Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/21xYSY0Oje0Aa0DUZod4o6sMKkA.roa
File:                     21xYSY0Oje0Aa0DUZod4o6sMKkA.roa (raw, json)
Hash identifier:          30IzT8CknvSGfL2WMflh9CIS9K9zvjg2Tse4kHBBwH4=
Subject key identifier:   DB:5C:58:49:8D:0E:8D:ED:00:6B:40:D4:66:87:78:A3:AB:0C:2A:40
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018E32A21135A01FA1BC499B1BA238D52C59
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/21xYSY0Oje0Aa0DUZod4o6sMKkA.roa
Signing time:             Tue 12 Mar 2024 12:27:45 +0000
ROA not before:           Tue 12 Mar 2024 12:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        194.87.31.0/24 maxlen: 24
                          194.87.45.0/24 maxlen: 24
                          194.87.71.0/24 maxlen: 24
                          194.87.216.0/24 maxlen: 24
                          195.133.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:a2:11:35:a0:1f:a1:bc:49:9b:1b:a2:38:d5:2c:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar 12 12:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db5c58498d0e8ded006b40d4668778a3ab0c2a40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:df:93:3c:a1:53:78:19:2e:2f:61:98:2e:82:
                    38:6c:84:50:4a:75:b8:fb:06:96:e2:78:0a:e3:93:
                    2e:11:1a:09:36:b1:b1:87:a3:31:b1:e2:10:7b:17:
                    39:3b:4b:c7:3b:79:e8:4a:4d:f9:29:6e:e4:7d:82:
                    09:b3:e9:60:7d:ba:ca:ad:f5:82:e7:03:5c:6a:7a:
                    23:e1:6e:a6:b8:c4:12:03:57:c8:0e:6f:77:a0:92:
                    f6:18:7a:c0:72:e8:ca:c6:04:03:7d:90:25:b2:ed:
                    38:25:bc:9a:b6:89:80:36:b9:95:4c:a2:4f:a8:19:
                    13:47:2c:a4:ff:3b:bb:47:58:d6:f9:90:21:c7:40:
                    a5:38:1d:f2:76:ee:9f:5d:09:a8:bf:07:d3:be:ba:
                    f9:64:15:8f:c5:38:7b:bb:97:a2:a3:9c:fa:d9:28:
                    e3:6d:46:89:91:62:e5:1e:9e:ec:a3:54:23:73:c8:
                    06:e5:f8:e9:17:d0:fe:cd:a1:86:5d:17:51:34:c3:
                    00:47:52:7a:10:f2:25:2c:51:4a:51:55:9e:cc:42:
                    1d:0b:34:58:a6:41:98:5a:18:16:af:8a:ed:0e:8c:
                    38:4c:3b:8c:5b:a5:93:4f:d9:b0:12:4b:9c:02:af:
                    2d:fe:e4:dd:6d:9d:59:ab:87:9a:70:ef:ad:0c:ab:
                    30:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:5C:58:49:8D:0E:8D:ED:00:6B:40:D4:66:87:78:A3:AB:0C:2A:40
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/21xYSY0Oje0Aa0DUZod4o6sMKkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.31.0/24
                  194.87.45.0/24
                  194.87.71.0/24
                  194.87.216.0/24
                  195.133.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:c8:e1:92:16:4d:88:c4:0a:d2:f7:ab:6b:55:4f:0c:91:b8:
         38:93:22:6b:dd:60:a1:29:fa:ff:3a:6b:a8:2d:f6:d0:bd:f5:
         37:f2:1c:78:b9:3b:91:e3:2c:fd:90:d1:1c:40:4c:b1:16:b6:
         fe:df:23:ce:3b:a3:4b:4d:f9:19:b9:d4:52:83:39:5a:74:a3:
         ac:06:f4:ac:a9:23:a8:6c:fe:98:ff:51:31:17:47:ad:d2:89:
         f9:35:2c:ba:23:2a:a2:99:27:5f:d1:48:15:f4:a6:43:4b:c2:
         7f:df:69:d5:69:a5:b6:b1:c8:b3:f7:10:41:47:96:37:1c:01:
         c0:3b:74:b9:65:b7:0e:39:e0:00:70:a9:1f:e3:08:89:7a:b0:
         70:98:24:63:79:6a:42:13:4c:a2:40:40:2a:01:25:7c:74:95:
         b1:a2:18:ef:41:81:10:3b:36:1d:8c:05:2a:20:60:14:e1:6d:
         28:83:ff:f3:fb:f6:6a:b2:d4:a8:2e:c0:bf:cc:b9:4f:ef:82:
         2f:4c:f7:e3:65:11:2b:d3:22:8e:03:cd:a1:2c:e5:53:8a:e9:
         38:77:95:80:08:06:d7:d6:4a:b4:f8:e7:38:74:47:d2:31:6a:
         61:36:49:5e:a7:4b:81:5d:aa:f5:e1:5a:31:2d:f9:1c:c3:ab:
         6a:e2:a7:9f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY4yohE1oB+hvEmbG6I41SxZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMzEyMTIyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjVjNTg0OThkMGU4ZGVkMDA2YjQwZDQ2Njg3NzhhM2FiMGMyYTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsN+TPKFTeBkuL2GYLoI4bIRQSnW4
+waW4ngK45MuERoJNrGxh6MxseIQexc5O0vHO3noSk35KW7kfYIJs+lgfbrKrfWC
5wNcanoj4W6muMQSA1fIDm93oJL2GHrAcujKxgQDfZAlsu04JbyatomANrmVTKJP
qBkTRyyk/zu7R1jW+ZAhx0ClOB3ydu6fXQmovwfTvrr5ZBWPxTh7u5eio5z62Sjj
bUaJkWLlHp7so1Qjc8gG5fjpF9D+zaGGXRdRNMMAR1J6EPIlLFFKUVWezEIdCzRY
pkGYWhgWr4rtDow4TDuMW6WTT9mwEkucAq8t/uTdbZ1Zq4eacO+tDKsw2QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNtcWEmNDo3tAGtA1GaHeKOrDCpAMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMjF4WVNZME9qZTBBYTBEVVpvZDRvNnNNS2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAwlcfAwQA
wlctAwQAwldHAwQAwlfYAwQAw4VYMA0GCSqGSIb3DQEBCwUAA4IBAQAGyOGSFk2I
xArS96trVU8Mkbg4kyJr3WChKfr/OmuoLfbQvfU38hx4uTuR4yz9kNEcQEyxFrb+
3yPOO6NLTfkZudRSgzladKOsBvSsqSOobP6Y/1ExF0et0on5NSy6IyqimSdf0UgV
9KZDS8J/32nVaaW2sciz9xBBR5Y3HAHAO3S5ZbcOOeAAcKkf4wiJerBwmCRjeWpC
E0yiQEAqASV8dJWxohjvQYEQOzYdjAUqIGAU4W0og//z+/ZqstSoLsC/zLlP74Iv
TPfjZREr0yKOA82hLOVTiuk4d5WACAbX1kq0+Oc4dEfSMWphNklep0uBXar14Vox
Lfkcw6tq4qef
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:01:40 2024 by rpki-client on console-ams.rpki-client.org