Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/6c4d62-8daf-4502-b3f7-14b97cfbad47/1/Y717pl9BTJWAKJZV1BXpTchdGNQ.roa
File:                     Y717pl9BTJWAKJZV1BXpTchdGNQ.roa (raw, json)
Hash identifier:          BhyofvsztgjGfLZRw//pE6fSaNKjZn/o1hkFW0q2nLk=
Subject key identifier:   63:BD:7B:A6:5F:41:4C:95:80:28:96:55:D4:15:E9:4D:C8:5D:18:D4
Certificate issuer:       /CN=b316a0684d1d38bacf4338c2b01db3b41370eb45
Certificate serial:       018FA103F76F0FE13C513AADCEBD6B0710E3
Authority key identifier: B3:16:A0:68:4D:1D:38:BA:CF:43:38:C2:B0:1D:B3:B4:13:70:EB:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sxagaE0dOLrPQzjCsB2ztBNw60U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/6c4d62-8daf-4502-b3f7-14b97cfbad47/1/Y717pl9BTJWAKJZV1BXpTchdGNQ.roa
Signing time:             Wed 22 May 2024 15:55:42 +0000
ROA not before:           Wed 22 May 2024 15:55:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35461
IP address blocks:        93.191.116.0/24 maxlen: 24
                          93.191.117.0/24 maxlen: 24
                          93.191.118.0/24 maxlen: 24
                          93.191.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/6c4d62-8daf-4502-b3f7-14b97cfbad47/1/sxagaE0dOLrPQzjCsB2ztBNw60U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/6c4d62-8daf-4502-b3f7-14b97cfbad47/1/sxagaE0dOLrPQzjCsB2ztBNw60U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sxagaE0dOLrPQzjCsB2ztBNw60U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a1:03:f7:6f:0f:e1:3c:51:3a:ad:ce:bd:6b:07:10:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b316a0684d1d38bacf4338c2b01db3b41370eb45
        Validity
            Not Before: May 22 15:55:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63bd7ba65f414c9580289655d415e94dc85d18d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7e:a3:d6:d0:ef:38:3a:f8:fe:ac:81:3e:54:
                    e2:7f:66:8f:a8:7a:94:64:6a:1e:5f:c7:d9:17:19:
                    85:29:2c:d4:65:be:a8:b5:34:17:1e:27:40:a2:06:
                    f8:a2:e9:ef:30:f3:88:7e:2b:7e:ed:84:2b:d8:2c:
                    e1:f4:3d:01:99:ce:5b:f3:45:e9:ae:e1:79:20:0f:
                    35:b7:ee:9b:ff:6f:85:27:42:06:93:73:0b:96:82:
                    0f:b9:d6:7e:3d:3c:0f:94:71:b3:48:ca:db:ea:2c:
                    e0:66:32:84:dc:8c:4d:d1:89:f5:80:f1:ff:27:61:
                    c2:91:4f:c5:ff:5a:a2:d0:16:bc:c8:45:2a:38:d8:
                    97:20:d0:4e:d1:a2:6f:d7:10:30:36:11:43:e7:4c:
                    4b:d1:54:23:c0:6a:28:b2:50:38:ea:1a:73:72:6d:
                    81:34:d7:15:82:fe:49:37:27:26:d4:95:12:a9:5d:
                    9b:ca:a6:42:3c:6e:cc:25:34:a2:32:41:52:64:20:
                    af:1a:cc:ec:79:b9:1f:91:b1:fa:60:cd:ff:44:12:
                    79:b7:6b:0d:68:d6:fc:cc:49:12:85:f4:8f:ba:cb:
                    20:de:cf:ce:a1:e9:0d:6b:26:36:7b:a2:eb:8e:76:
                    60:15:11:0c:47:96:77:0b:8a:fb:4e:fe:fe:31:a8:
                    a2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:BD:7B:A6:5F:41:4C:95:80:28:96:55:D4:15:E9:4D:C8:5D:18:D4
            X509v3 Authority Key Identifier:
                keyid:B3:16:A0:68:4D:1D:38:BA:CF:43:38:C2:B0:1D:B3:B4:13:70:EB:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sxagaE0dOLrPQzjCsB2ztBNw60U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/6c4d62-8daf-4502-b3f7-14b97cfbad47/1/Y717pl9BTJWAKJZV1BXpTchdGNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/6c4d62-8daf-4502-b3f7-14b97cfbad47/1/sxagaE0dOLrPQzjCsB2ztBNw60U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e2:bb:07:ce:b7:cb:9f:ca:0f:6f:79:46:38:e9:e7:cc:a5:23:
         b3:97:ef:b9:f0:a3:dd:80:63:07:3a:f9:92:22:1d:68:35:67:
         dc:f5:d6:30:d3:72:33:94:1e:97:20:f8:55:13:59:09:eb:21:
         da:24:68:21:ca:db:b0:ce:d0:d2:ad:c1:7f:fe:d6:88:e0:ee:
         0a:44:43:11:64:f8:f1:40:ca:43:11:26:e9:33:d7:d6:1e:58:
         26:f4:ee:68:ea:2f:0b:4c:74:35:f5:18:61:0f:d4:df:8d:26:
         27:2d:6b:b3:e7:a4:68:3a:e3:2f:07:49:e7:50:83:a1:d9:c2:
         75:c5:0a:8d:e3:e1:c2:76:ef:6f:be:e0:bd:74:5e:30:d4:b1:
         d4:28:47:d4:bc:7c:4c:d3:ba:05:1c:0c:4c:d9:e8:d9:c1:8a:
         80:7a:3b:b4:3f:27:28:74:f9:07:ce:26:a1:d4:f4:f9:ac:2f:
         bb:a0:0a:00:3c:cd:a1:28:90:61:a9:cb:22:ed:43:75:38:83:
         97:24:68:c1:0b:de:98:3b:6b:70:20:1a:a6:95:d0:71:48:2a:
         3a:1a:42:f5:4c:4d:ac:ec:a1:5d:ec:64:9d:24:a6:cc:33:72:
         03:d8:a2:95:2f:b9:94:f6:ee:ff:15:37:9a:08:66:19:68:39:
         cf:17:66:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+hA/dvD+E8UTqtzr1rBxDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMTZhMDY4NGQxZDM4YmFjZjQzMzhjMmIwMWRiM2I0MTM3
MGViNDUwHhcNMjQwNTIyMTU1NTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2JkN2JhNjVmNDE0Yzk1ODAyODk2NTVkNDE1ZTk0ZGM4NWQxOGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwn6j1tDvODr4/qyBPlTif2aPqHqU
ZGoeX8fZFxmFKSzUZb6otTQXHidAogb4ounvMPOIfit+7YQr2Czh9D0Bmc5b80Xp
ruF5IA81t+6b/2+FJ0IGk3MLloIPudZ+PTwPlHGzSMrb6izgZjKE3IxN0Yn1gPH/
J2HCkU/F/1qi0Ba8yEUqONiXINBO0aJv1xAwNhFD50xL0VQjwGooslA46hpzcm2B
NNcVgv5JNycm1JUSqV2byqZCPG7MJTSiMkFSZCCvGszsebkfkbH6YM3/RBJ5t2sN
aNb8zEkShfSPussg3s/OoekNayY2e6LrjnZgFREMR5Z3C4r7Tv7+Maii0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGO9e6ZfQUyVgCiWVdQV6U3IXRjUMB8GA1UdIwQY
MBaAFLMWoGhNHTi6z0M4wrAds7QTcOtFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3hhZ2FFMGRPTHJQUXpqQ3NCMnp0Qk53NjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82YzRkNjItOGRhZi00NTAyLWIzZjct
MTRiOTdjZmJhZDQ3LzEvWTcxN3BsOUJUSldBS0paVjFCWHBUY2hkR05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82YzRkNjItOGRhZi00NTAyLWIzZjctMTRiOTdjZmJhZDQ3
LzEvc3hhZ2FFMGRPTHJQUXpqQ3NCMnp0Qk53NjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXb90MA0G
CSqGSIb3DQEBCwUAA4IBAQDiuwfOt8ufyg9veUY46efMpSOzl++58KPdgGMHOvmS
Ih1oNWfc9dYw03IzlB6XIPhVE1kJ6yHaJGghytuwztDSrcF//taI4O4KREMRZPjx
QMpDESbpM9fWHlgm9O5o6i8LTHQ19RhhD9TfjSYnLWuz56RoOuMvB0nnUIOh2cJ1
xQqN4+HCdu9vvuC9dF4w1LHUKEfUvHxM07oFHAxM2ejZwYqAeju0PycodPkHziah
1PT5rC+7oAoAPM2hKJBhqcsi7UN1OIOXJGjBC96YO2twIBqmldBxSCo6GkL1TE2s
7KFd7GSdJKbMM3ID2KKVL7mU9u7/FTeaCGYZaDnPF2bW
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:13:37 2024 by rpki-client on console-fra.rpki-client.org