d:b9:44:80:a2:40:e2:63:a9:
                    02:02:4a:8d:59:8e:62:1e:2b:10:9f:51:dc:dc:c9:
                    45:58:3a:60:19:5f:96:ce:19:87:cf:c9:04:85:2c:
                    7c:af:b0:ce:e3:22:94:3d:a7:79:4f:77:8b:4f:f3:
                    6e:9d:ce:78:22:97:de:5f:73:70:a4:6d:fc:d1:5d:
                    3f:7c:c4:81:db:ad:14:f3:7c:79:d0:d9:bb:18:e5:
                    32:35:96:dc:6a:53:3f:6b:3f:e2:40:20:d7:e6:5d:
                    11:c5:8c:b4:21:15:db:ba:3c:20:5a:65:d7:c0:f5:
                    17:a3:43:3d:1b:89:e4:cf:33:d9:bd:5d:41:e7:e0:
                    ee:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:CD:74:30:16:81:48:50:07:55:E9:97:D8:A3:26:D9:A3:09:ED:51
            X509v3 Authority Key Identifier:
                keyid:77:B0:20:30:88:65:C3:36:0D:AB:19:F3:A5:70:33:41:86:4E:9F:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7AgMIhlwzYNqxnzpXAzQYZOn1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/NM10MBaBSFAHVemX2KMm2aMJ7VE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/d7AgMIhlwzYNqxnzpXAzQYZOn1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.73.219.0-80.73.220.255
                  91.232.129.0/24
                  91.232.198.0/24
                  91.232.208.0/24
                  91.232.235.0/24
                  185.87.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:2a:cc:73:ca:68:79:5b:60:06:54:0a:92:9d:00:27:95:7b:
         fd:7b:e2:af:37:38:71:38:b6:ca:30:12:1d:3c:82:b0:6f:72:
         fc:97:bb:8f:4d:2e:29:3f:f2:5e:9f:74:b2:f3:10:b6:67:2e:
         bf:ae:a0:b1:3d:ce:19:34:ff:cd:ec:3a:f0:a8:00:ef:46:1a:
         34:60:21:8c:95:ef:7f:77:b8:c4:59:a2:fb:cf:6f:dc:b2:00:
         d9:97:56:96:de:f4:06:dd:44:a1:81:4c:39:09:4f:ae:57:57:
         6e:1f:7e:56:dd:b7:7f:e7:44:56:59:fc:fd:63:9b:c9:05:20:
         93:ba:cb:80:f8:71:90:14:37:47:5f:b5:d4:d2:68:31:df:8a:
         86:a0:ae:a3:3b:4e:b5:da:0d:2c:f4:8b:74:6c:12:68:b1:9f:
         a5:d5:3e:4f:87:e2:24:2e:b5:9e:46:db:3f:76:31:18:09:e3:
         2c:ec:b0:89:24:63:4a:be:cc:34:8d:93:cf:28:46:b6:fc:1a:
         c8:d2:70:33:55:84:8b:44:11:f5:9b:61:48:6c:c0:21:f2:db:
         76:8d:ed:0b:9b:14:2b:27:b3:a2:49:72:e9:85:c0:d6:35:5d:
         a4:4d:67:a9:5e:98:e4:6e:b0:ca:97:27:18:42:99:c2:89:76:
         07:33:54:7f
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYzDSIwgsb6/8Z/1a1kvYGJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YjAyMDMwODg2NWMzMzYwZGFiMTlmM2E1NzAzMzQxODY0
ZTlmNTAwHhcNMjQwMTAxMDQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGNkNzQzMDE2ODE0ODUwMDc1NWU5OTdkOGEzMjZkOWEzMDllZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkttUyu+gy7uIO7qr3ElMX676Zl/i
1tYj89nd2nMaeZza+eegNlY+EEXfulCtMcqLYdIFmEBAhnUUl5us8Oaa99L1zdYP
Mo63oyormzxlysCVkCTuu2oKeUw0/xiKLHi78+0F96FtsDP1AQiH8sULAs/vZMGc
AEi55tZd8vQNuUSAokDiY6kCAkqNWY5iHisQn1Hc3MlFWDpgGV+WzhmHz8kEhSx8
r7DO4yKUPad5T3eLT/Nunc54IpfeX3NwpG380V0/fMSB260U83x50Nm7GOUyNZbc
alM/az/iQCDX5l0RxYy0IRXbujwgWmXXwPUXo0M9G4nkzzPZvV1B5+DuJwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDTNdDAWgUhQB1Xpl9ijJtmjCe1RMB8GA1UdIwQY
MBaAFHewIDCIZcM2DasZ86VwM0GGTp9QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDdBZ01JaGx3ellOcXhuenBYQXpRWVpPbjFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9kMmFhYjAtODM2My00YjE0LTljYzIt
YzhiYjhlYTM5ODA0LzEvTk0xME1CYUJTRkFIVmVtWDJLTW0yYU1KN1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9kMmFhYjAtODM2My00YjE0LTljYzItYzhiYjhlYTM5ODA0
LzEvZDdBZ01JaGx3ellOcXhuenBYQXpRWVpPbjFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBABQSdsD
BABQSdwDBABb6IEDBABb6MYDBABb6NADBABb6OsDBAK5V5AwDQYJKoZIhvcNAQEL
BQADggEBAHgqzHPKaHlbYAZUCpKdACeVe/174q83OHE4tsowEh08grBvcvyXu49N
Lik/8l6fdLLzELZnLr+uoLE9zhk0/83sOvCoAO9GGjRgIYyV7393uMRZovvPb9yy
ANmXVpbe9AbdRKGBTDkJT65XV24fflbdt3/nRFZZ/P1jm8kFIJO6y4D4cZAUN0df
tdTSaDHfioagrqM7TrXaDSz0i3RsEmixn6XVPk+H4iQutZ5G2z92MRgJ4yzssIkk
Y0q+zDSNk88oRrb8GsjScDNVhItEEfWbYUhswCHy23aN7QubFCsns6JJcumFwNY1
XaRNZ6lemORusMqXJxhCmcKJdgczVH8=
-----END CERTIFICATE-----
Generated at Sat Jun 15 17:56:54 2024 by rpki-client on console-ams.rpki-client.org