Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/R-b1BIcZJ1wleV0YCJWjUxJOIfo.roa
File:                     R-b1BIcZJ1wleV0YCJWjUxJOIfo.roa (raw, json)
Hash identifier:          eU+eoUM+RKW+N5wrp9bBTaVjd2vrBr0jMEanD6msuyw=
Subject key identifier:   47:E6:F5:04:87:19:27:5C:25:79:5D:18:08:95:A3:53:12:4E:21:FA
Certificate issuer:       /CN=8267fb4a0b677b8377907b82fb1fb8810a2fef08
Certificate serial:       018D177DC22A5ECD75BAAA863588CFD1A949
Authority key identifier: 82:67:FB:4A:0B:67:7B:83:77:90:7B:82:FB:1F:B8:81:0A:2F:EF:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmf7Sgtne4N3kHuC-x-4gQov7wg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/R-b1BIcZJ1wleV0YCJWjUxJOIfo.roa
Signing time:             Wed 17 Jan 2024 12:55:34 +0000
ROA not before:           Wed 17 Jan 2024 12:55:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        31.15.120.0/22 maxlen: 22
                          46.30.128.0/23 maxlen: 23
                          185.74.172.0/23 maxlen: 23
                          185.74.175.0/24 maxlen: 24
                          193.200.56.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/gmf7Sgtne4N3kHuC-x-4gQov7wg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/gmf7Sgtne4N3kHuC-x-4gQov7wg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmf7Sgtne4N3kHuC-x-4gQov7wg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:17:7d:c2:2a:5e:cd:75:ba:aa:86:35:88:cf:d1:a9:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8267fb4a0b677b8377907b82fb1fb8810a2fef08
        Validity
            Not Before: Jan 17 12:55:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47e6f5048719275c25795d180895a353124e21fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:89:af:bc:1e:34:60:e9:78:de:49:a8:82:78:
                    29:2a:50:df:ed:e7:00:a4:98:cb:43:24:8d:bd:c9:
                    ce:1c:46:18:4d:ab:71:53:9b:b0:2a:1f:ce:b5:6f:
                    f5:da:da:c8:7c:3d:0e:fe:12:f9:57:7b:46:a2:5b:
                    fb:d7:c3:bf:27:ba:b4:f9:20:fc:0f:e7:95:f5:76:
                    df:db:5c:15:d7:01:a2:28:bf:86:2a:d6:3e:e8:ca:
                    d4:46:c1:39:a7:2e:05:f4:38:c9:8d:38:1d:fb:ae:
                    e7:e5:38:3e:8a:27:b9:c6:b2:95:82:83:5f:39:35:
                    f2:60:85:a6:c3:15:48:c5:ef:9b:76:6a:1e:79:a3:
                    94:93:9c:aa:38:3d:87:14:19:cb:12:35:c3:8d:91:
                    7c:2d:d3:4b:9b:fb:d0:18:61:d2:dc:65:2e:22:ab:
                    0d:25:bd:49:4e:65:63:ae:07:5e:39:16:5f:e6:9e:
                    f7:61:97:a1:a1:a1:65:0b:84:2f:ac:80:d3:9c:bc:
                    d7:d2:37:00:49:49:f9:f6:4c:1a:6c:fb:e3:66:db:
                    ac:26:74:36:2e:94:ea:bc:9a:0d:2e:2a:07:6a:c3:
                    84:70:d5:99:2b:b8:5a:34:fb:63:6a:93:ef:56:c0:
                    4c:d6:ee:c4:17:e4:62:ad:e0:01:7f:5f:2d:39:a8:
                    85:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E6:F5:04:87:19:27:5C:25:79:5D:18:08:95:A3:53:12:4E:21:FA
            X509v3 Authority Key Identifier:
                keyid:82:67:FB:4A:0B:67:7B:83:77:90:7B:82:FB:1F:B8:81:0A:2F:EF:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmf7Sgtne4N3kHuC-x-4gQov7wg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/R-b1BIcZJ1wleV0YCJWjUxJOIfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0dda42-53a5-4aba-86ae-639e14d04de6/1/gmf7Sgtne4N3kHuC-x-4gQov7wg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.120.0/22
                  46.30.128.0/23
                  185.74.172.0/23
                  185.74.175.0/24
                  193.200.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:19:b4:87:40:07:e4:9a:be:ad:9c:d8:9e:ae:10:dc:bd:70:
         b3:3f:e4:fc:64:1d:09:de:66:18:5d:f2:55:bc:67:43:af:fe:
         49:87:06:b2:01:b2:b9:16:4b:2f:38:80:84:0b:61:69:df:fc:
         65:e8:a4:02:f3:54:50:19:31:81:13:b1:77:0f:82:72:3c:f9:
         23:02:2c:60:aa:d9:f0:88:8f:0b:29:92:1e:9f:8f:f7:50:51:
         be:8f:45:b1:a0:96:3b:d6:51:1a:ba:e5:86:b4:ae:8e:80:58:
         97:b5:09:f3:fe:1c:79:fd:83:25:43:6f:16:55:24:ab:a0:b3:
         d6:33:81:e5:bf:d7:20:db:9d:55:a9:f9:9a:99:f0:d2:a6:85:
         0a:1e:61:58:34:af:79:c8:46:e0:4f:d1:56:a0:d7:13:24:ab:
         e1:45:d4:ad:3f:f3:37:5f:1e:5b:f6:8a:20:e2:2d:90:68:b2:
         a3:7e:53:cc:a7:33:fd:b9:9f:e9:e8:5b:5f:c7:72:3a:1a:58:
         e5:4e:26:2b:9c:ad:19:fe:4a:c8:a5:9a:a6:e9:4e:ae:d1:38:
         41:c9:30:80:02:0b:f5:8d:3d:46:1a:e8:86:9e:ba:eb:a2:40:
         76:3d:97:51:c1:6d:4f:33:5f:3e:88:8d:a6:35:fa:68:d8:09:
         f3:d0:89:fd
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY0XfcIqXs11uqqGNYjP0alJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjdmYjRhMGI2NzdiODM3NzkwN2I4MmZiMWZiODgxMGEy
ZmVmMDgwHhcNMjQwMTE3MTI1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2U2ZjUwNDg3MTkyNzVjMjU3OTVkMTgwODk1YTM1MzEyNGUyMWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApomvvB40YOl43kmogngpKlDf7ecA
pJjLQySNvcnOHEYYTatxU5uwKh/OtW/12trIfD0O/hL5V3tGolv718O/J7q0+SD8
D+eV9Xbf21wV1wGiKL+GKtY+6MrURsE5py4F9DjJjTgd+67n5Tg+iie5xrKVgoNf
OTXyYIWmwxVIxe+bdmoeeaOUk5yqOD2HFBnLEjXDjZF8LdNLm/vQGGHS3GUuIqsN
Jb1JTmVjrgdeORZf5p73YZehoaFlC4QvrIDTnLzX0jcASUn59kwabPvjZtusJnQ2
LpTqvJoNLioHasOEcNWZK7haNPtjapPvVsBM1u7EF+RireABf18tOaiFoQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEfm9QSHGSdcJXldGAiVo1MSTiH6MB8GA1UdIwQY
MBaAFIJn+0oLZ3uDd5B7gvsfuIEKL+8IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21mN1NndG5lNE4za0h1Qy14LTRnUW92N3dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8wZGRhNDItNTNhNS00YWJhLTg2YWUt
NjM5ZTE0ZDA0ZGU2LzEvUi1iMUJJY1pKMXdsZVYwWUNKV2pVeEpPSWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8wZGRhNDItNTNhNS00YWJhLTg2YWUtNjM5ZTE0ZDA0ZGU2
LzEvZ21mN1NndG5lNE4za0h1Qy14LTRnUW92N3dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCHw94AwQB
Lh6AAwQBuUqsAwQAuUqvAwQBwcg4MA0GCSqGSIb3DQEBCwUAA4IBAQA+GbSHQAfk
mr6tnNierhDcvXCzP+T8ZB0J3mYYXfJVvGdDr/5JhwayAbK5FksvOICEC2Fp3/xl
6KQC81RQGTGBE7F3D4JyPPkjAixgqtnwiI8LKZIen4/3UFG+j0WxoJY71lEauuWG
tK6OgFiXtQnz/hx5/YMlQ28WVSSroLPWM4Hlv9cg251VqfmamfDSpoUKHmFYNK95
yEbgT9FWoNcTJKvhRdStP/M3Xx5b9oog4i2QaLKjflPMpzP9uZ/p6Ftfx3I6Gljl
TiYrnK0Z/krIpZqm6U6u0ThByTCAAgv1jT1GGuiGnrrrokB2PZdRwW1PM18+iI2m
Nfpo2Anz0In9
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:08:16 2024 by rpki-client on console-ams.rpki-client.org