Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/R-Mdh2dolrweoLW6v62gI5lsiL4.roa
File:                     R-Mdh2dolrweoLW6v62gI5lsiL4.roa (raw, json)
Hash identifier:          Q3zSErelSYlafmo4duuWP8mxS3Ld4E4wIq9z8RaAt04=
Subject key identifier:   47:E3:1D:87:67:68:96:BC:1E:A0:B5:BA:BF:AD:A0:23:99:6C:88:BE
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       018CC64B4C34FF034A7D163E691D88B6C9B3
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/R-Mdh2dolrweoLW6v62gI5lsiL4.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61352
IP address blocks:        31.12.56.0/21 maxlen: 21
                          2a02:101c::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4c:34:ff:03:4a:7d:16:3e:69:1d:88:b6:c9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47e31d87676896bc1ea0b5babfada023996c88be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:54:26:a6:44:75:79:6d:14:b5:2f:33:b0:3b:
                    1c:ac:05:21:32:81:3a:e3:08:33:e3:22:3a:25:fb:
                    52:69:df:c4:06:28:77:d1:fb:8a:9b:75:84:0d:87:
                    9e:28:b1:a7:dd:9e:8c:4e:9e:95:0f:43:11:a5:46:
                    bb:e8:06:27:7b:57:1a:34:3e:fb:7e:86:68:2c:34:
                    c8:c7:0a:03:9a:77:a5:84:ad:0e:67:96:ee:81:51:
                    df:ca:1c:2f:0a:be:47:1b:1d:ae:35:ec:a7:5d:dd:
                    8e:01:5e:8b:d8:e6:52:86:56:72:4c:cd:a9:d6:6f:
                    41:5d:04:fa:c6:46:3d:d6:f4:0a:f0:50:7c:2d:4e:
                    1a:a0:b5:01:26:4d:13:d0:5c:95:08:2c:e4:5e:e7:
                    c4:dd:e8:cc:06:d2:77:f6:82:94:de:7d:c4:7b:6c:
                    26:46:94:c0:32:81:5d:91:8d:59:90:a7:78:47:b0:
                    d0:12:0a:c3:9d:b3:41:2f:3e:82:1c:2c:b8:9f:3e:
                    3b:fe:c1:59:4d:75:6e:f3:4e:fc:07:09:fa:ed:8e:
                    2b:3e:f1:f2:4f:ce:8a:1e:9b:86:5e:44:b9:f9:7e:
                    9c:16:8a:8d:b4:27:56:ac:e5:be:b2:33:0b:24:23:
                    be:6e:12:a0:c0:42:be:73:84:0d:a8:4b:3f:87:0f:
                    48:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E3:1D:87:67:68:96:BC:1E:A0:B5:BA:BF:AD:A0:23:99:6C:88:BE
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/R-Mdh2dolrweoLW6v62gI5lsiL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.12.56.0/21
                IPv6:
                  2a02:101c::/32

    Signature Algorithm: sha256WithRSAEncryption
         c3:63:05:8a:62:41:0c:e5:11:65:35:0d:e2:11:0c:c7:53:94:
         0d:e7:94:03:b9:24:77:69:ed:a6:e3:48:52:3c:04:54:ec:af:
         61:70:64:d3:db:d1:53:f4:65:a4:d3:f1:97:2e:c2:1d:0f:26:
         b0:2d:90:d5:08:6f:a8:a2:05:6d:5d:4e:e4:cf:82:f2:3a:20:
         72:a7:ce:af:81:05:69:f0:6f:87:57:db:04:32:5b:57:62:07:
         84:e8:a7:03:0d:e3:d7:00:9f:b9:95:5b:00:18:6a:f0:e4:dd:
         fa:b5:d0:69:f2:9e:4c:89:81:6c:f9:85:4f:e6:f3:1b:85:c1:
         44:06:3e:e6:9f:b5:ed:5d:25:1d:bc:4b:a7:1b:c3:c9:33:80:
         6a:90:32:f4:91:52:ec:37:a3:8e:12:33:78:10:c1:92:7d:0b:
         d9:1a:8d:d9:35:0a:10:65:cb:d7:c4:11:da:d3:80:9c:19:f8:
         c7:b2:da:1f:d9:4a:52:32:64:55:24:47:e7:fe:b4:76:b0:29:
         2e:50:5e:1f:bc:84:76:bc:16:98:4a:94:46:df:a8:26:16:14:
         91:37:e5:f4:c1:37:7e:e9:72:6c:c8:97:02:e4:76:88:0c:bb:
         7b:74:b0:22:53:72:86:35:91:97:88:3f:fb:5a:ee:37:5e:bb:
         83:02:f7:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS0w0/wNKfRY+aR2ItsmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2UzMWQ4NzY3Njg5NmJjMWVhMGI1YmFiZmFkYTAyMzk5NmM4OGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVQmpkR1eW0UtS8zsDscrAUhMoE6
4wgz4yI6JftSad/EBih30fuKm3WEDYeeKLGn3Z6MTp6VD0MRpUa76AYne1caND77
foZoLDTIxwoDmnelhK0OZ5bugVHfyhwvCr5HGx2uNeynXd2OAV6L2OZShlZyTM2p
1m9BXQT6xkY91vQK8FB8LU4aoLUBJk0T0FyVCCzkXufE3ejMBtJ39oKU3n3Ee2wm
RpTAMoFdkY1ZkKd4R7DQEgrDnbNBLz6CHCy4nz47/sFZTXVu8078Bwn67Y4rPvHy
T86KHpuGXkS5+X6cFoqNtCdWrOW+sjMLJCO+bhKgwEK+c4QNqEs/hw9ICwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEfjHYdnaJa8HqC1ur+toCOZbIi+MB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvUi1NZGgyZG9scndlb0xXNnY2MmdJNWxzaUw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDHww4MA0E
AgACMAcDBQAqAhAcMA0GCSqGSIb3DQEBCwUAA4IBAQDDYwWKYkEM5RFlNQ3iEQzH
U5QN55QDuSR3ae2m40hSPARU7K9hcGTT29FT9GWk0/GXLsIdDyawLZDVCG+oogVt
XU7kz4LyOiByp86vgQVp8G+HV9sEMltXYgeE6KcDDePXAJ+5lVsAGGrw5N36tdBp
8p5MiYFs+YVP5vMbhcFEBj7mn7XtXSUdvEunG8PJM4BqkDL0kVLsN6OOEjN4EMGS
fQvZGo3ZNQoQZcvXxBHa04CcGfjHstof2UpSMmRVJEfn/rR2sCkuUF4fvIR2vBaY
SpRG36gmFhSRN+X0wTd+6XJsyJcC5HaIDLt7dLAiU3KGNZGXiD/7Wu43XruDAvf+
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:07:32 2024 by rpki-client on console-ams.rpki-client.org