Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/qMCT_zLdzfYIcEcVHP4azsuhYR0.roa
File:                     qMCT_zLdzfYIcEcVHP4azsuhYR0.roa (raw, json)
Hash identifier:          V2ZZOWM+azyC8rPCUh1vViVAHoR8bFtuTyttdECAlvM=
Subject key identifier:   A8:C0:93:FF:32:DD:CD:F6:08:70:47:15:1C:FE:1A:CE:CB:A1:61:1D
Certificate issuer:       /CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
Certificate serial:       018CCA2BCA3F1FE67ED40A11F6E38E9B149F
Authority key identifier: DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/qMCT_zLdzfYIcEcVHP4azsuhYR0.roa
Signing time:             Tue 02 Jan 2024 12:35:16 +0000
ROA not before:           Tue 02 Jan 2024 12:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48642
IP address blocks:        213.109.48.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:ca:3f:1f:e6:7e:d4:0a:11:f6:e3:8e:9b:14:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd725c4d0953e7ecf46f37e14fca14fd09a12d16
        Validity
            Not Before: Jan  2 12:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8c093ff32ddcdf6087047151cfe1acecba1611d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:51:8e:9e:41:25:ed:4a:71:78:7e:86:f0:d2:
                    93:bc:a9:59:d3:f4:85:50:0a:63:21:4b:6a:e1:77:
                    f3:dc:33:c5:dc:ce:45:8a:30:11:6f:1d:a1:69:69:
                    df:41:6c:c4:a7:09:b3:fc:e3:35:84:7c:b9:d2:64:
                    c4:d8:b7:2b:a0:13:61:d9:88:f0:7e:aa:2e:e6:17:
                    9d:50:e0:d6:cf:b8:b0:01:34:6b:0e:4b:c5:68:1f:
                    94:c2:3f:6d:a6:ec:b6:8b:63:40:92:3e:6b:98:bd:
                    2c:9b:70:cc:3c:8b:d1:98:d3:ab:25:2c:72:16:ba:
                    3e:08:d8:a9:45:94:66:62:c0:10:6f:73:bc:3b:93:
                    38:28:2f:0d:cb:74:fb:a2:c6:48:78:11:79:12:e2:
                    a4:43:57:3c:ff:e0:e3:a1:05:2e:b3:86:1e:f7:b5:
                    c2:41:f1:91:93:23:67:17:d3:94:2a:d8:6d:60:aa:
                    a3:41:70:c3:ff:52:21:91:1d:2b:f5:58:5d:0f:f1:
                    51:6f:50:d1:d0:95:0b:42:77:73:10:7d:4b:ee:7e:
                    6b:05:c8:c6:00:08:83:8b:30:4d:7b:6b:ac:ed:ed:
                    a6:d9:a9:8a:cd:f7:79:1a:e4:9a:45:c1:78:03:4a:
                    f7:ec:34:a8:14:e8:d8:65:d7:25:06:c5:22:5a:bd:
                    48:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C0:93:FF:32:DD:CD:F6:08:70:47:15:1C:FE:1A:CE:CB:A1:61:1D
            X509v3 Authority Key Identifier:
                keyid:DD:72:5C:4D:09:53:E7:EC:F4:6F:37:E1:4F:CA:14:FD:09:A1:2D:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3XJcTQlT5-z0bzfhT8oU_QmhLRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/qMCT_zLdzfYIcEcVHP4azsuhYR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/aaa6e3-f054-48e7-8246-8f20cb734488/1/3XJcTQlT5-z0bzfhT8oU_QmhLRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         23:be:7d:51:82:8c:0c:86:7d:39:c6:94:99:c2:49:e4:b9:0a:
         c5:0f:d0:49:ce:39:17:ab:5f:87:b3:7b:82:75:18:f6:1c:91:
         5d:67:db:5e:db:80:03:81:5c:d2:10:da:fc:99:01:16:18:5c:
         aa:06:d0:40:cf:14:b7:d7:3f:c4:99:2c:e7:19:5f:7e:ec:10:
         a9:8b:ea:cd:b7:9a:d7:ff:60:75:74:d1:93:9f:87:35:5e:74:
         06:2f:2f:08:4c:f9:91:13:ac:96:fb:46:1a:70:d2:f7:b6:91:
         c1:c9:87:d8:e5:68:c7:3b:16:07:57:b7:ea:f8:0d:be:e2:03:
         8f:66:85:3f:ef:14:c4:76:94:b3:53:12:00:6d:c1:9a:79:cb:
         3c:84:9d:5c:63:1e:f8:74:25:58:ba:25:97:65:cc:d4:a5:6a:
         9a:13:6d:26:81:f5:12:8f:d1:73:40:bd:e3:92:20:92:f7:30:
         2e:39:1c:4a:c6:e1:aa:81:32:d5:f8:96:c0:ba:30:7f:2c:83:
         fa:4b:9b:51:36:90:29:78:d0:47:25:19:be:a8:8a:25:36:55:
         c9:f8:77:f6:a1:35:6c:41:75:a0:cc:c8:7d:65:51:8d:9b:cd:
         84:af:fd:91:29:00:02:dd:10:c3:c3:bb:07:97:24:4a:36:2d:
         96:ab:47:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK8o/H+Z+1AoR9uOOmxSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNzI1YzRkMDk1M2U3ZWNmNDZmMzdlMTRmY2ExNGZkMDlh
MTJkMTYwHhcNMjQwMTAyMTIzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGMwOTNmZjMyZGRjZGY2MDg3MDQ3MTUxY2ZlMWFjZWNiYTE2MTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlGOnkEl7UpxeH6G8NKTvKlZ0/SF
UApjIUtq4Xfz3DPF3M5FijARbx2haWnfQWzEpwmz/OM1hHy50mTE2LcroBNh2Yjw
fqou5hedUODWz7iwATRrDkvFaB+Uwj9tpuy2i2NAkj5rmL0sm3DMPIvRmNOrJSxy
Fro+CNipRZRmYsAQb3O8O5M4KC8Ny3T7osZIeBF5EuKkQ1c8/+DjoQUus4Ye97XC
QfGRkyNnF9OUKthtYKqjQXDD/1IhkR0r9VhdD/FRb1DR0JULQndzEH1L7n5rBcjG
AAiDizBNe2us7e2m2amKzfd5GuSaRcF4A0r37DSoFOjYZdclBsUiWr1IBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjAk/8y3c32CHBHFRz+Gs7LoWEdMB8GA1UdIwQY
MBaAFN1yXE0JU+fs9G834U/KFP0JoS0WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYt
OGYyMGNiNzM0NDg4LzEvcU1DVF96TGR6ZllJY0VjVkhQNGF6c3VoWVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9hYWE2ZTMtZjA1NC00OGU3LTgyNDYtOGYyMGNiNzM0NDg4
LzEvM1hKY1RRbFQ1LXowYnpmaFQ4b1VfUW1oTFJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1W0wMA0G
CSqGSIb3DQEBCwUAA4IBAQAjvn1RgowMhn05xpSZwknkuQrFD9BJzjkXq1+Hs3uC
dRj2HJFdZ9te24ADgVzSENr8mQEWGFyqBtBAzxS31z/EmSznGV9+7BCpi+rNt5rX
/2B1dNGTn4c1XnQGLy8ITPmRE6yW+0YacNL3tpHByYfY5WjHOxYHV7fq+A2+4gOP
ZoU/7xTEdpSzUxIAbcGaecs8hJ1cYx74dCVYuiWXZczUpWqaE20mgfUSj9FzQL3j
kiCS9zAuORxKxuGqgTLV+JbAujB/LIP6S5tRNpApeNBHJRm+qIolNlXJ+Hf2oTVs
QXWgzMh9ZVGNm82Er/2RKQAC3RDDw7sHlyRKNi2Wq0c9
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:35:48 2024 by rpki-client on console-ams.rpki-client.org