Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/JaqgkTEbVQqq9eSSzzSg8W-rC4Q.roa
File:                     JaqgkTEbVQqq9eSSzzSg8W-rC4Q.roa (raw, json)
Hash identifier:          /Yc7gy4ujAHA1pcBVyzHrflwQs37oTWhEK5fqgJFkKI=
Subject key identifier:   25:AA:A0:91:31:1B:55:0A:AA:F5:E4:92:CF:34:A0:F1:6F:AB:0B:84
Certificate issuer:       /CN=02d0e88885ef48b20c87b76fd85d42e6eb3d7183
Certificate serial:       018CC500F972B34148A43500BC00D26140A1
Authority key identifier: 02:D0:E8:88:85:EF:48:B2:0C:87:B7:6F:D8:5D:42:E6:EB:3D:71:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AtDoiIXvSLIMh7dv2F1C5us9cYM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/JaqgkTEbVQqq9eSSzzSg8W-rC4Q.roa
Signing time:             Mon 01 Jan 2024 12:30:24 +0000
ROA not before:           Mon 01 Jan 2024 12:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51764
IP address blocks:        46.31.0.0/21 maxlen: 24
                          46.31.6.0/24 maxlen: 24
                          91.102.200.0/21 maxlen: 24
                          91.102.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/AtDoiIXvSLIMh7dv2F1C5us9cYM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/AtDoiIXvSLIMh7dv2F1C5us9cYM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AtDoiIXvSLIMh7dv2F1C5us9cYM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:f9:72:b3:41:48:a4:35:00:bc:00:d2:61:40:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02d0e88885ef48b20c87b76fd85d42e6eb3d7183
        Validity
            Not Before: Jan  1 12:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25aaa091311b550aaaf5e492cf34a0f16fab0b84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7b:d7:c9:9b:f1:65:c4:cc:07:70:19:22:aa:
                    2c:e1:cc:91:d1:a8:c0:41:2b:2b:20:a4:a7:14:87:
                    ee:bf:b1:c7:a1:4d:85:a7:1b:09:df:3b:35:0f:9f:
                    06:e6:48:5e:8a:06:69:15:7a:46:3b:e0:94:97:d4:
                    c9:46:87:82:8c:79:a9:76:40:bc:a0:a3:87:6d:60:
                    0a:cd:e1:b0:9b:e1:b8:1a:4c:bf:4d:65:46:53:17:
                    27:e8:40:e1:9f:11:e7:6d:69:e7:57:ea:82:ab:cd:
                    58:b9:5f:e1:73:63:e1:ce:d0:4f:31:51:5d:50:b8:
                    c6:d7:a5:67:19:1c:51:52:24:9a:5c:9c:51:e2:a0:
                    08:97:ed:39:9b:68:c7:fd:88:3d:95:b6:54:1e:90:
                    45:26:a3:a9:a1:00:20:ae:1b:17:ad:eb:c6:4d:75:
                    cf:44:57:8c:59:22:4a:40:26:5c:b4:dd:b8:94:62:
                    a5:7b:24:ce:49:be:5f:01:b1:b9:29:df:0f:78:41:
                    30:82:1d:e3:f4:d3:16:76:46:10:85:1d:65:88:41:
                    e3:6c:74:26:e1:58:29:70:c5:5c:ad:d9:c7:b1:72:
                    ba:ca:27:15:dc:5e:89:8f:98:dc:75:92:73:27:f2:
                    7a:1c:30:3f:07:26:0e:ef:27:08:50:13:55:97:9e:
                    e8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:AA:A0:91:31:1B:55:0A:AA:F5:E4:92:CF:34:A0:F1:6F:AB:0B:84
            X509v3 Authority Key Identifier:
                keyid:02:D0:E8:88:85:EF:48:B2:0C:87:B7:6F:D8:5D:42:E6:EB:3D:71:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AtDoiIXvSLIMh7dv2F1C5us9cYM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/JaqgkTEbVQqq9eSSzzSg8W-rC4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/AtDoiIXvSLIMh7dv2F1C5us9cYM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.0.0/21
                  91.102.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:1e:d0:6e:42:2d:00:8c:f7:cd:b3:82:e4:9a:03:ec:64:3a:
         91:49:d5:d5:37:e4:03:c9:07:07:94:66:60:66:27:e5:1b:ee:
         68:19:6f:31:05:85:d8:97:a1:20:12:83:85:76:0f:f5:c9:b9:
         2e:f9:a5:75:05:fe:9d:04:4e:84:71:bf:a5:d5:96:cd:4c:d5:
         a1:41:89:b7:4a:2d:38:7d:26:a4:b9:5a:64:cd:53:c6:83:f1:
         ab:a4:f4:a3:6a:46:9c:a2:f1:57:05:2d:07:c9:56:46:e2:bd:
         c0:5f:fe:8f:11:26:47:bf:e3:e2:8a:a0:b4:25:42:e3:b8:65:
         ba:66:e9:88:ed:f5:2e:6c:d8:12:36:26:3e:bc:36:41:40:04:
         ee:4e:6a:28:2d:84:21:d0:d9:53:2a:c5:28:0f:d7:7b:8c:14:
         5f:20:05:2b:40:fe:df:d2:71:09:23:ad:7f:ff:34:ee:18:bb:
         5b:b0:e0:f6:d5:56:15:33:c7:e6:b3:0a:74:cf:cd:d1:a8:53:
         97:d0:f1:92:b1:43:79:07:52:d6:a0:e7:e7:e9:2d:be:df:b8:
         7e:26:af:10:d2:d6:bc:d4:d0:c7:e5:fe:ed:fb:70:e4:ba:c1:
         70:4d:9c:13:65:3d:93:f8:48:7a:8e:92:b5:7e:00:d4:74:ea:
         e0:c7:a1:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAPlys0FIpDUAvADSYUChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZDBlODg4ODVlZjQ4YjIwYzg3Yjc2ZmQ4NWQ0MmU2ZWIz
ZDcxODMwHhcNMjQwMTAxMTIzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWFhYTA5MTMxMWI1NTBhYWFmNWU0OTJjZjM0YTBmMTZmYWIwYjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXvXyZvxZcTMB3AZIqos4cyR0ajA
QSsrIKSnFIfuv7HHoU2FpxsJ3zs1D58G5kheigZpFXpGO+CUl9TJRoeCjHmpdkC8
oKOHbWAKzeGwm+G4Gky/TWVGUxcn6EDhnxHnbWnnV+qCq81YuV/hc2PhztBPMVFd
ULjG16VnGRxRUiSaXJxR4qAIl+05m2jH/Yg9lbZUHpBFJqOpoQAgrhsXrevGTXXP
RFeMWSJKQCZctN24lGKleyTOSb5fAbG5Kd8PeEEwgh3j9NMWdkYQhR1liEHjbHQm
4VgpcMVcrdnHsXK6yicV3F6Jj5jcdZJzJ/J6HDA/ByYO7ycIUBNVl57oeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCWqoJExG1UKqvXkks80oPFvqwuEMB8GA1UdIwQY
MBaAFALQ6IiF70iyDIe3b9hdQubrPXGDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXREb2lJWHZTTElNaDdkdjJGMUM1dXM5Y1lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ZjRlYjYtNjAyNi00MDk4LTg4ZDct
OTUzYzY4NTA2ZDVjLzEvSmFxZ2tURWJWUXFxOWVTU3p6U2c4Vy1yQzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ZjRlYjYtNjAyNi00MDk4LTg4ZDctOTUzYzY4NTA2ZDVj
LzEvQXREb2lJWHZTTElNaDdkdjJGMUM1dXM5Y1lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLh8AAwQD
W2bIMA0GCSqGSIb3DQEBCwUAA4IBAQBkHtBuQi0AjPfNs4LkmgPsZDqRSdXVN+QD
yQcHlGZgZiflG+5oGW8xBYXYl6EgEoOFdg/1ybku+aV1Bf6dBE6Ecb+l1ZbNTNWh
QYm3Si04fSakuVpkzVPGg/GrpPSjakacovFXBS0HyVZG4r3AX/6PESZHv+PiiqC0
JULjuGW6ZumI7fUubNgSNiY+vDZBQATuTmooLYQh0NlTKsUoD9d7jBRfIAUrQP7f
0nEJI61//zTuGLtbsOD21VYVM8fmswp0z83RqFOX0PGSsUN5B1LWoOfn6S2+37h+
Jq8Q0ta81NDH5f7t+3DkusFwTZwTZT2T+Eh6jpK1fgDUdOrgx6FJ
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:51:25 2024 by rpki-client on console-fra.rpki-client.org