Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/IaYftj_WMwfhvYVghiz91le9lDc.roa
File:                     IaYftj_WMwfhvYVghiz91le9lDc.roa (raw, json)
Hash identifier:          wJd1Jkg6+DKg6ZiDecDJscVFA8IsxpMSbDKIRW9KGhs=
Subject key identifier:   21:A6:1F:B6:3F:D6:33:07:E1:BD:85:60:86:2C:FD:D6:57:BD:94:37
Certificate issuer:       /CN=df0ba4f56e6f037725286037afc3c14c293b9b82
Certificate serial:       018CCA2A19AA3D069227E1968D51FCB6F3A0
Authority key identifier: DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/IaYftj_WMwfhvYVghiz91le9lDc.roa
Signing time:             Tue 02 Jan 2024 12:33:25 +0000
ROA not before:           Tue 02 Jan 2024 12:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39138
IP address blocks:        31.172.0.0/18 maxlen: 24
                          185.148.248.0/22 maxlen: 24
                          83.243.0.0/21 maxlen: 24
                          195.182.2.0/24 maxlen: 24
                          31.172.96.0/21 maxlen: 24
                          2001:67c:194::/48 maxlen: 48
                          2a01:a700::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:19:aa:3d:06:92:27:e1:96:8d:51:fc:b6:f3:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df0ba4f56e6f037725286037afc3c14c293b9b82
        Validity
            Not Before: Jan  2 12:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21a61fb63fd63307e1bd8560862cfdd657bd9437
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:c5:98:8c:2c:0a:e9:62:02:a9:db:f0:1e:13:
                    63:2e:2d:b8:c6:8e:07:b0:dc:2a:99:a7:d1:d2:a6:
                    9a:b8:cb:28:6c:fb:ca:9d:3c:bd:f8:f2:07:6c:ee:
                    b2:44:97:91:ea:3c:a3:8b:21:b5:a3:ea:e7:d7:74:
                    27:99:ce:ee:74:a5:b6:57:25:7f:c3:b9:a5:f0:c1:
                    b4:a5:b2:7f:c6:ec:2d:eb:e8:79:4a:b8:47:1b:dd:
                    bc:0a:32:2e:23:ce:03:41:f7:be:18:ed:bc:4b:d6:
                    a7:f6:1e:91:9e:f6:ff:d1:4d:49:8f:f1:5d:58:12:
                    d1:f5:0f:51:e1:75:ff:25:ad:07:d5:43:83:6d:1d:
                    60:3c:fe:4e:eb:17:27:f1:5d:b9:51:13:e3:22:e7:
                    eb:b0:9d:49:0e:0b:b6:75:6e:3d:b8:e6:0b:5d:3e:
                    4c:cf:76:df:7c:18:f1:55:12:73:7f:97:85:2d:f0:
                    92:aa:f9:fa:7a:5b:22:60:63:4b:6f:ab:62:a6:0b:
                    19:4b:0c:62:15:df:3f:80:ea:1c:be:43:54:f7:b3:
                    16:e9:4d:49:2c:e5:62:58:e7:35:29:33:2f:09:04:
                    6b:a6:cd:a6:5c:98:2e:64:b1:ae:bc:6d:e8:f3:1d:
                    d2:46:87:19:9d:18:93:fd:c2:28:a6:f2:8d:9d:02:
                    04:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A6:1F:B6:3F:D6:33:07:E1:BD:85:60:86:2C:FD:D6:57:BD:94:37
            X509v3 Authority Key Identifier:
                keyid:DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/IaYftj_WMwfhvYVghiz91le9lDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.0.0/18
                  31.172.96.0/21
                  83.243.0.0/21
                  185.148.248.0/22
                  195.182.2.0/24
                IPv6:
                  2001:67c:194::/48
                  2a01:a700::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:94:60:c4:2d:40:e0:76:3a:df:7e:3d:0f:c3:da:5f:56:d4:
         df:84:14:08:e9:a6:2f:30:8d:ff:8a:ce:f1:36:e9:e5:1c:09:
         35:f0:b5:60:c0:16:6d:d3:35:7f:49:99:1e:a0:c0:65:f5:05:
         6e:9a:12:bc:02:6b:a9:99:68:ff:39:bd:2a:e9:01:37:28:44:
         ec:02:d1:bb:56:bc:a6:97:3d:c3:dd:cc:29:75:b8:27:73:ac:
         85:62:ac:3e:13:32:0d:eb:70:e0:63:80:a5:db:13:4e:aa:19:
         52:ff:89:e8:07:32:33:20:f9:7d:da:7f:76:c1:64:09:93:1d:
         55:a1:3d:76:90:be:dd:ba:2c:e1:53:b4:cf:6a:a7:ef:19:99:
         cf:97:e3:d0:62:ca:4a:45:5d:a5:fa:65:11:34:f7:8c:3d:cd:
         c1:c9:59:ee:26:ac:66:05:bb:39:d7:bb:24:8e:ba:0d:83:a0:
         b6:3c:7c:4c:b0:1c:02:59:4f:b3:fb:c8:5a:89:8b:01:be:d2:
         fb:86:63:c3:34:77:d4:d7:28:a5:92:fc:a2:70:f4:77:bd:67:
         86:ac:8f:d0:c4:07:d8:3d:9d:c3:79:f4:39:72:1a:cb:b9:39:
         4e:b5:a8:74:8a:3e:1c:c5:f8:30:75:ba:f2:16:c1:8a:8e:de:
         02:28:21:13
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzKKhmqPQaSJ+GWjVH8tvOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMGJhNGY1NmU2ZjAzNzcyNTI4NjAzN2FmYzNjMTRjMjkz
YjliODIwHhcNMjQwMTAyMTIzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWE2MWZiNjNmZDYzMzA3ZTFiZDg1NjA4NjJjZmRkNjU3YmQ5NDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9sWYjCwK6WICqdvwHhNjLi24xo4H
sNwqmafR0qaauMsobPvKnTy9+PIHbO6yRJeR6jyjiyG1o+rn13Qnmc7udKW2VyV/
w7ml8MG0pbJ/xuwt6+h5SrhHG928CjIuI84DQfe+GO28S9an9h6Rnvb/0U1Jj/Fd
WBLR9Q9R4XX/Ja0H1UODbR1gPP5O6xcn8V25URPjIufrsJ1JDgu2dW49uOYLXT5M
z3bffBjxVRJzf5eFLfCSqvn6elsiYGNLb6tipgsZSwxiFd8/gOocvkNU97MW6U1J
LOViWOc1KTMvCQRrps2mXJguZLGuvG3o8x3SRocZnRiT/cIopvKNnQIExwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFCGmH7Y/1jMH4b2FYIYs/dZXvZQ3MB8GA1UdIwQY
MBaAFN8LpPVubwN3JShgN6/DwUwpO5uCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTIt
MzZjNjc4OTAwZjc5LzEvSWFZZnRqX1dNd2ZodllWZ2hpejkxbGU5bERjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTItMzZjNjc4OTAwZjc5
LzEvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQGH6wAAwQD
H6xgAwQDU/MAAwQCuZT4AwQAw7YCMBYEAgACMBADBwAgAQZ8AZQDBQMqAacAMA0G
CSqGSIb3DQEBCwUAA4IBAQBHlGDELUDgdjrffj0Pw9pfVtTfhBQI6aYvMI3/is7x
NunlHAk18LVgwBZt0zV/SZkeoMBl9QVumhK8AmupmWj/Ob0q6QE3KETsAtG7Vrym
lz3D3cwpdbgnc6yFYqw+EzIN63DgY4Cl2xNOqhlS/4noBzIzIPl92n92wWQJkx1V
oT12kL7duizhU7TPaqfvGZnPl+PQYspKRV2l+mURNPeMPc3ByVnuJqxmBbs517sk
jroNg6C2PHxMsBwCWU+z+8haiYsBvtL7hmPDNHfU1yilkvyicPR3vWeGrI/QxAfY
PZ3DefQ5chrLuTlOtah0ij4cxfgwdbryFsGKjt4CKCET
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:42:51 2024 by rpki-client on console-fra.rpki-client.org