Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/zUfetoVe1Qb7MOBguI3ZTyxboB8.roa
File:                     zUfetoVe1Qb7MOBguI3ZTyxboB8.roa (raw, json)
Hash identifier:          YxRCGsAd56b5H+5Vw23tncgfYEHFAHwBgG+xoOiIB4g=
Subject key identifier:   CD:47:DE:B6:85:5E:D5:06:FB:30:E0:60:B8:8D:D9:4F:2C:5B:A0:1F
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AED02867D077E906FAC5DC9E0EB4D
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/zUfetoVe1Qb7MOBguI3ZTyxboB8.roa
Signing time:             Mon 01 Jan 2024 18:30:48 +0000
ROA not before:           Mon 01 Jan 2024 18:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        31.47.239.0/24 maxlen: 24
                          94.247.46.0/23 maxlen: 24
                          178.251.225.0/24 maxlen: 24
                          178.251.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ed:02:86:7d:07:7e:90:6f:ac:5d:c9:e0:eb:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd47deb6855ed506fb30e060b88dd94f2c5ba01f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:bd:05:76:15:73:45:e2:c9:57:36:76:6b:29:
                    5d:cf:47:1e:b9:72:46:ce:42:b4:5b:12:eb:e8:b6:
                    82:ab:b0:db:05:ad:ff:f6:c9:88:d5:cd:cb:0c:eb:
                    34:96:a7:da:6f:b0:2b:9e:92:49:29:e8:a9:b0:01:
                    6d:76:84:df:37:0f:7f:93:04:85:78:ad:a3:e6:5a:
                    d3:5a:90:88:2e:ba:29:bc:4b:5d:89:c5:67:a9:4f:
                    36:8f:c3:b7:d2:6c:69:3c:cf:55:55:a6:ea:c6:b7:
                    83:0c:0c:1e:41:e3:60:88:e3:d8:c8:ee:3c:c4:cc:
                    04:9e:0b:29:db:57:2d:d1:cc:5f:c6:57:9f:5e:c9:
                    ff:9e:bc:35:14:9c:7a:a4:af:c2:43:a8:d1:71:17:
                    41:80:66:d7:bf:53:fb:98:4d:e3:b3:56:d0:e5:0d:
                    75:fa:c9:a5:50:80:49:bc:4e:4a:d3:e7:92:51:b8:
                    e7:9e:ac:86:79:a9:dd:1d:ac:61:85:93:b1:36:2a:
                    02:96:dd:c5:92:f6:33:16:47:90:55:54:25:f6:a9:
                    34:00:9d:dd:2e:eb:45:ab:2f:dc:b4:4e:bd:a5:91:
                    d1:52:30:d9:33:f6:80:e3:31:b5:4c:9b:04:ca:84:
                    10:06:50:be:60:ac:b2:d9:86:4f:8d:96:c6:a2:77:
                    8d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:47:DE:B6:85:5E:D5:06:FB:30:E0:60:B8:8D:D9:4F:2C:5B:A0:1F
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/zUfetoVe1Qb7MOBguI3ZTyxboB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.47.239.0/24
                  94.247.46.0/23
                  178.251.225.0/24
                  178.251.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:b8:37:15:9d:d6:f9:ad:a5:8f:25:17:6c:e2:1c:5f:3b:62:
         c3:8a:5b:65:fc:19:bd:73:45:5b:ad:64:49:db:ed:2c:55:6e:
         dc:da:dd:86:50:53:19:0c:dd:d1:1f:db:0e:82:e7:df:68:8b:
         3f:39:0e:40:64:11:88:55:dc:22:b2:0c:9c:ef:5a:49:c0:1c:
         e8:80:5e:94:9a:51:f7:3b:0e:e5:76:e6:24:ac:a2:1d:91:c8:
         41:0d:0e:92:f0:9e:23:52:c0:c0:90:b0:30:75:92:ad:93:d6:
         4d:53:27:3a:f2:01:d9:e5:5b:c5:ae:95:3d:a3:8e:71:e7:8d:
         d8:15:bc:05:f2:6c:44:6b:0f:31:af:8c:c4:13:7b:d6:62:17:
         44:0e:71:a4:ff:2e:a4:38:ca:ba:6c:d8:e9:13:29:26:50:3b:
         7e:01:c5:62:84:0e:53:b4:6c:5d:96:81:1b:ab:b3:b3:1f:08:
         1a:d3:f4:9f:85:f9:d3:fc:ec:df:a4:80:e2:b0:d5:cd:57:cb:
         52:81:2c:35:a7:4c:a8:ab:93:64:82:80:f2:83:d8:2a:0d:ca:
         a3:66:f8:95:97:44:b6:db:c1:5d:8f:a0:14:f2:32:06:79:85:
         c2:e3:87:55:18:df:66:a5:4f:66:ac:b7:6e:dd:74:63:9c:79:
         60:57:32:d5
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGSu0Chn0HfpBvrF3J4OtNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQ3ZGViNjg1NWVkNTA2ZmIzMGUwNjBiODhkZDk0ZjJjNWJhMDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApr0FdhVzReLJVzZ2ayldz0ceuXJG
zkK0WxLr6LaCq7DbBa3/9smI1c3LDOs0lqfab7ArnpJJKeipsAFtdoTfNw9/kwSF
eK2j5lrTWpCILropvEtdicVnqU82j8O30mxpPM9VVabqxreDDAweQeNgiOPYyO48
xMwEngsp21ct0cxfxlefXsn/nrw1FJx6pK/CQ6jRcRdBgGbXv1P7mE3js1bQ5Q11
+smlUIBJvE5K0+eSUbjnnqyGeandHaxhhZOxNioClt3FkvYzFkeQVVQl9qk0AJ3d
LutFqy/ctE69pZHRUjDZM/aA4zG1TJsEyoQQBlC+YKyy2YZPjZbGoneN6QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFM1H3raFXtUG+zDgYLiN2U8sW6AfMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvelVmZXRvVmUxUWI3TU9CZ3VJM1pUeXhib0I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAHy/vAwQB
XvcuAwQAsvvhAwQAsvvnMA0GCSqGSIb3DQEBCwUAA4IBAQBbuDcVndb5raWPJRds
4hxfO2LDiltl/Bm9c0VbrWRJ2+0sVW7c2t2GUFMZDN3RH9sOguffaIs/OQ5AZBGI
Vdwisgyc71pJwBzogF6UmlH3Ow7lduYkrKIdkchBDQ6S8J4jUsDAkLAwdZKtk9ZN
Uyc68gHZ5VvFrpU9o45x543YFbwF8mxEaw8xr4zEE3vWYhdEDnGk/y6kOMq6bNjp
EykmUDt+AcVihA5TtGxdloEbq7OzHwga0/SfhfnT/OzfpIDisNXNV8tSgSw1p0yo
q5NkgoDyg9gqDcqjZviVl0S228Fdj6AU8jIGeYXC44dVGN9mpU9mrLdu3XRjnHlg
VzLV
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:07:49 2024 by rpki-client on console-ams.rpki-client.org