Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gdQyaqs-a4I-ShlRxOvOKIf-xDs.roa
File:                     gdQyaqs-a4I-ShlRxOvOKIf-xDs.roa (raw, json)
Hash identifier:          1xVq9zX9FgxPecz/l9F5sy4advpQF4CjBcVcMFJE89U=
Subject key identifier:   81:D4:32:6A:AB:3E:6B:82:3E:4A:19:51:C4:EB:CE:28:87:FE:C4:3B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019154B16EFCF20A7D3F076C107BE937F005
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gdQyaqs-a4I-ShlRxOvOKIf-xDs.roa
Signing time:             Thu 15 Aug 2024 06:20:00 +0000
ROA not before:           Thu 15 Aug 2024 06:20:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199785
IP address blocks:        194.87.54.0/24 maxlen: 24
                          194.87.55.0/24 maxlen: 24
                          194.87.199.0/24 maxlen: 24
                          195.58.38.0/24 maxlen: 24
                          195.58.39.0/24 maxlen: 24
                          195.133.64.0/24 maxlen: 24
                          195.133.65.0/24 maxlen: 24
                          212.192.31.0/24 maxlen: 24
                          212.193.4.0/24 maxlen: 24
                          212.193.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 17:32:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:54:b1:6e:fc:f2:0a:7d:3f:07:6c:10:7b:e9:37:f0:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 15 06:20:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81d4326aab3e6b823e4a1951c4ebce2887fec43b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d0:20:e5:dd:81:64:22:81:a1:4c:82:3c:53:
                    d4:41:30:52:0c:31:fc:83:bf:24:c9:d2:2d:86:68:
                    c2:a3:2d:af:0d:a5:c7:31:82:d5:eb:01:82:27:8c:
                    25:8f:c6:3c:33:69:ee:79:a2:54:71:2d:a9:53:2c:
                    b6:4c:10:3c:7a:28:b8:0d:78:2f:c3:e5:d8:68:e5:
                    80:2f:e9:94:7b:ad:b6:85:b5:d4:0e:c5:4f:04:62:
                    28:1f:4b:d8:a2:24:57:a0:42:78:a6:2d:a1:bc:a4:
                    0e:87:46:8a:4f:1b:52:c4:4a:91:fd:1b:83:0f:39:
                    b5:ed:8b:0a:01:eb:08:b5:16:fb:75:8d:83:b7:8c:
                    cf:6f:b9:f0:92:9c:ea:b0:75:f9:4d:c7:f4:77:92:
                    1a:a4:3d:a7:9f:0b:85:1b:c1:5e:18:a0:4c:da:cb:
                    c9:d1:ba:27:ab:0e:d8:a1:4a:49:58:4d:5c:c2:b9:
                    c2:a0:d9:d2:e3:c0:15:82:ac:c9:99:ec:71:be:40:
                    44:bd:32:88:aa:2a:1e:51:8c:17:e3:99:ad:5a:11:
                    79:44:78:cd:c8:b2:38:87:6c:85:05:62:34:ab:ef:
                    4f:1c:80:78:2e:db:a7:6f:fe:f9:e9:a7:87:f0:b7:
                    44:33:6a:d6:5d:5a:a8:40:3f:a7:d8:fb:4d:43:10:
                    99:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D4:32:6A:AB:3E:6B:82:3E:4A:19:51:C4:EB:CE:28:87:FE:C4:3B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gdQyaqs-a4I-ShlRxOvOKIf-xDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.54.0/23
                  194.87.199.0/24
                  195.58.38.0/23
                  195.133.64.0/23
                  212.192.31.0/24
                  212.193.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:dc:89:e8:bb:aa:94:3e:c4:44:cc:36:36:ee:36:08:55:97:
         57:62:29:c8:d8:14:50:fe:fe:99:2d:02:11:c0:f4:ee:02:0a:
         27:7e:79:08:13:1a:07:2b:d1:66:cd:74:c7:34:3e:f2:3d:43:
         83:c8:59:c6:b7:1c:0b:f0:87:22:75:26:e6:5f:c1:b9:2b:19:
         07:7c:68:0f:c8:88:95:54:b9:92:af:6f:06:cd:59:d3:5b:e8:
         68:fb:59:9b:5e:db:9c:3b:42:68:8c:ea:1c:09:a9:e5:d4:37:
         41:31:f0:7d:02:0b:ef:ab:20:9d:a3:3e:70:55:04:02:54:98:
         3f:aa:50:63:de:39:4a:19:d0:d0:0b:b5:f8:46:f8:e6:f2:b9:
         73:d1:9f:65:20:a8:c6:24:a6:cc:a1:8a:6d:fe:45:29:42:3e:
         a4:53:2a:f5:71:b4:8e:b3:41:22:35:33:46:ab:41:ff:4b:88:
         fe:ea:96:1e:e9:d2:cf:e9:7b:86:3a:94:5a:9e:a6:d5:94:ef:
         33:93:db:82:aa:2a:e3:3f:75:ef:36:04:f8:9f:b0:7d:75:a5:
         d0:04:35:87:f1:58:e1:32:e2:ac:6c:00:2f:57:b5:41:6f:53:
         bf:c6:15:ef:b1:c5:c7:d2:2f:ae:73:2c:cf:26:a4:fc:9f:6e:
         ac:f4:8c:12
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZFUsW788gp9PwdsEHvpN/AFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwODE1MDYyMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQ0MzI2YWFiM2U2YjgyM2U0YTE5NTFjNGViY2UyODg3ZmVjNDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdAg5d2BZCKBoUyCPFPUQTBSDDH8
g78kydIthmjCoy2vDaXHMYLV6wGCJ4wlj8Y8M2nueaJUcS2pUyy2TBA8eii4DXgv
w+XYaOWAL+mUe622hbXUDsVPBGIoH0vYoiRXoEJ4pi2hvKQOh0aKTxtSxEqR/RuD
Dzm17YsKAesItRb7dY2Dt4zPb7nwkpzqsHX5Tcf0d5IapD2nnwuFG8FeGKBM2svJ
0bonqw7YoUpJWE1cwrnCoNnS48AVgqzJmexxvkBEvTKIqioeUYwX45mtWhF5RHjN
yLI4h2yFBWI0q+9PHIB4Ltunb/756aeH8LdEM2rWXVqoQD+n2PtNQxCZkQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIHUMmqrPmuCPkoZUcTrziiH/sQ7MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZ2RReWFxcy1hNEktU2hsUnhPdk9LSWYteERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBwlc2AwQA
wlfHAwQBwzomAwQBw4VAAwQA1MAfAwQB1MEEMA0GCSqGSIb3DQEBCwUAA4IBAQB6
3Inou6qUPsREzDY27jYIVZdXYinI2BRQ/v6ZLQIRwPTuAgonfnkIExoHK9FmzXTH
ND7yPUODyFnGtxwL8IcidSbmX8G5KxkHfGgPyIiVVLmSr28GzVnTW+ho+1mbXtuc
O0JojOocCanl1DdBMfB9AgvvqyCdoz5wVQQCVJg/qlBj3jlKGdDQC7X4Rvjm8rlz
0Z9lIKjGJKbMoYpt/kUpQj6kUyr1cbSOs0EiNTNGq0H/S4j+6pYe6dLP6XuGOpRa
nqbVlO8zk9uCqirjP3XvNgT4n7B9daXQBDWH8VjhMuKsbAAvV7VBb1O/xhXvscXH
0i+ucyzPJqT8n26s9IwS
-----END CERTIFICATE-----
Generated at Tue Oct 15 02:13:10 2024 by rpki-client on console-fra.rpki-client.org