Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/DRAK1-lV17rDe2NYPueaLcl0D0E.roa
File:                     DRAK1-lV17rDe2NYPueaLcl0D0E.roa (raw, json)
Hash identifier:          3DQMh3RYptf9vWQsVng5lbTXPzn5OjRacAcprcuco2g=
Subject key identifier:   0D:10:0A:D7:E9:55:D7:BA:C3:7B:63:58:3E:E7:9A:2D:C9:74:0F:41
Certificate issuer:       /CN=679252b9e21df8176cc538027895f7f4585666ab
Certificate serial:       018F99B98993632B6488DB3B6615960C9622
Authority key identifier: 67:92:52:B9:E2:1D:F8:17:6C:C5:38:02:78:95:F7:F4:58:56:66:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5JSueId-BdsxTgCeJX39FhWZqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/DRAK1-lV17rDe2NYPueaLcl0D0E.roa
Signing time:             Tue 21 May 2024 05:57:04 +0000
ROA not before:           Tue 21 May 2024 05:57:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197495
IP address blocks:        91.198.169.0/24 maxlen: 24
                          195.206.121.0/24 maxlen: 24
                          2001:67c:28cc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/Z5JSueId-BdsxTgCeJX39FhWZqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/Z5JSueId-BdsxTgCeJX39FhWZqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5JSueId-BdsxTgCeJX39FhWZqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:99:b9:89:93:63:2b:64:88:db:3b:66:15:96:0c:96:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=679252b9e21df8176cc538027895f7f4585666ab
        Validity
            Not Before: May 21 05:57:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d100ad7e955d7bac37b63583ee79a2dc9740f41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:37:c1:6c:72:87:97:72:04:31:d1:e0:f8:2e:
                    89:60:bb:08:b6:65:67:77:69:83:a7:51:3d:8d:b4:
                    4d:c2:b3:97:1c:c4:a0:71:7f:38:f7:a5:29:01:bf:
                    2e:7c:93:52:0a:16:e5:f8:d5:62:12:6f:c0:53:65:
                    a6:3e:cc:d3:c1:0f:40:c4:c6:a4:1e:87:b0:c9:59:
                    5c:29:e0:5d:49:ad:68:18:47:61:ae:2f:99:db:e3:
                    0c:93:a1:48:54:18:ad:fb:51:f9:a2:2e:88:83:04:
                    0d:cf:e1:3f:e0:d8:db:0f:3d:16:64:9a:9b:0e:be:
                    b1:a8:9a:4f:d4:99:9a:4e:37:9a:f4:e0:02:6b:b6:
                    d3:0b:86:b4:d6:28:91:0c:f4:00:e1:89:45:96:17:
                    ac:b1:2f:da:17:62:4e:52:46:85:c2:3f:0f:f8:9f:
                    b5:00:42:f1:15:29:1e:82:b9:53:b5:18:d7:c3:73:
                    fb:ff:c2:b4:0c:5f:e7:a7:c5:75:82:fb:57:71:29:
                    f6:ab:9c:e2:6c:f0:0c:22:ba:fa:f4:79:30:2f:46:
                    8b:cc:ec:33:d9:64:f0:92:f0:7d:79:ec:a7:26:57:
                    df:74:3e:66:57:53:67:f6:5e:8f:6c:89:a5:5e:96:
                    9f:d2:44:30:5c:2b:4c:06:b4:b9:fb:bd:3c:9d:52:
                    10:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:10:0A:D7:E9:55:D7:BA:C3:7B:63:58:3E:E7:9A:2D:C9:74:0F:41
            X509v3 Authority Key Identifier:
                keyid:67:92:52:B9:E2:1D:F8:17:6C:C5:38:02:78:95:F7:F4:58:56:66:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5JSueId-BdsxTgCeJX39FhWZqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/DRAK1-lV17rDe2NYPueaLcl0D0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/31c267-f2e3-4fa9-9d41-336e5b3dd071/1/Z5JSueId-BdsxTgCeJX39FhWZqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.169.0/24
                  195.206.121.0/24
                IPv6:
                  2001:67c:28cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:e6:e7:23:70:d5:c0:e0:b4:ae:d3:e5:7c:fd:56:49:f1:c8:
         5f:30:81:31:5c:89:ed:e4:64:fd:fe:22:1d:29:01:33:35:c4:
         6e:9a:73:17:1d:df:b0:ce:49:75:67:e4:c5:4d:6a:7e:34:a4:
         70:a7:30:b3:39:f1:b8:88:df:e8:aa:99:b0:35:10:60:0c:e9:
         24:43:7c:11:6c:11:d5:1d:e2:7f:1f:6d:51:32:1b:d5:86:94:
         1c:a7:88:35:2d:4d:78:46:81:71:59:9e:16:cf:0f:0c:ef:d6:
         f6:71:bd:bc:3f:ac:07:7f:32:a1:cc:f2:2a:37:f5:a1:73:74:
         76:60:3d:bb:2d:09:30:86:14:35:5c:73:df:e6:ab:79:56:d9:
         89:cb:18:ce:a0:83:e1:84:2f:73:a2:a3:88:29:53:3a:36:da:
         80:59:c3:89:df:e9:31:23:a4:4b:83:e9:cb:ec:37:35:21:3c:
         99:db:0f:cc:85:2a:2f:04:e8:45:a3:66:3e:e9:01:d0:11:a9:
         08:61:d1:42:8c:ec:5d:be:25:4a:26:fd:b0:34:af:66:99:9e:
         e8:93:d4:ae:b3:9a:d4:eb:aa:fd:89:70:6c:95:4c:c5:39:e1:
         86:87:a1:59:8f:3f:a6:44:d8:90:d2:e9:2f:08:57:eb:d3:d2:
         fe:b5:5a:f6
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY+ZuYmTYytkiNs7ZhWWDJYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTI1MmI5ZTIxZGY4MTc2Y2M1MzgwMjc4OTVmN2Y0NTg1
NjY2YWIwHhcNMjQwNTIxMDU1NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDEwMGFkN2U5NTVkN2JhYzM3YjYzNTgzZWU3OWEyZGM5NzQwZjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzfBbHKHl3IEMdHg+C6JYLsItmVn
d2mDp1E9jbRNwrOXHMSgcX8496UpAb8ufJNSChbl+NViEm/AU2WmPszTwQ9AxMak
HoewyVlcKeBdSa1oGEdhri+Z2+MMk6FIVBit+1H5oi6IgwQNz+E/4NjbDz0WZJqb
Dr6xqJpP1JmaTjea9OACa7bTC4a01iiRDPQA4YlFlhessS/aF2JOUkaFwj8P+J+1
AELxFSkegrlTtRjXw3P7/8K0DF/np8V1gvtXcSn2q5zibPAMIrr69HkwL0aLzOwz
2WTwkvB9eeynJlffdD5mV1Nn9l6PbImlXpaf0kQwXCtMBrS5+708nVIQrQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFA0QCtfpVde6w3tjWD7nmi3JdA9BMB8GA1UdIwQY
MBaAFGeSUrniHfgXbMU4AniV9/RYVmarMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVKU3VlSWQtQmRzeFRnQ2VKWDM5RmhXWnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8zMWMyNjctZjJlMy00ZmE5LTlkNDEt
MzM2ZTViM2RkMDcxLzEvRFJBSzEtbFYxN3JEZTJOWVB1ZWFMY2wwRDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8zMWMyNjctZjJlMy00ZmE5LTlkNDEtMzM2ZTViM2RkMDcx
LzEvWjVKU3VlSWQtQmRzeFRnQ2VKWDM5RmhXWnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW8apAwQA
w855MA8EAgACMAkDBwAgAQZ8KMwwDQYJKoZIhvcNAQELBQADggEBAJDm5yNw1cDg
tK7T5Xz9VknxyF8wgTFcie3kZP3+Ih0pATM1xG6acxcd37DOSXVn5MVNan40pHCn
MLM58biI3+iqmbA1EGAM6SRDfBFsEdUd4n8fbVEyG9WGlByniDUtTXhGgXFZnhbP
Dwzv1vZxvbw/rAd/MqHM8io39aFzdHZgPbstCTCGFDVcc9/mq3lW2YnLGM6gg+GE
L3Oio4gpUzo22oBZw4nf6TEjpEuD6cvsNzUhPJnbD8yFKi8E6EWjZj7pAdARqQhh
0UKM7F2+JUom/bA0r2aZnuiT1K6zmtTrqv2JcGyVTMU54YaHoVmPP6ZE2JDS6S8I
V+vT0v61WvY=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:00:52 2024 by rpki-client on console-fra.rpki-client.org