Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/qZhU4u_Zy3-GIFZqf2GA5b3zN5U.roa
File:                     qZhU4u_Zy3-GIFZqf2GA5b3zN5U.roa (raw, json)
Hash identifier:          3F/0U35s0SLoHV6aopuB7MWidV4ogt8Qpl0lcuoWcuU=
Subject key identifier:   A9:98:54:E2:EF:D9:CB:7F:86:20:56:6A:7F:61:80:E5:BD:F3:37:95
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       018CF35FAE002926F7A9998D6F2EDCF1F7F4
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/qZhU4u_Zy3-GIFZqf2GA5b3zN5U.roa
Signing time:             Wed 10 Jan 2024 12:36:23 +0000
ROA not before:           Wed 10 Jan 2024 12:36:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205411
IP address blocks:        185.21.124.0/22 maxlen: 24
                          212.237.244.0/22 maxlen: 24
                          208.82.72.0/22 maxlen: 24
                          2a00:5560::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:5f:ae:00:29:26:f7:a9:99:8d:6f:2e:dc:f1:f7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: Jan 10 12:36:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a99854e2efd9cb7f8620566a7f6180e5bdf33795
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d1:c8:ce:23:0f:22:4d:27:3c:87:de:bd:1e:
                    49:91:f0:8f:9c:93:d5:81:21:3d:4d:18:3e:1c:b1:
                    47:f9:75:a2:f3:d6:14:07:18:d3:c5:ae:3c:3c:e6:
                    f7:f7:2f:cb:87:24:aa:93:a7:78:2d:10:77:7c:e0:
                    29:3a:4e:90:af:20:82:f5:c3:05:6a:a2:26:67:15:
                    18:f2:db:2f:5e:8c:00:33:90:52:c9:9d:c9:2d:2c:
                    47:65:b5:ee:56:f9:45:d1:5d:34:8f:b7:96:b8:b7:
                    a2:36:41:fc:43:da:3c:1a:e9:58:ad:86:41:2c:a8:
                    b1:84:57:5f:37:1f:9f:81:30:74:96:1c:71:2a:fd:
                    5f:2e:c1:ac:12:29:32:df:8e:05:0b:99:29:6f:7a:
                    e0:cd:e0:30:52:60:15:2e:57:21:de:0e:c1:91:e2:
                    04:b5:88:6e:b2:a4:46:67:72:6c:e3:a3:67:1f:26:
                    eb:9e:43:ee:46:7d:86:3d:d2:f0:fa:cd:e5:1f:e1:
                    58:34:81:71:ce:a7:d0:bd:c9:2e:25:bd:1e:6c:88:
                    38:5d:63:40:db:5d:fd:a9:c4:16:8f:72:48:ae:10:
                    2f:e4:1e:82:65:f0:40:9a:15:32:93:0c:7c:f7:ce:
                    b3:e2:81:8e:07:72:16:37:d3:5c:0a:fb:31:48:77:
                    c4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:98:54:E2:EF:D9:CB:7F:86:20:56:6A:7F:61:80:E5:BD:F3:37:95
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/qZhU4u_Zy3-GIFZqf2GA5b3zN5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.124.0/22
                  208.82.72.0/22
                  212.237.244.0/22
                IPv6:
                  2a00:5560::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:85:29:a6:5b:a0:9a:3e:d9:ee:73:e7:e3:b7:40:0c:9d:bd:
         25:4d:d0:9e:32:f9:bc:8e:56:31:3a:a9:63:b0:58:cc:a5:b9:
         59:bb:24:4b:71:55:f8:b8:c9:7f:f3:a2:ae:a0:9d:4c:c9:df:
         0c:14:df:23:b2:47:70:3f:d2:71:4c:c5:cc:67:4c:a6:6d:e6:
         e7:5d:3a:60:06:2a:94:d3:64:3e:e4:04:3c:a4:4d:37:6a:ea:
         8a:5f:5f:85:6f:b0:30:06:72:6c:0e:93:98:89:42:3e:6a:5d:
         25:b9:ab:63:ce:a4:14:36:76:6d:6e:3d:bc:d7:d0:ae:6c:91:
         91:10:fa:56:db:c2:3a:41:f3:33:b5:31:12:fd:c2:43:95:16:
         32:43:f7:3f:9f:66:0b:77:28:2d:10:65:ad:1d:8e:1b:18:51:
         82:cd:22:c5:6a:6a:86:b0:7d:4c:9d:46:a0:95:5f:99:61:c6:
         d9:5c:fe:78:30:08:80:19:37:88:db:d9:41:96:91:f0:0f:db:
         9b:72:74:cb:e6:20:ca:af:4b:6b:7e:0f:17:f3:1b:9c:5f:46:
         b4:1e:a3:04:e6:2f:d6:79:3c:4b:6c:86:fc:4f:01:5d:be:b2:
         01:ad:81:a4:a4:fe:03:d9:0e:17:da:0a:94:76:d3:f0:8b:3b:
         0a:a7:ff:1d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzzX64AKSb3qZmNby7c8ff0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjQwMTEwMTIzNjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTk4NTRlMmVmZDljYjdmODYyMDU2NmE3ZjYxODBlNWJkZjMzNzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9HIziMPIk0nPIfevR5JkfCPnJPV
gSE9TRg+HLFH+XWi89YUBxjTxa48POb39y/LhySqk6d4LRB3fOApOk6QryCC9cMF
aqImZxUY8tsvXowAM5BSyZ3JLSxHZbXuVvlF0V00j7eWuLeiNkH8Q9o8GulYrYZB
LKixhFdfNx+fgTB0lhxxKv1fLsGsEiky344FC5kpb3rgzeAwUmAVLlch3g7BkeIE
tYhusqRGZ3Js46NnHybrnkPuRn2GPdLw+s3lH+FYNIFxzqfQvckuJb0ebIg4XWNA
2139qcQWj3JIrhAv5B6CZfBAmhUykwx8986z4oGOB3IWN9NcCvsxSHfEEQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKmYVOLv2ct/hiBWan9hgOW98zeVMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvcVpoVTR1X1p5My1HSUZacWYyR0E1YjN6TjVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuRV8AwQC
0FJIAwQC1O30MA0EAgACMAcDBQAqAFVgMA0GCSqGSIb3DQEBCwUAA4IBAQBHhSmm
W6CaPtnuc+fjt0AMnb0lTdCeMvm8jlYxOqljsFjMpblZuyRLcVX4uMl/86KuoJ1M
yd8MFN8jskdwP9JxTMXMZ0ymbebnXTpgBiqU02Q+5AQ8pE03auqKX1+Fb7AwBnJs
DpOYiUI+al0luatjzqQUNnZtbj2819CubJGREPpW28I6QfMztTES/cJDlRYyQ/c/
n2YLdygtEGWtHY4bGFGCzSLFamqGsH1MnUaglV+ZYcbZXP54MAiAGTeI29lBlpHw
D9ubcnTL5iDKr0trfg8X8xucX0a0HqME5i/WeTxLbIb8TwFdvrIBrYGkpP4D2Q4X
2gqUdtPwizsKp/8d
-----END CERTIFICATE-----
Generated at Sat Jun 15 23:36:13 2024 by rpki-client on console-ams.rpki-client.org