Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/qJ6WysllYVLPnrlfLVZ01u8n2BY.roa
File:                     qJ6WysllYVLPnrlfLVZ01u8n2BY.roa (raw, json)
Hash identifier:          bvDs+Su0TF6vByOWKz1ztpBJ/3teRzsXLI4qT/0OcOA=
Subject key identifier:   A8:9E:96:CA:C9:65:61:52:CF:9E:B9:5F:2D:56:74:D6:EF:27:D8:16
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       018CC3B6DEEC2EFAEEB6C5CE1C8DDA72217A
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/qJ6WysllYVLPnrlfLVZ01u8n2BY.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        81.31.242.0/23 maxlen: 24
                          81.31.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:de:ec:2e:fa:ee:b6:c5:ce:1c:8d:da:72:21:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a89e96cac9656152cf9eb95f2d5674d6ef27d816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d0:3e:56:4f:69:58:a9:69:92:65:7d:56:57:
                    95:37:14:82:9a:5a:d5:24:d1:f8:47:bf:ba:02:0c:
                    50:f5:59:f6:77:d4:0c:e0:2e:43:49:ca:fb:90:e6:
                    12:69:15:4f:c8:f0:02:2b:6f:17:95:96:e5:83:4b:
                    69:0d:6b:97:97:be:82:c6:1f:57:3e:74:ea:5a:37:
                    04:3d:69:3d:31:6e:6a:9e:b2:97:4a:76:8b:0b:d6:
                    01:95:86:2b:d4:48:37:30:21:98:30:6d:00:2b:62:
                    29:93:6d:84:ee:2e:32:12:08:96:1c:4d:b3:19:9a:
                    90:9c:cd:9f:b4:fe:3e:3b:1c:b5:c9:bc:d2:65:1f:
                    93:28:28:7e:94:77:76:92:03:81:04:49:40:c6:23:
                    5e:35:47:a4:d0:80:dc:2e:e7:6a:78:4d:4b:7b:17:
                    f7:2c:02:ae:a7:d7:67:13:a6:85:27:4c:ce:31:0b:
                    db:4a:82:c1:71:fa:53:7e:d1:cc:95:27:ab:0f:c1:
                    39:52:37:42:6c:a9:17:88:b2:1d:ea:d0:a7:30:8f:
                    05:a1:0f:00:da:be:c0:25:76:27:8d:5f:87:d6:b5:
                    83:39:14:ed:35:55:8f:1e:e5:55:6a:e6:71:6d:75:
                    18:16:99:11:8a:3a:d3:bb:be:29:1b:5b:17:b1:bf:
                    4b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:9E:96:CA:C9:65:61:52:CF:9E:B9:5F:2D:56:74:D6:EF:27:D8:16
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/qJ6WysllYVLPnrlfLVZ01u8n2BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.242.0/23
                  81.31.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:ac:94:fa:9b:4e:d6:32:7c:1f:37:da:c2:f6:7a:51:5b:51:
         25:04:23:65:26:db:f1:87:24:cb:cb:13:a8:fa:54:4e:99:09:
         a3:c2:3d:be:7a:f4:76:ba:a8:a7:6a:fa:8d:37:44:b3:b5:42:
         79:26:9b:6a:ec:7e:43:e1:23:4b:62:5d:26:43:40:79:83:a7:
         e1:d1:dc:a5:4f:8b:b3:7a:e4:85:d7:b8:19:aa:8e:be:29:5d:
         94:d4:13:ca:08:bb:78:8a:af:43:50:aa:b8:8b:d9:70:df:4a:
         d1:43:b6:cf:cf:84:0a:b9:5b:06:7a:7a:08:f7:78:32:c6:46:
         14:86:e6:2d:98:70:e1:8b:2c:3c:1a:bc:06:84:81:9d:20:5c:
         76:07:76:d7:33:58:58:0f:1c:f0:84:d4:04:18:73:a2:7a:c2:
         6d:dd:38:be:95:ff:c2:22:7c:3a:88:b3:57:f7:62:dd:ee:bc:
         4a:ff:b3:c0:36:b0:ed:e2:2a:93:71:57:80:fd:62:64:22:cb:
         45:ae:e9:4b:3c:d0:9f:ec:ae:c0:ad:96:dc:5f:0e:e6:4f:67:
         7f:05:16:68:6b:e3:dc:c0:7a:8b:f3:3a:c3:6a:fa:ed:14:32:
         52:81:89:7e:e4:f1:9a:a3:5a:50:23:80:92:c8:ce:53:8e:d7:
         87:d9:5e:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtt7sLvrutsXOHI3aciF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODllOTZjYWM5NjU2MTUyY2Y5ZWI5NWYyZDU2NzRkNmVmMjdkODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tA+Vk9pWKlpkmV9VleVNxSCmlrV
JNH4R7+6AgxQ9Vn2d9QM4C5DScr7kOYSaRVPyPACK28XlZblg0tpDWuXl76Cxh9X
PnTqWjcEPWk9MW5qnrKXSnaLC9YBlYYr1Eg3MCGYMG0AK2Ipk22E7i4yEgiWHE2z
GZqQnM2ftP4+Oxy1ybzSZR+TKCh+lHd2kgOBBElAxiNeNUek0IDcLudqeE1Lexf3
LAKup9dnE6aFJ0zOMQvbSoLBcfpTftHMlSerD8E5UjdCbKkXiLId6tCnMI8FoQ8A
2r7AJXYnjV+H1rWDORTtNVWPHuVVauZxbXUYFpkRijrTu74pG1sXsb9LvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKielsrJZWFSz565Xy1WdNbvJ9gWMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvcUo2V3lzbGxZVkxQbnJsZkxWWjAxdThuMkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUR/yAwQC
UR/8MA0GCSqGSIb3DQEBCwUAA4IBAQB5rJT6m07WMnwfN9rC9npRW1ElBCNlJtvx
hyTLyxOo+lROmQmjwj2+evR2uqinavqNN0SztUJ5Jptq7H5D4SNLYl0mQ0B5g6fh
0dylT4uzeuSF17gZqo6+KV2U1BPKCLt4iq9DUKq4i9lw30rRQ7bPz4QKuVsGenoI
93gyxkYUhuYtmHDhiyw8GrwGhIGdIFx2B3bXM1hYDxzwhNQEGHOiesJt3Ti+lf/C
Inw6iLNX92Ld7rxK/7PANrDt4iqTcVeA/WJkIstFrulLPNCf7K7ArZbcXw7mT2d/
BRZoa+PcwHqL8zrDavrtFDJSgYl+5PGao1pQI4CSyM5TjteH2V5W
-----END CERTIFICATE-----
Generated at Sun Nov 24 22:17:08 2024 by rpki-client on console-fra.rpki-client.org