Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/npIhPZa7inawMSP9py64g6GUPw4.roa
File:                     npIhPZa7inawMSP9py64g6GUPw4.roa (raw, json)
Hash identifier:          n/KekCVWCSU0GxCRKr9uag8mytVIwEMC70rGJgEWYFI=
Subject key identifier:   9E:92:21:3D:96:BB:8A:76:B0:31:23:FD:A7:2E:B8:83:A1:94:3F:0E
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DADFCEC64FA2ABF9298A7A22C3D2DC
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/npIhPZa7inawMSP9py64g6GUPw4.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204301
IP address blocks:        81.15.201.0/24 maxlen: 24
                          88.220.48.0/24 maxlen: 24
                          88.220.84.0/24 maxlen: 24
                          81.15.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:df:ce:c6:4f:a2:ab:f9:29:8a:7a:22:c3:d2:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e92213d96bb8a76b03123fda72eb883a1943f0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9a:a9:f8:7f:5e:a0:ed:3e:c3:99:e7:e4:6d:
                    58:9c:d4:19:af:72:31:33:0e:7f:0b:b2:60:1d:94:
                    ca:54:4f:77:02:5e:72:80:46:22:2f:b0:5b:40:b0:
                    7e:e5:53:fc:87:b1:a7:2a:06:82:e4:9e:a5:1a:9a:
                    3b:ff:73:ee:32:13:db:67:7d:a0:58:3c:e6:d6:d1:
                    8e:91:27:92:b0:72:da:bf:3b:c4:ff:19:96:7d:09:
                    94:1d:36:81:de:bb:96:50:82:4b:7b:18:73:f7:7f:
                    8d:21:1e:95:ca:c7:ff:5f:4d:a9:aa:b0:6e:5d:4c:
                    36:fd:f5:5e:dc:c7:74:f8:63:cc:1e:18:f7:23:fb:
                    f1:65:87:f5:0d:2c:13:01:76:23:f6:b1:1b:c7:dd:
                    86:77:37:ef:8a:a9:d4:25:bf:a6:a8:33:24:40:a6:
                    03:bb:f9:27:cb:a8:54:02:b7:72:5e:23:75:96:98:
                    07:c4:b6:85:88:08:e1:21:9d:f8:f3:7b:28:af:48:
                    dd:16:a8:26:60:33:c5:7f:da:e4:37:76:fc:9d:e6:
                    6d:af:0e:7a:05:1c:20:f0:51:c1:77:e8:dd:79:74:
                    24:4d:b8:7a:a3:71:1c:44:f8:ef:e8:d8:51:7a:10:
                    7c:34:c1:01:3d:0f:62:12:d5:20:8b:4b:18:ae:9a:
                    23:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:92:21:3D:96:BB:8A:76:B0:31:23:FD:A7:2E:B8:83:A1:94:3F:0E
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/npIhPZa7inawMSP9py64g6GUPw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.191.0/24
                  81.15.201.0/24
                  88.220.48.0/24
                  88.220.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:55:68:16:37:b8:68:e9:80:bd:ac:34:d6:27:5f:19:f4:07:
         58:83:cd:24:48:2c:bc:3c:87:93:e6:1e:ef:63:54:de:a8:dc:
         43:33:d5:5a:31:1c:e8:97:0b:9c:e0:2d:3f:22:89:98:d4:86:
         a8:66:d3:b8:ff:64:be:c1:82:22:7d:9f:e9:d5:5c:c5:1b:39:
         47:ee:8d:72:d1:e2:06:6d:12:fb:39:a9:2b:32:09:ae:20:38:
         37:02:09:73:64:60:ec:fb:1a:0a:29:ed:11:45:ef:24:84:10:
         6c:8d:8c:a7:8e:8f:ea:d1:c8:8b:53:65:6a:52:d1:b1:2c:52:
         1b:4b:a4:1f:b2:98:07:68:2e:85:46:64:5a:ad:8d:71:4a:8c:
         27:4c:f8:ab:1a:73:9d:b9:5a:4b:37:57:b3:b9:57:e5:af:36:
         3d:d3:28:98:7d:da:e9:d1:aa:ff:28:de:81:a4:83:ec:16:57:
         97:e3:b0:a7:7c:75:f2:02:ef:25:14:7f:db:47:5d:99:77:71:
         61:1c:94:1c:e8:f3:52:96:81:2e:22:3b:ef:f2:f2:7a:e6:c0:
         ad:da:a8:4c:8c:46:40:45:93:3f:a5:aa:1d:2c:d5:18:1a:d7:
         2e:4f:d2:0d:1c:75:e2:1c:70:7e:47:b0:8e:8d:e5:e4:aa:66:
         96:75:63:1c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzC2t/Oxk+iq/kpinoiw9LcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTkyMjEzZDk2YmI4YTc2YjAzMTIzZmRhNzJlYjg4M2ExOTQzZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Jqp+H9eoO0+w5nn5G1YnNQZr3Ix
Mw5/C7JgHZTKVE93Al5ygEYiL7BbQLB+5VP8h7GnKgaC5J6lGpo7/3PuMhPbZ32g
WDzm1tGOkSeSsHLavzvE/xmWfQmUHTaB3ruWUIJLexhz93+NIR6Vysf/X02pqrBu
XUw2/fVe3Md0+GPMHhj3I/vxZYf1DSwTAXYj9rEbx92GdzfviqnUJb+mqDMkQKYD
u/kny6hUArdyXiN1lpgHxLaFiAjhIZ3483sor0jdFqgmYDPFf9rkN3b8neZtrw56
BRwg8FHBd+jdeXQkTbh6o3EcRPjv6NhRehB8NMEBPQ9iEtUgi0sYrpojwwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJ6SIT2Wu4p2sDEj/acuuIOhlD8OMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbnBJaFBaYTdpbmF3TVNQOXB5NjRnNkdVUHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUQ+/AwQA
UQ/JAwQAWNwwAwQAWNxUMA0GCSqGSIb3DQEBCwUAA4IBAQC1VWgWN7ho6YC9rDTW
J18Z9AdYg80kSCy8PIeT5h7vY1TeqNxDM9VaMRzolwuc4C0/IomY1IaoZtO4/2S+
wYIifZ/p1VzFGzlH7o1y0eIGbRL7OakrMgmuIDg3AglzZGDs+xoKKe0RRe8khBBs
jYynjo/q0ciLU2VqUtGxLFIbS6QfspgHaC6FRmRarY1xSownTPirGnOduVpLN1ez
uVflrzY90yiYfdrp0ar/KN6BpIPsFleX47CnfHXyAu8lFH/bR12Zd3FhHJQc6PNS
loEuIjvv8vJ65sCt2qhMjEZARZM/paodLNUYGtcuT9INHHXiHHB+R7COjeXkqmaW
dWMc
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:32:45 2024 by rpki-client on console-ams.rpki-client.org