Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/0kEja-JOdU7NJ1ocjCf879yETig.roa
File:                     0kEja-JOdU7NJ1ocjCf879yETig.roa (raw, json)
Hash identifier:          JduatWVOhTdaNnD+fz3W6OQlLDhZbvIJeaTtK834VK8=
Subject key identifier:   D2:41:23:6B:E2:4E:75:4E:CD:27:5A:1C:8C:27:FC:EF:DC:84:4E:28
Certificate issuer:       /CN=4081f85602b1168925d83eb3ca61609f357956a6
Certificate serial:       018CC5DBFB70190D9BE0002755E32702C5CB
Authority key identifier: 40:81:F8:56:02:B1:16:89:25:D8:3E:B3:CA:61:60:9F:35:79:56:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIH4VgKxFokl2D6zymFgnzV5VqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/0kEja-JOdU7NJ1ocjCf879yETig.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49100
IP address blocks:        31.130.190.0/24 maxlen: 24
                          31.130.191.0/24 maxlen: 24
                          31.130.188.0/24 maxlen: 24
                          31.130.189.0/24 maxlen: 24
                          31.130.187.0/24 maxlen: 24
                          31.130.176.0/22 maxlen: 22
                          31.130.176.0/24 maxlen: 24
                          31.130.177.0/24 maxlen: 24
                          31.130.178.0/24 maxlen: 24
                          31.130.179.0/24 maxlen: 24
                          31.130.184.0/24 maxlen: 24
                          31.130.184.0/21 maxlen: 21
                          31.130.180.0/24 maxlen: 24
                          31.130.185.0/24 maxlen: 24
                          31.130.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/QIH4VgKxFokl2D6zymFgnzV5VqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/QIH4VgKxFokl2D6zymFgnzV5VqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIH4VgKxFokl2D6zymFgnzV5VqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fb:70:19:0d:9b:e0:00:27:55:e3:27:02:c5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4081f85602b1168925d83eb3ca61609f357956a6
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d241236be24e754ecd275a1c8c27fcefdc844e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:69:f4:1b:cc:8c:d4:38:c5:a8:a4:d3:7c:e6:
                    d2:a7:74:eb:fa:5e:28:ed:9e:fd:ac:aa:a8:5b:24:
                    0b:3c:58:24:7c:4a:82:fc:d1:29:d5:e3:2a:f5:2e:
                    52:c6:23:10:8f:1d:46:f4:aa:18:36:c2:7a:66:a3:
                    1b:88:2f:93:0a:1b:b1:56:36:b0:94:51:73:e0:c0:
                    03:d0:22:0c:24:e8:0d:07:44:62:fa:e3:35:0e:c8:
                    85:a1:6c:8f:ef:04:8f:c5:b3:eb:de:66:fb:84:87:
                    f3:15:b7:7d:33:13:71:c2:d9:f4:09:a6:6b:10:17:
                    6e:f8:49:e9:86:ea:71:e0:11:c4:62:98:68:af:34:
                    5e:55:8b:bc:e1:79:96:55:ee:e2:3e:a2:3a:d7:5c:
                    56:10:fb:48:3c:b1:4c:ef:16:fb:11:db:2e:5f:9c:
                    a9:a0:81:b7:0a:39:dc:ad:28:04:9e:b2:dc:b4:27:
                    a1:ee:f5:fb:4e:0f:4e:9d:ee:66:da:75:ea:38:76:
                    b9:05:7b:b3:d3:3c:60:35:55:33:b6:8d:8e:a3:f2:
                    11:8f:d0:c7:dc:40:a6:b4:90:fb:28:2f:fe:23:fe:
                    ff:70:76:ed:e5:0a:ea:47:10:46:7d:bc:32:fd:50:
                    c8:8a:f3:e8:7b:94:bb:7d:04:f6:23:f3:16:f9:5c:
                    13:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:41:23:6B:E2:4E:75:4E:CD:27:5A:1C:8C:27:FC:EF:DC:84:4E:28
            X509v3 Authority Key Identifier:
                keyid:40:81:F8:56:02:B1:16:89:25:D8:3E:B3:CA:61:60:9F:35:79:56:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIH4VgKxFokl2D6zymFgnzV5VqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/0kEja-JOdU7NJ1ocjCf879yETig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/22c93c-9000-4e73-a1c5-c03f3fddd4ac/1/QIH4VgKxFokl2D6zymFgnzV5VqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.176.0-31.130.180.255
                  31.130.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         84:86:ad:50:e4:38:e5:ef:94:1a:fb:8b:77:3a:57:ef:b3:72:
         a8:1a:2b:e4:8b:0f:a4:83:94:5c:39:9c:4c:e2:46:e7:b8:02:
         09:35:f9:25:e4:0c:ec:b1:2c:11:ed:a0:d7:15:e7:54:92:e1:
         f2:fb:1f:3f:eb:dd:63:bd:bc:2a:6e:fc:56:11:23:1a:c9:18:
         31:07:28:f7:55:56:58:d2:c0:6b:38:85:07:90:f1:35:a4:0e:
         fb:85:ae:e9:12:97:d4:b3:ca:9d:a3:8f:d1:e3:c8:93:5e:9c:
         44:c8:0c:51:b1:8c:02:b4:0a:09:60:92:46:97:ee:88:f8:88:
         27:6b:39:1f:5d:9f:7d:81:37:d6:62:52:fb:54:92:cd:8a:af:
         7d:35:c3:e2:53:e4:68:95:70:8d:f9:7f:dd:db:a9:f2:77:a1:
         a2:7d:fc:db:e9:c8:6a:c7:41:7b:05:eb:e9:3a:81:0b:4f:1f:
         4d:9d:0c:f1:0a:6c:12:a9:05:9b:5b:b7:64:fe:fb:c6:19:bd:
         96:c3:81:5d:ff:a2:09:72:91:67:e1:6f:05:16:90:9c:92:5f:
         d8:5d:19:59:2e:a5:b5:9f:de:3f:60:0f:ae:be:11:85:a0:9f:
         f4:66:a7:ef:16:62:fc:dd:8e:b9:7f:64:51:4a:4e:ae:75:54:
         bc:e2:a2:41
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzF2/twGQ2b4AAnVeMnAsXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwODFmODU2MDJiMTE2ODkyNWQ4M2ViM2NhNjE2MDlmMzU3
OTU2YTYwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQxMjM2YmUyNGU3NTRlY2QyNzVhMWM4YzI3ZmNlZmRjODQ0ZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Wn0G8yM1DjFqKTTfObSp3Tr+l4o
7Z79rKqoWyQLPFgkfEqC/NEp1eMq9S5SxiMQjx1G9KoYNsJ6ZqMbiC+TChuxVjaw
lFFz4MAD0CIMJOgNB0Ri+uM1DsiFoWyP7wSPxbPr3mb7hIfzFbd9MxNxwtn0CaZr
EBdu+Enphupx4BHEYphorzReVYu84XmWVe7iPqI611xWEPtIPLFM7xb7EdsuX5yp
oIG3CjncrSgEnrLctCeh7vX7Tg9One5m2nXqOHa5BXuz0zxgNVUzto2Oo/IRj9DH
3ECmtJD7KC/+I/7/cHbt5QrqRxBGfbwy/VDIivPoe5S7fQT2I/MW+VwTkQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNJBI2viTnVOzSdaHIwn/O/chE4oMB8GA1UdIwQY
MBaAFECB+FYCsRaJJdg+s8phYJ81eVamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlINFZnS3hGb2tsMkQ2enltRmduelY1VnFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yMmM5M2MtOTAwMC00ZTczLWExYzUt
YzAzZjNmZGRkNGFjLzEvMGtFamEtSk9kVTdOSjFvY2pDZjg3OXlFVGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yMmM5M2MtOTAwMC00ZTczLWExYzUtYzAzZjNmZGRkNGFj
LzEvUUlINFZnS3hGb2tsMkQ2enltRmduelY1VnFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAQfgrAD
BAAfgrQDBAMfgrgwDQYJKoZIhvcNAQELBQADggEBAISGrVDkOOXvlBr7i3c6V++z
cqgaK+SLD6SDlFw5nEziRue4Agk1+SXkDOyxLBHtoNcV51SS4fL7Hz/r3WO9vCpu
/FYRIxrJGDEHKPdVVljSwGs4hQeQ8TWkDvuFrukSl9Szyp2jj9HjyJNenETIDFGx
jAK0CglgkkaX7oj4iCdrOR9dn32BN9ZiUvtUks2Kr301w+JT5GiVcI35f93bqfJ3
oaJ9/NvpyGrHQXsF6+k6gQtPH02dDPEKbBKpBZtbt2T++8YZvZbDgV3/oglykWfh
bwUWkJySX9hdGVkupbWf3j9gD66+EYWgn/Rmp+8WYvzdjrl/ZFFKTq51VLziokE=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:12:50 2024 by rpki-client on console-fra.rpki-client.org