Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/03c59c-d257-48ac-ba33-b0eead7c2488/1/Q4iqKFUc0D2tQdJ6MKyU0VtKsY0.roa
File:                     Q4iqKFUc0D2tQdJ6MKyU0VtKsY0.roa (raw, json)
Hash identifier:          fKqijXTJRXDQP/OB6VKYqKoHIVEN7PnyNAm2SBQqt5k=
Subject key identifier:   43:88:AA:28:55:1C:D0:3D:AD:41:D2:7A:30:AC:94:D1:5B:4A:B1:8D
Certificate issuer:       /CN=36be697c8489f482220f5c4064babe4c83c419d6
Certificate serial:       018CC86FB0D31D3F0C49639BCE7EC19D1A10
Authority key identifier: 36:BE:69:7C:84:89:F4:82:22:0F:5C:40:64:BA:BE:4C:83:C4:19:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nr5pfISJ9IIiD1xAZLq-TIPEGdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/03c59c-d257-48ac-ba33-b0eead7c2488/1/Q4iqKFUc0D2tQdJ6MKyU0VtKsY0.roa
Signing time:             Tue 02 Jan 2024 04:30:11 +0000
ROA not before:           Tue 02 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197395
IP address blocks:        91.208.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/03c59c-d257-48ac-ba33-b0eead7c2488/1/Nr5pfISJ9IIiD1xAZLq-TIPEGdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/03c59c-d257-48ac-ba33-b0eead7c2488/1/Nr5pfISJ9IIiD1xAZLq-TIPEGdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nr5pfISJ9IIiD1xAZLq-TIPEGdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b0:d3:1d:3f:0c:49:63:9b:ce:7e:c1:9d:1a:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36be697c8489f482220f5c4064babe4c83c419d6
        Validity
            Not Before: Jan  2 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4388aa28551cd03dad41d27a30ac94d15b4ab18d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:62:62:d5:62:5a:e9:3a:73:3d:4c:be:05:60:
                    13:a3:93:99:4c:53:06:fa:b3:82:f2:3d:41:3b:0f:
                    be:53:54:c8:e1:e7:bd:1d:cf:03:60:42:2c:0c:35:
                    f2:f0:3d:a3:3a:ca:54:46:a9:93:af:b2:cd:96:e2:
                    16:be:b5:09:20:f5:7b:a6:52:c1:ba:a9:fc:76:e4:
                    7e:91:ed:b3:a3:39:d2:d3:86:e0:91:4f:e7:7f:b8:
                    9e:0d:78:ef:68:4a:ec:b1:c0:ca:b4:c5:f8:c7:cb:
                    95:b6:63:ea:9e:5e:cd:6a:3c:84:53:81:66:69:f2:
                    c6:a0:54:2f:8c:31:c3:07:f8:a1:b5:7b:b3:e3:7f:
                    11:73:e6:b3:f6:9c:22:8d:fa:ce:d5:81:c1:00:6d:
                    ff:fc:70:7f:c9:3d:d8:38:7e:e0:86:a6:a2:64:cf:
                    d2:11:d0:40:d3:52:41:41:ff:a2:6a:9e:e1:31:9f:
                    5c:05:bc:37:30:d8:8a:f7:8e:01:f9:e4:53:30:6b:
                    05:9e:25:38:01:90:83:fe:61:be:b0:b3:3f:da:cc:
                    c0:be:85:2f:25:b5:34:66:13:1b:59:e5:21:5c:43:
                    80:dd:57:b9:f8:db:10:10:66:c0:fc:11:4b:3b:03:
                    51:f3:41:fb:c8:bc:df:97:7e:12:b5:03:f0:e8:2c:
                    59:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:88:AA:28:55:1C:D0:3D:AD:41:D2:7A:30:AC:94:D1:5B:4A:B1:8D
            X509v3 Authority Key Identifier:
                keyid:36:BE:69:7C:84:89:F4:82:22:0F:5C:40:64:BA:BE:4C:83:C4:19:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nr5pfISJ9IIiD1xAZLq-TIPEGdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03c59c-d257-48ac-ba33-b0eead7c2488/1/Q4iqKFUc0D2tQdJ6MKyU0VtKsY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03c59c-d257-48ac-ba33-b0eead7c2488/1/Nr5pfISJ9IIiD1xAZLq-TIPEGdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:43:60:a9:43:b5:78:47:f0:eb:c9:0b:ea:0b:9a:5a:0b:04:
         16:fc:e3:b1:56:87:b7:fe:12:55:44:4a:b1:d8:7d:16:8f:51:
         a6:84:fa:8e:d6:8b:57:b1:61:fe:a4:a0:5d:60:c2:35:e9:55:
         ad:32:b8:e4:98:80:39:2f:1c:1b:3b:82:a3:15:9e:d4:72:bd:
         cc:65:8c:41:38:fa:1d:2a:7e:d4:04:be:80:22:17:c7:5c:1e:
         68:a5:8a:06:0b:73:9c:fb:4c:ff:0f:e6:ed:c8:91:84:7f:3e:
         ea:5b:3d:f8:e5:33:46:39:bb:86:d9:1a:73:74:99:ef:c9:75:
         94:85:be:cc:d7:a1:e1:8f:f3:9e:e9:57:06:4a:12:8d:18:51:
         a9:fe:16:a8:82:53:5d:22:1c:aa:2d:73:26:c0:27:76:90:a6:
         16:5c:1f:48:e5:9e:f0:84:e9:9a:76:78:c9:51:02:83:2c:b3:
         c5:1a:bd:82:ba:92:ca:df:c7:4d:40:be:20:3f:45:ad:94:96:
         a1:2f:cf:0b:48:e3:17:e2:84:ff:e4:c2:95:f3:82:e8:6d:1b:
         b6:3b:ad:b1:83:9e:f2:71:60:b7:de:ab:a4:ce:2c:23:4c:b4:
         b4:6f:b1:e2:15:11:ea:e2:f6:a0:00:7c:29:29:e7:20:22:0a:
         9e:f0:36:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7DTHT8MSWObzn7BnRoQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YmU2OTdjODQ4OWY0ODIyMjBmNWM0MDY0YmFiZTRjODNj
NDE5ZDYwHhcNMjQwMTAyMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mzg4YWEyODU1MWNkMDNkYWQ0MWQyN2EzMGFjOTRkMTViNGFiMThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmJi1WJa6TpzPUy+BWATo5OZTFMG
+rOC8j1BOw++U1TI4ee9Hc8DYEIsDDXy8D2jOspURqmTr7LNluIWvrUJIPV7plLB
uqn8duR+ke2zoznS04bgkU/nf7ieDXjvaErsscDKtMX4x8uVtmPqnl7NajyEU4Fm
afLGoFQvjDHDB/ihtXuz438Rc+az9pwijfrO1YHBAG3//HB/yT3YOH7ghqaiZM/S
EdBA01JBQf+iap7hMZ9cBbw3MNiK944B+eRTMGsFniU4AZCD/mG+sLM/2szAvoUv
JbU0ZhMbWeUhXEOA3Ve5+NsQEGbA/BFLOwNR80H7yLzfl34StQPw6CxZbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOIqihVHNA9rUHSejCslNFbSrGNMB8GA1UdIwQY
MBaAFDa+aXyEifSCIg9cQGS6vkyDxBnWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnI1cGZJU0o5SUlpRDF4QVpMcS1USVBFR2RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8wM2M1OWMtZDI1Ny00OGFjLWJhMzMt
YjBlZWFkN2MyNDg4LzEvUTRpcUtGVWMwRDJ0UWRKNk1LeVUwVnRLc1kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8wM2M1OWMtZDI1Ny00OGFjLWJhMzMtYjBlZWFkN2MyNDg4
LzEvTnI1cGZJU0o5SUlpRDF4QVpMcS1USVBFR2RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9A+MA0G
CSqGSIb3DQEBCwUAA4IBAQBtQ2CpQ7V4R/DryQvqC5paCwQW/OOxVoe3/hJVREqx
2H0Wj1GmhPqO1otXsWH+pKBdYMI16VWtMrjkmIA5LxwbO4KjFZ7Ucr3MZYxBOPod
Kn7UBL6AIhfHXB5opYoGC3Oc+0z/D+btyJGEfz7qWz345TNGObuG2RpzdJnvyXWU
hb7M16Hhj/Oe6VcGShKNGFGp/haoglNdIhyqLXMmwCd2kKYWXB9I5Z7whOmadnjJ
UQKDLLPFGr2CupLK38dNQL4gP0WtlJahL88LSOMX4oT/5MKV84LobRu2O62xg57y
cWC33qukziwjTLS0b7HiFRHq4vagAHwpKecgIgqe8DbX
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:53:28 2024 by rpki-client on console-fra.rpki-client.org