Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/bGEtg8HRG22cZRcPvkPLCVyCzDk.roa
File:                     bGEtg8HRG22cZRcPvkPLCVyCzDk.roa (raw, json)
Hash identifier:          TT7jtFQbtnPJLTUZEX6aUJw3aAnM2gbQm9Naj8EA+2Y=
Subject key identifier:   6C:61:2D:83:C1:D1:1B:6D:9C:65:17:0F:BE:43:CB:09:5C:82:CC:39
Certificate issuer:       /CN=4ba7b24f87ea51446d519afd4fe60419198ec012
Certificate serial:       018CC7947EEA75A0BE0CC050AE3048539641
Authority key identifier: 4B:A7:B2:4F:87:EA:51:44:6D:51:9A:FD:4F:E6:04:19:19:8E:C0:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S6eyT4fqUURtUZr9T-YEGRmOwBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/bGEtg8HRG22cZRcPvkPLCVyCzDk.roa
Signing time:             Tue 02 Jan 2024 00:30:46 +0000
ROA not before:           Tue 02 Jan 2024 00:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49010
IP address blocks:        193.187.164.0/22 maxlen: 22
                          91.207.2.0/23 maxlen: 23
                          109.232.72.0/21 maxlen: 21
                          185.20.140.0/22 maxlen: 22
                          84.252.76.0/22 maxlen: 22
                          86.62.24.0/22 maxlen: 22
                          2a09:5500::/29 maxlen: 29
                          2a00:19f8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/S6eyT4fqUURtUZr9T-YEGRmOwBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/S6eyT4fqUURtUZr9T-YEGRmOwBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S6eyT4fqUURtUZr9T-YEGRmOwBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:7e:ea:75:a0:be:0c:c0:50:ae:30:48:53:96:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ba7b24f87ea51446d519afd4fe60419198ec012
        Validity
            Not Before: Jan  2 00:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c612d83c1d11b6d9c65170fbe43cb095c82cc39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f5:99:d2:7f:50:31:7f:1e:ac:03:17:53:3d:
                    66:75:6f:36:15:2e:90:27:37:9e:6b:ea:01:2a:f3:
                    1b:25:ec:0d:21:df:7b:75:fe:f0:b6:3f:38:91:8e:
                    aa:f7:1f:e4:0e:3f:78:e6:7e:f8:c5:82:1e:2b:6e:
                    87:a8:ee:b5:8e:5d:21:f5:0a:10:53:04:ca:8e:9b:
                    17:c6:16:06:4b:a3:90:b5:80:e0:e8:44:55:8a:8b:
                    e0:7a:bd:31:8d:44:08:d8:9f:51:bc:98:71:f9:c3:
                    0f:a8:12:6c:f4:cc:ec:d4:28:e4:4c:18:59:47:3d:
                    54:b4:d2:2b:23:11:65:d6:35:98:3a:5c:75:68:b8:
                    e0:af:a1:25:be:9c:2c:bc:8d:c0:87:6a:ee:d8:90:
                    79:db:8a:da:d8:ce:42:d2:66:28:df:84:b2:7f:58:
                    b8:aa:39:54:dc:09:08:c1:2d:29:10:58:52:90:4f:
                    ab:2f:b5:e0:9d:25:ab:16:27:a2:fb:f2:ec:a4:ad:
                    7a:fa:06:47:4b:48:36:09:ac:41:8f:a4:1f:3d:15:
                    7d:33:fa:94:05:57:28:78:3d:f2:5c:2d:84:d2:6f:
                    6c:95:d8:91:4d:87:8b:a3:ad:18:3d:61:93:4b:19:
                    c5:67:90:d2:80:77:3f:22:34:5a:32:d9:9b:71:74:
                    34:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:61:2D:83:C1:D1:1B:6D:9C:65:17:0F:BE:43:CB:09:5C:82:CC:39
            X509v3 Authority Key Identifier:
                keyid:4B:A7:B2:4F:87:EA:51:44:6D:51:9A:FD:4F:E6:04:19:19:8E:C0:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S6eyT4fqUURtUZr9T-YEGRmOwBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/bGEtg8HRG22cZRcPvkPLCVyCzDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/31fded-6fde-45ce-b358-a26889ee22c2/1/S6eyT4fqUURtUZr9T-YEGRmOwBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.76.0/22
                  86.62.24.0/22
                  91.207.2.0/23
                  109.232.72.0/21
                  185.20.140.0/22
                  193.187.164.0/22
                IPv6:
                  2a00:19f8::/32
                  2a09:5500::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:23:4c:1a:ea:ff:e5:38:dc:a9:d4:cc:b8:2d:b2:4d:cb:c6:
         64:a6:fa:d6:4e:ea:16:ee:a3:1f:9a:b6:07:fe:23:20:f3:60:
         91:43:49:e9:01:25:b7:bb:9c:ca:11:b8:9e:03:61:33:5e:9e:
         3f:4f:49:47:91:cf:d8:d8:9a:2f:1b:77:2d:1f:57:2e:71:2b:
         af:17:c6:a8:f6:31:65:6d:c6:43:9e:44:7e:40:c0:34:b9:95:
         e9:f3:89:df:74:75:bf:02:2a:34:e6:ea:55:50:86:ce:cd:ba:
         39:bf:51:b2:2f:b4:e0:a2:6d:7f:8c:df:81:11:bb:e4:f6:ae:
         ac:cb:49:6d:b7:7a:41:aa:9f:42:43:7e:30:76:12:ba:bc:04:
         52:9a:39:aa:f4:c3:fc:a5:97:25:df:38:0e:42:92:d9:f4:86:
         fd:b7:0d:f1:49:16:16:67:2a:a2:d5:2a:f7:04:33:25:10:63:
         2e:6a:81:46:57:da:8b:8f:9e:96:ba:1e:cf:d8:d0:8c:a3:99:
         7a:21:c0:68:20:51:44:e0:f3:8c:88:8a:1e:31:7d:77:92:ea:
         4e:4b:dd:20:8d:ee:19:06:fb:bc:be:73:f1:d4:7c:74:1c:0c:
         06:84:c2:57:a8:8c:64:b7:88:03:56:0c:d8:ce:95:44:8e:bc:
         3c:7b:42:6b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYzHlH7qdaC+DMBQrjBIU5ZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiYTdiMjRmODdlYTUxNDQ2ZDUxOWFmZDRmZTYwNDE5MTk4
ZWMwMTIwHhcNMjQwMTAyMDAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzYxMmQ4M2MxZDExYjZkOWM2NTE3MGZiZTQzY2IwOTVjODJjYzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfWZ0n9QMX8erAMXUz1mdW82FS6Q
Jzeea+oBKvMbJewNId97df7wtj84kY6q9x/kDj945n74xYIeK26HqO61jl0h9QoQ
UwTKjpsXxhYGS6OQtYDg6ERViovger0xjUQI2J9RvJhx+cMPqBJs9Mzs1CjkTBhZ
Rz1UtNIrIxFl1jWYOlx1aLjgr6ElvpwsvI3Ah2ru2JB524ra2M5C0mYo34Syf1i4
qjlU3AkIwS0pEFhSkE+rL7XgnSWrFiei+/LspK16+gZHS0g2CaxBj6QfPRV9M/qU
BVcoeD3yXC2E0m9sldiRTYeLo60YPWGTSxnFZ5DSgHc/IjRaMtmbcXQ07wIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFGxhLYPB0RttnGUXD75Dywlcgsw5MB8GA1UdIwQY
MBaAFEunsk+H6lFEbVGa/U/mBBkZjsASMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzZleVQ0ZnFVVVJ0VVpyOVQtWUVHUm1Pd0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8zMWZkZWQtNmZkZS00NWNlLWIzNTgt
YTI2ODg5ZWUyMmMyLzEvYkdFdGc4SFJHMjJjWlJjUHZrUExDVnlDekRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8zMWZkZWQtNmZkZS00NWNlLWIzNTgtYTI2ODg5ZWUyMmMy
LzEvUzZleVQ0ZnFVVVJ0VVpyOVQtWUVHUm1Pd0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCVPxMAwQC
Vj4YAwQBW88CAwQDbehIAwQCuRSMAwQCwbukMBQEAgACMA4DBQAqABn4AwUDKglV
ADANBgkqhkiG9w0BAQsFAAOCAQEAJSNMGur/5TjcqdTMuC2yTcvGZKb61k7qFu6j
H5q2B/4jIPNgkUNJ6QElt7ucyhG4ngNhM16eP09JR5HP2NiaLxt3LR9XLnErrxfG
qPYxZW3GQ55EfkDANLmV6fOJ33R1vwIqNObqVVCGzs26Ob9Rsi+04KJtf4zfgRG7
5PaurMtJbbd6QaqfQkN+MHYSurwEUpo5qvTD/KWXJd84DkKS2fSG/bcN8UkWFmcq
otUq9wQzJRBjLmqBRlfai4+elroez9jQjKOZeiHAaCBRRODzjIiKHjF9d5LqTkvd
II3uGQb7vL5z8dR8dBwMBoTCV6iMZLeIA1YM2M6VRI68PHtCaw==
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:29:12 2024 by rpki-client on console-fra.rpki-client.org