Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/vyo0pscUVnahoJ4kDP0Nb2UHb5o.roa
File:                     vyo0pscUVnahoJ4kDP0Nb2UHb5o.roa (raw, json)
Hash identifier:          2utD2lnHIDyMuPJQEh84UsqMmBs0pc0gAt0OYYy1EZ0=
Subject key identifier:   BF:2A:34:A6:C7:14:56:76:A1:A0:9E:24:0C:FD:0D:6F:65:07:6F:9A
Certificate issuer:       /CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
Certificate serial:       018CC64A92AA3D6C969590E453015075E42B
Authority key identifier: 81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/vyo0pscUVnahoJ4kDP0Nb2UHb5o.roa
Signing time:             Mon 01 Jan 2024 18:30:25 +0000
ROA not before:           Mon 01 Jan 2024 18:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1921
IP address blocks:        194.50.187.0/24 maxlen: 24
                          194.0.182.0/24 maxlen: 24
                          193.227.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:92:aa:3d:6c:96:95:90:e4:53:01:50:75:e4:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
        Validity
            Not Before: Jan  1 18:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf2a34a6c7145676a1a09e240cfd0d6f65076f9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:64:42:8c:d2:d0:8e:75:ae:a3:2c:49:5f:2e:
                    27:c8:09:88:00:35:2b:6c:26:85:7b:02:31:3c:a3:
                    ab:0f:cb:69:11:47:72:b5:d6:9e:67:13:38:b7:ad:
                    0a:75:9f:46:2a:47:6c:8e:20:0e:76:3b:86:fe:e6:
                    db:1e:28:27:d9:2d:59:71:e7:66:0d:2c:ca:35:34:
                    26:25:08:8a:c0:32:12:30:3c:90:63:4b:a1:1b:1e:
                    97:42:50:09:e9:9f:7b:d9:2e:04:1a:5e:45:67:a0:
                    f0:91:a1:86:dc:3e:75:92:db:0a:69:cf:50:e8:cc:
                    6b:00:b4:1f:c4:2f:7b:8d:98:bb:14:da:1d:5b:40:
                    96:05:85:69:9e:4b:76:6d:ad:ca:43:dd:57:db:d6:
                    c9:a0:da:1a:4d:55:ce:ea:50:06:b6:cb:bf:ae:39:
                    96:2f:b9:26:7a:84:93:9b:6e:09:2f:d6:63:80:26:
                    10:11:16:0a:6b:75:53:49:54:2e:2a:36:15:7f:28:
                    aa:76:21:cd:09:05:8b:18:61:f1:5c:20:b5:03:35:
                    59:24:77:c7:f1:da:4e:1d:8c:ea:dd:d1:14:fc:6f:
                    7f:97:1f:0d:f4:a3:f8:a4:3b:57:dd:5f:a6:2b:33:
                    2b:65:9a:53:a3:d7:8a:ec:27:69:65:42:39:ef:98:
                    7b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:2A:34:A6:C7:14:56:76:A1:A0:9E:24:0C:FD:0D:6F:65:07:6F:9A
            X509v3 Authority Key Identifier:
                keyid:81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/vyo0pscUVnahoJ4kDP0Nb2UHb5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.117.0/24
                  194.0.182.0/24
                  194.50.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:5c:69:ff:50:1e:90:08:c7:ff:25:71:ff:2e:c7:3e:d9:41:
         55:54:96:e3:e4:79:22:e9:76:6d:fe:d2:1a:16:fb:67:ce:cf:
         08:4f:33:fb:40:df:bb:29:b0:bc:b5:16:48:71:22:f9:9c:41:
         0a:04:c2:ef:28:91:3c:44:74:e7:08:53:57:f7:df:6f:e0:f9:
         20:3a:4b:9e:44:a2:e6:a6:06:4f:d1:ad:f5:7e:fa:3a:29:0d:
         87:ec:c5:84:44:f5:de:52:7b:d7:4c:be:27:85:46:e1:47:6d:
         b4:ca:7f:f4:9a:0f:b4:fe:99:68:06:be:b5:d1:6e:fd:96:7a:
         26:3c:9f:60:aa:b8:de:d7:5c:0b:23:eb:18:2b:9b:c7:26:85:
         c8:41:cb:c3:17:eb:9c:5f:13:c1:c9:5e:46:c7:65:a4:12:dd:
         ee:48:63:1d:62:2a:4f:5c:de:ca:a4:17:08:0d:29:cf:3e:91:
         b5:c3:fe:f6:7e:c2:af:4f:50:30:e1:16:96:a4:01:1e:83:48:
         54:47:c6:fa:23:26:3a:1a:b2:37:1e:de:10:61:64:ac:50:7a:
         71:8f:1f:f2:d6:73:4d:b6:d2:59:47:44:d5:8c:ff:21:a3:80:
         4e:36:fe:93:7f:6f:c2:4b:16:d5:f6:94:4f:d0:b6:80:fe:9c:
         f8:32:6a:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGSpKqPWyWlZDkUwFQdeQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTdjZThiYWNiZWNlZWIxNmY2MDBiNjA3ZDFiZmQwODAz
M2IzMDIwHhcNMjQwMTAxMTgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjJhMzRhNmM3MTQ1Njc2YTFhMDllMjQwY2ZkMGQ2ZjY1MDc2ZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmRCjNLQjnWuoyxJXy4nyAmIADUr
bCaFewIxPKOrD8tpEUdytdaeZxM4t60KdZ9GKkdsjiAOdjuG/ubbHign2S1Zcedm
DSzKNTQmJQiKwDISMDyQY0uhGx6XQlAJ6Z972S4EGl5FZ6DwkaGG3D51ktsKac9Q
6MxrALQfxC97jZi7FNodW0CWBYVpnkt2ba3KQ91X29bJoNoaTVXO6lAGtsu/rjmW
L7kmeoSTm24JL9ZjgCYQERYKa3VTSVQuKjYVfyiqdiHNCQWLGGHxXCC1AzVZJHfH
8dpOHYzq3dEU/G9/lx8N9KP4pDtX3V+mKzMrZZpTo9eK7CdpZUI575h7jwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL8qNKbHFFZ2oaCeJAz9DW9lB2+aMB8GA1UdIwQY
MBaAFIGnzousvs7rFvYAtgfRv9CAM7MCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzct
YjI3ZDg3MzBhMjcwLzEvdnlvMHBzY1VWbmFob0o0a0RQME5iMlVIYjVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzctYjI3ZDg3MzBhMjcw
LzEvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAweN1AwQA
wgC2AwQAwjK7MA0GCSqGSIb3DQEBCwUAA4IBAQCXXGn/UB6QCMf/JXH/Lsc+2UFV
VJbj5Hki6XZt/tIaFvtnzs8ITzP7QN+7KbC8tRZIcSL5nEEKBMLvKJE8RHTnCFNX
999v4PkgOkueRKLmpgZP0a31fvo6KQ2H7MWERPXeUnvXTL4nhUbhR220yn/0mg+0
/ploBr610W79lnomPJ9gqrje11wLI+sYK5vHJoXIQcvDF+ucXxPByV5Gx2WkEt3u
SGMdYipPXN7KpBcIDSnPPpG1w/72fsKvT1Aw4RaWpAEeg0hUR8b6IyY6GrI3Ht4Q
YWSsUHpxjx/y1nNNttJZR0TVjP8ho4BONv6Tf2/CSxbV9pRP0LaA/pz4Mmr/
-----END CERTIFICATE-----
Generated at Sat Nov 23 12:04:58 2024 by rpki-client on console-fra.rpki-client.org