Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/4e8e74-77e6-41eb-9047-59c18ada352f/1/qRp5jN7Ipfthiin5xppDik9uiLI.roa
File:                     qRp5jN7Ipfthiin5xppDik9uiLI.roa (raw, json)
Hash identifier:          fsTlvB7JUVxfsitCfgyEQqbjXai2/3dkBtGssl4iU9Q=
Subject key identifier:   A9:1A:79:8C:DE:C8:A5:FB:61:8A:29:F9:C6:9A:43:8A:4F:6E:88:B2
Certificate issuer:       /CN=3c1e3fddf7884d785a708fd4e664b62de910ebe8
Certificate serial:       018CC56EA829D016144E75FF8E19C263868E
Authority key identifier: 3C:1E:3F:DD:F7:88:4D:78:5A:70:8F:D4:E6:64:B6:2D:E9:10:EB:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PB4_3feITXhacI_U5mS2LekQ6-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/4e8e74-77e6-41eb-9047-59c18ada352f/1/qRp5jN7Ipfthiin5xppDik9uiLI.roa
Signing time:             Mon 01 Jan 2024 14:30:12 +0000
ROA not before:           Mon 01 Jan 2024 14:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204326
IP address blocks:        31.132.40.0/22 maxlen: 24
                          185.18.240.0/22 maxlen: 24
                          171.22.92.0/22 maxlen: 24
                          2a0d:9f40::/29 maxlen: 48
                          2a09:3cc0::/29 maxlen: 48
                          2a04:d00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/4e8e74-77e6-41eb-9047-59c18ada352f/1/PB4_3feITXhacI_U5mS2LekQ6-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/4e8e74-77e6-41eb-9047-59c18ada352f/1/PB4_3feITXhacI_U5mS2LekQ6-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PB4_3feITXhacI_U5mS2LekQ6-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a8:29:d0:16:14:4e:75:ff:8e:19:c2:63:86:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c1e3fddf7884d785a708fd4e664b62de910ebe8
        Validity
            Not Before: Jan  1 14:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a91a798cdec8a5fb618a29f9c69a438a4f6e88b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:92:e0:d2:c1:b9:7c:f0:df:73:d6:f8:5f:8e:
                    60:d9:64:58:8d:c0:65:50:45:b8:86:1c:e8:a8:a7:
                    05:c8:56:39:83:f5:ba:9d:24:65:d5:6d:e5:cd:f4:
                    86:a0:a8:73:8d:0c:0a:87:33:1c:51:85:aa:77:5b:
                    56:26:0b:5c:60:65:01:e6:de:6d:0a:a0:a1:2e:09:
                    8e:43:45:83:4d:c0:74:eb:40:93:77:01:40:0f:4b:
                    79:d2:84:d2:4c:83:ce:a6:3a:45:d2:b7:98:e6:90:
                    ca:b9:82:8c:40:99:84:4e:ba:a4:ba:03:7f:dd:e0:
                    bb:61:e9:de:db:c4:0c:6e:1f:56:0e:97:5f:32:1e:
                    89:7e:d6:65:ad:4b:23:6d:3a:5e:9f:f6:70:64:f8:
                    42:f7:ed:6a:4f:0a:00:cb:aa:05:a0:58:a1:3f:40:
                    59:9d:a9:80:ed:08:3e:f0:00:16:88:49:a4:dd:23:
                    3c:38:6a:8e:ad:59:e5:b7:e3:16:4c:43:0a:d8:e6:
                    a2:2e:cd:29:7d:db:b0:86:85:d1:e7:88:32:39:23:
                    16:98:36:cb:28:2e:fd:17:3c:35:19:17:ab:8a:7e:
                    a7:03:f6:13:b5:e4:e5:33:c8:1b:1b:ae:1c:5e:ff:
                    2a:ed:5d:db:b6:8f:0e:9f:91:84:12:e7:11:9a:af:
                    ec:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:1A:79:8C:DE:C8:A5:FB:61:8A:29:F9:C6:9A:43:8A:4F:6E:88:B2
            X509v3 Authority Key Identifier:
                keyid:3C:1E:3F:DD:F7:88:4D:78:5A:70:8F:D4:E6:64:B6:2D:E9:10:EB:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PB4_3feITXhacI_U5mS2LekQ6-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/4e8e74-77e6-41eb-9047-59c18ada352f/1/qRp5jN7Ipfthiin5xppDik9uiLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/4e8e74-77e6-41eb-9047-59c18ada352f/1/PB4_3feITXhacI_U5mS2LekQ6-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.132.40.0/22
                  171.22.92.0/22
                  185.18.240.0/22
                IPv6:
                  2a04:d00::/29
                  2a09:3cc0::/29
                  2a0d:9f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         d2:e1:0e:25:c4:21:55:f8:12:1e:c9:9e:54:77:e6:d8:8f:0a:
         df:02:3b:db:e7:c9:90:d3:c6:d8:15:af:9f:8c:83:c6:05:a2:
         22:c8:2d:74:ca:da:c2:74:ff:2e:b5:ac:ab:ec:6b:33:9a:68:
         3a:b5:b4:23:7f:24:02:95:4d:0a:79:f2:ba:eb:8a:95:7d:32:
         9b:ab:03:22:dc:33:58:31:1b:26:b0:c2:59:21:68:e0:7b:7e:
         98:e1:6c:7d:7c:dd:94:0e:38:dd:23:98:51:7d:39:08:19:bb:
         99:ac:46:ae:5a:15:a0:a5:70:6b:09:08:b8:a6:d0:31:12:47:
         0b:f1:48:b2:41:f1:58:2b:83:50:4a:f7:89:e7:3d:5d:81:30:
         79:6a:c6:f6:ac:d5:e3:c9:3a:82:26:6d:a2:5f:32:c0:e5:62:
         6d:e2:99:9b:3c:8a:ab:ff:db:8d:5c:76:b6:e2:4d:28:37:60:
         71:84:c1:df:05:0f:2a:46:91:07:61:db:89:4c:f9:6f:fe:ca:
         dc:17:73:5e:75:21:6f:da:82:5d:03:87:16:1a:e5:9e:b3:79:
         36:e7:08:ec:0d:0a:76:7a:c0:21:ba:df:72:06:1a:89:e7:9b:
         ed:b5:ce:54:af:94:e4:82:8c:5f:47:3c:24:7f:d6:c7:2e:4b:
         65:be:31:4a
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzFbqgp0BYUTnX/jhnCY4aOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMWUzZmRkZjc4ODRkNzg1YTcwOGZkNGU2NjRiNjJkZTkx
MGViZTgwHhcNMjQwMTAxMTQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTFhNzk4Y2RlYzhhNWZiNjE4YTI5ZjljNjlhNDM4YTRmNmU4OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipLg0sG5fPDfc9b4X45g2WRYjcBl
UEW4hhzoqKcFyFY5g/W6nSRl1W3lzfSGoKhzjQwKhzMcUYWqd1tWJgtcYGUB5t5t
CqChLgmOQ0WDTcB060CTdwFAD0t50oTSTIPOpjpF0reY5pDKuYKMQJmETrqkugN/
3eC7Yene28QMbh9WDpdfMh6JftZlrUsjbTpen/ZwZPhC9+1qTwoAy6oFoFihP0BZ
namA7Qg+8AAWiEmk3SM8OGqOrVnlt+MWTEMK2OaiLs0pfduwhoXR54gyOSMWmDbL
KC79Fzw1GRerin6nA/YTteTlM8gbG64cXv8q7V3bto8On5GEEucRmq/svwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFKkaeYzeyKX7YYop+caaQ4pPboiyMB8GA1UdIwQY
MBaAFDweP933iE14WnCP1OZkti3pEOvoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEI0XzNmZUlUWGhhY0lfVTVtUzJMZWtRNi1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80ZThlNzQtNzdlNi00MWViLTkwNDct
NTljMThhZGEzNTJmLzEvcVJwNWpON0lwZnRoaWluNXhwcERpazl1aUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80ZThlNzQtNzdlNi00MWViLTkwNDctNTljMThhZGEzNTJm
LzEvUEI0XzNmZUlUWGhhY0lfVTVtUzJMZWtRNi1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQCH4QoAwQC
qxZcAwQCuRLwMBsEAgACMBUDBQMqBA0AAwUDKgk8wAMFAyoNn0AwDQYJKoZIhvcN
AQELBQADggEBANLhDiXEIVX4Eh7JnlR35tiPCt8CO9vnyZDTxtgVr5+Mg8YFoiLI
LXTK2sJ0/y61rKvsazOaaDq1tCN/JAKVTQp58rrripV9MpurAyLcM1gxGyawwlkh
aOB7fpjhbH183ZQOON0jmFF9OQgZu5msRq5aFaClcGsJCLim0DESRwvxSLJB8Vgr
g1BK94nnPV2BMHlqxvas1ePJOoImbaJfMsDlYm3imZs8iqv/241cdrbiTSg3YHGE
wd8FDypGkQdh24lM+W/+ytwXc151IW/agl0DhxYa5Z6zeTbnCOwNCnZ6wCG633IG
Gonnm+21zlSvlOSCjF9HPCR/1scuS2W+MUo=
-----END CERTIFICATE-----
Generated at Sat Jun 15 12:29:43 2024 by rpki-client on console-fra.rpki-client.org