Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Y4awQwi3gbuOhmSy9-y9e54M6Vk.roa
File:                     Y4awQwi3gbuOhmSy9-y9e54M6Vk.roa (raw, json)
Hash identifier:          frDGzWAva4Kg0TAy8MeerLOYDL24b6eGHZpdalHHcrU=
Subject key identifier:   63:86:B0:43:08:B7:81:BB:8E:86:64:B2:F7:EC:BD:7B:9E:0C:E9:59
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B94B8763E148B5C527D29C24ECFC5
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Y4awQwi3gbuOhmSy9-y9e54M6Vk.roa
Signing time:             Mon 01 Jan 2024 18:31:31 +0000
ROA not before:           Mon 01 Jan 2024 18:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204885
IP address blocks:        85.31.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:94:b8:76:3e:14:8b:5c:52:7d:29:c2:4e:cf:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6386b04308b781bb8e8664b2f7ecbd7b9e0ce959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:fd:35:b4:6c:45:29:b8:ab:54:86:88:ed:7e:
                    6d:36:f2:ce:b1:c9:c5:ec:3f:bd:03:fb:9e:18:3c:
                    1a:46:a7:cc:aa:70:7f:76:4a:78:7f:20:2d:c9:ac:
                    a0:37:1d:d8:b5:48:b7:c2:22:c4:8f:fe:f6:01:52:
                    d4:13:f4:9f:4d:1d:dd:a8:a5:a4:96:2c:08:ca:20:
                    42:96:fb:6d:7e:c3:d5:31:6f:e9:9d:06:21:b0:3b:
                    b5:13:83:1d:98:0a:82:6e:34:5f:18:5b:3d:43:ab:
                    64:4f:a5:b6:d6:71:5e:82:66:1b:4c:dc:19:87:e5:
                    3e:40:1a:ff:2b:4d:ff:15:5c:ed:ff:49:a2:93:95:
                    53:31:e1:70:bf:52:5b:6d:53:a6:86:58:75:c2:a2:
                    2c:0f:55:5a:6c:18:3f:72:3a:c4:ef:7d:c8:ff:04:
                    7c:1a:ce:0f:09:3d:65:c3:46:8d:5c:c3:61:60:ee:
                    98:c2:6a:f9:dc:30:4f:45:08:8a:75:a5:e0:72:44:
                    fe:0f:15:5f:1f:1a:f0:7e:ba:15:c3:72:be:b5:74:
                    eb:3c:0a:9a:9e:66:b8:40:b9:91:af:fb:92:72:91:
                    02:44:de:45:aa:2f:21:f0:fd:81:c8:52:98:76:ed:
                    a1:b8:9e:aa:68:a2:ad:07:0b:63:c2:e1:96:69:01:
                    16:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:86:B0:43:08:B7:81:BB:8E:86:64:B2:F7:EC:BD:7B:9E:0C:E9:59
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Y4awQwi3gbuOhmSy9-y9e54M6Vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:b3:f4:42:a2:b8:91:67:d6:92:bb:b4:23:14:2e:02:5e:f1:
         eb:27:b6:0c:b0:6c:d0:92:e6:9e:85:55:f5:23:c9:75:e8:bb:
         7b:a6:91:8d:b1:98:28:67:6a:e5:c1:35:bf:a7:7a:a3:a6:e6:
         f0:5b:f4:ba:d3:e6:84:12:2a:29:5e:3b:35:7f:36:7a:57:1c:
         92:92:12:56:7c:48:5e:17:13:ac:49:3f:4a:b2:cb:cc:48:c2:
         6c:e0:33:14:4f:b5:8e:15:5a:e0:9b:5d:64:6f:91:1e:79:42:
         92:9d:34:5b:0e:2f:d2:a2:88:d0:16:6a:11:d7:c2:aa:29:0f:
         00:b8:dc:16:20:8f:75:30:55:f4:e8:1c:b2:28:d0:ce:ba:da:
         40:97:07:c6:a6:52:c4:d6:46:db:75:af:4a:de:92:fd:7f:3e:
         ab:70:9f:e6:0e:f6:aa:8b:5e:37:4f:e5:50:eb:80:0e:02:af:
         a9:a5:a5:d7:4d:5e:05:dc:83:ed:2b:3f:f1:30:a8:97:33:44:
         b0:71:51:41:91:8b:0f:e3:0f:e7:7f:9e:2a:11:1f:13:07:4e:
         e9:8b:59:7f:b8:c3:0a:c9:fb:c5:79:9a:22:04:70:5f:24:b2:
         7e:bf:d0:78:76:73:da:4c:d9:18:bb:e2:fe:95:a4:83:12:99:
         ae:9c:40:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5S4dj4Ui1xSfSnCTs/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzg2YjA0MzA4Yjc4MWJiOGU4NjY0YjJmN2VjYmQ3YjllMGNlOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/01tGxFKbirVIaI7X5tNvLOscnF
7D+9A/ueGDwaRqfMqnB/dkp4fyAtyaygNx3YtUi3wiLEj/72AVLUE/SfTR3dqKWk
liwIyiBClvttfsPVMW/pnQYhsDu1E4MdmAqCbjRfGFs9Q6tkT6W21nFegmYbTNwZ
h+U+QBr/K03/FVzt/0mik5VTMeFwv1JbbVOmhlh1wqIsD1VabBg/cjrE733I/wR8
Gs4PCT1lw0aNXMNhYO6Ywmr53DBPRQiKdaXgckT+DxVfHxrwfroVw3K+tXTrPAqa
nma4QLmRr/uScpECRN5Fqi8h8P2ByFKYdu2huJ6qaKKtBwtjwuGWaQEWtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGOGsEMIt4G7joZksvfsvXueDOlZMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvWTRhd1F3aTNnYnVPaG1TeTkteTllNTRNNlZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR/xMA0G
CSqGSIb3DQEBCwUAA4IBAQB6s/RCoriRZ9aSu7QjFC4CXvHrJ7YMsGzQkuaehVX1
I8l16Lt7ppGNsZgoZ2rlwTW/p3qjpubwW/S60+aEEiopXjs1fzZ6VxySkhJWfEhe
FxOsST9KssvMSMJs4DMUT7WOFVrgm11kb5EeeUKSnTRbDi/SoojQFmoR18KqKQ8A
uNwWII91MFX06ByyKNDOutpAlwfGplLE1kbbda9K3pL9fz6rcJ/mDvaqi143T+VQ
64AOAq+ppaXXTV4F3IPtKz/xMKiXM0SwcVFBkYsP4w/nf54qER8TB07pi1l/uMMK
yfvFeZoiBHBfJLJ+v9B4dnPaTNkYu+L+laSDEpmunED2
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:04:07 2024 by rpki-client on console-ams.rpki-client.org