Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/ad19c0-0025-4c49-8480-ff97f62a0945/1/1bTpAHvlGbug60JcMHM1rZ1YA3k.roa
File:                     1bTpAHvlGbug60JcMHM1rZ1YA3k.roa (raw, json)
Hash identifier:          58UfeSPyJ5HrAH0YCUfoPBF/iHeopHbKpriiMZyoLUE=
Subject key identifier:   D5:B4:E9:00:7B:E5:19:BB:A0:EB:42:5C:30:73:35:AD:9D:58:03:79
Certificate issuer:       /CN=de6640357ae4ae10fc0b3e9d98f2a0cb0118903c
Certificate serial:       018CC94DF2254407128054C477D16C131C81
Authority key identifier: DE:66:40:35:7A:E4:AE:10:FC:0B:3E:9D:98:F2:A0:CB:01:18:90:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3mZANXrkrhD8Cz6dmPKgywEYkDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/ad19c0-0025-4c49-8480-ff97f62a0945/1/1bTpAHvlGbug60JcMHM1rZ1YA3k.roa
Signing time:             Tue 02 Jan 2024 08:32:57 +0000
ROA not before:           Tue 02 Jan 2024 08:32:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        217.31.9.0/24 maxlen: 24
                          217.31.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/ad19c0-0025-4c49-8480-ff97f62a0945/1/3mZANXrkrhD8Cz6dmPKgywEYkDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/ad19c0-0025-4c49-8480-ff97f62a0945/1/3mZANXrkrhD8Cz6dmPKgywEYkDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3mZANXrkrhD8Cz6dmPKgywEYkDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:f2:25:44:07:12:80:54:c4:77:d1:6c:13:1c:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de6640357ae4ae10fc0b3e9d98f2a0cb0118903c
        Validity
            Not Before: Jan  2 08:32:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5b4e9007be519bba0eb425c307335ad9d580379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c5:81:8c:40:40:a8:a3:90:2c:17:0b:3d:62:
                    16:d3:10:01:1a:aa:7f:ab:54:b9:de:67:63:db:c0:
                    86:81:61:84:76:53:9d:1f:8c:1a:4f:fd:23:35:e0:
                    31:1a:95:b0:d9:31:b9:38:79:c1:21:7d:00:7a:3b:
                    92:6b:46:fb:6a:af:16:5f:b8:04:a9:53:32:21:0e:
                    91:92:f9:84:b4:fe:92:b9:97:d2:56:a2:2b:96:a2:
                    72:4d:5f:6e:c2:b0:07:dc:2b:57:03:54:b3:90:f8:
                    21:55:45:8b:ed:06:7f:97:69:be:c7:33:03:98:0a:
                    9b:c9:b6:d5:92:00:04:f8:59:ad:49:22:f6:60:f2:
                    5a:d0:fb:a6:37:6c:9f:3a:69:6f:31:7e:33:2f:74:
                    12:a0:f5:0e:7d:9b:49:12:03:ac:56:b3:04:f1:5b:
                    76:c4:c4:02:78:21:19:2a:9e:85:02:e2:de:af:95:
                    00:d3:6e:6b:ce:01:1c:a9:3c:7c:71:15:5d:56:93:
                    72:35:c1:ae:02:f3:78:3a:9e:7c:1d:13:01:72:2f:
                    f6:ff:9a:51:42:d8:ce:9a:03:12:7b:5d:f3:5e:7c:
                    a8:20:4f:72:a5:0e:2f:9b:04:d1:a0:02:4c:b8:4e:
                    0d:8e:a4:9d:d1:43:a8:53:70:c2:13:d1:2d:0e:8e:
                    90:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B4:E9:00:7B:E5:19:BB:A0:EB:42:5C:30:73:35:AD:9D:58:03:79
            X509v3 Authority Key Identifier:
                keyid:DE:66:40:35:7A:E4:AE:10:FC:0B:3E:9D:98:F2:A0:CB:01:18:90:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3mZANXrkrhD8Cz6dmPKgywEYkDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/ad19c0-0025-4c49-8480-ff97f62a0945/1/1bTpAHvlGbug60JcMHM1rZ1YA3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/ad19c0-0025-4c49-8480-ff97f62a0945/1/3mZANXrkrhD8Cz6dmPKgywEYkDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.31.9.0-217.31.11.255

    Signature Algorithm: sha256WithRSAEncryption
         06:a4:1a:8a:8b:c9:ae:73:d2:46:23:41:2d:2f:96:92:38:2b:
         a0:c2:6d:26:11:a3:2f:7e:f7:07:26:3b:c4:e9:7c:58:0f:76:
         e7:22:a7:f0:31:c2:6e:0f:2c:a6:c6:61:9c:57:b0:e5:db:89:
         39:35:5e:ca:41:ef:99:96:8b:d0:3a:a3:e6:12:19:4e:2d:b5:
         1a:50:e3:dd:83:d5:45:b9:28:21:6e:7f:92:b5:cd:ab:3e:b2:
         b6:4e:e1:17:5d:31:bb:7a:d9:76:da:41:63:1b:f6:02:f3:ae:
         78:63:d4:2b:83:db:a6:3d:96:ff:cd:68:90:c4:0f:b3:70:bd:
         46:1a:fa:d9:6e:da:99:bd:ad:93:97:51:59:eb:84:fd:3b:ad:
         9d:d9:80:ea:3d:0f:93:1d:54:04:f7:60:63:a6:88:00:4f:9e:
         bb:9b:f5:45:c2:77:d5:e1:51:80:6a:f5:5b:04:8b:21:81:98:
         48:ba:6c:5a:49:b5:93:a8:15:5a:4f:9a:7e:7a:0a:45:cf:99:
         96:58:90:ce:37:84:09:e0:70:43:cb:00:9e:1e:9c:94:59:98:
         bd:d7:29:ba:04:21:16:33:48:ea:1a:15:10:11:e9:af:f7:2a:
         d9:a4:1d:ac:96:16:8d:f3:a2:f5:3f:37:7c:9e:41:ba:ef:7c:
         81:2c:fc:9e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTfIlRAcSgFTEd9FsExyBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNjY0MDM1N2FlNGFlMTBmYzBiM2U5ZDk4ZjJhMGNiMDEx
ODkwM2MwHhcNMjQwMTAyMDgzMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWI0ZTkwMDdiZTUxOWJiYTBlYjQyNWMzMDczMzVhZDlkNTgwMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMWBjEBAqKOQLBcLPWIW0xABGqp/
q1S53mdj28CGgWGEdlOdH4waT/0jNeAxGpWw2TG5OHnBIX0AejuSa0b7aq8WX7gE
qVMyIQ6RkvmEtP6SuZfSVqIrlqJyTV9uwrAH3CtXA1SzkPghVUWL7QZ/l2m+xzMD
mAqbybbVkgAE+FmtSSL2YPJa0PumN2yfOmlvMX4zL3QSoPUOfZtJEgOsVrME8Vt2
xMQCeCEZKp6FAuLer5UA025rzgEcqTx8cRVdVpNyNcGuAvN4Op58HRMBci/2/5pR
QtjOmgMSe13zXnyoIE9ypQ4vmwTRoAJMuE4NjqSd0UOoU3DCE9EtDo6QVwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNW06QB75Rm7oOtCXDBzNa2dWAN5MB8GA1UdIwQY
MBaAFN5mQDV65K4Q/As+nZjyoMsBGJA8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM21aQU5YcmtyaEQ4Q3o2ZG1QS2d5d0VZa0R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9hZDE5YzAtMDAyNS00YzQ5LTg0ODAt
ZmY5N2Y2MmEwOTQ1LzEvMWJUcEFIdmxHYnVnNjBKY01ITTFyWjFZQTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9hZDE5YzAtMDAyNS00YzQ5LTg0ODAtZmY5N2Y2MmEwOTQ1
LzEvM21aQU5YcmtyaEQ4Q3o2ZG1QS2d5d0VZa0R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADZHwkD
BALZHwgwDQYJKoZIhvcNAQELBQADggEBAAakGoqLya5z0kYjQS0vlpI4K6DCbSYR
oy9+9wcmO8TpfFgPducip/Axwm4PLKbGYZxXsOXbiTk1XspB75mWi9A6o+YSGU4t
tRpQ492D1UW5KCFuf5K1zas+srZO4RddMbt62XbaQWMb9gLzrnhj1CuD26Y9lv/N
aJDED7NwvUYa+tlu2pm9rZOXUVnrhP07rZ3ZgOo9D5MdVAT3YGOmiABPnrub9UXC
d9XhUYBq9VsEiyGBmEi6bFpJtZOoFVpPmn56CkXPmZZYkM43hAngcEPLAJ4enJRZ
mL3XKboEIRYzSOoaFRAR6a/3KtmkHayWFo3zovU/N3yeQbrvfIEs/J4=
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:14:21 2024 by rpki-client on console-fra.rpki-client.org