Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/VySEaSKUsZBT5J4hVKWqC4NGm9g.roa
File:                     VySEaSKUsZBT5J4hVKWqC4NGm9g.roa (raw, json)
Hash identifier:          D+W1nYsTuNm5qNdjW/DateIq4v0rOpjhvK2P6N0HcFI=
Subject key identifier:   57:24:84:69:22:94:B1:90:53:E4:9E:21:54:A5:AA:0B:83:46:9B:D8
Certificate issuer:       /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial:       018F7306F051D149539E22B3DFF8CB74DF23
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/VySEaSKUsZBT5J4hVKWqC4NGm9g.roa
Signing time:             Mon 13 May 2024 17:36:25 +0000
ROA not before:           Mon 13 May 2024 17:36:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5400
IP address blocks:        212.49.131.0/24 maxlen: 24
                          212.49.167.0/24 maxlen: 24
                          212.49.181.0/24 maxlen: 24
                          212.49.190.0/24 maxlen: 24
                          212.163.206.0/24 maxlen: 24
                          213.9.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:73:06:f0:51:d1:49:53:9e:22:b3:df:f8:cb:74:df:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
        Validity
            Not Before: May 13 17:36:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=572484692294b19053e49e2154a5aa0b83469bd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:66:f5:1e:2d:36:04:47:5d:9c:a0:29:b5:cc:
                    ad:f2:6d:0a:e8:43:1f:bf:ba:97:5c:fb:53:06:a0:
                    94:c1:f5:1e:71:9d:a0:e2:4f:88:cc:29:97:26:65:
                    d2:e9:f0:2f:d7:da:16:13:79:0c:d8:e7:c1:22:d6:
                    e8:35:2d:00:22:17:e4:b5:72:7c:44:fc:a7:04:5a:
                    48:fc:d3:d3:7b:41:e1:41:31:38:ef:f0:2f:e5:d2:
                    8a:bd:c6:89:62:76:4e:1e:cc:4f:9c:db:17:98:d2:
                    3a:27:80:ea:7f:b6:aa:29:4a:15:2e:dd:ae:eb:c5:
                    a2:e4:e4:a1:ea:33:e8:cf:8c:d5:16:4c:a5:a5:c6:
                    9b:40:4e:d0:6b:98:b7:37:25:14:47:24:14:af:39:
                    9d:3e:b3:f8:d8:27:68:53:05:83:5c:10:d8:ee:4b:
                    12:c9:51:57:4c:2b:76:de:3c:32:da:c7:96:c5:32:
                    7f:55:22:16:d7:06:ce:f8:31:d0:80:5b:9e:76:89:
                    a0:86:eb:65:e3:b6:43:d8:29:f2:29:27:b5:b5:b4:
                    df:8a:66:78:9d:cb:f9:06:28:ea:da:f7:e4:77:3c:
                    a7:ef:60:6d:72:c1:04:fc:d6:d5:52:72:ea:61:29:
                    a8:11:4b:95:5b:e9:50:ea:97:5b:79:90:df:06:ed:
                    cb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:24:84:69:22:94:B1:90:53:E4:9E:21:54:A5:AA:0B:83:46:9B:D8
            X509v3 Authority Key Identifier:
                keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/VySEaSKUsZBT5J4hVKWqC4NGm9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.49.131.0/24
                  212.49.167.0/24
                  212.49.181.0/24
                  212.49.190.0/24
                  212.163.206.0/24
                  213.9.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:c9:2b:4d:a3:48:c0:c1:ea:8f:d5:20:64:bf:22:ec:19:7e:
         19:c1:fc:1c:14:25:8a:92:dd:f7:79:f8:b9:07:2f:87:9e:26:
         ba:9e:30:cb:5d:a6:e0:7a:71:82:1d:3d:ef:7c:b8:a0:bf:a1:
         80:f5:45:8e:97:d7:8b:6c:91:61:00:92:f6:ed:5d:10:e0:d0:
         e1:f7:48:a6:40:80:6c:cd:ca:89:aa:76:bc:43:35:50:af:69:
         9a:3d:46:ac:1d:50:ab:09:b4:06:a2:bf:6f:09:fd:a2:17:17:
         6d:a2:63:ec:22:3f:33:b7:cd:18:ff:5d:2e:cb:f7:8d:f6:c2:
         56:02:4e:ce:a7:e8:62:bf:b7:76:65:2d:cd:7d:fe:1b:62:94:
         70:f1:9e:35:45:63:0c:e3:c6:57:6a:cc:ff:1b:8e:cd:30:6f:
         95:a8:38:31:cb:1c:53:ef:0e:e9:ab:8f:29:c1:b1:c6:9c:91:
         7e:f8:3f:93:ed:0c:80:f8:15:4e:3a:63:c0:86:3d:3b:d4:1f:
         01:d6:bb:16:52:2b:14:fe:8f:de:cc:69:b9:e5:a0:e9:04:6f:
         20:31:e2:7f:b4:2c:d7:b4:11:0e:0f:70:47:1b:6a:ed:51:b1:
         60:ee:ea:ac:a5:a7:0d:56:0d:06:28:f7:22:04:e8:a8:23:2d:
         05:ae:7f:12
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY9zBvBR0UlTniKz3/jLdN8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwNTEzMTczNjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzI0ODQ2OTIyOTRiMTkwNTNlNDllMjE1NGE1YWEwYjgzNDY5YmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWb1Hi02BEddnKAptcyt8m0K6EMf
v7qXXPtTBqCUwfUecZ2g4k+IzCmXJmXS6fAv19oWE3kM2OfBItboNS0AIhfktXJ8
RPynBFpI/NPTe0HhQTE47/Av5dKKvcaJYnZOHsxPnNsXmNI6J4Dqf7aqKUoVLt2u
68Wi5OSh6jPoz4zVFkylpcabQE7Qa5i3NyUURyQUrzmdPrP42CdoUwWDXBDY7ksS
yVFXTCt23jwy2seWxTJ/VSIW1wbO+DHQgFuedomghutl47ZD2CnyKSe1tbTfimZ4
ncv5Bijq2vfkdzyn72BtcsEE/NbVUnLqYSmoEUuVW+lQ6pdbeZDfBu3L2QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFckhGkilLGQU+SeIVSlqguDRpvYMB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvVnlTRWFTS1VzWkJUNUo0aFZLV3FDNE5HbTlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQA1DGDAwQA
1DGnAwQA1DG1AwQA1DG+AwQA1KPOAwQA1QmtMA0GCSqGSIb3DQEBCwUAA4IBAQAC
yStNo0jAweqP1SBkvyLsGX4ZwfwcFCWKkt33efi5By+Hnia6njDLXabgenGCHT3v
fLigv6GA9UWOl9eLbJFhAJL27V0Q4NDh90imQIBszcqJqna8QzVQr2maPUasHVCr
CbQGor9vCf2iFxdtomPsIj8zt80Y/10uy/eN9sJWAk7Op+hiv7d2ZS3Nff4bYpRw
8Z41RWMM48ZXasz/G47NMG+VqDgxyxxT7w7pq48pwbHGnJF++D+T7QyA+BVOOmPA
hj071B8B1rsWUisU/o/ezGm55aDpBG8gMeJ/tCzXtBEOD3BHG2rtUbFg7uqspacN
Vg0GKPciBOioIy0Frn8S
-----END CERTIFICATE-----
Generated at Sat Jun 15 21:05:07 2024 by rpki-client on console-ams.rpki-client.org