Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/or4JqpUqVfuyDErnrAkinjF0LRU.roa
File:                     or4JqpUqVfuyDErnrAkinjF0LRU.roa (raw, json)
Hash identifier:          MAkxgFBeaSG5HNGqaCtBIWDGTwRhTD+aOYyxBsnrbBE=
Subject key identifier:   A2:BE:09:AA:95:2A:55:FB:B2:0C:4A:E7:AC:09:22:9E:31:74:2D:15
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       018CC793FF66255536AAE993453665E5C0DE
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/or4JqpUqVfuyDErnrAkinjF0LRU.roa
Signing time:             Tue 02 Jan 2024 00:30:14 +0000
ROA not before:           Tue 02 Jan 2024 00:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198227
IP address blocks:        217.147.170.0/24 maxlen: 24
                          217.147.173.0/24 maxlen: 24
                          217.147.174.0/24 maxlen: 24
                          217.147.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:ff:66:25:55:36:aa:e9:93:45:36:65:e5:c0:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan  2 00:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2be09aa952a55fbb20c4ae7ac09229e31742d15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:59:0d:6e:86:1d:3a:84:87:1b:82:a7:e0:93:
                    fe:d4:cc:44:2b:e7:d3:aa:38:ac:36:e0:de:32:96:
                    58:04:d8:ef:ee:30:d8:fc:3f:c0:d2:3d:d2:c6:de:
                    8a:5a:5d:1d:79:67:c8:be:f2:c1:41:b5:6a:c0:33:
                    d2:ee:c7:b2:69:61:ba:ec:ed:52:bc:d2:af:b5:c5:
                    4c:2a:08:57:c4:66:a7:32:e1:75:08:32:49:e0:01:
                    31:63:10:7a:d0:6c:8c:6a:d1:96:f4:8b:9d:d7:03:
                    8e:3a:63:38:55:4d:1a:65:97:bb:38:5f:a7:a0:c0:
                    20:01:64:c4:ef:72:76:4c:d8:6b:bb:97:19:cb:8d:
                    08:e3:e0:e0:af:8b:68:c0:24:58:ad:9e:9e:9c:59:
                    c4:47:9f:c0:fa:2e:24:87:16:c2:ea:e2:91:aa:1c:
                    37:91:bc:cb:45:b2:17:1a:69:32:20:e0:cb:54:52:
                    c4:e5:6c:ba:0f:f5:56:d2:7e:b5:9c:9b:6e:d0:f0:
                    a0:80:d2:d2:fa:71:64:98:3a:e3:a9:7e:31:05:14:
                    fd:b3:7c:e2:0a:11:a3:a2:11:19:c3:6b:01:79:f4:
                    09:5f:84:19:16:3e:f5:cc:3c:d1:90:09:5e:c7:c6:
                    4b:57:79:bf:86:3a:31:be:10:bb:de:79:c0:b1:34:
                    a6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:BE:09:AA:95:2A:55:FB:B2:0C:4A:E7:AC:09:22:9E:31:74:2D:15
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/or4JqpUqVfuyDErnrAkinjF0LRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.170.0/24
                  217.147.173.0-217.147.175.255

    Signature Algorithm: sha256WithRSAEncryption
         25:c4:46:55:e0:23:44:6f:35:c9:10:76:38:5a:15:48:db:35:
         7d:8d:e5:86:84:f7:37:6e:ce:06:29:fa:e6:8b:15:e9:a8:19:
         b8:40:ed:9e:93:f4:c2:83:9b:6c:5f:3a:45:fd:18:1c:94:d0:
         ef:52:cc:07:20:2a:0f:7e:a0:69:8a:c1:78:b4:c6:38:3b:55:
         4f:e7:69:6a:63:86:20:e8:aa:1b:b0:54:83:b6:73:10:c6:d0:
         f0:2d:a8:e5:1f:7b:90:14:21:f4:68:03:7c:e8:e0:ef:40:c6:
         0e:b3:31:9a:1f:b3:9d:1f:94:43:3b:ea:fb:f9:64:47:4b:37:
         80:f6:13:61:4e:70:f7:d9:04:af:4b:72:f5:d1:40:ce:88:f2:
         7f:61:d4:8a:14:57:85:c6:1b:ef:0d:1d:7a:71:61:e5:40:38:
         8c:2c:49:0f:8d:c9:68:b3:bc:eb:f5:73:6d:ad:6f:c9:16:b4:
         d4:5f:e3:9d:b3:80:99:fa:7c:b5:1f:6c:dd:99:6d:7f:f3:7d:
         08:b2:c3:b2:1f:c2:4d:16:eb:d5:5d:ff:b2:b5:cb:a6:a7:7e:
         ee:3c:58:5e:73:6b:5b:f7:14:5c:c4:9e:65:7f:75:fc:a9:ef:
         bd:d6:66:86:9c:41:e7:8c:ce:8e:e5:2c:bb:28:7b:bb:7e:97:
         2d:49:82:65
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzHk/9mJVU2qumTRTZl5cDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjQwMTAyMDAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmJlMDlhYTk1MmE1NWZiYjIwYzRhZTdhYzA5MjI5ZTMxNzQyZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1kNboYdOoSHG4Kn4JP+1MxEK+fT
qjisNuDeMpZYBNjv7jDY/D/A0j3Sxt6KWl0deWfIvvLBQbVqwDPS7seyaWG67O1S
vNKvtcVMKghXxGanMuF1CDJJ4AExYxB60GyMatGW9Iud1wOOOmM4VU0aZZe7OF+n
oMAgAWTE73J2TNhru5cZy40I4+Dgr4towCRYrZ6enFnER5/A+i4khxbC6uKRqhw3
kbzLRbIXGmkyIODLVFLE5Wy6D/VW0n61nJtu0PCggNLS+nFkmDrjqX4xBRT9s3zi
ChGjohEZw2sBefQJX4QZFj71zDzRkAlex8ZLV3m/hjoxvhC73nnAsTSmtQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKK+CaqVKlX7sgxK56wJIp4xdC0VMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvb3I0SnFwVXFWZnV5REVybnJBa2luakYwTFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQA2ZOqMAwD
BADZk60DBATZk6AwDQYJKoZIhvcNAQELBQADggEBACXERlXgI0RvNckQdjhaFUjb
NX2N5YaE9zduzgYp+uaLFemoGbhA7Z6T9MKDm2xfOkX9GByU0O9SzAcgKg9+oGmK
wXi0xjg7VU/naWpjhiDoqhuwVIO2cxDG0PAtqOUfe5AUIfRoA3zo4O9Axg6zMZof
s50flEM76vv5ZEdLN4D2E2FOcPfZBK9LcvXRQM6I8n9h1IoUV4XGG+8NHXpxYeVA
OIwsSQ+NyWizvOv1c22tb8kWtNRf452zgJn6fLUfbN2ZbX/zfQiyw7Ifwk0W69Vd
/7K1y6anfu48WF5za1v3FFzEnmV/dfyp773WZoacQeeMzo7lLLsoe7t+ly1JgmU=
-----END CERTIFICATE-----
Generated at Mon Jun 17 16:30:58 2024 by rpki-client on console-ams.rpki-client.org