Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/1-Mwqi7LkA3VtZaUEM_DqPcOonw4.roa
File:                     1-Mwqi7LkA3VtZaUEM_DqPcOonw4.roa (raw, json)
Hash identifier:          Sy0cGqNkxOSenMDEtIthEJeAHaVoABm/xzXAIG22V3Y=
Subject key identifier:   F8:CC:2A:8B:B2:E4:03:75:6D:65:A5:04:33:F0:EA:3D:C3:A8:9F:0E
Certificate issuer:       /CN=c45bd26bc5d81eee9c8e1a2d0d78d10daae08195
Certificate serial:       018CC2DB10A55F5C98965647E547A206DE7A
Authority key identifier: C4:5B:D2:6B:C5:D8:1E:EE:9C:8E:1A:2D:0D:78:D1:0D:AA:E0:81:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFvSa8XYHu6cjhotDXjRDarggZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/1-Mwqi7LkA3VtZaUEM_DqPcOonw4.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42337
IP address blocks:        91.216.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/xFvSa8XYHu6cjhotDXjRDarggZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/xFvSa8XYHu6cjhotDXjRDarggZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFvSa8XYHu6cjhotDXjRDarggZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:10:a5:5f:5c:98:96:56:47:e5:47:a2:06:de:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45bd26bc5d81eee9c8e1a2d0d78d10daae08195
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8cc2a8bb2e403756d65a50433f0ea3dc3a89f0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:73:46:b2:42:cc:87:7d:3d:41:75:ce:37:22:
                    4b:b6:37:83:05:09:39:d4:e6:cd:12:3a:2a:f3:a0:
                    a9:0e:d9:4a:77:a5:69:54:8c:6e:95:d8:ec:91:a0:
                    d5:60:3e:72:4c:c1:b0:76:16:be:38:be:58:c2:f7:
                    d1:8b:1f:09:5b:90:46:46:a2:fb:a1:2b:27:bd:9c:
                    fe:34:0d:0b:4e:81:93:fb:87:63:6e:f6:09:df:f9:
                    8a:3c:f2:0a:d4:7b:f7:b3:94:81:17:2d:e5:bc:87:
                    4c:df:da:49:32:19:12:b7:ea:b6:2d:83:ea:80:ae:
                    a6:81:fd:f8:ee:1a:4e:b6:5c:2f:43:98:1d:69:e8:
                    70:0d:13:66:91:01:17:0e:d0:0f:b5:12:68:0e:bf:
                    b3:74:41:6e:55:7a:7e:ef:82:40:7a:52:3f:18:08:
                    ff:4e:1d:cb:5b:69:a0:3c:21:17:4b:cf:08:c0:bf:
                    d0:63:91:30:0d:11:7c:c1:76:db:93:bd:c7:d7:5d:
                    e5:eb:96:e5:73:55:07:f7:25:48:0b:52:a4:42:ab:
                    4d:47:c6:f8:2a:6c:6f:19:f3:7e:02:cb:56:46:d0:
                    25:2e:d4:63:c1:6d:a8:28:3a:e7:aa:18:2b:45:c3:
                    d8:d8:fc:c4:4d:68:ef:e8:ae:aa:35:5a:ae:ad:4e:
                    9b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:CC:2A:8B:B2:E4:03:75:6D:65:A5:04:33:F0:EA:3D:C3:A8:9F:0E
            X509v3 Authority Key Identifier:
                keyid:C4:5B:D2:6B:C5:D8:1E:EE:9C:8E:1A:2D:0D:78:D1:0D:AA:E0:81:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFvSa8XYHu6cjhotDXjRDarggZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/1-Mwqi7LkA3VtZaUEM_DqPcOonw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/xFvSa8XYHu6cjhotDXjRDarggZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:11:1a:9d:29:50:44:8b:e2:03:36:42:d5:21:bc:c3:de:14:
         4b:aa:1e:e8:34:a8:41:b6:c1:95:8f:90:f8:1e:94:f3:16:1f:
         0e:9a:d1:eb:6c:15:b0:e2:0d:0c:98:78:ef:13:86:18:05:29:
         93:61:e0:88:9b:a9:6e:90:00:15:bb:cd:a7:3c:b3:52:d0:b9:
         d4:37:07:d3:0d:f5:51:52:57:98:67:6d:48:be:60:cd:e8:92:
         e5:4d:32:a2:b2:12:ca:98:76:7c:c6:3d:5c:4c:64:58:df:86:
         9c:5d:f5:14:e8:d2:ad:86:34:7e:a7:f6:8f:7d:8a:e5:36:1f:
         05:70:75:ef:19:ea:bb:be:1c:1d:79:5e:f1:bc:cc:f4:3d:63:
         6a:60:9f:da:e4:c8:9a:32:ea:c1:05:11:13:33:86:8f:c6:81:
         3e:1d:19:89:46:1b:56:50:b8:5a:cd:c3:a9:94:4e:3a:08:1c:
         5a:46:59:3e:d5:95:d9:1c:10:2d:ad:ab:ca:88:ca:73:42:d6:
         86:02:de:50:c0:5e:b0:69:bf:26:23:43:67:8c:46:a3:3c:13:
         c0:c2:06:04:ba:e4:05:0c:6a:94:ff:18:b3:e3:b2:ef:93:32:
         57:ef:75:f2:f7:ce:6a:cd:91:a3:d2:73:fa:9f:68:99:4c:be:
         c1:00:38:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC2xClX1yYllZH5UeiBt56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWJkMjZiYzVkODFlZWU5YzhlMWEyZDBkNzhkMTBkYWFl
MDgxOTUwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGNjMmE4YmIyZTQwMzc1NmQ2NWE1MDQzM2YwZWEzZGMzYTg5ZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnNGskLMh309QXXONyJLtjeDBQk5
1ObNEjoq86CpDtlKd6VpVIxuldjskaDVYD5yTMGwdha+OL5YwvfRix8JW5BGRqL7
oSsnvZz+NA0LToGT+4djbvYJ3/mKPPIK1Hv3s5SBFy3lvIdM39pJMhkSt+q2LYPq
gK6mgf347hpOtlwvQ5gdaehwDRNmkQEXDtAPtRJoDr+zdEFuVXp+74JAelI/GAj/
Th3LW2mgPCEXS88IwL/QY5EwDRF8wXbbk73H113l65blc1UH9yVIC1KkQqtNR8b4
KmxvGfN+AstWRtAlLtRjwW2oKDrnqhgrRcPY2PzETWjv6K6qNVqurU6bWwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjMKouy5AN1bWWlBDPw6j3DqJ8OMB8GA1UdIwQY
MBaAFMRb0mvF2B7unI4aLQ140Q2q4IGVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ2U2E4WFlIdTZjamhvdERYalJEYXJnZ1pVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84NzgyOWEtZTMzMi00MjRmLTljNGYt
ZTQ0N2JlMmFjNjhlLzEvMS1Nd3FpN0xrQTNWdFphVUVNX0RxUGNPb253NC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmQvODc4MjlhLWUzMzItNDI0Zi05YzRmLWU0NDdiZTJhYzY4
ZS8xL3hGdlNhOFhZSHU2Y2pob3REWGpSRGFyZ2daVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvYBDAN
BgkqhkiG9w0BAQsFAAOCAQEABxEanSlQRIviAzZC1SG8w94US6oe6DSoQbbBlY+Q
+B6U8xYfDprR62wVsOINDJh47xOGGAUpk2HgiJupbpAAFbvNpzyzUtC51DcH0w31
UVJXmGdtSL5gzeiS5U0yorISyph2fMY9XExkWN+GnF31FOjSrYY0fqf2j32K5TYf
BXB17xnqu74cHXle8bzM9D1jamCf2uTImjLqwQUREzOGj8aBPh0ZiUYbVlC4Ws3D
qZROOggcWkZZPtWV2RwQLa2ryojKc0LWhgLeUMBesGm/JiNDZ4xGozwTwMIGBLrk
BQxqlP8Ys+Oy75MyV+918vfOas2Ro9Jz+p9omUy+wQA4BA==
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:40:08 2024 by rpki-client on console-ams.rpki-client.org