Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1-31l7Q2y953HTpAFdhKNJrLxq1c.roa
File:                     1-31l7Q2y953HTpAFdhKNJrLxq1c.roa (raw, json)
Hash identifier:          kQfPptgGELyKyDRT5nia07qJNdoqtWTHKuh7gl05FSY=
Subject key identifier:   FB:7D:65:ED:0D:B2:F7:9D:C7:4E:90:05:76:12:8D:26:B2:F1:AB:57
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       0191468AB081FABF094CFCFEE04CC25E213D
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1-31l7Q2y953HTpAFdhKNJrLxq1c.roa
Signing time:             Mon 12 Aug 2024 12:22:59 +0000
ROA not before:           Mon 12 Aug 2024 12:22:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3267
IP address blocks:        80.250.160.0/19 maxlen: 24
                          82.137.128.0/18 maxlen: 24
                          82.137.176.0/20 maxlen: 22
                          82.179.32.0/20 maxlen: 24
                          82.179.63.0/24 maxlen: 24
                          82.179.64.0/19 maxlen: 24
                          82.179.140.0/23 maxlen: 23
                          83.149.192.0/18 maxlen: 24
                          85.142.8.0/21 maxlen: 21
                          85.142.16.0/20 maxlen: 24
                          85.142.32.0/21 maxlen: 24
                          85.142.52.0/22 maxlen: 24
                          85.142.56.0/22 maxlen: 24
                          85.142.102.0/23 maxlen: 24
                          85.142.104.0/21 maxlen: 24
                          85.142.116.0/22 maxlen: 24
                          85.142.120.0/21 maxlen: 24
                          85.142.148.0/23 maxlen: 24
                          85.142.153.0/24 maxlen: 24
                          85.142.162.0/23 maxlen: 24
                          85.143.0.0/20 maxlen: 24
                          85.143.18.0/23 maxlen: 24
                          85.143.26.0/24 maxlen: 24
                          85.143.96.0/22 maxlen: 24
                          85.143.112.0/22 maxlen: 24
                          85.143.124.0/22 maxlen: 24
                          85.143.224.0/21 maxlen: 21
                          85.143.239.0/24 maxlen: 24
                          86.110.96.0/24 maxlen: 24
                          86.110.101.0/24 maxlen: 24
                          86.110.102.0/23 maxlen: 24
                          185.71.96.0/22 maxlen: 22
                          185.141.124.0/22 maxlen: 22
                          188.93.107.0/24 maxlen: 24
                          193.27.214.0/23 maxlen: 24
                          194.85.32.0/20 maxlen: 20
                          194.85.168.0/23 maxlen: 23
                          194.85.174.0/23 maxlen: 23
                          194.149.64.0/24 maxlen: 24
                          194.149.70.0/23 maxlen: 24
                          194.190.232.0/21 maxlen: 24
                          194.190.240.0/23 maxlen: 24
                          194.190.247.0/24 maxlen: 24
                          194.190.249.0/24 maxlen: 24
                          194.190.254.0/23 maxlen: 23
                          194.226.192.0/19 maxlen: 24
                          195.209.224.0/22 maxlen: 22
                          195.209.234.0/24 maxlen: 24
                          195.209.236.0/23 maxlen: 23
                          195.209.240.0/22 maxlen: 22
                          2001:b08:22::/48 maxlen: 48
                          2001:b08:26::/48 maxlen: 48
                          2a00:db8::/32 maxlen: 48
                          2a07:a6c0::/29 maxlen: 29
                          2a07:a6c4::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:8a:b0:81:fa:bf:09:4c:fc:fe:e0:4c:c2:5e:21:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Aug 12 12:22:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb7d65ed0db2f79dc74e900576128d26b2f1ab57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a3:ad:e9:21:09:e7:b7:1b:ef:fd:b8:18:59:
                    2b:80:77:3f:9c:dd:57:c4:b2:f4:e4:84:fb:d3:9c:
                    ee:9c:9f:91:fe:04:52:4b:07:e2:3e:93:6b:c1:4e:
                    87:22:ee:6e:c1:ef:eb:0b:d6:2c:73:f8:8c:a9:3b:
                    f3:f6:16:7f:8e:73:10:19:7d:37:e6:2e:90:77:2f:
                    0f:1c:4b:84:2b:47:9d:1d:7b:61:87:d2:19:3a:f4:
                    28:fa:06:9f:c0:28:25:89:37:8c:fa:ad:ed:35:73:
                    8c:43:5b:31:8f:c5:5e:36:76:13:d8:45:25:ba:d2:
                    56:ff:99:d9:49:08:b1:53:ae:5b:50:9d:b6:47:28:
                    a0:b7:f7:cd:a6:ff:06:7b:f8:35:68:2f:02:3e:e1:
                    5c:bf:e0:84:6f:d1:af:fd:c9:c5:cf:85:8d:6b:50:
                    9a:71:ee:e3:39:a9:e2:23:79:62:72:9f:08:0d:dd:
                    36:31:b4:84:1e:2b:e3:91:12:c0:ed:05:22:3c:27:
                    fa:a5:9c:1d:de:11:ae:a0:9f:9f:2e:4a:33:5d:55:
                    72:ba:69:da:20:09:b7:05:53:0e:5d:71:0a:c2:a5:
                    32:b1:03:f8:6a:59:1b:7a:aa:f4:a8:8f:fe:45:0d:
                    bc:9f:af:e1:31:9d:62:aa:85:ff:c6:97:1c:e2:02:
                    2c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:7D:65:ED:0D:B2:F7:9D:C7:4E:90:05:76:12:8D:26:B2:F1:AB:57
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/1-31l7Q2y953HTpAFdhKNJrLxq1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.250.160.0/19
                  82.137.128.0/18
                  82.179.32.0/20
                  82.179.63.0-82.179.95.255
                  82.179.140.0/23
                  83.149.192.0/18
                  85.142.8.0-85.142.39.255
                  85.142.52.0-85.142.59.255
                  85.142.102.0-85.142.111.255
                  85.142.116.0-85.142.127.255
                  85.142.148.0/23
                  85.142.153.0/24
                  85.142.162.0/23
                  85.143.0.0/20
                  85.143.18.0/23
                  85.143.26.0/24
                  85.143.96.0/22
                  85.143.112.0/22
                  85.143.124.0/22
                  85.143.224.0/21
                  85.143.239.0/24
                  86.110.96.0/24
                  86.110.101.0-86.110.103.255
                  185.71.96.0/22
                  185.141.124.0/22
                  188.93.107.0/24
                  193.27.214.0/23
                  194.85.32.0/20
                  194.85.168.0/23
                  194.85.174.0/23
                  194.149.64.0/24
                  194.149.70.0/23
                  194.190.232.0-194.190.241.255
                  194.190.247.0/24
                  194.190.249.0/24
                  194.190.254.0/23
                  194.226.192.0/19
                  195.209.224.0/22
                  195.209.234.0/24
                  195.209.236.0/23
                  195.209.240.0/22
                IPv6:
                  2001:b08:22::/48
                  2001:b08:26::/48
                  2a00:db8::/32
                  2a07:a6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:3c:bc:41:79:c5:03:72:6c:c3:0d:b9:81:b3:91:93:6a:3e:
         10:6f:aa:08:fd:c7:cf:5d:73:32:6a:3f:3f:4a:a3:d3:b0:ff:
         b0:74:57:65:6c:26:4c:39:f8:dd:7e:5b:57:4c:5c:d6:cf:1e:
         1a:7c:26:38:68:c7:67:95:51:21:99:58:53:dd:00:a7:19:7d:
         6a:33:9c:ec:d8:07:99:36:07:5c:f0:0f:c6:18:df:69:db:e3:
         3f:b5:bb:a3:49:78:f3:ef:48:fb:09:07:50:4c:56:11:2c:b8:
         5c:e7:c1:7c:33:cd:76:ed:9f:52:f8:af:7d:d0:8d:a2:28:b4:
         53:cf:9e:22:9a:06:51:81:a3:e9:24:74:e9:0e:a9:c6:0b:24:
         8e:dd:a7:9d:f6:19:41:b7:1d:8a:22:ce:76:c3:c4:41:17:7b:
         8d:e9:ac:1d:05:6b:2b:48:28:ff:e5:1f:0d:a5:67:98:4d:f2:
         61:fd:88:ae:d3:08:5c:25:a9:bd:48:ce:20:a1:1e:fa:1b:94:
         dc:52:5e:fd:4e:d5:28:67:5f:22:eb:fe:44:84:0d:57:23:e3:
         1b:a2:6f:91:97:f0:cb:07:01:9e:3d:63:60:02:0e:6e:25:d6:
         c8:32:2e:2a:18:b4:08:c6:39:cc:f5:1a:ab:3d:9e:9c:b4:26:
         83:08:18:47
-----BEGIN CERTIFICATE-----
MIIGWDCCBUCgAwIBAgISAZFGirCB+r8JTPz+4EzCXiE9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwODEyMTIyMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjdkNjVlZDBkYjJmNzlkYzc0ZTkwMDU3NjEyOGQyNmIyZjFhYjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qOt6SEJ57cb7/24GFkrgHc/nN1X
xLL05IT705zunJ+R/gRSSwfiPpNrwU6HIu5uwe/rC9Ysc/iMqTvz9hZ/jnMQGX03
5i6Qdy8PHEuEK0edHXthh9IZOvQo+gafwCgliTeM+q3tNXOMQ1sxj8VeNnYT2EUl
utJW/5nZSQixU65bUJ22Ryigt/fNpv8Ge/g1aC8CPuFcv+CEb9Gv/cnFz4WNa1Ca
ce7jOaniI3licp8IDd02MbSEHivjkRLA7QUiPCf6pZwd3hGuoJ+fLkozXVVyumna
IAm3BVMOXXEKwqUysQP4alkbeqr0qI/+RQ28n6/hMZ1iqoX/xpcc4gIsvwIDAQAB
o4IDZDCCA2AwHQYDVR0OBBYEFPt9Ze0Nsvedx06QBXYSjSay8atXMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvMS0zMWw3UTJ5OTUzSFRwQUZkaEtOSnJMeHExYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTcvODgxM2Y1LTRlN2ItNGQ1MS1iNWYzLTQwZDk1YmQzM2Zj
Yi8xL09MSWdJN2JxMU1LV2c2bi0xRWs5QTk3aXhvVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAXcGCCsGAQUFBwEHAQH/BIIBZjCCAWIwggE2BAIAATCC
AS4DBAVQ+qADBAZSiYADBARSsyAwDAMEAFKzPwMEBVKzQAMEAVKzjAMEBlOVwDAM
AwQDVY4IAwQDVY4gMAwDBAJVjjQDBAJVjjgwDAMEAVWOZgMEBFWOYDAMAwQCVY50
AwQHVY4AAwQBVY6UAwQAVY6ZAwQBVY6iAwQEVY8AAwQBVY8SAwQAVY8aAwQCVY9g
AwQCVY9wAwQCVY98AwQDVY/gAwQAVY/vAwQAVm5gMAwDBABWbmUDBANWbmADBAK5
R2ADBAK5jXwDBAC8XWsDBAHBG9YDBATCVSADBAHCVagDBAHCVa4DBADClUADBAHC
lUYwDAMEA8K+6AMEAcK+8AMEAMK+9wMEAMK++QMEAcK+/gMEBcLiwAMEAsPR4AME
AMPR6gMEAcPR7AMEAsPR8DAmBAIAAjAgAwcAIAELCAAiAwcAIAELCAAmAwUAKgAN
uAMFAyoHpsAwDQYJKoZIhvcNAQELBQADggEBAIw8vEF5xQNybMMNuYGzkZNqPhBv
qgj9x89dczJqPz9Ko9Ow/7B0V2VsJkw5+N1+W1dMXNbPHhp8Jjhox2eVUSGZWFPd
AKcZfWoznOzYB5k2B1zwD8YY32nb4z+1u6NJePPvSPsJB1BMVhEsuFznwXwzzXbt
n1L4r33QjaIotFPPniKaBlGBo+kkdOkOqcYLJI7dp532GUG3HYoiznbDxEEXe43p
rB0FaytIKP/lHw2lZ5hN8mH9iK7TCFwlqb1IziChHvoblNxSXv1O1ShnXyLr/kSE
DVcj4xuib5GX8MsHAZ49Y2ACDm4l1sgyLioYtAjGOcz1Gqs9npy0JoMIGEc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:59:57 2024 by rpki-client on console-fra.rpki-client.org