Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/e0f3bb-a099-4785-8929-3d7f92c23a8b/1/rNqyvJFhkYfrw5UnwCKoOStdFOQ.roa
File:                     rNqyvJFhkYfrw5UnwCKoOStdFOQ.roa (raw, json)
Hash identifier:          UxNUl8BRv7ljCduS1TjhP79v2pzTzUlBHzLdnvh1pkE=
Subject key identifier:   AC:DA:B2:BC:91:61:91:87:EB:C3:95:27:C0:22:A8:39:2B:5D:14:E4
Certificate issuer:       /CN=51ee1a67725eb4a764a587bc37079debbe81fb64
Certificate serial:       018EFBC66DB2F92EA609B98D26AB82D391CC
Authority key identifier: 51:EE:1A:67:72:5E:B4:A7:64:A5:87:BC:37:07:9D:EB:BE:81:FB:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ue4aZ3JetKdkpYe8Nwed676B-2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/e0f3bb-a099-4785-8929-3d7f92c23a8b/1/rNqyvJFhkYfrw5UnwCKoOStdFOQ.roa
Signing time:             Sat 20 Apr 2024 13:51:09 +0000
ROA not before:           Sat 20 Apr 2024 13:51:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51469
IP address blocks:        31.171.216.0/23 maxlen: 23
                          31.171.218.0/23 maxlen: 23
                          31.171.220.0/23 maxlen: 23
                          31.171.222.0/23 maxlen: 23
                          185.16.232.0/23 maxlen: 23
                          185.16.234.0/23 maxlen: 23
                          217.170.240.0/23 maxlen: 23
                          217.170.242.0/23 maxlen: 23
                          217.170.244.0/23 maxlen: 23
                          217.170.244.0/24 maxlen: 24
                          217.170.245.0/24 maxlen: 24
                          217.170.246.0/23 maxlen: 23
                          217.170.248.0/23 maxlen: 23
                          217.170.250.0/23 maxlen: 23
                          217.170.252.0/23 maxlen: 23
                          217.170.254.0/23 maxlen: 23
                          2a00:6380::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/e0f3bb-a099-4785-8929-3d7f92c23a8b/1/Ue4aZ3JetKdkpYe8Nwed676B-2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/e0f3bb-a099-4785-8929-3d7f92c23a8b/1/Ue4aZ3JetKdkpYe8Nwed676B-2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ue4aZ3JetKdkpYe8Nwed676B-2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:fb:c6:6d:b2:f9:2e:a6:09:b9:8d:26:ab:82:d3:91:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51ee1a67725eb4a764a587bc37079debbe81fb64
        Validity
            Not Before: Apr 20 13:51:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acdab2bc91619187ebc39527c022a8392b5d14e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:5e:d9:1f:ba:4d:41:ff:b3:27:5d:ef:e1:cb:
                    2c:83:e1:a4:8f:70:d2:1d:b4:6d:42:51:a4:e5:99:
                    5f:4c:f6:2b:0d:b5:0d:d3:2d:ef:bb:a8:d9:c2:8a:
                    c9:48:8f:55:5c:40:fc:5a:5a:f3:17:3f:a3:62:77:
                    8d:9e:7c:1b:e8:30:f5:bf:84:08:97:d2:f9:4f:85:
                    01:9f:ea:6e:e7:7f:d7:98:34:8c:a4:8b:35:9a:84:
                    3f:d3:a8:3d:f0:b4:c0:8e:9c:d4:2e:1f:ad:7b:95:
                    4c:dd:fc:57:20:44:98:b1:4f:c9:86:64:27:b0:d4:
                    39:cd:57:1b:51:8b:f0:39:e7:15:56:f4:eb:76:bc:
                    8d:06:9b:aa:fd:03:0a:5d:37:12:08:00:1a:57:96:
                    85:27:73:fc:61:56:85:ea:46:fa:be:f0:4b:97:26:
                    d5:37:f3:c5:5b:1c:2f:a6:d1:60:bc:c9:81:69:3f:
                    c1:0c:d5:95:74:4c:eb:da:c2:df:62:aa:e2:d7:f9:
                    8d:21:6a:00:b4:3a:ff:ad:88:06:df:c3:d1:4b:8d:
                    1d:25:92:71:5f:9c:3e:a9:80:85:15:aa:6a:f8:be:
                    97:ad:7d:e8:6b:70:ac:93:ff:8f:9b:fa:0c:59:e0:
                    c4:ff:75:96:a9:78:d2:e4:25:d1:29:7f:64:15:67:
                    76:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DA:B2:BC:91:61:91:87:EB:C3:95:27:C0:22:A8:39:2B:5D:14:E4
            X509v3 Authority Key Identifier:
                keyid:51:EE:1A:67:72:5E:B4:A7:64:A5:87:BC:37:07:9D:EB:BE:81:FB:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ue4aZ3JetKdkpYe8Nwed676B-2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/e0f3bb-a099-4785-8929-3d7f92c23a8b/1/rNqyvJFhkYfrw5UnwCKoOStdFOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/e0f3bb-a099-4785-8929-3d7f92c23a8b/1/Ue4aZ3JetKdkpYe8Nwed676B-2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.216.0/21
                  185.16.232.0/22
                  217.170.240.0/20
                IPv6:
                  2a00:6380::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:47:ef:5a:45:79:3c:6d:02:3c:73:87:c7:b4:82:ef:4d:2e:
         f0:62:3f:45:ea:b4:f5:b6:a1:86:42:5e:6f:3e:3b:05:7c:f9:
         ae:ea:33:c7:81:b8:ba:ae:62:1b:a3:ec:b7:4f:d2:74:f1:97:
         d3:67:54:98:c6:a0:1c:93:07:db:f8:3f:43:57:fe:04:e1:90:
         b6:00:18:58:95:fd:09:0e:56:e2:e1:9f:8f:36:8f:ae:0f:ab:
         23:0d:26:72:24:cd:6f:c1:a8:dd:7a:0e:30:e4:97:a2:c2:f4:
         ad:97:cb:15:a1:d2:81:73:eb:4e:e3:be:13:20:5f:65:fc:b2:
         42:c7:39:b7:0e:68:5e:a1:a3:58:33:77:00:26:b7:e6:24:35:
         1e:4d:a3:e7:4d:c7:cb:b7:55:37:16:47:76:26:ce:32:b1:be:
         f8:de:c6:7d:69:8e:84:78:60:3d:c7:7e:26:87:a5:10:83:4f:
         ce:19:cc:c6:14:1f:06:5a:43:37:a6:59:5d:6f:68:71:90:ef:
         e7:45:50:be:3c:70:73:0c:68:2c:b3:26:ff:2e:44:a0:15:64:
         05:bd:f5:9c:6e:4d:03:3a:80:55:b0:98:f1:a6:6a:88:22:3d:
         3c:ea:ec:88:f3:40:95:00:de:3e:1d:65:d9:42:fd:ab:ff:8c:
         ec:44:2d:a6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY77xm2y+S6mCbmNJquC05HMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZWUxYTY3NzI1ZWI0YTc2NGE1ODdiYzM3MDc5ZGViYmU4
MWZiNjQwHhcNMjQwNDIwMTM1MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2RhYjJiYzkxNjE5MTg3ZWJjMzk1MjdjMDIyYTgzOTJiNWQxNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh17ZH7pNQf+zJ13v4cssg+Gkj3DS
HbRtQlGk5ZlfTPYrDbUN0y3vu6jZworJSI9VXED8WlrzFz+jYneNnnwb6DD1v4QI
l9L5T4UBn+pu53/XmDSMpIs1moQ/06g98LTAjpzULh+te5VM3fxXIESYsU/JhmQn
sNQ5zVcbUYvwOecVVvTrdryNBpuq/QMKXTcSCAAaV5aFJ3P8YVaF6kb6vvBLlybV
N/PFWxwvptFgvMmBaT/BDNWVdEzr2sLfYqri1/mNIWoAtDr/rYgG38PRS40dJZJx
X5w+qYCFFapq+L6XrX3oa3Csk/+Pm/oMWeDE/3WWqXjS5CXRKX9kFWd2WwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKzasryRYZGH68OVJ8AiqDkrXRTkMB8GA1UdIwQY
MBaAFFHuGmdyXrSnZKWHvDcHneu+gftkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWU0YVozSmV0S2RrcFllOE53ZWQ2NzZCLTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9lMGYzYmItYTA5OS00Nzg1LTg5Mjkt
M2Q3ZjkyYzIzYThiLzEvck5xeXZKRmhrWWZydzVVbndDS29PU3RkRk9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9lMGYzYmItYTA5OS00Nzg1LTg5MjktM2Q3ZjkyYzIzYThi
LzEvVWU0YVozSmV0S2RrcFllOE53ZWQ2NzZCLTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDH6vYAwQC
uRDoAwQE2arwMA0EAgACMAcDBQAqAGOAMA0GCSqGSIb3DQEBCwUAA4IBAQAbR+9a
RXk8bQI8c4fHtILvTS7wYj9F6rT1tqGGQl5vPjsFfPmu6jPHgbi6rmIbo+y3T9J0
8ZfTZ1SYxqAckwfb+D9DV/4E4ZC2ABhYlf0JDlbi4Z+PNo+uD6sjDSZyJM1vwajd
eg4w5JeiwvStl8sVodKBc+tO474TIF9l/LJCxzm3DmheoaNYM3cAJrfmJDUeTaPn
TcfLt1U3Fkd2Js4ysb743sZ9aY6EeGA9x34mh6UQg0/OGczGFB8GWkM3plldb2hx
kO/nRVC+PHBzDGgssyb/LkSgFWQFvfWcbk0DOoBVsJjxpmqIIj086uyI80CVAN4+
HWXZQv2r/4zsRC2m
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:23:52 2024 by rpki-client on console-ams.rpki-client.org