Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/MQLAZtM7yFr_hR7h_Q0sFiUjo0E.roa
File:                     MQLAZtM7yFr_hR7h_Q0sFiUjo0E.roa (raw, json)
Hash identifier:          Q6UPvomfMUjtEY5D/bbb2IMqQQUf16FtPI8dYvm2RyQ=
Subject key identifier:   31:02:C0:66:D3:3B:C8:5A:FF:85:1E:E1:FD:0D:2C:16:25:23:A3:41
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       018CC64A7388FDD6C1F664AF6C432431F74E
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/MQLAZtM7yFr_hR7h_Q0sFiUjo0E.roa
Signing time:             Mon 01 Jan 2024 18:30:17 +0000
ROA not before:           Mon 01 Jan 2024 18:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        217.212.224.0/19 maxlen: 19
                          193.45.0.0/22 maxlen: 22
                          193.45.6.0/24 maxlen: 24
                          193.45.10.0/23 maxlen: 24
                          193.45.14.0/23 maxlen: 23
                          193.45.142.0/24 maxlen: 24
                          193.45.142.0/23 maxlen: 23
                          193.45.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 04:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:73:88:fd:d6:c1:f6:64:af:6c:43:24:31:f7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: Jan  1 18:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3102c066d33bc85aff851ee1fd0d2c162523a341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:25:4d:1e:87:79:b9:b1:b6:36:e5:a0:e6:fc:
                    ed:b6:2a:18:85:e7:04:47:57:8e:1b:8d:71:bf:bb:
                    d9:71:80:82:70:98:7a:2e:91:76:b5:fb:82:59:f4:
                    34:30:5e:a1:75:30:61:91:b3:0e:94:4f:72:b8:46:
                    86:d3:0e:06:fe:b3:1b:4b:67:6d:07:80:65:e7:d8:
                    8f:6b:9e:85:6d:93:00:f7:8c:30:83:28:c6:1d:96:
                    61:f6:59:43:a8:5c:12:31:af:65:53:0c:49:3b:45:
                    58:3c:c0:dc:55:d3:23:90:e7:bc:5d:79:22:c8:2a:
                    57:4c:85:4f:bc:0d:98:40:af:4c:8d:a5:84:5d:52:
                    96:c2:6e:9a:c8:65:4c:90:03:55:39:23:35:58:f8:
                    55:1a:92:44:8d:f7:24:c8:e1:34:43:60:a9:ba:fc:
                    c2:6e:cf:74:af:67:0f:eb:a0:60:bb:04:58:ba:0c:
                    ba:95:89:2b:87:61:65:25:27:10:71:45:bd:64:07:
                    3a:a9:62:01:0a:b1:9b:24:80:a9:6c:e7:3a:2b:4d:
                    bb:69:fc:27:0f:5d:97:ef:a7:e1:56:03:2e:b9:5a:
                    23:7e:13:46:33:e7:2d:d7:31:19:77:01:ca:64:3d:
                    3a:47:67:50:44:4c:fb:f2:76:f6:98:93:9b:30:67:
                    f2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:02:C0:66:D3:3B:C8:5A:FF:85:1E:E1:FD:0D:2C:16:25:23:A3:41
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/MQLAZtM7yFr_hR7h_Q0sFiUjo0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.45.0.0/22
                  193.45.6.0/24
                  193.45.10.0/23
                  193.45.14.0/23
                  193.45.142.0/23
                  193.45.254.0/24
                  217.212.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5d:5a:de:2f:ef:e2:6b:2b:b0:df:53:db:6b:58:83:85:9f:bd:
         90:5e:17:fd:04:e8:bd:d7:e7:20:b1:10:3f:5a:dc:39:dc:04:
         0e:c1:64:fd:49:73:68:73:43:33:b7:e5:7c:ba:7d:dd:87:d0:
         8a:cb:52:36:38:95:46:02:d6:07:46:d1:b6:12:d6:0b:13:e5:
         16:23:c7:a3:03:78:58:0a:e1:31:e2:35:d8:1d:97:fc:d9:e3:
         a5:da:3f:9f:5b:0f:0f:3f:4a:72:72:73:52:24:32:c4:38:ba:
         36:c0:2a:58:29:9c:bf:35:7d:92:be:8e:8e:b5:4b:a2:33:92:
         48:44:02:f1:ba:4e:0b:01:0f:ec:0b:6f:3b:76:ec:12:1a:f6:
         de:71:55:1e:e1:f6:c8:89:6d:0c:59:65:55:6d:83:18:20:c6:
         3b:47:67:09:e0:92:96:55:45:b7:0b:73:a7:a3:f2:e0:07:31:
         c9:e5:71:6a:c2:35:db:d2:31:e7:f9:96:78:d2:95:0d:a3:68:
         b9:49:51:52:e4:60:5b:c2:11:d6:7e:43:fa:b7:3d:b7:0e:89:
         a7:d1:37:72:8b:ae:06:22:36:c4:5a:65:b8:b3:32:14:9c:d5:
         f9:b6:4e:a2:63:f9:de:bb:cf:95:d9:9f:0d:3f:7e:3f:31:60:
         22:34:e8:8c
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzGSnOI/dbB9mSvbEMkMfdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjQwMTAxMTgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTAyYzA2NmQzM2JjODVhZmY4NTFlZTFmZDBkMmMxNjI1MjNhMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliVNHod5ubG2NuWg5vzttioYhecE
R1eOG41xv7vZcYCCcJh6LpF2tfuCWfQ0MF6hdTBhkbMOlE9yuEaG0w4G/rMbS2dt
B4Bl59iPa56FbZMA94wwgyjGHZZh9llDqFwSMa9lUwxJO0VYPMDcVdMjkOe8XXki
yCpXTIVPvA2YQK9MjaWEXVKWwm6ayGVMkANVOSM1WPhVGpJEjfckyOE0Q2CpuvzC
bs90r2cP66BguwRYugy6lYkrh2FlJScQcUW9ZAc6qWIBCrGbJICpbOc6K027afwn
D12X76fhVgMuuVojfhNGM+ct1zEZdwHKZD06R2dQREz78nb2mJObMGfyBQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDECwGbTO8ha/4Ue4f0NLBYlI6NBMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvTVFMQVp0TTd5RnJfaFI3aF9RMHNGaVVqbzBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCwS0AAwQA
wS0GAwQBwS0KAwQBwS0OAwQBwS2OAwQAwS3+AwQF2dTgMA0GCSqGSIb3DQEBCwUA
A4IBAQBdWt4v7+JrK7DfU9trWIOFn72QXhf9BOi91+cgsRA/Wtw53AQOwWT9SXNo
c0Mzt+V8un3dh9CKy1I2OJVGAtYHRtG2EtYLE+UWI8ejA3hYCuEx4jXYHZf82eOl
2j+fWw8PP0pycnNSJDLEOLo2wCpYKZy/NX2Svo6OtUuiM5JIRALxuk4LAQ/sC287
duwSGvbecVUe4fbIiW0MWWVVbYMYIMY7R2cJ4JKWVUW3C3Ono/LgBzHJ5XFqwjXb
0jHn+ZZ40pUNo2i5SVFS5GBbwhHWfkP6tz23Domn0Tdyi64GIjbEWmW4szIUnNX5
tk6iY/neu8+V2Z8NP34/MWAiNOiM
-----END CERTIFICATE-----
Generated at Mon Jun 17 13:03:42 2024 by rpki-client on console-ams.rpki-client.org