Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/uQekqqap99johkQVXGZkQe_Lwjs.roa
File:                     uQekqqap99johkQVXGZkQe_Lwjs.roa (raw, json)
Hash identifier:          0pf5NN8C5ahYzHDBu8qAhzS6WzksQZoHwCFGmVDY/vM=
Subject key identifier:   B9:07:A4:AA:A6:A9:F7:D8:E8:86:44:15:5C:66:64:41:EF:CB:C2:3B
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649D8182BB97737AD407F243425ACF9
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/uQekqqap99johkQVXGZkQe_Lwjs.roa
Signing time:             Mon 01 Jan 2024 18:29:37 +0000
ROA not before:           Mon 01 Jan 2024 18:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39251
IP address blocks:        85.130.74.0/24 maxlen: 24
                          85.130.72.0/22 maxlen: 22
                          85.130.73.0/24 maxlen: 24
                          85.130.72.0/24 maxlen: 24
                          85.130.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d8:18:2b:b9:77:37:ad:40:7f:24:34:25:ac:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b907a4aaa6a9f7d8e88644155c666441efcbc23b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:28:9f:de:18:0a:39:b4:c6:b5:0c:c2:e9:4b:
                    20:97:90:3e:fb:3e:02:48:0f:c7:e1:3f:62:e9:d8:
                    66:b9:c1:7e:62:59:a7:01:b2:da:e4:ca:7f:fa:e4:
                    60:af:ea:0f:f6:d1:5c:e8:43:24:c3:b3:da:53:37:
                    ff:e2:ee:0d:87:0d:a7:87:b3:51:fa:d1:2c:71:f3:
                    50:33:ff:3b:b0:a1:89:ac:4a:41:e9:17:c4:3b:94:
                    27:21:e0:4b:4f:59:57:82:1a:7f:24:9e:f8:37:85:
                    64:31:b4:86:f2:69:30:e2:3e:54:52:c7:3e:d6:fb:
                    72:f6:e7:f4:73:1d:9a:89:7c:96:d8:d4:4f:e1:cf:
                    eb:4b:7b:0e:84:fb:40:6d:39:a7:18:ae:16:b5:0e:
                    1d:d6:3e:9b:99:19:2d:3e:d3:14:ee:cf:ff:50:14:
                    bb:8e:3e:c4:75:f1:5d:fa:36:33:5d:86:bf:c4:e9:
                    13:ea:a7:0e:88:a9:58:eb:99:66:f4:aa:16:c9:f5:
                    80:cc:20:b2:9e:84:88:29:67:86:fd:b3:19:10:fd:
                    52:51:39:e4:1e:ff:f9:67:fe:3e:1d:d3:ef:e0:64:
                    56:26:94:49:ee:cb:40:f6:3b:1c:65:a4:97:73:72:
                    7c:75:f8:84:93:f7:89:7b:05:1f:97:96:be:d1:ba:
                    a5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:07:A4:AA:A6:A9:F7:D8:E8:86:44:15:5C:66:64:41:EF:CB:C2:3B
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/uQekqqap99johkQVXGZkQe_Lwjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.130.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:cd:f5:ae:a3:55:23:44:03:aa:dc:d7:86:54:3f:e4:94:53:
         7e:77:c0:3a:23:57:7c:4b:1a:ef:a8:58:91:cc:6a:48:60:6a:
         d2:e5:51:48:05:2f:9a:e8:2a:7e:cc:2a:f2:9b:2c:a7:59:38:
         a6:2e:ba:bd:cb:7a:b9:8f:54:0d:97:80:0b:5e:35:de:93:b9:
         4e:a0:73:7c:05:3e:41:3b:f5:bc:51:6d:38:64:f1:67:66:48:
         ce:58:06:5c:92:5b:14:3d:e7:9c:c3:54:dd:7e:6f:ed:d5:a9:
         79:a0:39:38:20:4b:d5:54:7e:f6:21:9a:cf:70:4e:d0:c3:e8:
         92:83:c9:23:1a:00:18:ed:f2:4d:fc:11:05:c9:76:1c:7e:d7:
         03:4e:c8:bd:dc:b8:21:2b:2b:95:97:32:76:8a:b7:df:64:71:
         a2:a8:7a:6e:07:20:d8:da:be:eb:d9:cc:bb:15:40:16:d0:e9:
         fc:1a:2c:89:5b:8a:1b:c8:ae:aa:c9:96:ce:c7:ab:dc:1d:bc:
         2a:fe:6a:e6:43:d1:00:d7:1e:4f:1f:60:0f:66:c6:7f:b2:e4:
         aa:a6:38:5f:59:5f:1c:ee:0c:51:f0:e9:f7:d7:2e:8a:e8:9a:
         03:51:2a:97:fc:50:f8:47:6c:56:7e:08:06:da:da:58:c0:b9:
         3a:c7:eb:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdgYK7l3N61AfyQ0Jaz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTA3YTRhYWE2YTlmN2Q4ZTg4NjQ0MTU1YzY2NjQ0MWVmY2JjMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiif3hgKObTGtQzC6Usgl5A++z4C
SA/H4T9i6dhmucF+YlmnAbLa5Mp/+uRgr+oP9tFc6EMkw7PaUzf/4u4Nhw2nh7NR
+tEscfNQM/87sKGJrEpB6RfEO5QnIeBLT1lXghp/JJ74N4VkMbSG8mkw4j5UUsc+
1vty9uf0cx2aiXyW2NRP4c/rS3sOhPtAbTmnGK4WtQ4d1j6bmRktPtMU7s//UBS7
jj7EdfFd+jYzXYa/xOkT6qcOiKlY65lm9KoWyfWAzCCynoSIKWeG/bMZEP1SUTnk
Hv/5Z/4+HdPv4GRWJpRJ7stA9jscZaSXc3J8dfiEk/eJewUfl5a+0bqlFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkHpKqmqffY6IZEFVxmZEHvy8I7MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvdVFla3FxYXA5OWpvaGtRVlhHWmtRZV9Md2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVYJIMA0G
CSqGSIb3DQEBCwUAA4IBAQB5zfWuo1UjRAOq3NeGVD/klFN+d8A6I1d8SxrvqFiR
zGpIYGrS5VFIBS+a6Cp+zCrymyynWTimLrq9y3q5j1QNl4ALXjXek7lOoHN8BT5B
O/W8UW04ZPFnZkjOWAZcklsUPeecw1Tdfm/t1al5oDk4IEvVVH72IZrPcE7Qw+iS
g8kjGgAY7fJN/BEFyXYcftcDTsi93LghKyuVlzJ2irffZHGiqHpuByDY2r7r2cy7
FUAW0On8GiyJW4obyK6qyZbOx6vcHbwq/mrmQ9EA1x5PH2APZsZ/suSqpjhfWV8c
7gxR8On31y6K6JoDUSqX/FD4R2xWfggG2tpYwLk6x+vN
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:49:30 2024 by rpki-client on console-ams.rpki-client.org