Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/uN1OzbOJ0czChoZP4ev-tJYlewQ.roa
File:                     uN1OzbOJ0czChoZP4ev-tJYlewQ.roa (raw, json)
Hash identifier:          2xBDRrBhmIuHsVQWvaqWmYbcRBShnJ+YKkaQcMYRZZw=
Subject key identifier:   B8:DD:4E:CD:B3:89:D1:CC:C2:86:86:4F:E1:EB:FE:B4:96:25:7B:04
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       018E612AE5E52BD8F62CB9AF7D9A6556CFB0
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/uN1OzbOJ0czChoZP4ev-tJYlewQ.roa
Signing time:             Thu 21 Mar 2024 13:19:45 +0000
ROA not before:           Thu 21 Mar 2024 13:19:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31365
IP address blocks:        85.153.1.0/24 maxlen: 24
                          85.153.2.0/24 maxlen: 24
                          85.153.3.0/24 maxlen: 24
                          85.153.5.0/24 maxlen: 24
                          85.153.6.0/24 maxlen: 24
                          85.153.7.0/24 maxlen: 24
                          85.153.8.0/24 maxlen: 24
                          85.153.10.0/24 maxlen: 24
                          85.153.33.0/24 maxlen: 24
                          85.153.43.0/24 maxlen: 24
                          85.153.56.0/24 maxlen: 24
                          85.153.58.0/24 maxlen: 24
                          85.153.74.0/24 maxlen: 24
                          85.153.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:61:2a:e5:e5:2b:d8:f6:2c:b9:af:7d:9a:65:56:cf:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Mar 21 13:19:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8dd4ecdb389d1ccc286864fe1ebfeb496257b04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ac:d5:37:79:7a:c4:4e:c0:bf:f5:4c:5e:66:
                    ed:d6:60:9f:d0:0e:12:46:2c:28:d4:07:40:3e:43:
                    29:4d:f2:53:f8:01:f7:65:0b:b2:f8:d5:e0:23:a3:
                    8f:98:a9:29:56:40:33:36:17:f0:c5:d2:d7:ca:97:
                    e2:69:d1:9b:36:f0:5d:b5:0f:df:6b:54:18:bc:c9:
                    56:17:3a:3e:02:1b:86:8b:90:5d:a3:2e:0a:28:e6:
                    38:18:3d:6d:83:88:77:ac:f0:cd:55:b0:87:2e:01:
                    a6:06:ed:6a:25:3c:96:2a:88:c3:da:3d:d4:a9:85:
                    84:c1:7f:bd:c6:b6:08:06:a5:2b:ab:4d:c5:ae:70:
                    57:24:8a:cd:23:e2:b0:b8:71:12:cd:8d:e7:06:62:
                    13:9a:2c:1c:19:d2:eb:b8:b2:71:3a:d5:21:27:51:
                    cb:53:04:7b:c7:b5:6f:d2:0a:f3:a9:d6:81:92:91:
                    ad:eb:20:1c:f0:90:24:b7:2e:bb:56:60:1b:27:32:
                    77:c0:a2:37:32:80:65:f4:a4:0a:8d:5f:c5:84:f8:
                    aa:9e:97:03:84:a7:04:fb:89:d3:07:c8:44:bc:5e:
                    af:b2:cd:5d:a6:d3:4e:56:82:d2:fe:8b:ec:b4:e6:
                    97:c5:ea:ca:de:b9:d2:2d:c7:07:c4:70:4c:90:04:
                    e2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:DD:4E:CD:B3:89:D1:CC:C2:86:86:4F:E1:EB:FE:B4:96:25:7B:04
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/uN1OzbOJ0czChoZP4ev-tJYlewQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.1.0-85.153.3.255
                  85.153.5.0-85.153.8.255
                  85.153.10.0/24
                  85.153.33.0/24
                  85.153.43.0/24
                  85.153.56.0/24
                  85.153.58.0/24
                  85.153.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:e8:48:61:f5:4e:97:ac:bb:cd:e9:90:6f:0a:42:9d:53:bf:
         ed:65:3f:cb:d9:31:f2:58:37:41:57:d9:d6:4a:c0:5e:14:10:
         f6:6f:92:58:69:e0:27:fe:79:7e:7b:ad:04:1c:01:08:1a:6b:
         e0:64:90:ce:95:c9:92:59:d3:41:75:5c:24:a1:ad:e7:95:09:
         d5:28:67:77:68:db:44:6c:c2:0c:01:c8:8b:7b:e7:a4:f1:52:
         e6:a3:f3:e3:9e:d2:07:6d:80:16:1b:3d:de:ac:8d:9c:9b:29:
         9a:17:fa:05:06:7d:5d:0e:b4:33:a1:ca:f8:e6:b9:24:f1:f2:
         32:2e:da:75:8c:4e:fe:19:ec:5e:a4:f9:cf:5f:e1:56:d8:43:
         36:d2:0d:1c:49:f9:05:e5:1f:cc:30:01:2c:73:fc:1f:47:01:
         27:d7:31:c2:f0:87:a8:8d:fc:e2:cf:a8:b4:0e:ca:40:0c:f8:
         20:5e:18:58:b5:a1:52:9b:dc:49:a6:c0:53:93:93:08:d1:2a:
         ad:89:c4:e4:a4:fd:82:48:74:19:32:02:37:07:b5:0c:6c:d7:
         40:26:13:bb:31:97:0a:e5:4a:8b:e8:78:f5:22:9e:f9:7c:9c:
         cd:af:7d:58:58:c6:f8:55:83:72:37:93:af:5c:bf:15:65:74:
         8d:03:05:dc
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAY5hKuXlK9j2LLmvfZplVs+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjQwMzIxMTMxOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGRkNGVjZGIzODlkMWNjYzI4Njg2NGZlMWViZmViNDk2MjU3YjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2azVN3l6xE7Av/VMXmbt1mCf0A4S
Riwo1AdAPkMpTfJT+AH3ZQuy+NXgI6OPmKkpVkAzNhfwxdLXypfiadGbNvBdtQ/f
a1QYvMlWFzo+AhuGi5Bdoy4KKOY4GD1tg4h3rPDNVbCHLgGmBu1qJTyWKojD2j3U
qYWEwX+9xrYIBqUrq03FrnBXJIrNI+KwuHESzY3nBmITmiwcGdLruLJxOtUhJ1HL
UwR7x7Vv0grzqdaBkpGt6yAc8JAkty67VmAbJzJ3wKI3MoBl9KQKjV/FhPiqnpcD
hKcE+4nTB8hEvF6vss1dptNOVoLS/ovstOaXxerK3rnSLccHxHBMkATiAQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFLjdTs2zidHMwoaGT+Hr/rSWJXsEMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvdU4xT3piT0owY3pDaG9aUDRldi10SllsZXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAMAwDBABVmQED
BAJVmQAwDAMEAFWZBQMEAFWZCAMEAFWZCgMEAFWZIQMEAFWZKwMEAFWZOAMEAFWZ
OgMEAVWZSjANBgkqhkiG9w0BAQsFAAOCAQEAHuhIYfVOl6y7zemQbwpCnVO/7WU/
y9kx8lg3QVfZ1krAXhQQ9m+SWGngJ/55fnutBBwBCBpr4GSQzpXJklnTQXVcJKGt
55UJ1Shnd2jbRGzCDAHIi3vnpPFS5qPz457SB22AFhs93qyNnJspmhf6BQZ9XQ60
M6HK+Oa5JPHyMi7adYxO/hnsXqT5z1/hVthDNtINHEn5BeUfzDABLHP8H0cBJ9cx
wvCHqI384s+otA7KQAz4IF4YWLWhUpvcSabAU5OTCNEqrYnE5KT9gkh0GTICNwe1
DGzXQCYTuzGXCuVKi+h49SKe+Xycza99WFjG+FWDcjeTr1y/FWV0jQMF3A==
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:17:20 2024 by rpki-client on console-fra.rpki-client.org