Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/rxhcZOLbdZUxFqgAOk557E2CIKk.roa
File:                     rxhcZOLbdZUxFqgAOk557E2CIKk.roa (raw, json)
Hash identifier:          9yNwpQwii/xKlQmk+xbc66Aa8krZDRk0EHJawZzo9vI=
Subject key identifier:   AF:18:5C:64:E2:DB:75:95:31:16:A8:00:3A:4E:79:EC:4D:82:20:A9
Certificate issuer:       /CN=dc05970e650c2aaf1ab6a3a33a83732466a1512e
Certificate serial:       018CC9BCFCD9795B70ACBD67B68B3125338A
Authority key identifier: DC:05:97:0E:65:0C:2A:AF:1A:B6:A3:A3:3A:83:73:24:66:A1:51:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AWXDmUMKq8atqOjOoNzJGahUS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/rxhcZOLbdZUxFqgAOk557E2CIKk.roa
Signing time:             Tue 02 Jan 2024 10:34:15 +0000
ROA not before:           Tue 02 Jan 2024 10:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31317
IP address blocks:        31.220.112.0/21 maxlen: 32
                          185.95.112.0/22 maxlen: 32
                          195.192.192.0/21 maxlen: 32
                          45.119.124.0/22 maxlen: 32
                          185.156.28.0/22 maxlen: 32
                          195.192.200.0/21 maxlen: 32
                          185.114.140.0/22 maxlen: 32
                          37.251.224.0/21 maxlen: 32
                          185.178.56.0/22 maxlen: 32
                          37.251.232.0/21 maxlen: 32
                          2a05:fb80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/3AWXDmUMKq8atqOjOoNzJGahUS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/3AWXDmUMKq8atqOjOoNzJGahUS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3AWXDmUMKq8atqOjOoNzJGahUS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:fc:d9:79:5b:70:ac:bd:67:b6:8b:31:25:33:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc05970e650c2aaf1ab6a3a33a83732466a1512e
        Validity
            Not Before: Jan  2 10:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af185c64e2db75953116a8003a4e79ec4d8220a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:95:31:2b:4d:e8:57:58:7c:78:12:7c:94:9b:
                    a6:e0:af:a9:f4:aa:91:d0:53:ea:05:83:6e:5f:c0:
                    c1:f1:08:68:c3:c3:64:cb:2a:80:3e:fc:5b:1b:c4:
                    ca:0e:32:ce:02:41:50:6f:40:53:e4:4f:d0:4b:c7:
                    e0:bb:d4:ba:8f:5a:35:d1:8f:fb:35:77:23:ff:5a:
                    67:e1:a1:e5:4b:57:50:14:e5:b2:8b:a4:36:51:d9:
                    a4:5d:b0:8c:36:d8:de:35:b5:c1:55:c3:d3:28:df:
                    26:c5:81:85:1c:0b:e2:1d:70:b1:e9:69:9c:96:4f:
                    26:6e:b5:db:c1:21:1d:36:70:28:fe:5a:4b:33:97:
                    a8:96:1e:be:f3:b6:ac:2f:ac:18:ae:c4:50:74:45:
                    00:b3:95:ad:f5:23:a4:44:8f:2c:94:17:5d:57:7f:
                    e0:06:5e:bf:d4:f5:10:60:6d:ce:42:2f:7c:23:bf:
                    9a:13:cb:44:da:13:21:fa:3a:03:0a:57:c0:7d:a0:
                    fe:29:4e:7f:ee:40:e4:cb:8b:be:99:24:9e:f1:14:
                    a9:03:d6:c9:e5:09:32:c2:9b:c2:98:06:f6:f4:40:
                    c3:a4:5c:1e:3f:0d:9b:a8:93:cb:a3:c9:53:45:1a:
                    86:07:c6:49:54:f4:4a:51:dc:be:fa:3f:3a:44:a8:
                    66:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:18:5C:64:E2:DB:75:95:31:16:A8:00:3A:4E:79:EC:4D:82:20:A9
            X509v3 Authority Key Identifier:
                keyid:DC:05:97:0E:65:0C:2A:AF:1A:B6:A3:A3:3A:83:73:24:66:A1:51:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AWXDmUMKq8atqOjOoNzJGahUS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/rxhcZOLbdZUxFqgAOk557E2CIKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/3AWXDmUMKq8atqOjOoNzJGahUS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.112.0/21
                  37.251.224.0/20
                  45.119.124.0/22
                  185.95.112.0/22
                  185.114.140.0/22
                  185.156.28.0/22
                  185.178.56.0/22
                  195.192.192.0/20
                IPv6:
                  2a05:fb80::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:2e:b1:a9:64:3c:5d:fa:1b:e4:c0:ee:dc:49:c1:81:d5:03:
         3b:45:66:c0:78:c0:7f:8c:7e:60:f2:d7:3b:5f:39:b2:97:ac:
         c0:3b:ec:d0:ed:24:e0:c2:15:10:4b:4b:0d:2c:87:80:6a:74:
         e3:03:f4:9e:a6:36:6f:e5:08:1c:7e:2a:b3:fe:36:47:d6:79:
         c1:68:03:b6:8f:72:6b:b3:80:67:10:fe:4e:b6:0c:37:8e:e5:
         42:9e:17:83:08:5f:6f:95:28:5e:65:fd:78:40:ab:1c:b2:21:
         4f:b0:a0:37:e4:4e:23:68:8c:63:63:0a:8b:0a:49:e7:5c:88:
         d4:79:15:de:e4:07:55:4b:eb:2f:3e:97:db:3d:7d:1f:c0:86:
         8b:29:3e:1b:0b:9e:06:db:76:e0:17:4e:ad:38:68:da:54:f9:
         f0:d3:95:21:57:0f:92:5c:a2:c4:16:10:81:c9:58:f9:d8:e1:
         71:8d:8d:e5:00:a0:43:22:09:57:05:98:b4:23:1b:fb:6c:50:
         99:20:b5:b7:ae:b4:41:bc:e6:99:60:cf:2a:f2:ef:13:ed:17:
         3d:8d:69:f2:f6:c8:5a:7b:1d:83:e9:f8:5e:5c:60:70:15:22:
         0a:06:fb:da:74:bd:48:29:9b:3c:0d:10:14:37:75:21:18:75:
         06:36:dd:0d
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzJvPzZeVtwrL1ntosxJTOKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDU5NzBlNjUwYzJhYWYxYWI2YTNhMzNhODM3MzI0NjZh
MTUxMmUwHhcNMjQwMTAyMTAzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjE4NWM2NGUyZGI3NTk1MzExNmE4MDAzYTRlNzllYzRkODIyMGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpUxK03oV1h8eBJ8lJum4K+p9KqR
0FPqBYNuX8DB8Qhow8NkyyqAPvxbG8TKDjLOAkFQb0BT5E/QS8fgu9S6j1o10Y/7
NXcj/1pn4aHlS1dQFOWyi6Q2UdmkXbCMNtjeNbXBVcPTKN8mxYGFHAviHXCx6Wmc
lk8mbrXbwSEdNnAo/lpLM5eolh6+87asL6wYrsRQdEUAs5Wt9SOkRI8slBddV3/g
Bl6/1PUQYG3OQi98I7+aE8tE2hMh+joDClfAfaD+KU5/7kDky4u+mSSe8RSpA9bJ
5QkywpvCmAb29EDDpFwePw2bqJPLo8lTRRqGB8ZJVPRKUdy++j86RKhmBQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFK8YXGTi23WVMRaoADpOeexNgiCpMB8GA1UdIwQY
MBaAFNwFlw5lDCqvGrajozqDcyRmoVEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FXWERtVU1LcThhdHFPak9vTnpKR2FoVVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zYjlhNDgtOGI2My00ZDNiLWEzYTkt
NjdhNTQwZTI5N2YwLzEvcnhoY1pPTGJkWlV4RnFnQU9rNTU3RTJDSUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zYjlhNDgtOGI2My00ZDNiLWEzYTktNjdhNTQwZTI5N2Yw
LzEvM0FXWERtVU1LcThhdHFPak9vTnpKR2FoVVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDH9xwAwQE
JfvgAwQCLXd8AwQCuV9wAwQCuXKMAwQCuZwcAwQCubI4AwQEw8DAMA0EAgACMAcD
BQMqBfuAMA0GCSqGSIb3DQEBCwUAA4IBAQBWLrGpZDxd+hvkwO7cScGB1QM7RWbA
eMB/jH5g8tc7Xzmyl6zAO+zQ7STgwhUQS0sNLIeAanTjA/SepjZv5Qgcfiqz/jZH
1nnBaAO2j3Jrs4BnEP5Otgw3juVCnheDCF9vlSheZf14QKscsiFPsKA35E4jaIxj
YwqLCknnXIjUeRXe5AdVS+svPpfbPX0fwIaLKT4bC54G23bgF06tOGjaVPnw05Uh
Vw+SXKLEFhCByVj52OFxjY3lAKBDIglXBZi0Ixv7bFCZILW3rrRBvOaZYM8q8u8T
7Rc9jWny9shaex2D6fheXGBwFSIKBvvadL1IKZs8DRAUN3UhGHUGNt0N
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:55:31 2024 by rpki-client on console-ams.rpki-client.org