Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/d9e16d-7e8c-43ec-99f7-e296cfd97209/1/RVsH6CAWrIktktTpTAC32jhEKR0.roa
File:                     RVsH6CAWrIktktTpTAC32jhEKR0.roa (raw, json)
Hash identifier:          q61Z1B9KQVemXxPOQzWxjkSRVw8FECJGsxiAJERWNws=
Subject key identifier:   45:5B:07:E8:20:16:AC:89:2D:92:D4:E9:4C:00:B7:DA:38:44:29:1D
Certificate issuer:       /CN=e566e0e51628554cd92634b711ab758f8467c485
Certificate serial:       018CC56DF57B83A50F1A6C1E0A6BECE8FA5A
Authority key identifier: E5:66:E0:E5:16:28:55:4C:D9:26:34:B7:11:AB:75:8F:84:67:C4:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Wbg5RYoVUzZJjS3Eat1j4RnxIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/d9e16d-7e8c-43ec-99f7-e296cfd97209/1/RVsH6CAWrIktktTpTAC32jhEKR0.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56837
IP address blocks:        86.39.64.0/20 maxlen: 20
                          31.22.16.0/24 maxlen: 24
                          31.22.20.0/22 maxlen: 22
                          2a00:6ec0:300::/40 maxlen: 40
                          2a00:6ec0:400::/40 maxlen: 40
                          2a00:6ec0:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/d9e16d-7e8c-43ec-99f7-e296cfd97209/1/5Wbg5RYoVUzZJjS3Eat1j4RnxIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/d9e16d-7e8c-43ec-99f7-e296cfd97209/1/5Wbg5RYoVUzZJjS3Eat1j4RnxIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Wbg5RYoVUzZJjS3Eat1j4RnxIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f5:7b:83:a5:0f:1a:6c:1e:0a:6b:ec:e8:fa:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e566e0e51628554cd92634b711ab758f8467c485
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=455b07e82016ac892d92d4e94c00b7da3844291d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d0:ea:c3:7a:23:c3:fe:74:15:7c:3a:99:6b:
                    af:1e:a7:25:45:2a:71:c1:d3:61:c2:24:b4:97:22:
                    94:e0:52:bf:51:98:b9:f3:e9:da:89:3e:0d:19:f5:
                    e6:2c:56:a1:f0:c2:26:3e:11:35:79:09:e5:b7:16:
                    c4:48:f5:63:69:7b:f7:33:51:41:e5:94:5f:4d:6a:
                    ea:e1:90:ed:fe:61:44:61:f8:91:36:ec:39:18:07:
                    99:da:fe:d5:a7:1d:34:e2:2c:1d:be:0f:48:eb:5d:
                    21:2f:31:3a:4f:03:88:de:24:55:ef:ae:97:18:a5:
                    eb:a5:99:31:92:26:dc:e5:af:71:97:72:cf:19:6b:
                    3e:02:3a:32:31:18:47:36:94:c3:2a:e1:36:3e:38:
                    2b:2d:fe:04:e5:7b:b7:27:4d:c9:c9:77:c5:df:e8:
                    a5:54:93:62:a3:b4:0d:7b:f8:d6:cb:4b:65:95:ed:
                    21:6b:ee:ec:46:c7:ed:7b:9d:dd:e4:80:a4:fd:22:
                    8e:56:2a:f3:ae:cf:e6:9e:f5:75:07:f0:fc:fb:03:
                    8f:41:d2:32:4a:e9:9f:90:43:ee:70:dd:d5:07:d2:
                    d7:04:b6:5c:97:71:01:d3:68:ec:b6:9a:65:3e:a0:
                    a9:9e:21:fc:5d:f2:06:c3:d7:20:6b:bd:18:9b:b4:
                    39:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:5B:07:E8:20:16:AC:89:2D:92:D4:E9:4C:00:B7:DA:38:44:29:1D
            X509v3 Authority Key Identifier:
                keyid:E5:66:E0:E5:16:28:55:4C:D9:26:34:B7:11:AB:75:8F:84:67:C4:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Wbg5RYoVUzZJjS3Eat1j4RnxIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d9e16d-7e8c-43ec-99f7-e296cfd97209/1/RVsH6CAWrIktktTpTAC32jhEKR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d9e16d-7e8c-43ec-99f7-e296cfd97209/1/5Wbg5RYoVUzZJjS3Eat1j4RnxIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.16.0/24
                  31.22.20.0/22
                  86.39.64.0/20
                IPv6:
                  2a00:6ec0:100::/40
                  2a00:6ec0:300::-2a00:6ec0:4ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4f:42:9d:a5:8f:68:c6:5d:4c:01:0c:6f:e7:f2:6d:49:bc:bd:
         8d:dc:cf:e4:9f:2f:a7:42:59:4a:b1:ae:09:ca:b1:cc:ca:ee:
         e9:0d:e9:cb:e5:5f:68:aa:aa:fa:54:cc:bf:72:c0:7f:78:bb:
         14:06:dd:1d:21:20:11:38:12:c8:1f:ad:39:c2:c8:12:e2:bd:
         bd:04:61:0f:27:d1:b2:c2:76:f0:c8:26:b7:f1:c5:06:8a:96:
         32:6a:81:b5:53:3b:bf:86:0e:88:5a:fe:3a:81:39:b3:37:69:
         bf:3a:bc:4a:5d:68:a5:f7:a5:20:e0:62:da:b7:92:f0:5a:2b:
         30:38:3b:60:27:9f:57:a2:97:55:62:89:e5:54:eb:e9:ab:66:
         cb:9f:54:3b:09:57:e8:22:79:7e:7f:ab:95:ce:b0:6d:4f:a3:
         2a:3a:ae:13:c7:b8:dc:83:8a:95:18:35:b0:cb:4c:18:9a:fa:
         26:36:3d:a0:ec:62:82:d7:b8:d0:4b:b2:5e:5a:01:da:f8:1f:
         4c:4e:a9:94:9e:b3:d6:85:0e:c5:66:82:a4:31:f1:a1:39:4d:
         72:c1:53:33:95:f7:e1:82:11:f1:4e:84:fb:0c:01:30:a6:69:
         7d:1d:6c:be:31:22:80:81:20:7c:ae:3b:02:7d:6b:1a:bc:00:
         5e:47:af:91
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzFbfV7g6UPGmweCmvs6PpaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NjZlMGU1MTYyODU1NGNkOTI2MzRiNzExYWI3NThmODQ2
N2M0ODUwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTViMDdlODIwMTZhYzg5MmQ5MmQ0ZTk0YzAwYjdkYTM4NDQyOTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdDqw3ojw/50FXw6mWuvHqclRSpx
wdNhwiS0lyKU4FK/UZi58+naiT4NGfXmLFah8MImPhE1eQnltxbESPVjaXv3M1FB
5ZRfTWrq4ZDt/mFEYfiRNuw5GAeZ2v7Vpx004iwdvg9I610hLzE6TwOI3iRV766X
GKXrpZkxkibc5a9xl3LPGWs+AjoyMRhHNpTDKuE2PjgrLf4E5Xu3J03JyXfF3+il
VJNio7QNe/jWy0tlle0ha+7sRsfte53d5ICk/SKOVirzrs/mnvV1B/D8+wOPQdIy
SumfkEPucN3VB9LXBLZcl3EB02jstpplPqCpniH8XfIGw9cga70Ym7Q5tQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFEVbB+ggFqyJLZLU6UwAt9o4RCkdMB8GA1UdIwQY
MBaAFOVm4OUWKFVM2SY0txGrdY+EZ8SFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVdiZzVSWW9WVXpaSmpTM0VhdDFqNFJueElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kOWUxNmQtN2U4Yy00M2VjLTk5Zjct
ZTI5NmNmZDk3MjA5LzEvUlZzSDZDQVdySWt0a3RUcFRBQzMyamhFS1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kOWUxNmQtN2U4Yy00M2VjLTk5ZjctZTI5NmNmZDk3MjA5
LzEvNVdiZzVSWW9WVXpaSmpTM0VhdDFqNFJueElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAYBAIAATASAwQAHxYQAwQC
HxYUAwQEVidAMCAEAgACMBoDBgAqAG7AATAQAwYAKgBuwAMDBgAqAG7ABDANBgkq
hkiG9w0BAQsFAAOCAQEAT0KdpY9oxl1MAQxv5/JtSby9jdzP5J8vp0JZSrGuCcqx
zMru6Q3py+VfaKqq+lTMv3LAf3i7FAbdHSEgETgSyB+tOcLIEuK9vQRhDyfRssJ2
8Mgmt/HFBoqWMmqBtVM7v4YOiFr+OoE5szdpvzq8Sl1opfelIOBi2reS8ForMDg7
YCefV6KXVWKJ5VTr6atmy59UOwlX6CJ5fn+rlc6wbU+jKjquE8e43IOKlRg1sMtM
GJr6JjY9oOxigte40EuyXloB2vgfTE6plJ6z1oUOxWaCpDHxoTlNcsFTM5X34YIR
8U6E+wwBMKZpfR1svjEigIEgfK47An1rGrwAXkevkQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:52:54 2024 by rpki-client on console-fra.rpki-client.org