Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/K5k3j8D48Rw5WTinC2vIY3rti0k.roa
File:                     K5k3j8D48Rw5WTinC2vIY3rti0k.roa (raw, json)
Hash identifier:          fN4O6y9CKPSX5b0eDT9P2jQnYo5zgKBdFYL+rP+IwhA=
Subject key identifier:   2B:99:37:8F:C0:F8:F1:1C:39:59:38:A7:0B:6B:C8:63:7A:ED:8B:49
Certificate issuer:       /CN=e482fd07e20d406ea4152e492b000e554ebfcc80
Certificate serial:       018CC79568E0496D5637DBEDF8BAD57E5D56
Authority key identifier: E4:82:FD:07:E2:0D:40:6E:A4:15:2E:49:2B:00:0E:55:4E:BF:CC:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5IL9B-INQG6kFS5JKwAOVU6_zIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/K5k3j8D48Rw5WTinC2vIY3rti0k.roa
Signing time:             Tue 02 Jan 2024 00:31:46 +0000
ROA not before:           Tue 02 Jan 2024 00:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41625
IP address blocks:        89.31.240.0/21 maxlen: 21
                          89.31.242.0/24 maxlen: 24
                          2a00:8900::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/5IL9B-INQG6kFS5JKwAOVU6_zIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/5IL9B-INQG6kFS5JKwAOVU6_zIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5IL9B-INQG6kFS5JKwAOVU6_zIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:68:e0:49:6d:56:37:db:ed:f8:ba:d5:7e:5d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e482fd07e20d406ea4152e492b000e554ebfcc80
        Validity
            Not Before: Jan  2 00:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b99378fc0f8f11c395938a70b6bc8637aed8b49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:78:83:25:a8:5d:50:f4:57:b5:ed:ca:c9:1f:
                    64:63:02:5c:19:dd:c9:a4:83:e0:64:d5:98:43:0a:
                    f4:29:c2:2d:5b:a4:91:12:17:72:1f:18:69:af:53:
                    f8:3f:24:77:4d:0c:d3:8d:48:d1:06:0f:66:c4:59:
                    f0:e1:26:d0:4b:57:c2:c5:88:ed:b4:f0:1a:d8:02:
                    b1:91:58:d9:94:3e:9e:d4:78:12:8d:de:71:5f:21:
                    2a:d9:84:c0:78:a7:60:ad:4c:db:42:59:e7:31:a6:
                    b3:89:d7:d3:65:07:8e:d8:0d:b5:3d:f0:d0:32:1d:
                    7c:39:f0:b9:70:94:89:e0:72:cc:a7:26:be:ba:74:
                    25:6b:c2:e2:0d:51:dc:bf:d5:d3:06:8e:e6:c0:48:
                    6a:99:13:71:ee:e0:48:56:ad:b8:c5:ef:6c:79:75:
                    46:f7:3f:00:51:16:6e:3d:b1:7a:10:30:f5:24:56:
                    b7:54:51:73:87:41:8d:e0:e6:67:03:6f:d9:f8:93:
                    83:78:97:c1:54:a0:75:4a:65:36:c3:82:9d:33:c1:
                    c4:6e:d5:1d:d4:da:d3:50:20:42:ab:82:d9:1a:43:
                    f9:0b:02:d3:5e:8b:db:d6:65:4f:c3:76:f4:1f:e9:
                    73:84:c4:43:23:dd:e8:bf:d3:80:93:66:28:b6:d7:
                    8d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:99:37:8F:C0:F8:F1:1C:39:59:38:A7:0B:6B:C8:63:7A:ED:8B:49
            X509v3 Authority Key Identifier:
                keyid:E4:82:FD:07:E2:0D:40:6E:A4:15:2E:49:2B:00:0E:55:4E:BF:CC:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5IL9B-INQG6kFS5JKwAOVU6_zIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/K5k3j8D48Rw5WTinC2vIY3rti0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f7a87a-c184-4904-94e3-2685986f6d01/1/5IL9B-INQG6kFS5JKwAOVU6_zIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.31.240.0/21
                IPv6:
                  2a00:8900::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:59:b2:d0:3a:a1:d1:a8:8c:5e:17:44:62:70:ff:44:40:df:
         97:65:02:1b:e3:88:6b:f4:bb:80:31:73:39:7e:df:43:4f:e6:
         74:45:88:21:e8:7c:c3:60:a6:e3:5f:3a:52:a1:91:90:6d:e2:
         31:bd:28:92:79:6c:71:ac:f3:b7:7e:68:16:26:2f:00:e9:91:
         bd:64:d0:b0:61:6e:8a:ff:4c:f8:86:a7:e3:03:00:24:39:26:
         fd:3f:89:87:48:e4:28:e2:36:06:1e:0f:2e:d9:61:13:53:84:
         70:ff:fa:02:44:8c:5a:59:57:0c:4d:bb:c2:f8:0a:e2:86:81:
         23:68:7a:24:94:e5:39:71:97:07:75:08:8b:13:a3:ae:c1:83:
         8e:16:2e:4a:c2:28:4e:82:3e:2e:d1:cc:99:c7:b3:7b:0c:a7:
         25:2e:2c:53:be:66:a3:96:84:49:96:1b:44:1f:c6:64:88:8b:
         a4:dd:dd:5d:c7:2a:1e:b4:d6:44:32:09:0c:ec:61:71:96:3e:
         74:02:96:e6:a0:44:8c:2d:e2:ee:a0:3a:63:de:72:2e:c5:20:
         67:5e:7a:16:6c:c3:be:54:d4:22:6c:3d:ce:78:aa:be:0c:43:
         c5:6c:36:01:f9:b1:1b:43:e2:ef:9c:4a:8a:91:dc:d6:f4:02:
         66:d1:f9:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlWjgSW1WN9vt+LrVfl1WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ODJmZDA3ZTIwZDQwNmVhNDE1MmU0OTJiMDAwZTU1NGVi
ZmNjODAwHhcNMjQwMTAyMDAzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjk5Mzc4ZmMwZjhmMTFjMzk1OTM4YTcwYjZiYzg2MzdhZWQ4YjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHiDJahdUPRXte3KyR9kYwJcGd3J
pIPgZNWYQwr0KcItW6SREhdyHxhpr1P4PyR3TQzTjUjRBg9mxFnw4SbQS1fCxYjt
tPAa2AKxkVjZlD6e1HgSjd5xXyEq2YTAeKdgrUzbQlnnMaazidfTZQeO2A21PfDQ
Mh18OfC5cJSJ4HLMpya+unQla8LiDVHcv9XTBo7mwEhqmRNx7uBIVq24xe9seXVG
9z8AURZuPbF6EDD1JFa3VFFzh0GN4OZnA2/Z+JODeJfBVKB1SmU2w4KdM8HEbtUd
1NrTUCBCq4LZGkP5CwLTXovb1mVPw3b0H+lzhMRDI93ov9OAk2YotteNMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCuZN4/A+PEcOVk4pwtryGN67YtJMB8GA1UdIwQY
MBaAFOSC/QfiDUBupBUuSSsADlVOv8yAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUlMOUItSU5RRzZrRlM1Skt3QU9WVTZfeklBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9mN2E4N2EtYzE4NC00OTA0LTk0ZTMt
MjY4NTk4NmY2ZDAxLzEvSzVrM2o4RDQ4Unc1V1RpbkMydklZM3J0aTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9mN2E4N2EtYzE4NC00OTA0LTk0ZTMtMjY4NTk4NmY2ZDAx
LzEvNUlMOUItSU5RRzZrRlM1Skt3QU9WVTZfeklBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDWR/wMA0E
AgACMAcDBQAqAIkAMA0GCSqGSIb3DQEBCwUAA4IBAQBeWbLQOqHRqIxeF0RicP9E
QN+XZQIb44hr9LuAMXM5ft9DT+Z0RYgh6HzDYKbjXzpSoZGQbeIxvSiSeWxxrPO3
fmgWJi8A6ZG9ZNCwYW6K/0z4hqfjAwAkOSb9P4mHSOQo4jYGHg8u2WETU4Rw//oC
RIxaWVcMTbvC+ArihoEjaHoklOU5cZcHdQiLE6OuwYOOFi5KwihOgj4u0cyZx7N7
DKclLixTvmajloRJlhtEH8ZkiIuk3d1dxyoetNZEMgkM7GFxlj50ApbmoESMLeLu
oDpj3nIuxSBnXnoWbMO+VNQibD3OeKq+DEPFbDYB+bEbQ+LvnEqKkdzW9AJm0fl3
-----END CERTIFICATE-----
Generated at Tue Jun 18 08:35:40 2024 by rpki-client on console-ams.rpki-client.org