Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/5c06bc-8ca1-4091-9418-734fab6fec6f/1/7V3pjwwfxri4MUk8yrLc0GXJRN8.roa
File:                     7V3pjwwfxri4MUk8yrLc0GXJRN8.roa (raw, json)
Hash identifier:          vOIrEz79Q90iIWL26Y3mzooo2OgyL1FaNv46STXMkcg=
Subject key identifier:   ED:5D:E9:8F:0C:1F:C6:B8:B8:31:49:3C:CA:B2:DC:D0:65:C9:44:DF
Certificate issuer:       /CN=95e81311ef1d36ecc6d125e36c82c26f915b0df7
Certificate serial:       018CC64B22DD574913F85781C70A6D2BFFDD
Authority key identifier: 95:E8:13:11:EF:1D:36:EC:C6:D1:25:E3:6C:82:C2:6F:91:5B:0D:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/legTEe8dNuzG0SXjbILCb5FbDfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/5c06bc-8ca1-4091-9418-734fab6fec6f/1/7V3pjwwfxri4MUk8yrLc0GXJRN8.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49461
IP address blocks:        31.42.160.0/24 maxlen: 24
                          31.42.166.0/24 maxlen: 24
                          31.42.160.0/20 maxlen: 20
                          31.42.162.0/24 maxlen: 24
                          31.42.161.0/24 maxlen: 24
                          31.42.164.0/24 maxlen: 24
                          31.42.163.0/24 maxlen: 24
                          31.42.165.0/24 maxlen: 24
                          31.42.167.0/24 maxlen: 24
                          31.42.169.0/24 maxlen: 24
                          31.42.168.0/24 maxlen: 24
                          31.42.171.0/24 maxlen: 24
                          31.42.170.0/24 maxlen: 24
                          31.42.172.0/24 maxlen: 24
                          31.42.172.0/23 maxlen: 23
                          31.42.174.0/24 maxlen: 24
                          31.42.173.0/24 maxlen: 24
                          31.42.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/5c06bc-8ca1-4091-9418-734fab6fec6f/1/legTEe8dNuzG0SXjbILCb5FbDfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/5c06bc-8ca1-4091-9418-734fab6fec6f/1/legTEe8dNuzG0SXjbILCb5FbDfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/legTEe8dNuzG0SXjbILCb5FbDfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:22:dd:57:49:13:f8:57:81:c7:0a:6d:2b:ff:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95e81311ef1d36ecc6d125e36c82c26f915b0df7
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed5de98f0c1fc6b8b831493ccab2dcd065c944df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a0:1a:7b:37:da:e9:a0:9c:17:aa:b9:7f:a0:
                    cf:ae:1d:ff:68:f3:f8:33:92:2f:4d:d1:1b:c9:e6:
                    78:d8:96:be:24:ce:ee:38:45:5e:3f:8c:70:e1:34:
                    22:52:8b:17:5d:ea:89:19:86:68:a4:11:85:d8:46:
                    9e:2e:3f:b1:35:68:c9:d2:e5:fd:08:4b:a1:af:cc:
                    b6:94:81:9e:ad:6c:36:52:4a:db:84:55:a9:f6:82:
                    f0:6a:b8:3b:57:db:df:a8:06:bf:72:e4:fb:75:2d:
                    fd:f3:b2:a9:91:8a:6e:43:62:d6:3d:86:55:ed:68:
                    6c:a0:b1:20:a5:1f:75:4c:a8:05:07:1c:89:0f:b5:
                    f1:5e:bc:cd:28:b0:df:03:43:09:d6:90:fd:83:20:
                    5d:8f:8f:2e:bc:c0:df:54:44:36:c8:de:de:b6:00:
                    56:f3:cc:aa:6a:e1:56:71:14:2a:f7:8d:d9:ba:8a:
                    48:d6:c2:fe:f1:e8:08:04:a6:b9:07:48:16:24:ff:
                    47:e6:a6:5c:36:fb:7c:73:11:18:9e:46:b7:35:94:
                    2b:e0:c4:1f:db:cf:83:87:c6:ba:4f:42:04:87:7e:
                    1b:46:1c:c9:b5:85:2b:9b:a1:37:da:65:b6:4e:22:
                    c9:ee:18:7f:73:08:4b:2b:7c:ba:ce:4e:a2:8b:97:
                    66:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:5D:E9:8F:0C:1F:C6:B8:B8:31:49:3C:CA:B2:DC:D0:65:C9:44:DF
            X509v3 Authority Key Identifier:
                keyid:95:E8:13:11:EF:1D:36:EC:C6:D1:25:E3:6C:82:C2:6F:91:5B:0D:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/legTEe8dNuzG0SXjbILCb5FbDfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/5c06bc-8ca1-4091-9418-734fab6fec6f/1/7V3pjwwfxri4MUk8yrLc0GXJRN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/5c06bc-8ca1-4091-9418-734fab6fec6f/1/legTEe8dNuzG0SXjbILCb5FbDfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         78:ff:10:23:95:70:c1:f0:73:77:04:f0:e2:af:8c:f4:08:71:
         87:c1:fe:ff:46:e4:20:3c:9d:e6:2e:53:2e:5f:d9:93:d2:bc:
         5e:72:39:6d:55:51:02:f7:da:b6:b9:56:43:53:17:88:33:72:
         00:12:28:7a:50:43:54:3c:1b:85:70:10:d5:4c:0b:53:3b:95:
         27:13:a9:4d:b3:d6:86:b7:fc:63:ff:6e:cf:cf:1a:dd:f7:3f:
         f2:2d:f9:49:b3:8a:d4:c2:a1:0a:92:6a:b2:3e:db:c9:01:05:
         ef:8f:93:75:d5:8c:b3:64:b1:94:40:ee:dd:25:a8:1a:e3:93:
         41:b0:b4:2b:7a:23:4a:88:0d:8c:1f:fd:2c:43:d1:f4:aa:37:
         70:9e:26:d5:ce:e1:76:94:03:dc:c1:56:58:96:54:e3:32:e7:
         e6:ad:9a:68:2f:d6:c6:13:d2:d7:db:15:c0:f7:59:de:85:81:
         14:ef:4a:f1:26:ad:7e:1d:42:ed:88:d3:a9:a9:68:56:b8:ad:
         87:2b:de:eb:73:53:66:43:3a:1c:ba:b0:2e:72:37:94:81:d4:
         38:be:74:b6:47:46:a8:47:a0:95:f6:5a:11:b7:f5:4d:fb:e6:
         7b:89:19:af:dc:38:97:2e:fb:6e:a3:e5:cd:0b:f0:77:e5:d6:
         d7:af:0c:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyLdV0kT+FeBxwptK//dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZTgxMzExZWYxZDM2ZWNjNmQxMjVlMzZjODJjMjZmOTE1
YjBkZjcwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDVkZTk4ZjBjMWZjNmI4YjgzMTQ5M2NjYWIyZGNkMDY1Yzk0NGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaAaezfa6aCcF6q5f6DPrh3/aPP4
M5IvTdEbyeZ42Ja+JM7uOEVeP4xw4TQiUosXXeqJGYZopBGF2EaeLj+xNWjJ0uX9
CEuhr8y2lIGerWw2UkrbhFWp9oLwarg7V9vfqAa/cuT7dS3987KpkYpuQ2LWPYZV
7WhsoLEgpR91TKgFBxyJD7XxXrzNKLDfA0MJ1pD9gyBdj48uvMDfVEQ2yN7etgBW
88yqauFWcRQq943ZuopI1sL+8egIBKa5B0gWJP9H5qZcNvt8cxEYnka3NZQr4MQf
28+Dh8a6T0IEh34bRhzJtYUrm6E32mW2TiLJ7hh/cwhLK3y6zk6ii5dmuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1d6Y8MH8a4uDFJPMqy3NBlyUTfMB8GA1UdIwQY
MBaAFJXoExHvHTbsxtEl42yCwm+RWw33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGVnVEVlOGROdXpHMFNYamJJTENiNUZiRGZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC81YzA2YmMtOGNhMS00MDkxLTk0MTgt
NzM0ZmFiNmZlYzZmLzEvN1YzcGp3d2Z4cmk0TVVrOHlyTGMwR1hKUk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC81YzA2YmMtOGNhMS00MDkxLTk0MTgtNzM0ZmFiNmZlYzZm
LzEvbGVnVEVlOGROdXpHMFNYamJJTENiNUZiRGZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEHyqgMA0G
CSqGSIb3DQEBCwUAA4IBAQB4/xAjlXDB8HN3BPDir4z0CHGHwf7/RuQgPJ3mLlMu
X9mT0rxecjltVVEC99q2uVZDUxeIM3IAEih6UENUPBuFcBDVTAtTO5UnE6lNs9aG
t/xj/27Pzxrd9z/yLflJs4rUwqEKkmqyPtvJAQXvj5N11YyzZLGUQO7dJaga45NB
sLQreiNKiA2MH/0sQ9H0qjdwnibVzuF2lAPcwVZYllTjMufmrZpoL9bGE9LX2xXA
91nehYEU70rxJq1+HULtiNOpqWhWuK2HK97rc1NmQzocurAucjeUgdQ4vnS2R0ao
R6CV9loRt/VN++Z7iRmv3DiXLvtuo+XNC/B35dbXrwyS
-----END CERTIFICATE-----
Generated at Sun Jun 16 03:03:59 2024 by rpki-client on console-fra.rpki-client.org