Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/GrSsCaDDtlnLDVJrHrKe_A7JQpc.roa
File:                     GrSsCaDDtlnLDVJrHrKe_A7JQpc.roa (raw, json)
Hash identifier:          NlEYXuUgautypu41sK3cgIo4ITtRFV4+42hT7f+1Kwc=
Subject key identifier:   1A:B4:AC:09:A0:C3:B6:59:CB:0D:52:6B:1E:B2:9E:FC:0E:C9:42:97
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E88668FB4C062A446063B69ECA750
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/GrSsCaDDtlnLDVJrHrKe_A7JQpc.roa
Signing time:             Mon 01 Jan 2024 14:30:04 +0000
ROA not before:           Mon 01 Jan 2024 14:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31197
IP address blocks:        83.133.184.0/21 maxlen: 21
                          81.209.144.0/22 maxlen: 22
                          83.125.12.0/22 maxlen: 22
                          81.209.179.0/24 maxlen: 24
                          81.209.185.0/24 maxlen: 24
                          82.197.138.0/24 maxlen: 24
                          81.209.200.0/23 maxlen: 23
                          82.197.152.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:88:66:8f:b4:c0:62:a4:46:06:3b:69:ec:a7:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ab4ac09a0c3b659cb0d526b1eb29efc0ec94297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:80:90:fb:ed:55:c5:57:03:71:9c:4e:08:25:
                    3f:24:05:9d:76:a5:ef:ab:9d:07:aa:a0:19:8b:90:
                    e6:78:20:43:a3:42:d2:40:19:e1:51:0f:43:d7:40:
                    48:9b:a2:4d:31:a2:fd:d9:a3:7a:15:d9:46:10:ed:
                    fe:15:83:97:31:28:10:a5:ce:45:c9:dd:46:ba:fc:
                    9e:b8:f1:c1:50:a8:ff:55:48:a5:3a:46:6d:11:ba:
                    e1:05:be:e1:8e:ec:77:be:4a:9b:42:00:ea:4f:8e:
                    a3:59:12:e6:0a:36:82:38:50:cd:9b:da:62:ae:e5:
                    0b:a3:78:56:72:fe:fb:35:6c:d2:a2:54:5a:51:f3:
                    d6:5a:7f:05:67:5a:39:80:3d:e5:93:27:9f:ad:1f:
                    02:4b:45:1a:ad:6a:47:f4:8a:d4:89:f1:4a:a4:cf:
                    55:50:59:93:12:ae:c7:c6:75:c7:df:69:bf:57:26:
                    4c:ed:69:d2:42:58:75:9f:c8:65:e0:54:e8:bc:d9:
                    63:4c:39:cb:dc:21:06:e9:e7:8b:04:91:6d:71:a5:
                    04:d7:e2:02:d6:22:fb:7e:c2:c5:61:1c:9f:39:3c:
                    72:5f:d4:8f:93:e7:d5:60:2d:ab:28:33:07:b9:16:
                    7c:df:15:6d:0d:73:37:85:57:c4:b0:21:69:18:b9:
                    35:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:B4:AC:09:A0:C3:B6:59:CB:0D:52:6B:1E:B2:9E:FC:0E:C9:42:97
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/GrSsCaDDtlnLDVJrHrKe_A7JQpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.209.144.0/22
                  81.209.179.0/24
                  81.209.185.0/24
                  81.209.200.0/23
                  82.197.138.0/24
                  82.197.152.0/21
                  83.125.12.0/22
                  83.133.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         39:d5:f6:a7:ae:ba:8f:bd:5c:73:70:a5:74:c2:91:70:3f:f9:
         fb:56:ac:95:cd:4e:4c:ad:10:24:53:1f:7e:92:69:c6:d8:56:
         0c:3b:dc:a4:15:9a:49:16:2a:1c:ff:b2:c1:70:7b:11:b9:2d:
         39:9f:26:fd:b3:2c:7a:79:53:a7:52:15:bc:d0:5b:d5:d4:48:
         ed:09:91:19:24:bb:2d:98:f3:21:37:d9:5f:81:8b:4b:01:52:
         bd:a5:9a:2b:33:87:11:52:bc:09:89:5a:ae:97:a9:99:3d:63:
         27:7e:32:88:49:cf:c4:e8:08:04:4a:ec:ab:78:81:24:16:7e:
         07:1f:64:5c:c6:86:31:91:3e:36:69:0e:de:f7:ed:3a:f7:35:
         ae:68:a2:6d:f0:47:ef:06:1b:2c:ce:d5:28:fc:78:22:22:3c:
         7f:63:0d:3a:d8:87:58:a7:5d:8f:6d:cc:6e:ef:54:3b:4c:d1:
         50:de:0d:52:42:8c:31:e4:cc:c7:31:95:4c:2b:dd:1a:67:7b:
         fd:bd:53:14:7e:00:61:bf:b9:3a:d9:6a:79:02:5d:b3:9a:e9:
         a8:3f:2e:2b:f8:e3:74:5a:e2:4a:9b:f5:37:d1:95:85:96:59:
         fd:7c:60:1c:95:4f:4b:68:9e:cd:09:4d:98:92:02:56:9e:f4:
         58:e6:6e:f6
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzFbohmj7TAYqRGBjtp7KdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWI0YWMwOWEwYzNiNjU5Y2IwZDUyNmIxZWIyOWVmYzBlYzk0Mjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YCQ++1VxVcDcZxOCCU/JAWddqXv
q50HqqAZi5DmeCBDo0LSQBnhUQ9D10BIm6JNMaL92aN6FdlGEO3+FYOXMSgQpc5F
yd1GuvyeuPHBUKj/VUilOkZtEbrhBb7hjux3vkqbQgDqT46jWRLmCjaCOFDNm9pi
ruULo3hWcv77NWzSolRaUfPWWn8FZ1o5gD3lkyefrR8CS0UarWpH9IrUifFKpM9V
UFmTEq7HxnXH32m/VyZM7WnSQlh1n8hl4FTovNljTDnL3CEG6eeLBJFtcaUE1+IC
1iL7fsLFYRyfOTxyX9SPk+fVYC2rKDMHuRZ83xVtDXM3hVfEsCFpGLk1EQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBq0rAmgw7ZZyw1Sax6ynvwOyUKXMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvR3JTc0NhRER0bG5MRFZKckhyS2VfQTdKUXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCUdGQAwQA
UdGzAwQAUdG5AwQBUdHIAwQAUsWKAwQDUsWYAwQCU30MAwQDU4W4MA0GCSqGSIb3
DQEBCwUAA4IBAQA51fanrrqPvVxzcKV0wpFwP/n7VqyVzU5MrRAkUx9+kmnG2FYM
O9ykFZpJFioc/7LBcHsRuS05nyb9syx6eVOnUhW80FvV1EjtCZEZJLstmPMhN9lf
gYtLAVK9pZorM4cRUrwJiVqul6mZPWMnfjKISc/E6AgESuyreIEkFn4HH2RcxoYx
kT42aQ7e9+069zWuaKJt8EfvBhssztUo/HgiIjx/Yw062IdYp12Pbcxu71Q7TNFQ
3g1SQowx5MzHMZVMK90aZ3v9vVMUfgBhv7k62Wp5Al2zmumoPy4r+ON0WuJKm/U3
0ZWFlln9fGAclU9LaJ7NCU2YkgJWnvRY5m72
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:04 2024 by rpki-client on console-fra.rpki-client.org