Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/STRbmVQLKlH94npqOphCpzQ7dtc.roa
File:                     STRbmVQLKlH94npqOphCpzQ7dtc.roa (raw, json)
Hash identifier:          Vn+exrYDHQ49DPiOUqHa+V+MY7V0GjfWeaQeBLIyIps=
Subject key identifier:   49:34:5B:99:54:0B:2A:51:FD:E2:7A:6A:3A:98:42:A7:34:3B:76:D7
Certificate issuer:       /CN=d423a5be5e21ca460732ae48f385a3ea150a2be1
Certificate serial:       018D79F944D3F5E584BD3D1643AED49CBBE4
Authority key identifier: D4:23:A5:BE:5E:21:CA:46:07:32:AE:48:F3:85:A3:EA:15:0A:2B:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/STRbmVQLKlH94npqOphCpzQ7dtc.roa
Signing time:             Mon 05 Feb 2024 15:53:15 +0000
ROA not before:           Mon 05 Feb 2024 15:53:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        81.31.128.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:79:f9:44:d3:f5:e5:84:bd:3d:16:43:ae:d4:9c:bb:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d423a5be5e21ca460732ae48f385a3ea150a2be1
        Validity
            Not Before: Feb  5 15:53:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49345b99540b2a51fde27a6a3a9842a7343b76d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ea:c8:d4:32:76:fc:57:69:0f:c2:d4:13:14:
                    e9:11:81:1b:51:fd:92:66:e4:cf:0b:a8:c9:6c:ee:
                    c6:d9:62:b4:3b:c8:8c:62:00:9c:c1:97:45:b1:ca:
                    20:17:ba:a5:1b:30:2b:96:e9:f3:f2:8e:a5:b4:1d:
                    e4:df:40:b4:c0:03:19:5f:49:3c:ca:17:7d:d3:34:
                    3f:c2:89:18:1a:e2:67:aa:ab:ce:bf:1d:61:30:91:
                    9a:97:65:56:9d:21:37:9d:9d:5e:7b:90:ef:8e:b6:
                    75:9c:75:d3:57:0b:13:51:bc:b7:7e:07:32:db:53:
                    ec:f0:29:b1:af:74:45:ab:38:58:ab:a1:e3:4a:99:
                    e0:4b:68:af:9d:e4:6a:f0:db:c4:bd:25:a2:2b:fb:
                    27:e4:e7:c3:e9:7e:bf:3e:ed:38:8f:92:c4:fc:5c:
                    16:58:5b:6f:f2:5a:8a:e7:64:3b:8b:87:44:67:67:
                    de:ae:0d:a8:eb:55:7a:05:a3:8c:ce:e9:e9:ae:4f:
                    10:cc:15:d5:61:56:c9:6c:c8:6c:31:de:0e:d9:ec:
                    d9:3f:08:4d:04:74:fb:50:18:72:5b:47:f2:45:fd:
                    c1:c0:be:2c:ca:eb:bb:aa:ce:13:f3:4f:17:41:b9:
                    6f:76:fc:d1:0b:ed:72:bb:76:d6:09:fa:f8:a4:e8:
                    a5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:34:5B:99:54:0B:2A:51:FD:E2:7A:6A:3A:98:42:A7:34:3B:76:D7
            X509v3 Authority Key Identifier:
                keyid:D4:23:A5:BE:5E:21:CA:46:07:32:AE:48:F3:85:A3:EA:15:0A:2B:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/STRbmVQLKlH94npqOphCpzQ7dtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a6:fa:1d:d7:cd:84:f6:07:98:22:28:82:ac:4b:0d:b4:6f:63:
         fa:e4:ab:a1:ba:eb:45:63:da:65:4b:79:38:4f:90:a9:56:f2:
         61:81:2a:b0:2c:9c:21:c7:15:2e:53:6c:56:03:b0:25:f6:86:
         4f:3a:db:e3:6a:92:dc:e1:36:97:ae:55:bd:22:ee:96:fa:9b:
         5a:7c:0f:c4:e1:f0:b1:80:59:5c:45:86:06:d2:b8:81:8a:38:
         2c:73:ac:6a:fe:af:48:f0:31:4b:c2:65:cf:33:35:2c:6f:47:
         7d:5b:d5:be:aa:c9:e1:93:4e:5d:47:cb:d8:00:f2:7f:61:ef:
         c9:35:6c:a8:c2:49:ae:6d:d1:25:65:30:26:99:73:d8:18:00:
         27:8d:e3:14:1d:ea:3e:7a:76:c5:32:e8:00:b4:3e:a1:d7:a7:
         37:9b:43:c0:0d:68:00:f3:27:37:d4:a4:68:70:ce:e8:b2:57:
         30:fa:4c:d1:f8:d7:12:72:51:55:9e:81:16:e3:58:33:56:6b:
         52:bd:f1:07:4c:85:9e:69:8f:0e:d6:e3:df:59:5e:4e:64:17:
         73:18:af:8d:34:45:8b:87:0c:36:db:ea:45:99:db:b2:53:9e:
         83:59:ff:f0:75:a1:ff:c5:91:5a:f0:b8:78:70:b4:f3:01:56:
         11:b7:7a:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY15+UTT9eWEvT0WQ67UnLvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MjNhNWJlNWUyMWNhNDYwNzMyYWU0OGYzODVhM2VhMTUw
YTJiZTEwHhcNMjQwMjA1MTU1MzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTM0NWI5OTU0MGIyYTUxZmRlMjdhNmEzYTk4NDJhNzM0M2I3NmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqurI1DJ2/FdpD8LUExTpEYEbUf2S
ZuTPC6jJbO7G2WK0O8iMYgCcwZdFscogF7qlGzArlunz8o6ltB3k30C0wAMZX0k8
yhd90zQ/wokYGuJnqqvOvx1hMJGal2VWnSE3nZ1ee5DvjrZ1nHXTVwsTUby3fgcy
21Ps8Cmxr3RFqzhYq6HjSpngS2ivneRq8NvEvSWiK/sn5OfD6X6/Pu04j5LE/FwW
WFtv8lqK52Q7i4dEZ2ferg2o61V6BaOMzunprk8QzBXVYVbJbMhsMd4O2ezZPwhN
BHT7UBhyW0fyRf3BwL4syuu7qs4T808XQblvdvzRC+1yu3bWCfr4pOilKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEk0W5lUCypR/eJ6ajqYQqc0O3bXMB8GA1UdIwQY
MBaAFNQjpb5eIcpGBzKuSPOFo+oVCivhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUNPbHZsNGh5a1lITXE1STg0V2o2aFVLSy1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hM2UzYmItZmQ5Zi00MDQyLWIyY2It
ZDk0NzY2NjU3NTVhLzEvU1RSYm1WUUxLbEg5NG5wcU9waENwelE3ZHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hM2UzYmItZmQ5Zi00MDQyLWIyY2ItZDk0NzY2NjU3NTVh
LzEvMUNPbHZsNGh5a1lITXE1STg0V2o2aFVLSy1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUR+AMA0G
CSqGSIb3DQEBCwUAA4IBAQCm+h3XzYT2B5giKIKsSw20b2P65KuhuutFY9plS3k4
T5CpVvJhgSqwLJwhxxUuU2xWA7Al9oZPOtvjapLc4TaXrlW9Iu6W+ptafA/E4fCx
gFlcRYYG0riBijgsc6xq/q9I8DFLwmXPMzUsb0d9W9W+qsnhk05dR8vYAPJ/Ye/J
NWyowkmubdElZTAmmXPYGAAnjeMUHeo+enbFMugAtD6h16c3m0PADWgA8yc31KRo
cM7oslcw+kzR+NcSclFVnoEW41gzVmtSvfEHTIWeaY8O1uPfWV5OZBdzGK+NNEWL
hww22+pFmduyU56DWf/wdaH/xZFa8Lh4cLTzAVYRt3rt
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:11:46 2024 by rpki-client on console-ams.rpki-client.org