Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/1-DdPgP6Sx1Ed0LVhVsH8-nRLgMA.roa
File:                     1-DdPgP6Sx1Ed0LVhVsH8-nRLgMA.roa (raw, json)
Hash identifier:          AxM3S445DV6qTCjUef+yiWHVVwWZ60ih+fADoFtoFTU=
Subject key identifier:   F8:37:4F:80:FE:92:C7:51:1D:D0:B5:61:56:C1:FC:FA:74:4B:80:C0
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       018E9596B4257247AD49BDC0A1298BEEDE80
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/1-DdPgP6Sx1Ed0LVhVsH8-nRLgMA.roa
Signing time:             Sun 31 Mar 2024 17:37:45 +0000
ROA not before:           Sun 31 Mar 2024 17:37:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        31.223.192.0/21 maxlen: 24
                          31.223.200.0/21 maxlen: 24
                          109.238.160.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:96:b4:25:72:47:ad:49:bd:c0:a1:29:8b:ee:de:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Mar 31 17:37:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8374f80fe92c7511dd0b56156c1fcfa744b80c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:10:fd:7c:0c:20:44:2b:4c:44:d6:43:d4:1a:
                    2f:90:41:0c:a5:da:5a:ff:ee:6d:db:d7:c2:8b:72:
                    8c:bc:25:1c:b8:5a:11:99:45:3a:ee:33:2f:43:23:
                    e5:7f:21:81:8d:69:70:f7:3f:f2:91:15:25:ca:53:
                    74:89:86:c7:b4:c0:b5:11:51:6c:73:8d:f2:e7:22:
                    d3:c5:c0:59:69:bb:9f:78:27:e7:14:e3:14:51:34:
                    97:e4:be:82:66:4b:b3:49:df:07:79:0a:2a:b4:55:
                    ee:c7:2d:06:ac:ea:d5:70:9f:1b:20:e3:90:98:63:
                    c9:5b:00:f3:d8:24:e1:ae:4e:07:3f:97:15:3e:62:
                    97:b5:8f:ec:34:c0:25:17:3d:3b:54:47:5e:60:9f:
                    df:9c:1a:42:e8:f1:1e:84:25:46:f4:7a:bc:bd:6a:
                    be:e0:af:03:33:9f:c7:41:c1:49:76:4c:11:98:65:
                    35:e6:6c:6d:4d:1c:ad:5e:0f:26:8d:67:92:3e:e9:
                    dd:5c:75:df:41:8c:c4:e6:b4:f5:88:9b:bf:92:61:
                    2f:30:0f:d2:48:97:56:55:81:b3:be:cd:7c:65:ed:
                    c4:8a:3c:19:b5:cd:fc:6f:8d:84:da:f7:16:01:6a:
                    1a:26:21:e9:10:78:4f:ac:a5:86:fd:d2:7c:c8:11:
                    24:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:37:4F:80:FE:92:C7:51:1D:D0:B5:61:56:C1:FC:FA:74:4B:80:C0
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/1-DdPgP6Sx1Ed0LVhVsH8-nRLgMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.223.192.0/20
                  109.238.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6e:a7:b7:dc:cf:4a:4a:14:19:1d:1f:c3:04:3f:95:7a:d1:f2:
         31:0f:e2:0d:0d:fe:7d:28:74:bb:de:ab:ee:a8:c2:f2:ea:5d:
         64:1b:ff:50:c7:e3:52:5e:76:a3:af:8a:ac:52:80:8b:bf:68:
         58:83:aa:33:a8:2c:b0:e9:b6:bc:15:d7:81:04:6e:56:84:55:
         7c:1f:e3:7c:56:2e:6a:a8:9d:31:c5:c1:f1:90:a1:cf:87:f0:
         e9:71:94:97:1f:65:3c:14:82:47:6c:d1:9e:9c:a3:21:1f:12:
         bb:f4:82:0c:c0:2c:1c:8b:08:51:44:15:03:e6:64:3f:00:34:
         8c:bf:e7:9f:6f:78:33:de:bb:03:a1:e2:86:10:1f:db:50:b5:
         3e:8d:14:5f:ab:d2:b7:55:f8:55:17:16:5d:07:6e:a6:ac:a7:
         0b:34:a5:ed:45:09:38:75:f4:3e:54:f9:a2:14:20:ae:10:9a:
         eb:fd:78:2b:fc:51:d9:56:15:5c:e2:ae:a9:3b:24:5b:7f:23:
         65:6d:25:14:ac:c5:e7:47:8c:c7:46:05:6c:04:9a:e2:2f:56:
         9b:19:41:5a:f4:03:2c:90:4b:c5:6d:22:bf:bc:28:bc:cd:03:
         65:3f:ed:7c:b8:e0:d1:5a:e3:9f:91:a3:51:7e:91:bd:8a:3a:
         8d:46:70:da
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAY6VlrQlcketSb3AoSmL7t6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjQwMzMxMTczNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODM3NGY4MGZlOTJjNzUxMWRkMGI1NjE1NmMxZmNmYTc0NGI4MGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRD9fAwgRCtMRNZD1BovkEEMpdpa
/+5t29fCi3KMvCUcuFoRmUU67jMvQyPlfyGBjWlw9z/ykRUlylN0iYbHtMC1EVFs
c43y5yLTxcBZabufeCfnFOMUUTSX5L6CZkuzSd8HeQoqtFXuxy0GrOrVcJ8bIOOQ
mGPJWwDz2CThrk4HP5cVPmKXtY/sNMAlFz07VEdeYJ/fnBpC6PEehCVG9Hq8vWq+
4K8DM5/HQcFJdkwRmGU15mxtTRytXg8mjWeSPundXHXfQYzE5rT1iJu/kmEvMA/S
SJdWVYGzvs18Ze3EijwZtc38b42E2vcWAWoaJiHpEHhPrKWG/dJ8yBEkRQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPg3T4D+ksdRHdC1YVbB/Pp0S4DAMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvMS1EZFBnUDZTeDFFZDBMVmhWc0g4LW5STGdNQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzcvMjE5Y2FlLTI2NGQtNDZhNy05ZTY0LWU2MDRiNjFiZTBl
YS8xL0Z5VTNZQm94YVhRRWtpMlZmblJGRDFxY3ZuTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBB/fwAME
A23uoDANBgkqhkiG9w0BAQsFAAOCAQEAbqe33M9KShQZHR/DBD+VetHyMQ/iDQ3+
fSh0u96r7qjC8updZBv/UMfjUl52o6+KrFKAi79oWIOqM6gssOm2vBXXgQRuVoRV
fB/jfFYuaqidMcXB8ZChz4fw6XGUlx9lPBSCR2zRnpyjIR8Su/SCDMAsHIsIUUQV
A+ZkPwA0jL/nn294M967A6HihhAf21C1Po0UX6vSt1X4VRcWXQdupqynCzSl7UUJ
OHX0PlT5ohQgrhCa6/14K/xR2VYVXOKuqTskW38jZW0lFKzF50eMx0YFbASa4i9W
mxlBWvQDLJBLxW0iv7wovM0DZT/tfLjg0Vrjn5GjUX6RvYo6jUZw2g==
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:35:55 2024 by rpki-client on console-fra.rpki-client.org