Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/a7vukxqK5didpM3Ra4tErQdd49w.roa
File:                     a7vukxqK5didpM3Ra4tErQdd49w.roa (raw, json)
Hash identifier:          LKeQR1HsnaDON2kFXjBLZgpwHdPviFL1dj4g8nTEiig=
Subject key identifier:   6B:BB:EE:93:1A:8A:E5:D8:9D:A4:CD:D1:6B:8B:44:AD:07:5D:E3:DC
Certificate issuer:       /CN=a4a015b2d3d3e909b602f9fdd4f6f6f618873c58
Certificate serial:       018CC8DF03F18A3023D23727A5728E6B7A50
Authority key identifier: A4:A0:15:B2:D3:D3:E9:09:B6:02:F9:FD:D4:F6:F6:F6:18:87:3C:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pKAVstPT6Qm2Avn91Pb29hiHPFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/a7vukxqK5didpM3Ra4tErQdd49w.roa
Signing time:             Tue 02 Jan 2024 06:31:47 +0000
ROA not before:           Tue 02 Jan 2024 06:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31424
IP address blocks:        195.191.132.0/23 maxlen: 23
                          193.17.194.0/24 maxlen: 24
                          2001:67c:358::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/pKAVstPT6Qm2Avn91Pb29hiHPFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/pKAVstPT6Qm2Avn91Pb29hiHPFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pKAVstPT6Qm2Avn91Pb29hiHPFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:03:f1:8a:30:23:d2:37:27:a5:72:8e:6b:7a:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4a015b2d3d3e909b602f9fdd4f6f6f618873c58
        Validity
            Not Before: Jan  2 06:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bbbee931a8ae5d89da4cdd16b8b44ad075de3dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3e:bf:b1:24:17:0d:5b:9d:2b:c9:ee:b6:93:
                    83:1f:66:57:ff:b7:64:90:97:b3:3c:b9:b8:b9:e2:
                    02:82:40:66:68:ee:11:68:f3:af:79:b0:87:c1:b7:
                    b0:c8:15:5b:9d:d0:f0:d2:f3:42:43:95:2a:f8:a4:
                    7e:76:1e:6e:8e:05:1b:86:09:f1:1d:e7:d8:a6:f0:
                    fd:41:ed:da:59:3e:88:8b:9e:ae:89:6d:a7:2a:97:
                    b1:ec:a4:72:48:65:00:8c:30:08:47:ee:97:49:52:
                    b8:b7:4d:b4:8f:36:d1:da:b5:6e:0a:cd:ea:11:30:
                    71:02:41:a2:96:71:81:74:b8:d1:bf:74:10:8d:ef:
                    35:b5:89:af:51:6b:e4:19:03:67:8f:4e:28:6e:b0:
                    74:65:31:ae:5a:16:0b:31:1c:f2:9a:c3:5e:b9:3a:
                    04:6a:45:25:9d:de:39:f9:a6:06:67:1c:6c:d7:e7:
                    e0:51:6d:df:40:ce:d1:8b:35:4e:b7:ec:5c:75:7b:
                    1f:57:95:11:b1:39:4e:e3:c8:dc:1a:97:39:8e:8f:
                    0b:01:88:b6:87:f0:16:9f:37:e2:02:89:3b:3e:d1:
                    1e:70:c5:a0:25:3a:b4:a2:42:50:a8:c2:91:59:06:
                    ae:2a:1b:cb:f4:af:de:a6:69:6d:80:fe:09:db:b9:
                    f3:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:BB:EE:93:1A:8A:E5:D8:9D:A4:CD:D1:6B:8B:44:AD:07:5D:E3:DC
            X509v3 Authority Key Identifier:
                keyid:A4:A0:15:B2:D3:D3:E9:09:B6:02:F9:FD:D4:F6:F6:F6:18:87:3C:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pKAVstPT6Qm2Avn91Pb29hiHPFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/a7vukxqK5didpM3Ra4tErQdd49w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/pKAVstPT6Qm2Avn91Pb29hiHPFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.194.0/24
                  195.191.132.0/23
                IPv6:
                  2001:67c:358::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:8e:c3:72:7f:25:05:77:dc:64:a1:7c:0a:22:c3:2f:05:c3:
         c1:3d:c7:5a:90:4f:0d:43:7f:38:e1:68:44:3c:5f:48:d4:df:
         21:bc:6f:25:5c:46:41:35:7a:86:a7:a0:db:00:5f:fb:e1:70:
         7f:fa:27:75:b4:5e:b4:b9:0f:02:20:2b:9f:40:6d:0c:ec:58:
         1f:bd:14:15:bc:8d:7d:e2:e7:2d:93:94:70:e4:39:03:cf:98:
         ec:39:8c:38:c9:29:bd:e9:a2:0b:88:a3:f9:de:cf:b6:77:2a:
         88:33:e3:ec:a5:02:2d:26:22:a7:5f:00:47:a7:d9:65:06:4a:
         fe:e5:c6:4f:80:6e:61:ce:5c:45:6b:7c:73:4c:5c:31:21:14:
         2d:81:42:f0:49:13:92:76:44:0a:b8:83:f6:ae:2a:fa:e5:41:
         05:c0:ec:f6:23:a1:48:20:98:68:56:5f:dd:f8:e2:a7:a8:d5:
         0c:c3:9a:b3:d3:b6:ca:3e:62:18:bc:ac:c7:61:53:c5:f3:de:
         76:67:2f:e1:3b:8d:5e:e3:5b:78:77:e3:ac:76:0e:0e:69:73:
         9e:96:b2:bb:ae:e2:79:9f:fe:c3:c7:32:21:98:2d:a8:8d:18:
         30:ed:a3:d7:a9:8a:e0:b4:7a:4c:b2:cf:28:84:bd:49:c6:41:
         e1:25:f3:0e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzI3wPxijAj0jcnpXKOa3pQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YTAxNWIyZDNkM2U5MDliNjAyZjlmZGQ0ZjZmNmY2MTg4
NzNjNTgwHhcNMjQwMTAyMDYzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmJiZWU5MzFhOGFlNWQ4OWRhNGNkZDE2YjhiNDRhZDA3NWRlM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhD6/sSQXDVudK8nutpODH2ZX/7dk
kJezPLm4ueICgkBmaO4RaPOvebCHwbewyBVbndDw0vNCQ5Uq+KR+dh5ujgUbhgnx
HefYpvD9Qe3aWT6Ii56uiW2nKpex7KRySGUAjDAIR+6XSVK4t020jzbR2rVuCs3q
ETBxAkGilnGBdLjRv3QQje81tYmvUWvkGQNnj04obrB0ZTGuWhYLMRzymsNeuToE
akUlnd45+aYGZxxs1+fgUW3fQM7RizVOt+xcdXsfV5URsTlO48jcGpc5jo8LAYi2
h/AWnzfiAok7PtEecMWgJTq0okJQqMKRWQauKhvL9K/epmltgP4J27nzWQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGu77pMaiuXYnaTN0WuLRK0HXePcMB8GA1UdIwQY
MBaAFKSgFbLT0+kJtgL5/dT29vYYhzxYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEtBVnN0UFQ2UW0yQXZuOTFQYjI5aGlIUEZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iOWJkYTMtYjYxMS00MzM4LWJiZTgt
YTdkZDE2MzQzMjk3LzEvYTd2dWt4cUs1ZGlkcE0zUmE0dEVyUWRkNDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iOWJkYTMtYjYxMS00MzM4LWJiZTgtYTdkZDE2MzQzMjk3
LzEvcEtBVnN0UFQ2UW0yQXZuOTFQYjI5aGlIUEZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwRHCAwQB
w7+EMA8EAgACMAkDBwAgAQZ8A1gwDQYJKoZIhvcNAQELBQADggEBAI2Ow3J/JQV3
3GShfAoiwy8Fw8E9x1qQTw1DfzjhaEQ8X0jU3yG8byVcRkE1eoanoNsAX/vhcH/6
J3W0XrS5DwIgK59AbQzsWB+9FBW8jX3i5y2TlHDkOQPPmOw5jDjJKb3poguIo/ne
z7Z3Kogz4+ylAi0mIqdfAEen2WUGSv7lxk+AbmHOXEVrfHNMXDEhFC2BQvBJE5J2
RAq4g/auKvrlQQXA7PYjoUggmGhWX9344qeo1QzDmrPTtso+Yhi8rMdhU8Xz3nZn
L+E7jV7jW3h346x2Dg5pc56Wsruu4nmf/sPHMiGYLaiNGDDto9epiuC0ekyyzyiE
vUnGQeEl8w4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:52:47 2024 by rpki-client on console-fra.rpki-client.org