Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/aI0lkgkAHSY0xv7QgK8siGdpJr0.roa
File:                     aI0lkgkAHSY0xv7QgK8siGdpJr0.roa (raw, json)
Hash identifier:          MWt8USFENteEThY3v4wyt+2ufjS3YFglMqUJbYs12Vc=
Subject key identifier:   68:8D:25:92:09:00:1D:26:34:C6:FE:D0:80:AF:2C:88:67:69:26:BD
Certificate issuer:       /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial:       018CC8DF62D424B314796849C94FAA0F4C47
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/aI0lkgkAHSY0xv7QgK8siGdpJr0.roa
Signing time:             Tue 02 Jan 2024 06:32:12 +0000
ROA not before:           Tue 02 Jan 2024 06:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203511
IP address blocks:        193.31.116.0/24 maxlen: 24
                          213.226.119.0/24 maxlen: 24
                          176.98.41.0/24 maxlen: 24
                          84.54.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 12:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:62:d4:24:b3:14:79:68:49:c9:4f:aa:0f:4c:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
        Validity
            Not Before: Jan  2 06:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=688d259209001d2634c6fed080af2c88676926bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9d:41:b4:57:f1:10:55:bc:25:70:dd:60:a0:
                    0c:ee:33:96:d6:41:09:c0:8a:6d:82:06:b0:31:4d:
                    0f:6d:1b:9f:45:ed:8c:48:57:8c:a1:29:b5:d5:da:
                    78:13:49:bb:0d:b8:58:49:78:db:11:cb:ae:8e:bb:
                    75:b3:ad:42:9f:54:aa:4c:d6:3e:de:56:fe:39:ac:
                    22:b3:e2:18:8b:85:1c:f8:cf:c4:87:f9:38:97:91:
                    e4:ae:63:9e:84:08:1d:a6:05:f0:c8:fd:56:68:a4:
                    6c:17:ea:27:e0:06:a3:d2:5f:ca:20:75:fe:ce:26:
                    02:62:aa:cb:05:e9:48:a0:6b:c0:c1:32:a3:8b:03:
                    96:4c:1f:35:90:9b:27:6e:ce:7b:a3:0c:53:9d:ff:
                    5a:c0:83:96:fd:25:16:b4:19:02:29:04:29:b3:8e:
                    b3:94:30:b4:b2:8e:9b:73:86:5c:ef:f5:d7:90:b2:
                    62:5f:fc:7d:7e:df:f4:ab:58:e9:13:c2:24:52:e8:
                    35:2d:14:b7:db:39:50:cf:ea:0b:d6:f7:69:c8:88:
                    8f:7d:5c:e1:1d:af:bd:84:a3:17:2c:be:83:4a:31:
                    84:75:32:45:2c:03:24:f6:f3:69:bb:6d:36:df:cd:
                    13:7b:bb:47:e1:11:89:4c:0d:7d:31:48:60:a9:7d:
                    3a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:8D:25:92:09:00:1D:26:34:C6:FE:D0:80:AF:2C:88:67:69:26:BD
            X509v3 Authority Key Identifier:
                keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/aI0lkgkAHSY0xv7QgK8siGdpJr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.13.0/24
                  176.98.41.0/24
                  193.31.116.0/24
                  213.226.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:b7:86:bb:77:d7:99:48:81:aa:ca:3b:52:dd:0f:33:d6:66:
         0e:8f:cf:86:29:e3:9c:38:65:10:5a:40:e2:5e:de:c1:c5:02:
         2c:50:86:9c:88:6f:05:b0:69:55:39:c2:73:73:cf:5a:06:57:
         5d:e6:d2:15:20:ed:cd:da:45:f2:74:82:1e:0c:97:3f:a7:95:
         b4:03:a4:25:c0:12:c7:69:62:d5:df:64:4b:43:07:65:ad:41:
         3f:2f:d5:74:5b:46:53:33:96:cc:40:05:ce:14:1e:c7:2a:8e:
         f1:d2:d2:f3:bf:ab:b9:e8:18:99:b9:04:80:86:53:6c:66:eb:
         db:09:44:73:67:74:00:f1:2e:ac:4a:26:7e:00:36:63:13:c4:
         bb:69:90:17:12:ef:c8:9a:fa:6d:1d:c0:60:8b:67:71:9f:a4:
         e4:c7:a8:a6:85:22:30:88:8b:ec:df:a3:d5:72:83:fc:ff:68:
         85:0d:3d:08:0c:44:c5:87:fd:8d:86:e4:f1:11:54:18:c6:da:
         cf:35:c6:9c:ae:f8:25:32:1f:d6:39:e7:db:b2:92:da:6a:2f:
         d6:e7:da:91:2c:66:19:21:90:a3:7d:d5:75:84:1b:d0:ac:18:
         de:cd:ec:80:68:a4:b4:4f:a8:a3:88:5d:98:0c:5d:d0:fb:59:
         e9:06:1e:ed
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzI32LUJLMUeWhJyU+qD0xHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjQwMTAyMDYzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODhkMjU5MjA5MDAxZDI2MzRjNmZlZDA4MGFmMmM4ODY3NjkyNmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ1BtFfxEFW8JXDdYKAM7jOW1kEJ
wIptggawMU0PbRufRe2MSFeMoSm11dp4E0m7DbhYSXjbEcuujrt1s61Cn1SqTNY+
3lb+Oawis+IYi4Uc+M/Eh/k4l5HkrmOehAgdpgXwyP1WaKRsF+on4Aaj0l/KIHX+
ziYCYqrLBelIoGvAwTKjiwOWTB81kJsnbs57owxTnf9awIOW/SUWtBkCKQQps46z
lDC0so6bc4Zc7/XXkLJiX/x9ft/0q1jpE8IkUug1LRS32zlQz+oL1vdpyIiPfVzh
Ha+9hKMXLL6DSjGEdTJFLAMk9vNpu202380Te7tH4RGJTA19MUhgqX06eQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGiNJZIJAB0mNMb+0ICvLIhnaSa9MB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvYUkwbGtna0FIU1kweHY3UWdLOHNpR2RwSnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVDYNAwQA
sGIpAwQAwR90AwQA1eJ3MA0GCSqGSIb3DQEBCwUAA4IBAQBet4a7d9eZSIGqyjtS
3Q8z1mYOj8+GKeOcOGUQWkDiXt7BxQIsUIaciG8FsGlVOcJzc89aBldd5tIVIO3N
2kXydIIeDJc/p5W0A6QlwBLHaWLV32RLQwdlrUE/L9V0W0ZTM5bMQAXOFB7HKo7x
0tLzv6u56BiZuQSAhlNsZuvbCURzZ3QA8S6sSiZ+ADZjE8S7aZAXEu/ImvptHcBg
i2dxn6Tkx6imhSIwiIvs36PVcoP8/2iFDT0IDETFh/2NhuTxEVQYxtrPNcacrvgl
Mh/WOefbspLaai/W59qRLGYZIZCjfdV1hBvQrBjezeyAaKS0T6ijiF2YDF3Q+1np
Bh7t
-----END CERTIFICATE-----
Generated at Sat Jun 15 19:47:58 2024 by rpki-client on console-fra.rpki-client.org