Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/mY_PK31Sy60Cf9d-WVwhwtZCxLs.roa
File:                     mY_PK31Sy60Cf9d-WVwhwtZCxLs.roa (raw, json)
Hash identifier:          xUUKkxVQXTUDMtfJCLa3e3OsNHQPNx3XpOGA/mTxINE=
Subject key identifier:   99:8F:CF:2B:7D:52:CB:AD:02:7F:D7:7E:59:5C:21:C2:D6:42:C4:BB
Certificate issuer:       /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial:       018DC3B4CADF0236C15A5558E065BC997276
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/mY_PK31Sy60Cf9d-WVwhwtZCxLs.roa
Signing time:             Mon 19 Feb 2024 23:30:21 +0000
ROA not before:           Mon 19 Feb 2024 23:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23655
IP address blocks:        185.71.228.0/24 maxlen: 24
                          185.71.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c3:b4:ca:df:02:36:c1:5a:55:58:e0:65:bc:99:72:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
        Validity
            Not Before: Feb 19 23:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=998fcf2b7d52cbad027fd77e595c21c2d642c4bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bc:db:02:69:6d:c8:c9:48:7f:33:69:a6:13:
                    d4:11:ba:91:d1:28:19:c9:f6:cb:da:f2:db:91:ad:
                    c3:06:ab:e7:79:80:93:ad:78:90:84:10:f4:a3:f2:
                    71:1e:ce:a4:f5:5a:5b:2b:36:52:95:a2:26:c0:ca:
                    cd:ce:3d:f5:3a:f9:c2:07:2a:f0:39:99:06:c8:de:
                    67:80:af:2c:60:c7:01:6f:1c:84:fc:43:6f:76:d0:
                    1b:74:73:8f:91:49:be:d6:bf:85:03:9b:0a:26:92:
                    f3:fc:40:e0:c3:38:9f:64:f9:35:ff:35:0d:92:16:
                    42:c9:b9:a7:7e:59:94:29:a5:f8:8e:2c:e1:ea:c2:
                    74:e1:23:38:1e:eb:c1:88:fd:0b:aa:e5:c3:64:23:
                    5b:b7:03:e9:cc:01:3a:00:26:77:d8:48:31:84:a2:
                    40:f0:e1:fe:d7:58:b2:31:53:16:b9:d1:45:79:2a:
                    85:8a:43:6a:5c:08:f8:5a:2e:c9:9f:e6:42:24:88:
                    49:80:9c:3a:cf:3d:ff:02:02:ed:e9:46:26:6e:fd:
                    16:9f:33:0d:d1:65:c3:31:5a:92:ea:1e:04:fe:e7:
                    7c:18:c9:1c:49:b8:ca:9a:5c:a7:95:54:29:4f:9f:
                    9f:07:7e:18:b2:96:20:36:e6:29:31:02:2f:66:3d:
                    b2:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:8F:CF:2B:7D:52:CB:AD:02:7F:D7:7E:59:5C:21:C2:D6:42:C4:BB
            X509v3 Authority Key Identifier:
                keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/mY_PK31Sy60Cf9d-WVwhwtZCxLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:20:79:8b:46:e0:50:c7:3a:9d:a4:ac:ed:88:b8:6c:59:25:
         aa:5d:16:7d:3f:4a:15:53:fb:d5:9b:68:f4:8d:b2:21:c9:97:
         16:d7:52:da:88:d7:d4:32:f9:58:0d:87:54:4b:83:d6:b9:f6:
         cb:ca:e3:06:78:28:bf:c5:6c:d4:35:4f:70:a0:16:d9:3b:3b:
         b0:36:14:91:42:36:24:73:50:91:57:b9:fa:3d:74:07:17:79:
         c1:93:c0:fd:38:2d:af:00:32:4c:70:1f:c0:ec:20:ca:ba:16:
         07:7b:dd:2f:53:55:40:7d:44:aa:dc:65:20:a9:a0:f2:99:f7:
         c2:1a:31:c1:5a:ff:b4:3f:b9:2a:70:b7:6c:62:5a:85:60:8a:
         15:e1:71:99:69:c4:a5:66:bf:3f:29:ad:33:ab:8e:af:6f:11:
         31:a0:14:c9:d2:a3:26:ab:3d:66:64:89:66:73:91:3f:27:5e:
         81:82:df:60:ff:dc:79:dc:55:51:97:93:02:19:8e:27:de:13:
         fa:fb:31:74:2a:f6:8d:be:bc:ba:fb:d3:fc:22:79:e3:45:63:
         99:bf:d6:9c:6d:56:ad:2b:72:0e:b8:09:03:fb:5e:4a:03:25:
         b3:31:54:a6:4e:dc:8a:97:1d:72:70:59:cd:33:df:c0:87:ac:
         37:e8:75:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3DtMrfAjbBWlVY4GW8mXJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjRjN2VjZmEzN2QyNDg3MTUyZmI5YmJiYWI1MGJlNzlk
ZTI2MTkwHhcNMjQwMjE5MjMzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OThmY2YyYjdkNTJjYmFkMDI3ZmQ3N2U1OTVjMjFjMmQ2NDJjNGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybzbAmltyMlIfzNpphPUEbqR0SgZ
yfbL2vLbka3DBqvneYCTrXiQhBD0o/JxHs6k9VpbKzZSlaImwMrNzj31OvnCByrw
OZkGyN5ngK8sYMcBbxyE/ENvdtAbdHOPkUm+1r+FA5sKJpLz/EDgwzifZPk1/zUN
khZCybmnflmUKaX4jizh6sJ04SM4HuvBiP0LquXDZCNbtwPpzAE6ACZ32EgxhKJA
8OH+11iyMVMWudFFeSqFikNqXAj4Wi7Jn+ZCJIhJgJw6zz3/AgLt6UYmbv0WnzMN
0WXDMVqS6h4E/ud8GMkcSbjKmlynlVQpT5+fB34YspYgNuYpMQIvZj2yswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmPzyt9UsutAn/XfllcIcLWQsS7MB8GA1UdIwQY
MBaAFD4kx+z6N9JIcVL7m7urUL553iYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMt
NDkzZDc3NGFhMWZmLzEvbVlfUEszMVN5NjBDZjlkLVdWd2h3dFpDeExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMtNDkzZDc3NGFhMWZm
LzEvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUfkMA0G
CSqGSIb3DQEBCwUAA4IBAQBuIHmLRuBQxzqdpKztiLhsWSWqXRZ9P0oVU/vVm2j0
jbIhyZcW11LaiNfUMvlYDYdUS4PWufbLyuMGeCi/xWzUNU9woBbZOzuwNhSRQjYk
c1CRV7n6PXQHF3nBk8D9OC2vADJMcB/A7CDKuhYHe90vU1VAfUSq3GUgqaDymffC
GjHBWv+0P7kqcLdsYlqFYIoV4XGZacSlZr8/Ka0zq46vbxExoBTJ0qMmqz1mZIlm
c5E/J16Bgt9g/9x53FVRl5MCGY4n3hP6+zF0KvaNvry6+9P8InnjRWOZv9acbVat
K3IOuAkD+15KAyWzMVSmTtyKlx1ycFnNM9/Ah6w36HUK
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:49:15 2024 by rpki-client on console-fra.rpki-client.org