Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/UZpbHbYOhys6N3r03cXSsvIy45s.roa
File:                     UZpbHbYOhys6N3r03cXSsvIy45s.roa (raw, json)
Hash identifier:          bT2yhIfV4C7e/7q77CyGgJtzzFl1IB09bqsQ4WdIkOY=
Subject key identifier:   51:9A:5B:1D:B6:0E:87:2B:3A:37:7A:F4:DD:C5:D2:B2:F2:32:E3:9B
Certificate issuer:       /CN=d423a5be5e21ca460732ae48f385a3ea150a2be1
Certificate serial:       018CCA2AA8C854829D7503641C5E872697B0
Authority key identifier: D4:23:A5:BE:5E:21:CA:46:07:32:AE:48:F3:85:A3:EA:15:0A:2B:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/UZpbHbYOhys6N3r03cXSsvIy45s.roa
Signing time:             Tue 02 Jan 2024 12:34:02 +0000
ROA not before:           Tue 02 Jan 2024 12:34:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43289
IP address blocks:        81.31.128.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:a8:c8:54:82:9d:75:03:64:1c:5e:87:26:97:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d423a5be5e21ca460732ae48f385a3ea150a2be1
        Validity
            Not Before: Jan  2 12:34:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=519a5b1db60e872b3a377af4ddc5d2b2f232e39b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ac:99:a8:d0:28:dc:f6:8c:d3:f0:1c:a5:7f:
                    9d:1e:de:f6:be:1b:96:38:bd:1b:fa:fd:76:d6:80:
                    7f:2e:3c:b0:ff:7b:cb:90:7e:d8:f5:6d:9f:cb:8e:
                    d5:fa:18:53:89:58:6f:62:18:3e:b0:9d:cf:67:13:
                    e1:cd:35:ea:f5:4f:1f:50:49:dd:07:82:60:2a:09:
                    d7:56:66:96:b0:af:fa:e2:3b:77:3f:e4:2e:29:2d:
                    bb:8b:f9:fa:3b:ae:db:32:27:65:b3:da:20:b9:02:
                    43:c8:e1:04:75:1f:31:68:6d:0f:be:80:75:2d:42:
                    6f:53:23:aa:3b:20:ce:69:1b:59:58:6f:11:53:57:
                    bb:07:6b:df:ab:b3:e5:96:42:ff:d6:d2:51:06:9c:
                    69:50:6a:0e:37:97:83:47:0c:a5:a2:bd:6f:33:7a:
                    ed:7b:91:ae:10:bf:9d:aa:3c:20:3a:8a:78:e4:22:
                    dd:b6:bc:f4:93:82:04:32:db:ff:43:85:f2:57:95:
                    6a:01:09:ea:28:14:df:ec:d7:12:5e:6c:2b:1c:57:
                    2f:77:5d:a6:39:c3:65:c8:ff:e0:20:8d:d7:64:ba:
                    35:07:6f:c9:ac:c2:d5:c7:53:44:a6:f8:e9:69:64:
                    27:0a:18:72:d1:51:18:08:fd:ed:e2:16:df:42:18:
                    d8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:9A:5B:1D:B6:0E:87:2B:3A:37:7A:F4:DD:C5:D2:B2:F2:32:E3:9B
            X509v3 Authority Key Identifier:
                keyid:D4:23:A5:BE:5E:21:CA:46:07:32:AE:48:F3:85:A3:EA:15:0A:2B:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/UZpbHbYOhys6N3r03cXSsvIy45s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:f2:cb:32:95:4f:5e:0e:60:48:e2:75:5e:a5:fc:5d:8b:e1:
         89:0b:8d:8a:2a:10:83:57:d2:ff:a7:4f:97:a1:81:f1:1d:d2:
         2a:40:c9:29:c2:30:2a:64:2c:63:96:60:bf:b0:89:34:12:d9:
         05:d2:41:c5:be:a8:93:5a:6d:e3:0c:a3:4b:0c:a9:07:11:73:
         67:ea:66:d2:f8:c4:19:90:4e:65:44:56:52:0b:ef:23:ab:1f:
         8c:01:5b:d3:07:d2:c7:f7:8d:ab:e2:a1:cd:6a:07:29:09:46:
         80:ea:32:80:a6:94:7f:59:30:86:8c:32:4d:f3:23:46:ce:1c:
         61:86:28:a9:57:d4:3c:0f:4e:4f:10:57:00:0e:a8:45:13:9a:
         81:43:b3:b4:fa:8b:91:d8:af:00:c1:21:4b:57:17:7c:2e:6f:
         93:87:d4:09:03:fe:0c:40:d7:d6:0a:6c:df:1c:f8:71:e4:23:
         ca:1a:0d:b1:ee:8b:68:47:e6:e9:62:0a:8e:f7:bf:6b:26:16:
         af:0b:3c:2e:56:00:51:d1:78:7e:ef:ae:be:a0:f3:76:07:43:
         6e:dc:2e:0e:af:f0:63:10:be:a0:95:31:67:d3:55:15:f8:fc:
         90:2c:9d:05:c6:ae:d0:2f:d1:fb:a6:b0:63:d6:03:db:94:7f:
         b8:ee:56:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKqjIVIKddQNkHF6HJpewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MjNhNWJlNWUyMWNhNDYwNzMyYWU0OGYzODVhM2VhMTUw
YTJiZTEwHhcNMjQwMTAyMTIzNDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTlhNWIxZGI2MGU4NzJiM2EzNzdhZjRkZGM1ZDJiMmYyMzJlMzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6yZqNAo3PaM0/AcpX+dHt72vhuW
OL0b+v121oB/Ljyw/3vLkH7Y9W2fy47V+hhTiVhvYhg+sJ3PZxPhzTXq9U8fUEnd
B4JgKgnXVmaWsK/64jt3P+QuKS27i/n6O67bMidls9oguQJDyOEEdR8xaG0PvoB1
LUJvUyOqOyDOaRtZWG8RU1e7B2vfq7PllkL/1tJRBpxpUGoON5eDRwylor1vM3rt
e5GuEL+dqjwgOop45CLdtrz0k4IEMtv/Q4XyV5VqAQnqKBTf7NcSXmwrHFcvd12m
OcNlyP/gII3XZLo1B2/JrMLVx1NEpvjpaWQnChhy0VEYCP3t4hbfQhjYpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGaWx22DocrOjd69N3F0rLyMuObMB8GA1UdIwQY
MBaAFNQjpb5eIcpGBzKuSPOFo+oVCivhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUNPbHZsNGh5a1lITXE1STg0V2o2aFVLSy1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hM2UzYmItZmQ5Zi00MDQyLWIyY2It
ZDk0NzY2NjU3NTVhLzEvVVpwYkhiWU9oeXM2TjNyMDNjWFNzdkl5NDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hM2UzYmItZmQ5Zi00MDQyLWIyY2ItZDk0NzY2NjU3NTVh
LzEvMUNPbHZsNGh5a1lITXE1STg0V2o2aFVLSy1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUR+AMA0G
CSqGSIb3DQEBCwUAA4IBAQCT8ssylU9eDmBI4nVepfxdi+GJC42KKhCDV9L/p0+X
oYHxHdIqQMkpwjAqZCxjlmC/sIk0EtkF0kHFvqiTWm3jDKNLDKkHEXNn6mbS+MQZ
kE5lRFZSC+8jqx+MAVvTB9LH942r4qHNagcpCUaA6jKAppR/WTCGjDJN8yNGzhxh
hiipV9Q8D05PEFcADqhFE5qBQ7O0+ouR2K8AwSFLVxd8Lm+Th9QJA/4MQNfWCmzf
HPhx5CPKGg2x7otoR+bpYgqO979rJhavCzwuVgBR0Xh+766+oPN2B0Nu3C4Or/Bj
EL6glTFn01UV+PyQLJ0Fxq7QL9H7prBj1gPblH+47laX
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:32:18 2024 by rpki-client on console-fra.rpki-client.org