Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/XcgTYy5998yZ8ALLKnkcj3l3eNc.roa
File:                     XcgTYy5998yZ8ALLKnkcj3l3eNc.roa (raw, json)
Hash identifier:          rhplCiVheXzNwnsy9mubNEYBpMQ9UdWiS/Ac/2ypRFM=
Subject key identifier:   5D:C8:13:63:2E:7D:F7:CC:99:F0:02:CB:2A:79:1C:8F:79:77:78:D7
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       018E487CD82D0269B48F9DD3A6C3ECD0E9EB
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/XcgTYy5998yZ8ALLKnkcj3l3eNc.roa
Signing time:             Sat 16 Mar 2024 18:18:45 +0000
ROA not before:           Sat 16 Mar 2024 18:18:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        31.169.64.0/24 maxlen: 24
                          31.169.65.0/24 maxlen: 24
                          31.169.66.0/24 maxlen: 24
                          31.169.67.0/24 maxlen: 24
                          31.169.69.0/24 maxlen: 24
                          31.169.70.0/24 maxlen: 24
                          31.169.71.0/24 maxlen: 24
                          31.169.72.0/24 maxlen: 24
                          31.169.77.0/24 maxlen: 24
                          31.169.78.0/24 maxlen: 24
                          31.169.81.0/24 maxlen: 24
                          31.169.82.0/24 maxlen: 24
                          31.169.92.0/24 maxlen: 24
                          31.169.93.0/24 maxlen: 24
                          31.169.94.0/24 maxlen: 24
                          185.33.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:48:7c:d8:2d:02:69:b4:8f:9d:d3:a6:c3:ec:d0:e9:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Mar 16 18:18:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dc813632e7df7cc99f002cb2a791c8f797778d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e6:a4:e9:ef:bb:73:2d:e4:6e:3b:fe:f9:f1:
                    ce:b0:7d:57:51:10:3d:84:8e:1e:4c:38:87:bd:cc:
                    c8:64:83:cc:b0:47:ea:7e:82:46:2b:d4:90:a3:16:
                    54:62:42:db:53:fe:11:51:09:b0:5f:e5:96:13:31:
                    28:75:47:fd:fd:d9:75:83:22:99:82:1f:15:31:4a:
                    ba:37:4e:72:d4:59:5e:62:12:35:e9:ea:7b:86:d0:
                    4f:47:81:02:d2:b8:6f:98:cc:7d:2c:19:0c:3d:01:
                    66:d9:0a:3f:18:98:fd:71:84:56:44:bf:c3:d1:ef:
                    9c:6b:32:23:0d:f6:93:d4:28:b6:80:2c:b6:f3:14:
                    95:2a:2b:99:95:3b:d0:52:0b:17:53:ff:ce:3d:2c:
                    c4:7d:f6:48:64:b2:69:bb:b8:7a:89:11:1d:b8:c3:
                    1f:ab:ae:be:39:02:b0:d8:a4:d4:84:7f:2f:40:68:
                    e7:de:74:0f:f6:e4:71:44:7d:e2:21:48:fb:4f:82:
                    8c:bd:a7:cb:2b:82:97:4c:13:30:7c:fe:1c:3d:48:
                    59:a1:10:d1:39:5f:a8:82:f5:63:21:3c:73:81:6e:
                    32:0b:c1:9a:78:da:96:01:6a:5e:a9:1f:f2:f3:9c:
                    2a:c9:ab:b0:8b:b6:bc:52:29:fd:68:63:f9:bb:68:
                    72:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C8:13:63:2E:7D:F7:CC:99:F0:02:CB:2A:79:1C:8F:79:77:78:D7
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/XcgTYy5998yZ8ALLKnkcj3l3eNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.64.0/22
                  31.169.69.0-31.169.72.255
                  31.169.77.0-31.169.78.255
                  31.169.81.0-31.169.82.255
                  31.169.92.0-31.169.94.255
                  185.33.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:c6:71:d5:33:0a:82:87:76:aa:4f:7f:44:8c:76:a6:33:bb:
         eb:a7:19:f1:83:e8:a9:39:2b:79:ed:ad:ac:45:a3:9a:b6:7a:
         1e:8e:2e:d5:04:59:ea:d5:56:e6:cd:d5:9c:c7:60:05:0c:8f:
         93:8d:79:1e:1d:c6:14:69:20:59:e4:6a:0e:ed:3f:96:b5:9b:
         81:77:3e:36:42:6b:67:6c:3e:ec:f8:b0:3c:c4:93:72:92:76:
         18:9b:c5:99:21:41:3a:96:54:f1:57:5d:85:b1:81:33:9f:8c:
         21:dc:4c:f7:58:3a:d0:72:f4:69:83:90:70:43:d6:53:4e:f4:
         44:79:13:f4:7b:2d:ba:1d:73:0c:a1:2b:58:1b:76:7e:a0:7f:
         fa:c8:44:70:55:cc:44:bc:40:24:61:91:89:ad:2c:63:3d:71:
         f1:a9:dc:ee:e1:d2:70:21:36:3f:35:40:5f:24:05:2e:51:97:
         5e:d9:68:fd:69:39:35:25:33:d3:3d:11:2e:03:ea:2b:7d:e4:
         24:20:b7:37:3c:77:3d:b4:c8:cb:f8:ca:9e:34:cd:91:9c:44:
         b7:08:29:a2:81:ed:04:d5:2b:0f:c9:b9:e6:fe:5e:ed:31:3b:
         2f:7a:26:14:0d:ee:f4:a4:48:8c:d1:b3:aa:6b:65:d4:e9:55:
         82:a7:b8:53
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAY5IfNgtAmm0j53TpsPs0OnrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjQwMzE2MTgxODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGM4MTM2MzJlN2RmN2NjOTlmMDAyY2IyYTc5MWM4Zjc5Nzc3OGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOak6e+7cy3kbjv++fHOsH1XURA9
hI4eTDiHvczIZIPMsEfqfoJGK9SQoxZUYkLbU/4RUQmwX+WWEzEodUf9/dl1gyKZ
gh8VMUq6N05y1FleYhI16ep7htBPR4EC0rhvmMx9LBkMPQFm2Qo/GJj9cYRWRL/D
0e+cazIjDfaT1Ci2gCy28xSVKiuZlTvQUgsXU//OPSzEffZIZLJpu7h6iREduMMf
q66+OQKw2KTUhH8vQGjn3nQP9uRxRH3iIUj7T4KMvafLK4KXTBMwfP4cPUhZoRDR
OV+ogvVjITxzgW4yC8GaeNqWAWpeqR/y85wqyauwi7a8Uin9aGP5u2hyRwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFF3IE2MufffMmfACyyp5HI95d3jXMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvWGNnVFl5NTk5OHlaOEFMTEtua2NqM2wzZU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCH6lAMAwD
BAAfqUUDBAAfqUgwDAMEAB+pTQMEAB+pTjAMAwQAH6lRAwQAH6lSMAwDBAIfqVwD
BAAfqV4DBAC5IT8wDQYJKoZIhvcNAQELBQADggEBADXGcdUzCoKHdqpPf0SMdqYz
u+unGfGD6Kk5K3ntraxFo5q2eh6OLtUEWerVVubN1ZzHYAUMj5ONeR4dxhRpIFnk
ag7tP5a1m4F3PjZCa2dsPuz4sDzEk3KSdhibxZkhQTqWVPFXXYWxgTOfjCHcTPdY
OtBy9GmDkHBD1lNO9ER5E/R7LbodcwyhK1gbdn6gf/rIRHBVzES8QCRhkYmtLGM9
cfGp3O7h0nAhNj81QF8kBS5Rl17ZaP1pOTUlM9M9ES4D6it95CQgtzc8dz20yMv4
yp40zZGcRLcIKaKB7QTVKw/Jueb+Xu0xOy96JhQN7vSkSIzRs6prZdTpVYKnuFM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:27:06 2024 by rpki-client on console-ams.rpki-client.org