Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/da9axAhS8tKEV_XXN6Lfx3VPB8c.roa
File:                     da9axAhS8tKEV_XXN6Lfx3VPB8c.roa (raw, json)
Hash identifier:          n0KT4kkQsa9XTAH7Jk2Gxku5DHGxzQCPgwkUuXFVIv0=
Subject key identifier:   75:AF:5A:C4:08:52:F2:D2:84:57:F5:D7:37:A2:DF:C7:75:4F:07:C7
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A0022C27A4B6426B7E1CE0EAF38F0
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/da9axAhS8tKEV_XXN6Lfx3VPB8c.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48709
IP address blocks:        31.148.24.0/24 maxlen: 24
                          2a02:128:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:00:22:c2:7a:4b:64:26:b7:e1:ce:0e:af:38:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75af5ac40852f2d28457f5d737a2dfc7754f07c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:01:81:a7:d2:59:25:1a:38:d0:19:e3:b8:ea:
                    ec:ef:4a:89:a4:f1:5c:43:2f:78:cb:fa:f8:f0:93:
                    87:01:38:38:0d:2a:90:11:ac:98:1c:b5:d4:db:74:
                    6b:e1:4b:d4:78:5d:23:e1:ae:cc:b6:66:fd:af:06:
                    e3:f1:ed:13:a6:00:17:b7:bc:22:bf:a0:25:cd:90:
                    03:bc:bb:d5:ee:09:46:80:14:20:40:1d:4d:0f:9a:
                    62:43:1e:79:0e:64:85:8c:a0:0f:c7:46:91:25:58:
                    85:67:a3:c5:db:ff:af:a9:4d:98:f4:c8:7e:dc:d8:
                    19:08:df:ab:a2:e9:ab:73:a2:39:bb:bd:db:cc:7b:
                    cf:dc:a5:a5:26:55:52:2d:e4:70:3f:8c:85:79:f1:
                    b8:3a:1b:39:5a:d3:d3:d2:e6:45:36:d5:2c:ac:13:
                    79:e5:08:29:52:cd:f2:3a:35:90:37:14:f2:36:f1:
                    77:a2:60:d0:07:97:f2:3d:ea:bd:9a:3b:18:c2:6a:
                    6b:bb:b1:77:c5:9d:77:07:3b:5c:d8:65:73:8a:5f:
                    e0:ab:3a:fb:f6:38:36:44:97:64:b7:ff:e3:60:72:
                    79:dd:26:d7:b5:b5:ba:cb:ec:4d:66:1a:17:95:73:
                    1f:f2:23:25:c3:b8:35:4b:b9:f9:15:eb:18:49:2a:
                    6e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:AF:5A:C4:08:52:F2:D2:84:57:F5:D7:37:A2:DF:C7:75:4F:07:C7
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/da9axAhS8tKEV_XXN6Lfx3VPB8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.24.0/24
                IPv6:
                  2a02:128:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:69:6b:21:02:1a:c1:87:ce:d3:fa:4f:ba:34:40:3b:c4:4c:
         98:38:90:60:47:f6:09:6e:2f:b2:d6:b7:c9:86:c2:c0:be:4b:
         98:0e:ea:fb:41:e6:ad:4f:2e:c2:b5:51:16:82:69:7c:45:e3:
         69:c2:0b:7a:77:40:4e:c9:09:b8:21:25:eb:aa:ab:08:cd:6a:
         0a:08:9f:a0:7b:73:46:db:58:85:92:d0:2b:d9:da:10:c2:86:
         97:33:49:58:c0:07:40:c9:e5:b0:33:8c:85:04:2b:2e:46:64:
         83:df:ca:69:f1:a9:30:5e:a4:42:e9:8f:d5:84:3d:a9:75:a3:
         ce:77:f3:76:ce:51:d9:66:e0:2e:9b:2e:ae:d0:25:0c:12:49:
         7d:fa:fd:a1:3d:78:c4:c3:32:8c:a8:21:e0:b8:97:7d:0e:a8:
         77:6a:34:29:d7:6a:be:4b:35:9c:fb:ed:87:48:ce:57:cf:45:
         4b:36:d7:56:dd:2c:9b:e3:d7:9b:67:cb:c0:e1:02:73:41:8a:
         af:b3:e6:52:25:64:3e:dd:ee:0e:39:a2:85:ab:40:5d:5d:1b:
         30:18:51:08:fa:51:d6:81:9c:c1:a5:b6:9a:e4:7c:7b:64:ed:
         bf:18:36:ee:83:ca:43:9c:37:37:1e:a2:15:da:b1:6e:3b:3e:
         2c:03:00:aa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKgAiwnpLZCa34c4OrzjwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWFmNWFjNDA4NTJmMmQyODQ1N2Y1ZDczN2EyZGZjNzc1NGYwN2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQGBp9JZJRo40BnjuOrs70qJpPFc
Qy94y/r48JOHATg4DSqQEayYHLXU23Rr4UvUeF0j4a7Mtmb9rwbj8e0TpgAXt7wi
v6AlzZADvLvV7glGgBQgQB1ND5piQx55DmSFjKAPx0aRJViFZ6PF2/+vqU2Y9Mh+
3NgZCN+roumrc6I5u73bzHvP3KWlJlVSLeRwP4yFefG4Ohs5WtPT0uZFNtUsrBN5
5QgpUs3yOjWQNxTyNvF3omDQB5fyPeq9mjsYwmpru7F3xZ13Bztc2GVzil/gqzr7
9jg2RJdkt//jYHJ53SbXtbW6y+xNZhoXlXMf8iMlw7g1S7n5FesYSSpuUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHWvWsQIUvLShFf11zei38d1TwfHMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZGE5YXhBaFM4dEtFVl9YWE42TGZ4M1ZQQjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAH5QYMA8E
AgACMAkDBwAqAgEoABAwDQYJKoZIhvcNAQELBQADggEBAABpayECGsGHztP6T7o0
QDvETJg4kGBH9gluL7LWt8mGwsC+S5gO6vtB5q1PLsK1URaCaXxF42nCC3p3QE7J
CbghJeuqqwjNagoIn6B7c0bbWIWS0CvZ2hDChpczSVjAB0DJ5bAzjIUEKy5GZIPf
ymnxqTBepELpj9WEPal1o85383bOUdlm4C6bLq7QJQwSSX36/aE9eMTDMoyoIeC4
l30OqHdqNCnXar5LNZz77YdIzlfPRUs211bdLJvj15tny8DhAnNBiq+z5lIlZD7d
7g45ooWrQF1dGzAYUQj6UdaBnMGltprkfHtk7b8YNu6DykOcNzceohXasW47PiwD
AKo=
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:13:21 2024 by rpki-client on console-fra.rpki-client.org