Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/VlKpw1uHHpi35cS1sbJvjp3ldFg.roa
File:                     VlKpw1uHHpi35cS1sbJvjp3ldFg.roa (raw, json)
Hash identifier:          9M5kjYavFhVrRI85RDZ2MH5o/jzd+dB1d0G3JCS/gYQ=
Subject key identifier:   56:52:A9:C3:5B:87:1E:98:B7:E5:C4:B5:B1:B2:6F:8E:9D:E5:74:58
Certificate issuer:       /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial:       018CC56E6BBDDC0E3C6EB47AC3BCC4BC2C98
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/VlKpw1uHHpi35cS1sbJvjp3ldFg.roa
Signing time:             Mon 01 Jan 2024 14:29:57 +0000
ROA not before:           Mon 01 Jan 2024 14:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209565
IP address blocks:        131.117.225.0/24 maxlen: 24
                          131.117.224.0/24 maxlen: 24
                          131.117.228.0/24 maxlen: 24
                          131.117.233.0/24 maxlen: 24
                          185.21.138.0/24 maxlen: 24
                          185.21.137.0/24 maxlen: 24
                          185.21.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:6b:bd:dc:0e:3c:6e:b4:7a:c3:bc:c4:bc:2c:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
        Validity
            Not Before: Jan  1 14:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5652a9c35b871e98b7e5c4b5b1b26f8e9de57458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:df:93:4a:8f:31:a6:53:7f:74:fe:cb:ad:3d:
                    ed:c5:32:67:79:05:05:a2:35:ef:bd:4f:d8:81:24:
                    d5:f4:74:95:62:80:1e:a0:6a:ef:90:91:90:56:55:
                    38:39:80:7a:f8:1c:3a:a3:99:66:a1:74:97:42:b5:
                    eb:fa:0d:3b:09:4d:4f:42:a8:03:fe:10:89:14:e5:
                    c0:5f:a7:3e:8d:31:93:a7:76:9b:6a:67:cc:9b:1c:
                    53:c5:87:99:59:68:03:a1:33:54:ef:42:14:b6:53:
                    80:44:20:80:12:03:09:53:c2:c6:77:ba:8a:35:c5:
                    ae:78:8b:07:77:00:ae:66:70:cf:da:58:5b:df:b5:
                    1c:70:dd:bc:95:35:cc:c8:82:c9:7f:63:6d:e5:e3:
                    f6:90:af:7a:2b:aa:97:1b:88:a5:72:12:41:f1:72:
                    58:45:19:92:43:15:8c:65:63:e0:0d:83:4b:4b:a1:
                    29:16:4d:ce:19:bd:d6:ce:04:d7:77:6a:9d:3b:6b:
                    c3:fd:6c:b3:48:4b:08:8c:9d:38:11:69:5b:c8:7c:
                    96:03:34:68:29:f3:7b:c2:79:31:ec:1e:cc:50:80:
                    c6:5c:f3:db:09:d2:74:b5:14:dc:7c:60:b7:2b:c8:
                    36:e7:86:e0:3d:41:d3:65:06:fc:56:71:eb:2d:45:
                    22:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:52:A9:C3:5B:87:1E:98:B7:E5:C4:B5:B1:B2:6F:8E:9D:E5:74:58
            X509v3 Authority Key Identifier:
                keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/VlKpw1uHHpi35cS1sbJvjp3ldFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.117.224.0/23
                  131.117.228.0/24
                  131.117.233.0/24
                  185.21.136.0-185.21.138.255

    Signature Algorithm: sha256WithRSAEncryption
         d8:4e:13:04:45:d7:90:5d:9f:5b:4d:fe:45:fa:1a:09:1a:bd:
         00:a8:0b:8a:34:d4:ac:e8:b1:49:54:32:c7:29:5a:8a:e7:c6:
         a4:90:47:04:25:44:b8:29:cf:90:ea:e3:34:ed:d7:08:1b:80:
         ca:09:5f:32:96:45:1e:9f:51:dd:75:49:77:83:e6:e6:71:18:
         1d:01:48:0b:63:25:5a:9d:94:8f:bb:aa:8a:51:db:94:c0:9d:
         4a:9a:0c:a5:28:85:6c:f4:c7:e9:77:da:f6:6d:8d:8a:97:cb:
         52:75:1d:0e:04:1d:1d:19:a9:c6:e7:37:b6:da:e8:5d:8d:f6:
         bf:b2:37:26:d0:3f:1a:2f:50:e7:be:c1:6e:20:6f:46:b1:f6:
         db:9e:9c:20:2d:af:40:cb:5f:e6:73:3a:b5:47:45:a4:f0:97:
         a0:62:e9:57:4b:cd:a4:9d:05:a6:af:1a:fb:cb:5b:20:12:ae:
         4f:91:68:ad:6a:27:53:9b:0e:40:f7:ae:fe:f8:19:39:31:53:
         9e:7e:87:ed:71:d3:1c:6b:8a:c7:55:eb:a7:67:7e:0c:40:23:
         64:14:76:50:70:73:64:0c:7c:dc:cd:21:72:a6:16:3e:95:45:
         55:2f:2d:d9:1e:96:a8:0b:dc:36:08:87:4e:60:6c:9e:e7:32:
         53:b3:51:a6
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzFbmu93A48brR6w7zEvCyYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGEwMmQyMGM2YjdkZTM1NzEyNWYzOGIxNzM1Y2ExYjkx
Zjg3YjMwHhcNMjQwMTAxMTQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjUyYTljMzViODcxZTk4YjdlNWM0YjViMWIyNmY4ZTlkZTU3NDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmd+TSo8xplN/dP7LrT3txTJneQUF
ojXvvU/YgSTV9HSVYoAeoGrvkJGQVlU4OYB6+Bw6o5lmoXSXQrXr+g07CU1PQqgD
/hCJFOXAX6c+jTGTp3abamfMmxxTxYeZWWgDoTNU70IUtlOARCCAEgMJU8LGd7qK
NcWueIsHdwCuZnDP2lhb37UccN28lTXMyILJf2Nt5eP2kK96K6qXG4ilchJB8XJY
RRmSQxWMZWPgDYNLS6EpFk3OGb3WzgTXd2qdO2vD/WyzSEsIjJ04EWlbyHyWAzRo
KfN7wnkx7B7MUIDGXPPbCdJ0tRTcfGC3K8g254bgPUHTZQb8VnHrLUUifwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFFZSqcNbhx6Yt+XEtbGyb46d5XRYMB8GA1UdIwQY
MBaAFPmKAtIMa33jVxJfOLFzXKG5H4ezMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Zb0MwZ3hyZmVOWEVsODRzWE5jb2JrZmg3TS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMz
LWFjZTNkNjc1ZDNjZC8xL1ZsS3B3MXVISHBpMzVjUzFzYkp2anAzbGRGZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMzLWFjZTNkNjc1ZDNj
ZC8xLzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOQYIKwYBBQUHAQcBAf8EKjAoMCYEAgABMCADBAGDdeAD
BACDdeQDBACDdekwDAMEA7kViAMEALkVijANBgkqhkiG9w0BAQsFAAOCAQEA2E4T
BEXXkF2fW03+RfoaCRq9AKgLijTUrOixSVQyxylaiufGpJBHBCVEuCnPkOrjNO3X
CBuAyglfMpZFHp9R3XVJd4Pm5nEYHQFIC2MlWp2Uj7uqilHblMCdSpoMpSiFbPTH
6Xfa9m2NipfLUnUdDgQdHRmpxuc3ttroXY32v7I3JtA/Gi9Q577BbiBvRrH2256c
IC2vQMtf5nM6tUdFpPCXoGLpV0vNpJ0Fpq8a+8tbIBKuT5ForWonU5sOQPeu/vgZ
OTFTnn6H7XHTHGuKx1Xrp2d+DEAjZBR2UHBzZAx83M0hcqYWPpVFVS8t2R6WqAvc
NgiHTmBsnucyU7NRpg==
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:05:40 2024 by rpki-client on console-fra.rpki-client.org