Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/s88ClsD5FrtiDlH0c8vzQ9mRl_k.roa
File:                     s88ClsD5FrtiDlH0c8vzQ9mRl_k.roa (raw, json)
Hash identifier:          givSrxKGJmjZqSaf5p210LZtEEMx1KQbPgqmsRSGqCU=
Subject key identifier:   B3:CF:02:96:C0:F9:16:BB:62:0E:51:F4:73:CB:F3:43:D9:91:97:F9
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC80134DC784E0198B255067A943E269F
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/s88ClsD5FrtiDlH0c8vzQ9mRl_k.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205472
IP address blocks:        85.254.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:34:dc:78:4e:01:98:b2:55:06:7a:94:3e:26:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3cf0296c0f916bb620e51f473cbf343d99197f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:05:81:c2:d1:77:47:a8:8b:9e:a4:f0:aa:ea:
                    d9:ef:ba:12:bc:ad:fb:a9:5a:06:1e:d3:a5:f4:7c:
                    6d:84:27:3d:0f:38:aa:65:be:d7:d8:9d:be:ec:dd:
                    f0:91:6e:f7:5e:2a:0e:f8:24:07:73:d5:15:42:67:
                    aa:c2:fa:87:2f:16:32:f6:fc:47:4b:eb:1a:40:ea:
                    da:09:b6:4c:14:ec:47:e3:8e:c0:45:a5:1c:c9:ce:
                    1a:2e:a4:c7:bb:a7:dc:e0:6c:89:af:fa:61:f8:66:
                    ac:a0:43:db:1e:90:97:d3:b9:a0:75:64:29:cf:b9:
                    f9:dc:05:e2:26:3c:66:ee:cc:55:b0:e3:b9:5a:0c:
                    7c:15:f1:9c:5d:0a:90:8d:85:eb:4b:93:30:ac:3e:
                    d1:49:6d:e6:2f:f5:ed:d2:f6:0a:87:96:3e:d5:17:
                    72:48:2c:b1:06:39:89:1d:75:5f:3f:4f:96:8b:6d:
                    59:3a:70:e0:8c:df:22:3f:3b:64:77:47:8f:d0:56:
                    b9:4e:9e:d7:25:4a:83:76:14:9a:6e:44:b4:95:e8:
                    2f:5b:71:d8:5d:f6:40:f1:fc:e5:b3:92:9c:40:2c:
                    1e:1e:62:2f:39:ef:8e:d1:05:26:7a:9e:ac:59:b0:
                    24:6b:09:64:a5:4f:b4:2e:a0:5d:ee:49:83:f1:b6:
                    fe:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:CF:02:96:C0:F9:16:BB:62:0E:51:F4:73:CB:F3:43:D9:91:97:F9
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/s88ClsD5FrtiDlH0c8vzQ9mRl_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:2e:da:6c:a9:34:3e:cf:73:9c:28:0e:0b:82:28:8d:c4:d5:
         bc:79:d4:3b:c2:19:b9:ab:a8:11:4a:c2:5c:12:cb:63:2d:62:
         47:50:b0:99:22:c9:49:59:62:b1:c2:d6:b9:84:46:eb:6c:d6:
         86:73:ed:3b:98:ad:e5:d5:97:37:15:fb:1d:35:81:62:f6:cc:
         ef:6a:5b:12:cb:2f:d1:2a:0c:71:56:bf:da:5e:a5:f0:9f:30:
         69:9c:ec:3f:c3:15:80:6d:85:6b:e6:b0:ab:8c:ad:81:e0:f7:
         a9:3b:f3:ad:d1:3c:ae:af:7e:2e:13:8c:b5:52:c8:42:b0:51:
         08:73:83:47:bd:f9:fe:65:c3:56:da:a0:42:f6:74:44:d1:75:
         20:f4:84:82:ff:2d:5c:61:64:f2:03:22:f1:ad:85:d9:32:bb:
         73:98:ba:16:60:8e:4d:61:f2:7f:54:c3:cb:cd:f2:f5:a9:39:
         cb:26:44:fd:84:4f:50:e6:0d:9c:53:7b:23:d8:d1:87:7c:a4:
         3f:c0:67:40:f6:9a:b1:9e:03:c2:e0:2b:eb:6e:ec:90:df:0d:
         84:15:c5:e5:df:49:8e:69:61:c2:7d:74:ea:a8:35:50:8e:2b:
         57:f9:5d:8d:69:d7:69:98:31:9b:48:f9:fd:63:d5:04:30:22:
         9c:7d:e2:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATTceE4BmLJVBnqUPiafMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2NmMDI5NmMwZjkxNmJiNjIwZTUxZjQ3M2NiZjM0M2Q5OTE5N2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwWBwtF3R6iLnqTwqurZ77oSvK37
qVoGHtOl9HxthCc9DziqZb7X2J2+7N3wkW73XioO+CQHc9UVQmeqwvqHLxYy9vxH
S+saQOraCbZMFOxH447ARaUcyc4aLqTHu6fc4GyJr/ph+GasoEPbHpCX07mgdWQp
z7n53AXiJjxm7sxVsOO5Wgx8FfGcXQqQjYXrS5MwrD7RSW3mL/Xt0vYKh5Y+1Rdy
SCyxBjmJHXVfP0+Wi21ZOnDgjN8iPztkd0eP0Fa5Tp7XJUqDdhSabkS0legvW3HY
XfZA8fzls5KcQCweHmIvOe+O0QUmep6sWbAkawlkpU+0LqBd7kmD8bb+jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPPApbA+Ra7Yg5R9HPL80PZkZf5MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvczg4Q2xzRDVGcnRpRGxIMGM4dnpROW1SbF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVf4fMA0G
CSqGSIb3DQEBCwUAA4IBAQCWLtpsqTQ+z3OcKA4LgiiNxNW8edQ7whm5q6gRSsJc
EstjLWJHULCZIslJWWKxwta5hEbrbNaGc+07mK3l1Zc3FfsdNYFi9szvalsSyy/R
KgxxVr/aXqXwnzBpnOw/wxWAbYVr5rCrjK2B4PepO/Ot0Tyur34uE4y1UshCsFEI
c4NHvfn+ZcNW2qBC9nRE0XUg9ISC/y1cYWTyAyLxrYXZMrtzmLoWYI5NYfJ/VMPL
zfL1qTnLJkT9hE9Q5g2cU3sj2NGHfKQ/wGdA9pqxngPC4CvrbuyQ3w2EFcXl30mO
aWHCfXTqqDVQjitX+V2NaddpmDGbSPn9Y9UEMCKcfeIc
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:39:32 2024 by rpki-client on console-fra.rpki-client.org