Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/vW265rO1JEkqyTDXZS1z7uzvkDA.roa
File:                     vW265rO1JEkqyTDXZS1z7uzvkDA.roa (raw, json)
Hash identifier:          SLemooOR+lg+zWioEoBZbwbxcStmVJpgNeayv+v5O3U=
Subject key identifier:   BD:6D:BA:E6:B3:B5:24:49:2A:C9:30:D7:65:2D:73:EE:EC:EF:90:30
Certificate issuer:       /CN=62c66267943d413cdf760dc6850104c1c0fc1d65
Certificate serial:       018E560F46198DE66F48337B658DEAA81032
Authority key identifier: 62:C6:62:67:94:3D:41:3C:DF:76:0D:C6:85:01:04:C1:C0:FC:1D:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/vW265rO1JEkqyTDXZS1z7uzvkDA.roa
Signing time:             Tue 19 Mar 2024 09:33:45 +0000
ROA not before:           Tue 19 Mar 2024 09:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202108
IP address blocks:        89.31.138.0/24 maxlen: 24
                          89.31.140.0/24 maxlen: 24
                          89.31.142.0/24 maxlen: 24
                          89.31.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:56:0f:46:19:8d:e6:6f:48:33:7b:65:8d:ea:a8:10:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62c66267943d413cdf760dc6850104c1c0fc1d65
        Validity
            Not Before: Mar 19 09:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd6dbae6b3b524492ac930d7652d73eeecef9030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a9:e8:40:33:fb:e1:5a:54:37:7b:78:c0:ed:
                    14:78:09:87:a2:8d:d0:cc:79:7e:66:81:b8:ba:30:
                    d7:8d:0e:d0:b4:28:2a:ce:b2:c4:d6:22:52:24:b6:
                    aa:af:29:9f:48:7c:a5:52:f1:7d:5f:af:d0:39:e3:
                    b3:3f:0d:2f:bc:fa:3a:60:f7:6d:24:e2:d2:ae:56:
                    2e:11:42:b3:d2:01:d8:b3:cf:b9:80:f5:b1:61:fb:
                    eb:67:fa:4e:8d:20:db:9f:9f:13:e4:4c:fa:b0:81:
                    63:ce:e9:9f:e3:9f:5c:98:9b:91:da:e0:c1:08:0b:
                    85:d2:5d:79:ea:56:c7:d5:9a:9a:8f:fe:2d:47:e3:
                    24:1a:83:43:9d:bc:ea:44:ff:59:84:43:40:55:71:
                    5c:d5:e5:62:ba:3d:47:3e:25:9b:b3:42:22:33:b8:
                    26:10:c0:8c:d5:b9:8e:d7:99:7d:8c:60:b7:4d:40:
                    7e:e2:d7:4b:49:41:9d:33:09:35:29:ea:9e:68:e6:
                    30:bd:a2:73:5f:94:05:28:76:40:53:cb:4b:88:d5:
                    58:a4:3c:68:ec:0b:f2:bd:bd:84:c3:b4:74:c1:6d:
                    01:b4:80:bd:02:73:72:2a:7e:b8:21:24:28:36:bd:
                    19:d2:02:c3:ce:18:5a:dd:53:e3:b1:1b:45:a2:38:
                    4a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:6D:BA:E6:B3:B5:24:49:2A:C9:30:D7:65:2D:73:EE:EC:EF:90:30
            X509v3 Authority Key Identifier:
                keyid:62:C6:62:67:94:3D:41:3C:DF:76:0D:C6:85:01:04:C1:C0:FC:1D:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/vW265rO1JEkqyTDXZS1z7uzvkDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/50f4f7-49cc-4c82-9324-a9d7ad442b3b/1/YsZiZ5Q9QTzfdg3GhQEEwcD8HWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.138.0/24
                  89.31.140.0/24
                  89.31.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:ae:79:aa:07:b6:65:58:d5:e9:82:c3:56:88:f2:bc:d1:43:
         a9:e3:dc:61:72:14:9f:ef:b7:bd:06:fd:7c:0f:25:a6:25:e7:
         59:3d:0d:4b:2f:1c:0f:19:6e:6f:cf:68:e6:15:3c:25:25:72:
         58:44:ea:5a:0a:8f:ab:90:07:2b:5b:23:c6:f8:c7:e5:f8:0a:
         ea:84:9e:89:32:5d:bf:33:62:31:54:04:66:7d:44:ea:57:a5:
         48:59:7c:19:61:cc:50:b0:7e:59:2c:c7:0c:f8:d9:d3:21:56:
         47:1b:41:7b:68:22:6e:91:8a:dc:42:47:81:44:69:38:62:d0:
         7d:9f:fe:d3:14:e3:42:16:3c:61:10:ef:fd:eb:89:6e:77:89:
         ef:4f:bf:e9:53:1a:d9:0b:60:44:68:33:83:4c:f5:e7:d2:da:
         73:f8:f3:66:53:1d:d4:b4:94:34:5c:ea:27:66:51:04:f6:e4:
         26:fe:1b:91:e7:d2:d9:af:b1:ba:02:bf:a7:20:bb:38:14:ab:
         3f:48:ba:18:7b:a7:35:06:89:82:c1:5c:1c:7e:bf:41:6f:d2:
         f1:eb:e2:1a:10:70:3e:c5:08:38:e6:aa:f8:02:40:ce:1a:59:
         c8:bd:43:17:d8:58:83:51:c5:93:bb:68:3b:35:c4:3e:c8:3a:
         95:75:d6:8c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY5WD0YZjeZvSDN7ZY3qqBAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYzY2MjY3OTQzZDQxM2NkZjc2MGRjNjg1MDEwNGMxYzBm
YzFkNjUwHhcNMjQwMzE5MDkzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDZkYmFlNmIzYjUyNDQ5MmFjOTMwZDc2NTJkNzNlZWVjZWY5MDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqnoQDP74VpUN3t4wO0UeAmHoo3Q
zHl+ZoG4ujDXjQ7QtCgqzrLE1iJSJLaqrymfSHylUvF9X6/QOeOzPw0vvPo6YPdt
JOLSrlYuEUKz0gHYs8+5gPWxYfvrZ/pOjSDbn58T5Ez6sIFjzumf459cmJuR2uDB
CAuF0l156lbH1Zqaj/4tR+MkGoNDnbzqRP9ZhENAVXFc1eViuj1HPiWbs0IiM7gm
EMCM1bmO15l9jGC3TUB+4tdLSUGdMwk1KeqeaOYwvaJzX5QFKHZAU8tLiNVYpDxo
7Avyvb2Ew7R0wW0BtIC9AnNyKn64ISQoNr0Z0gLDzhha3VPjsRtFojhK7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL1tuuaztSRJKskw12Utc+7s75AwMB8GA1UdIwQY
MBaAFGLGYmeUPUE833YNxoUBBMHA/B1lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXNaaVo1UTlRVHpmZGczR2hRRUV3Y0Q4SFdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81MGY0ZjctNDljYy00YzgyLTkzMjQt
YTlkN2FkNDQyYjNiLzEvdlcyNjVyTzFKRWtxeVREWFpTMXo3dXp2a0RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81MGY0ZjctNDljYy00YzgyLTkzMjQtYTlkN2FkNDQyYjNi
LzEvWXNaaVo1UTlRVHpmZGczR2hRRUV3Y0Q4SFdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWR+KAwQA
WR+MAwQBWR+OMA0GCSqGSIb3DQEBCwUAA4IBAQAsrnmqB7ZlWNXpgsNWiPK80UOp
49xhchSf77e9Bv18DyWmJedZPQ1LLxwPGW5vz2jmFTwlJXJYROpaCo+rkAcrWyPG
+Mfl+ArqhJ6JMl2/M2IxVARmfUTqV6VIWXwZYcxQsH5ZLMcM+NnTIVZHG0F7aCJu
kYrcQkeBRGk4YtB9n/7TFONCFjxhEO/964lud4nvT7/pUxrZC2BEaDODTPXn0tpz
+PNmUx3UtJQ0XOonZlEE9uQm/huR59LZr7G6Ar+nILs4FKs/SLoYe6c1BomCwVwc
fr9Bb9Lx6+IaEHA+xQg45qr4AkDOGlnIvUMX2FiDUcWTu2g7NcQ+yDqVddaM
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:12:58 2024 by rpki-client on console-fra.rpki-client.org