Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TUkVLbJDRaphNYUVaxx77ZOyqmw.roa
File:                     TUkVLbJDRaphNYUVaxx77ZOyqmw.roa (raw, json)
Hash identifier:          vP1UK+NnHs2yWCjCr7ibBOX3tvJchoBW7Kz3eQkXty4=
Subject key identifier:   4D:49:15:2D:B2:43:45:AA:61:35:85:15:6B:1C:7B:ED:93:B2:AA:6C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0191C1E912DD577798BAF20FB831A7187E2D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TUkVLbJDRaphNYUVaxx77ZOyqmw.roa
Signing time:             Thu 05 Sep 2024 11:19:23 +0000
ROA not before:           Thu 05 Sep 2024 11:19:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216246
IP address blocks:        212.193.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Oct 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c1:e9:12:dd:57:77:98:ba:f2:0f:b8:31:a7:18:7e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep  5 11:19:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d49152db24345aa613585156b1c7bed93b2aa6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:96:ff:10:7b:c2:bc:a1:77:66:98:ad:0d:fb:
                    a3:d3:4b:ca:20:a1:b8:03:84:f9:0e:0b:cf:c0:97:
                    7c:5d:54:e2:1f:20:3e:e2:c0:33:bb:e8:39:3b:67:
                    ce:1e:5c:09:83:c5:49:f5:fd:b6:ad:74:38:86:f6:
                    5d:90:72:7e:8e:4d:e8:d4:2a:8b:63:ea:f6:b6:b6:
                    ba:a9:8b:fa:77:42:3f:06:ad:02:2d:3c:76:04:d5:
                    e2:f6:b7:c4:13:a6:68:ee:ce:34:bd:ee:ad:f0:d0:
                    cd:5c:db:e8:04:57:6d:22:c6:cb:85:9b:e6:5f:a0:
                    88:8c:a8:db:f5:99:af:55:49:da:52:86:73:46:35:
                    cc:ab:a9:d9:35:7e:e2:4d:c1:64:05:cc:27:51:18:
                    bc:73:30:00:58:a2:39:03:fc:3e:2b:9e:4c:6e:d1:
                    37:ce:25:42:f7:bc:09:3a:b1:e5:68:ba:0e:13:f8:
                    f6:b0:81:f5:b3:54:87:d8:5a:fd:84:1b:06:5b:ce:
                    f2:ee:99:a0:c6:85:25:d6:16:35:d5:8e:0d:ab:ce:
                    3a:40:98:ee:88:4d:c1:22:bb:ab:99:e0:55:0b:10:
                    9a:bd:4e:0d:f2:a0:96:e4:ef:d7:2c:3d:ef:32:b5:
                    22:79:1a:75:36:1f:72:be:e6:87:71:db:16:d0:d0:
                    c5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:49:15:2D:B2:43:45:AA:61:35:85:15:6B:1C:7B:ED:93:B2:AA:6C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TUkVLbJDRaphNYUVaxx77ZOyqmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:f9:51:43:48:77:07:6f:4e:5b:5d:fb:96:d8:5a:3a:51:f2:
         8b:60:f0:da:fe:2f:89:c6:cf:66:2c:48:74:b9:2c:1b:a5:08:
         08:98:90:57:06:12:07:f5:99:3b:35:c2:d5:7a:4b:94:9b:df:
         8b:fa:d7:d0:49:42:d5:ab:6f:10:01:b1:34:84:06:88:71:ad:
         bb:ae:af:22:9f:cd:34:2e:9b:2d:44:3d:76:94:03:0a:86:9a:
         13:e4:0a:ef:5f:9a:9b:64:52:0f:72:7b:b1:97:25:d1:85:69:
         2a:ba:13:8d:9a:06:ee:e3:51:6e:ef:aa:85:05:94:d7:08:5e:
         06:e6:13:a3:c4:fd:70:bb:a9:a4:7b:18:3c:a5:6f:12:7c:e0:
         ce:22:21:06:cd:ba:7e:d8:41:2a:47:4d:61:a3:f8:34:7b:69:
         86:01:d5:d7:a2:93:41:cc:76:0c:21:11:0c:e8:7b:8c:40:75:
         4f:99:91:ba:ba:ad:02:84:29:cf:81:d5:5a:3e:39:e0:3a:f3:
         82:d1:2b:a7:b8:30:cd:e0:0d:f0:7c:18:91:0a:c6:3c:60:a6:
         26:ac:f0:8d:c3:d2:9a:50:48:1c:fb:f7:29:de:e2:13:33:e1:
         5c:91:bf:e9:07:a2:09:64:a3:7b:82:04:2e:42:05:58:45:20:
         e2:ba:60:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHB6RLdV3eYuvIPuDGnGH4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTA1MTExOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDQ5MTUyZGIyNDM0NWFhNjEzNTg1MTU2YjFjN2JlZDkzYjJhYTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZb/EHvCvKF3ZpitDfuj00vKIKG4
A4T5DgvPwJd8XVTiHyA+4sAzu+g5O2fOHlwJg8VJ9f22rXQ4hvZdkHJ+jk3o1CqL
Y+r2tra6qYv6d0I/Bq0CLTx2BNXi9rfEE6Zo7s40ve6t8NDNXNvoBFdtIsbLhZvm
X6CIjKjb9ZmvVUnaUoZzRjXMq6nZNX7iTcFkBcwnURi8czAAWKI5A/w+K55MbtE3
ziVC97wJOrHlaLoOE/j2sIH1s1SH2Fr9hBsGW87y7pmgxoUl1hY11Y4Nq846QJju
iE3BIrurmeBVCxCavU4N8qCW5O/XLD3vMrUieRp1Nh9yvuaHcdsW0NDFwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1JFS2yQ0WqYTWFFWsce+2TsqpsMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVFVrVkxiSkRSYXBoTllVVmF4eDc3Wk95cW13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MEfMA0G
CSqGSIb3DQEBCwUAA4IBAQAd+VFDSHcHb05bXfuW2Fo6UfKLYPDa/i+Jxs9mLEh0
uSwbpQgImJBXBhIH9Zk7NcLVekuUm9+L+tfQSULVq28QAbE0hAaIca27rq8in800
LpstRD12lAMKhpoT5ArvX5qbZFIPcnuxlyXRhWkquhONmgbu41Fu76qFBZTXCF4G
5hOjxP1wu6mkexg8pW8SfODOIiEGzbp+2EEqR01ho/g0e2mGAdXXopNBzHYMIREM
6HuMQHVPmZG6uq0ChCnPgdVaPjngOvOC0SunuDDN4A3wfBiRCsY8YKYmrPCNw9Ka
UEgc+/cp3uITM+Fckb/pB6IJZKN7ggQuQgVYRSDiumCo
-----END CERTIFICATE-----
Generated at Wed Oct 9 22:45:39 2024 by rpki-client on console-ams.rpki-client.org