Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/yuxNU6MO_mM_31zidZRELq1ok-4.roa
File:                     yuxNU6MO_mM_31zidZRELq1ok-4.roa (raw, json)
Hash identifier:          TXTlevC06UgNXbAKGIlXR1AKPL8nnt1j9nA5F96g8r4=
Subject key identifier:   CA:EC:4D:53:A3:0E:FE:63:3F:DF:5C:E2:75:94:44:2E:AD:68:93:EE
Certificate issuer:       /CN=005ff9cc89c66a8a3a5d734a0d65c61fdc8518be
Certificate serial:       018D214821D08D00125F78487F271081347A
Authority key identifier: 00:5F:F9:CC:89:C6:6A:8A:3A:5D:73:4A:0D:65:C6:1F:DC:85:18:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/yuxNU6MO_mM_31zidZRELq1ok-4.roa
Signing time:             Fri 19 Jan 2024 10:33:11 +0000
ROA not before:           Fri 19 Jan 2024 10:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31333
IP address blocks:        31.15.64.0/21 maxlen: 24
                          79.140.32.0/20 maxlen: 24
                          80.244.240.0/20 maxlen: 24
                          83.151.16.0/20 maxlen: 24
                          2001:4d88::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:21:48:21:d0:8d:00:12:5f:78:48:7f:27:10:81:34:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=005ff9cc89c66a8a3a5d734a0d65c61fdc8518be
        Validity
            Not Before: Jan 19 10:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=caec4d53a30efe633fdf5ce27594442ead6893ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b0:21:0c:a6:34:fd:94:79:07:13:48:0b:16:
                    17:fa:a9:d9:57:ed:6c:8d:10:fb:b4:6f:29:ee:94:
                    cf:c7:38:43:61:b2:7e:0e:08:67:61:fa:53:c5:0d:
                    5f:53:c5:63:f8:d0:ab:52:45:0c:33:de:61:e0:a1:
                    d5:09:be:7d:b2:64:76:b5:49:f1:20:2b:ea:a8:ef:
                    4d:5d:62:86:f8:74:7e:f1:bb:5a:e2:d5:91:0f:3b:
                    78:c0:01:d6:4f:e2:05:06:59:6c:fb:5e:29:cb:6f:
                    34:dd:78:5d:50:eb:69:c0:7c:1a:9b:20:33:ed:f0:
                    a9:9c:e3:d6:29:8a:02:ed:90:31:ab:94:0a:be:c8:
                    28:f7:e4:7e:60:fe:7c:be:49:86:9a:0c:42:06:ae:
                    58:81:9d:96:68:e8:dc:90:d5:3b:5e:91:bd:80:58:
                    ee:44:ab:24:b1:c9:ef:76:4e:30:8f:18:4e:98:85:
                    f4:5d:bd:aa:91:e3:4d:39:b1:b0:1c:2b:25:6d:f8:
                    aa:9b:a8:9e:be:51:f9:76:69:67:73:a9:82:88:65:
                    da:12:f5:b1:39:4b:33:38:04:3c:aa:f6:f0:6f:6c:
                    50:16:3f:c2:cd:6b:93:bd:36:ea:58:07:63:79:34:
                    7d:41:1c:4c:1b:a9:73:8b:d8:cd:e2:9d:a9:1c:b1:
                    79:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:EC:4D:53:A3:0E:FE:63:3F:DF:5C:E2:75:94:44:2E:AD:68:93:EE
            X509v3 Authority Key Identifier:
                keyid:00:5F:F9:CC:89:C6:6A:8A:3A:5D:73:4A:0D:65:C6:1F:DC:85:18:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/yuxNU6MO_mM_31zidZRELq1ok-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.15.64.0/21
                  79.140.32.0/20
                  80.244.240.0/20
                  83.151.16.0/20
                IPv6:
                  2001:4d88::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:1f:d3:73:c2:44:6a:63:16:e4:32:ce:3b:14:fa:33:76:a8:
         74:56:29:8f:32:da:00:0e:80:2a:3a:d1:d3:fb:31:c0:28:52:
         9c:2e:c5:b5:3e:2a:aa:4e:8b:9c:55:40:f1:bf:af:38:93:db:
         9f:47:cb:22:b1:50:ca:f6:0f:79:7d:6d:8e:c0:d9:99:4b:4f:
         9a:b6:b7:65:57:60:1d:8d:b4:48:78:1e:5a:1e:8c:75:e7:4c:
         48:8b:4f:2b:48:07:4e:2e:0b:d9:aa:1e:c9:5e:ee:d0:8c:89:
         6a:be:22:d9:29:e9:32:d1:c6:de:fa:2b:f7:2f:28:cf:01:f9:
         03:b8:f4:0c:91:64:f9:99:7f:4e:f0:78:f5:2d:a6:75:61:c9:
         9a:a0:19:4f:c7:62:7a:65:c1:76:af:d6:42:ea:9c:e0:1d:f2:
         66:d3:d5:5b:d6:7b:37:53:c7:48:65:52:76:d7:c6:63:01:8d:
         36:ec:ef:19:9d:31:17:2f:f9:ae:fe:1e:0c:98:fc:19:5a:fa:
         4a:78:b8:11:6a:6c:08:18:ea:dc:50:2f:ed:a8:09:ec:08:1f:
         0f:8a:06:af:81:32:20:45:d5:02:cc:44:08:bd:a7:0b:fd:66:
         e4:db:1c:12:58:d9:11:67:6d:c2:c5:37:f9:57:8b:9b:18:12:
         be:5d:83:85
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY0hSCHQjQASX3hIfycQgTR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNWZmOWNjODljNjZhOGEzYTVkNzM0YTBkNjVjNjFmZGM4
NTE4YmUwHhcNMjQwMTE5MTAzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWVjNGQ1M2EzMGVmZTYzM2ZkZjVjZTI3NTk0NDQyZWFkNjg5M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7AhDKY0/ZR5BxNICxYX+qnZV+1s
jRD7tG8p7pTPxzhDYbJ+DghnYfpTxQ1fU8Vj+NCrUkUMM95h4KHVCb59smR2tUnx
ICvqqO9NXWKG+HR+8bta4tWRDzt4wAHWT+IFBlls+14py2803XhdUOtpwHwamyAz
7fCpnOPWKYoC7ZAxq5QKvsgo9+R+YP58vkmGmgxCBq5YgZ2WaOjckNU7XpG9gFju
RKskscnvdk4wjxhOmIX0Xb2qkeNNObGwHCslbfiqm6ievlH5dmlnc6mCiGXaEvWx
OUszOAQ8qvbwb2xQFj/CzWuTvTbqWAdjeTR9QRxMG6lzi9jN4p2pHLF5WwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMrsTVOjDv5jP99c4nWURC6taJPuMB8GA1UdIwQY
MBaAFABf+cyJxmqKOl1zSg1lxh/chRi+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZfNXpJbkdhb282WFhOS0RXWEdIOXlGR0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9kNTNjNzgtMGQ1Yi00MjM3LTk5OTkt
MGUyZDY5N2IyN2UzLzEveXV4TlU2TU9fbU1fMzF6aWRaUkVMcTFvay00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9kNTNjNzgtMGQ1Yi00MjM3LTk5OTktMGUyZDY5N2IyN2Uz
LzEvQUZfNXpJbkdhb282WFhOS0RXWEdIOXlGR0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDHw9AAwQE
T4wgAwQEUPTwAwQEU5cQMA0EAgACMAcDBQAgAU2IMA0GCSqGSIb3DQEBCwUAA4IB
AQBNH9NzwkRqYxbkMs47FPozdqh0VimPMtoADoAqOtHT+zHAKFKcLsW1PiqqTouc
VUDxv684k9ufR8sisVDK9g95fW2OwNmZS0+atrdlV2AdjbRIeB5aHox150xIi08r
SAdOLgvZqh7JXu7QjIlqviLZKeky0cbe+iv3LyjPAfkDuPQMkWT5mX9O8Hj1LaZ1
YcmaoBlPx2J6ZcF2r9ZC6pzgHfJm09Vb1ns3U8dIZVJ218ZjAY027O8ZnTEXL/mu
/h4MmPwZWvpKeLgRamwIGOrcUC/tqAnsCB8PigavgTIgRdUCzEQIvacL/Wbk2xwS
WNkRZ23CxTf5V4ubGBK+XYOF
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:42:56 2024 by rpki-client on console-fra.rpki-client.org