Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pPEFXWsSafh2xSt6G5fZAXLl0vg.roa
File:                     pPEFXWsSafh2xSt6G5fZAXLl0vg.roa (raw, json)
Hash identifier:          OBAKj7YKEmiwWOn6pG11gG4GqmGJDOnPPgPjPYWIX+k=
Subject key identifier:   A4:F1:05:5D:6B:12:69:F8:76:C5:2B:7A:1B:97:D9:01:72:E5:D2:F8
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DD0BFD81BA14109ADE9081D2108CAC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pPEFXWsSafh2xSt6G5fZAXLl0vg.roa
Signing time:             Tue 02 Jan 2024 06:29:38 +0000
ROA not before:           Tue 02 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210211
IP address blocks:        87.121.41.0/24 maxlen: 24
                          87.121.40.0/24 maxlen: 24
                          31.13.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:0b:fd:81:ba:14:10:9a:de:90:81:d2:10:8c:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4f1055d6b1269f876c52b7a1b97d90172e5d2f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8b:b5:75:84:f9:cd:8d:f8:f8:6b:86:2a:27:
                    88:3d:91:03:46:11:14:b5:da:75:2e:3d:ca:b3:cc:
                    7a:8c:79:e2:6f:fa:5c:a8:95:bd:14:4f:1e:6b:60:
                    2a:ba:91:88:8c:21:f3:3a:b0:52:58:c8:b0:b5:8b:
                    bb:c5:7b:24:89:4b:ce:72:0d:80:73:91:5d:8c:39:
                    50:8a:a0:f1:04:75:df:37:b5:4b:1c:9e:49:26:d4:
                    23:d5:fa:94:c4:39:3b:33:e2:ca:b1:65:29:d7:b9:
                    fb:31:c5:92:d2:03:8d:99:3f:48:c9:33:0d:43:d6:
                    2b:f7:62:a5:c9:70:ef:23:b0:93:6c:49:d2:af:02:
                    a0:4b:97:52:68:a8:5a:7b:ea:49:7f:be:53:fd:da:
                    0a:e6:ec:20:b6:bd:fd:72:b3:9b:0b:31:b2:9c:cf:
                    a9:a7:bf:06:1f:a4:4c:38:ab:c3:ea:c0:c2:97:58:
                    5d:ec:67:4d:63:c9:4d:30:35:fa:67:5a:0b:8b:0a:
                    ea:e8:57:03:c9:59:65:31:d6:dc:c1:78:f7:8b:dd:
                    1b:db:c8:0c:c8:ee:eb:ef:93:28:d9:5d:18:da:93:
                    67:27:40:60:d7:65:d7:e5:05:69:6e:44:ee:5c:3c:
                    8f:82:4a:b3:bf:4d:91:42:06:e9:2b:ed:70:22:0b:
                    b5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F1:05:5D:6B:12:69:F8:76:C5:2B:7A:1B:97:D9:01:72:E5:D2:F8
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pPEFXWsSafh2xSt6G5fZAXLl0vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.226.0/24
                  87.121.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:0a:5a:6b:2b:68:9f:9b:50:ec:e7:f9:bb:ac:8f:b8:d0:f6:
         67:a7:42:ad:63:68:5e:70:f1:87:9b:23:13:a8:08:41:08:d2:
         af:46:28:95:c9:5f:55:d5:07:f8:20:1a:b7:22:c5:3b:bd:76:
         a0:bb:16:b5:4f:36:70:42:8b:da:8d:12:e0:37:07:7a:09:e8:
         ee:2d:ec:8b:7f:55:7c:1f:f8:8e:44:48:6e:f0:e6:f7:a9:c5:
         7d:d6:ad:0b:1d:6b:2c:ed:92:a1:a6:ef:9d:fa:e4:f2:ce:60:
         f4:f6:6e:5b:52:52:cd:ab:32:9c:14:60:c3:2a:46:78:a5:49:
         63:fa:39:4f:a7:82:43:c2:24:c3:4f:08:15:01:9d:21:57:d2:
         ed:97:ae:e1:4b:44:4f:d8:fd:37:3c:9e:26:95:2c:90:18:30:
         ea:18:7a:ae:aa:f5:fc:c6:1d:ec:5b:d9:ea:7d:3f:ee:c7:9c:
         a4:38:f5:5a:f7:df:4b:51:23:02:c6:eb:8f:f0:32:47:ed:2a:
         0b:27:84:54:2b:9e:c0:2c:9b:e2:ce:92:33:c5:db:ea:24:68:
         3b:4f:60:e2:9d:c9:61:80:b7:7a:2c:29:21:6d:d4:39:da:16:
         bc:41:0d:39:52:60:21:c7:af:73:fe:7e:0f:4f:f6:60:ca:7d:
         95:30:e5:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3Qv9gboUEJrekIHSEIysMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGYxMDU1ZDZiMTI2OWY4NzZjNTJiN2ExYjk3ZDkwMTcyZTVkMmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiou1dYT5zY34+GuGKieIPZEDRhEU
tdp1Lj3Ks8x6jHnib/pcqJW9FE8ea2AqupGIjCHzOrBSWMiwtYu7xXskiUvOcg2A
c5FdjDlQiqDxBHXfN7VLHJ5JJtQj1fqUxDk7M+LKsWUp17n7McWS0gONmT9IyTMN
Q9Yr92KlyXDvI7CTbEnSrwKgS5dSaKhae+pJf75T/doK5uwgtr39crObCzGynM+p
p78GH6RMOKvD6sDCl1hd7GdNY8lNMDX6Z1oLiwrq6FcDyVllMdbcwXj3i90b28gM
yO7r75Mo2V0Y2pNnJ0Bg12XX5QVpbkTuXDyPgkqzv02RQgbpK+1wIgu10QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKTxBV1rEmn4dsUrehuX2QFy5dL4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcFBFRlhXc1NhZmgyeFN0Nkc1ZlpBWExsMHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHw3iAwQB
V3koMA0GCSqGSIb3DQEBCwUAA4IBAQCNClprK2ifm1Ds5/m7rI+40PZnp0KtY2he
cPGHmyMTqAhBCNKvRiiVyV9V1Qf4IBq3IsU7vXaguxa1TzZwQovajRLgNwd6Ceju
LeyLf1V8H/iOREhu8Ob3qcV91q0LHWss7ZKhpu+d+uTyzmD09m5bUlLNqzKcFGDD
KkZ4pUlj+jlPp4JDwiTDTwgVAZ0hV9Ltl67hS0RP2P03PJ4mlSyQGDDqGHquqvX8
xh3sW9nqfT/ux5ykOPVa999LUSMCxuuP8DJH7SoLJ4RUK57ALJvizpIzxdvqJGg7
T2DinclhgLd6LCkhbdQ52ha8QQ05UmAhx69z/n4PT/Zgyn2VMOVu
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:35:58 2024 by rpki-client on console-ams.rpki-client.org