Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/b19811-fa23-47b0-b577-17698f88c3bd/1/Y6Q4ViAGnsJmkB-fN2LN191Pw7c.roa
File:                     Y6Q4ViAGnsJmkB-fN2LN191Pw7c.roa (raw, json)
Hash identifier:          jSK8tsHSQfmTslpTUmntlY8Nw0zk2XwQ2aQWTYIPv0A=
Subject key identifier:   63:A4:38:56:20:06:9E:C2:66:90:1F:9F:37:62:CD:D7:DD:4F:C3:B7
Certificate issuer:       /CN=2aa14bff83480d10cd0fbebb80b2cb5091fcf82f
Certificate serial:       018CC424666AB14DA5349083E6FD7A83EE83
Authority key identifier: 2A:A1:4B:FF:83:48:0D:10:CD:0F:BE:BB:80:B2:CB:50:91:FC:F8:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KqFL_4NIDRDND767gLLLUJH8-C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/b19811-fa23-47b0-b577-17698f88c3bd/1/Y6Q4ViAGnsJmkB-fN2LN191Pw7c.roa
Signing time:             Mon 01 Jan 2024 08:29:29 +0000
ROA not before:           Mon 01 Jan 2024 08:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47562
IP address blocks:        94.198.32.0/21 maxlen: 24
                          62.122.144.0/21 maxlen: 24
                          185.46.96.0/22 maxlen: 24
                          93.91.112.0/20 maxlen: 24
                          46.175.192.0/21 maxlen: 24
                          2a03:ce80::/32 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/b19811-fa23-47b0-b577-17698f88c3bd/1/KqFL_4NIDRDND767gLLLUJH8-C8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/b19811-fa23-47b0-b577-17698f88c3bd/1/KqFL_4NIDRDND767gLLLUJH8-C8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KqFL_4NIDRDND767gLLLUJH8-C8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:66:6a:b1:4d:a5:34:90:83:e6:fd:7a:83:ee:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2aa14bff83480d10cd0fbebb80b2cb5091fcf82f
        Validity
            Not Before: Jan  1 08:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63a4385620069ec266901f9f3762cdd7dd4fc3b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4e:b2:aa:57:8e:59:a7:d6:8c:36:96:39:f1:
                    f5:9e:8b:f0:e1:c5:8d:9d:cb:ad:8a:6a:55:23:2e:
                    62:14:6e:5d:d5:1b:fd:e9:8b:4f:fc:e5:de:e3:2b:
                    7c:8f:b9:d7:40:ed:7c:f8:e6:46:78:4b:a0:d8:82:
                    93:d8:2f:52:51:37:7f:9e:4f:44:b1:e3:4f:03:90:
                    53:16:b5:be:62:61:64:02:73:33:0f:26:a5:15:09:
                    8e:3c:73:52:2d:75:e5:77:45:cc:f7:97:96:76:1f:
                    24:87:e5:49:fd:d8:6d:67:81:01:7e:35:6c:3d:ff:
                    89:38:59:2c:f0:f5:74:e9:73:a9:53:09:3d:4e:45:
                    89:b2:f3:11:09:73:a0:c3:57:79:a1:f3:9f:a4:57:
                    25:52:e5:52:b9:ff:cb:0c:86:d1:87:bc:14:b9:9f:
                    06:c9:52:d7:f7:c9:be:e4:cb:65:cc:02:39:5a:7b:
                    00:ed:6e:f1:cd:d3:82:a7:51:4b:77:0f:96:e5:4d:
                    ca:12:83:18:08:db:ae:54:b5:a4:02:f7:fe:84:47:
                    50:e8:31:a2:e0:d6:95:4a:5b:5c:68:c2:6d:4f:d9:
                    66:91:72:85:56:2e:e9:12:d8:80:2a:07:7f:6e:14:
                    9f:11:98:71:28:16:07:73:f9:eb:0c:0e:f7:1b:32:
                    97:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:A4:38:56:20:06:9E:C2:66:90:1F:9F:37:62:CD:D7:DD:4F:C3:B7
            X509v3 Authority Key Identifier:
                keyid:2A:A1:4B:FF:83:48:0D:10:CD:0F:BE:BB:80:B2:CB:50:91:FC:F8:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KqFL_4NIDRDND767gLLLUJH8-C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b19811-fa23-47b0-b577-17698f88c3bd/1/Y6Q4ViAGnsJmkB-fN2LN191Pw7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b19811-fa23-47b0-b577-17698f88c3bd/1/KqFL_4NIDRDND767gLLLUJH8-C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.192.0/21
                  62.122.144.0/21
                  93.91.112.0/20
                  94.198.32.0/21
                  185.46.96.0/22
                IPv6:
                  2a03:ce80::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:6b:9d:b1:1c:4a:39:70:00:44:b8:a9:0d:1c:56:2a:30:a7:
         3f:e2:5d:43:d0:39:ea:a2:cf:b7:e9:c1:0f:95:7a:2f:4c:67:
         30:13:9b:16:e5:d2:a9:0c:0d:98:15:c4:f3:fe:0b:7c:8f:36:
         85:85:28:67:44:22:54:cd:62:0a:07:97:68:0d:aa:74:e7:33:
         8e:90:ea:95:09:c0:57:2f:93:d9:91:6a:79:96:dd:00:7c:31:
         f7:bf:68:ea:1e:66:de:82:eb:61:53:f2:c2:fe:6e:b5:3d:69:
         4c:53:dc:a6:68:3e:a7:1f:f0:8e:8e:e3:9d:9e:ce:00:af:f0:
         4f:a0:da:05:63:b8:ce:41:fe:49:da:08:50:19:25:c7:64:86:
         ec:46:75:a9:8d:bc:a8:e7:39:c7:74:54:87:f8:a9:43:4d:1c:
         91:79:66:39:62:0a:08:81:25:3b:16:e5:5b:df:71:37:3d:d0:
         c0:4b:5a:ef:01:d2:d4:0a:65:0a:cc:af:a8:98:1f:95:f9:e7:
         bb:66:8c:69:20:9c:44:20:e5:29:b7:b4:02:6e:15:f2:5a:4c:
         db:c0:7c:92:0a:46:a0:2f:97:2a:9c:5d:7b:7e:b9:63:ed:ab:
         40:50:fc:65:fd:d0:43:cc:11:8e:7e:3c:e0:ad:0a:93:1f:8e:
         9a:65:ba:d4
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzEJGZqsU2lNJCD5v16g+6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYTE0YmZmODM0ODBkMTBjZDBmYmViYjgwYjJjYjUwOTFm
Y2Y4MmYwHhcNMjQwMTAxMDgyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2E0Mzg1NjIwMDY5ZWMyNjY5MDFmOWYzNzYyY2RkN2RkNGZjM2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1E6yqleOWafWjDaWOfH1novw4cWN
ncutimpVIy5iFG5d1Rv96YtP/OXe4yt8j7nXQO18+OZGeEug2IKT2C9SUTd/nk9E
seNPA5BTFrW+YmFkAnMzDyalFQmOPHNSLXXld0XM95eWdh8kh+VJ/dhtZ4EBfjVs
Pf+JOFks8PV06XOpUwk9TkWJsvMRCXOgw1d5ofOfpFclUuVSuf/LDIbRh7wUuZ8G
yVLX98m+5MtlzAI5WnsA7W7xzdOCp1FLdw+W5U3KEoMYCNuuVLWkAvf+hEdQ6DGi
4NaVSltcaMJtT9lmkXKFVi7pEtiAKgd/bhSfEZhxKBYHc/nrDA73GzKXywIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFGOkOFYgBp7CZpAfnzdizdfdT8O3MB8GA1UdIwQY
MBaAFCqhS/+DSA0QzQ++u4Cyy1CR/PgvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3FGTF80TklEUkRORDc2N2dMTExVSkg4LUM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9iMTk4MTEtZmEyMy00N2IwLWI1Nzct
MTc2OThmODhjM2JkLzEvWTZRNFZpQUduc0pta0ItZk4yTE4xOTFQdzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9iMTk4MTEtZmEyMy00N2IwLWI1NzctMTc2OThmODhjM2Jk
LzEvS3FGTF80TklEUkRORDc2N2dMTExVSkg4LUM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDLq/AAwQD
PnqQAwQEXVtwAwQDXsYgAwQCuS5gMA0EAgACMAcDBQAqA86AMA0GCSqGSIb3DQEB
CwUAA4IBAQAFa52xHEo5cABEuKkNHFYqMKc/4l1D0Dnqos+36cEPlXovTGcwE5sW
5dKpDA2YFcTz/gt8jzaFhShnRCJUzWIKB5doDap05zOOkOqVCcBXL5PZkWp5lt0A
fDH3v2jqHmbeguthU/LC/m61PWlMU9ymaD6nH/COjuOdns4Ar/BPoNoFY7jOQf5J
2ghQGSXHZIbsRnWpjbyo5znHdFSH+KlDTRyReWY5YgoIgSU7FuVb33E3PdDAS1rv
AdLUCmUKzK+omB+V+ee7ZoxpIJxEIOUpt7QCbhXyWkzbwHySCkagL5cqnF17frlj
7atAUPxl/dBDzBGOfjzgrQqTH46aZbrU
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:39:28 2024 by rpki-client on console-ams.rpki-client.org