Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/q1ZcYf_JT9N80meN4fls3Ej1Qzk.roa
File:                     q1ZcYf_JT9N80meN4fls3Ej1Qzk.roa (raw, json)
Hash identifier:          UAg1NpJEoY46Kw1drG00gS5dW3iZ/CFxJltHjHzgqz0=
Subject key identifier:   AB:56:5C:61:FF:C9:4F:D3:7C:D2:67:8D:E1:F9:6C:DC:48:F5:43:39
Certificate issuer:       /CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Certificate serial:       018CC56EFE0E00E23D90F88292587B7864D5
Authority key identifier: A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/q1ZcYf_JT9N80meN4fls3Ej1Qzk.roa
Signing time:             Mon 01 Jan 2024 14:30:34 +0000
ROA not before:           Mon 01 Jan 2024 14:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33891
IP address blocks:        92.43.104.0/21 maxlen: 21
                          92.43.109.0/24 maxlen: 24
                          92.43.110.0/24 maxlen: 24
                          92.43.106.0/24 maxlen: 24
                          92.43.107.0/24 maxlen: 24
                          92.43.108.0/24 maxlen: 24
                          80.255.0.0/20 maxlen: 20
                          5.56.16.0/21 maxlen: 21
                          82.199.149.0/24 maxlen: 24
                          82.199.151.0/24 maxlen: 24
                          82.199.152.0/24 maxlen: 24
                          82.199.146.0/24 maxlen: 24
                          82.199.147.0/24 maxlen: 24
                          82.199.148.0/24 maxlen: 24
                          83.142.80.0/21 maxlen: 21
                          82.199.153.0/24 maxlen: 24
                          82.199.154.0/24 maxlen: 24
                          195.138.249.0/24 maxlen: 24
                          195.138.250.0/24 maxlen: 24
                          195.138.248.0/21 maxlen: 21
                          82.199.157.0/24 maxlen: 24
                          82.199.158.0/24 maxlen: 24
                          82.199.159.0/24 maxlen: 24
                          31.7.176.0/20 maxlen: 20
                          31.7.182.0/24 maxlen: 24
                          31.7.183.0/24 maxlen: 24
                          81.95.0.0/20 maxlen: 20
                          81.95.8.0/24 maxlen: 24
                          81.95.9.0/24 maxlen: 24
                          82.199.128.0/19 maxlen: 19
                          82.199.130.0/24 maxlen: 24
                          82.199.131.0/24 maxlen: 24
                          82.199.128.0/24 maxlen: 24
                          82.199.138.0/24 maxlen: 24
                          82.199.141.0/24 maxlen: 24
                          82.199.142.0/24 maxlen: 24
                          82.199.143.0/24 maxlen: 24
                          82.199.144.0/24 maxlen: 24
                          82.199.145.0/24 maxlen: 24
                          2a01:4a0:47::/48 maxlen: 48
                          2a01:4a0:62::/48 maxlen: 48
                          2a01:4a0:30::/48 maxlen: 48
                          2a01:4a0:e::/48 maxlen: 48
                          2a01:4a0:48::/48 maxlen: 48
                          2a01:4a0:b::/48 maxlen: 48
                          2a01:4a0:5::/48 maxlen: 48
                          2a01:4a0:45::/48 maxlen: 48
                          2a01:4a0::/32 maxlen: 32
                          2a01:4a0:42::/48 maxlen: 48
                          2a01:4a0:38::/48 maxlen: 48
                          2a01:4a0:56::/48 maxlen: 48
                          2a01:4a0:50::/48 maxlen: 48
                          2a01:4a0::/29 maxlen: 29
                          2a01:4a0:17::/48 maxlen: 48
                          2a01:4a0:46::/48 maxlen: 48
                          2a01:4a0:43::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fe:0e:00:e2:3d:90:f8:82:92:58:7b:78:64:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
        Validity
            Not Before: Jan  1 14:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab565c61ffc94fd37cd2678de1f96cdc48f54339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8d:6c:ca:29:b5:1d:9d:86:e4:d4:97:74:59:
                    c6:49:e2:92:12:f7:cd:ae:be:61:7d:40:6b:a4:7d:
                    e9:f5:f8:cf:cd:68:ce:ed:5b:4c:26:7d:0c:dc:d4:
                    15:45:b6:2a:50:5e:1c:7d:a9:08:74:2f:c2:dc:e5:
                    2a:4e:73:62:d3:53:bb:22:f5:c7:ff:f1:4b:30:dc:
                    bd:f1:76:91:07:57:2b:3d:f3:48:0d:e0:06:55:d6:
                    32:5d:cc:3c:89:d4:b5:d9:41:62:f5:05:fe:82:a8:
                    c2:f1:28:11:f4:3b:ab:06:33:41:68:b2:d9:39:ff:
                    28:08:ec:19:a9:26:11:c4:31:d6:78:36:79:75:57:
                    49:b7:96:ff:12:4f:0a:1e:ed:82:f8:a7:b8:0d:f1:
                    3f:5f:51:af:f5:fb:80:94:d7:fc:c6:32:ec:7c:17:
                    a7:25:2f:66:0b:99:b8:77:a4:8c:e5:0e:f2:da:be:
                    d3:52:25:44:d1:68:2e:b8:55:e5:5d:d0:dc:67:fb:
                    95:48:64:fa:21:a3:bb:f2:a1:8c:d9:0b:f6:eb:75:
                    c1:61:da:70:c7:21:7e:69:d1:57:2b:54:16:fd:aa:
                    03:1e:e4:5a:aa:b8:76:1c:6a:7b:e0:99:e5:88:e2:
                    6a:26:d0:b2:56:41:29:32:28:47:94:da:c9:57:b4:
                    71:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:56:5C:61:FF:C9:4F:D3:7C:D2:67:8D:E1:F9:6C:DC:48:F5:43:39
            X509v3 Authority Key Identifier:
                keyid:A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/q1ZcYf_JT9N80meN4fls3Ej1Qzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.16.0/21
                  31.7.176.0/20
                  80.255.0.0/20
                  81.95.0.0/20
                  82.199.128.0/19
                  83.142.80.0/21
                  92.43.104.0/21
                  195.138.248.0/21
                IPv6:
                  2a01:4a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:16:35:11:42:5d:76:9f:11:93:ae:50:f7:4b:86:93:99:38:
         b2:53:36:14:eb:e0:43:71:e1:36:77:7f:68:02:e4:09:0e:9b:
         d5:c9:8a:bc:13:3c:c4:0b:7a:c7:47:92:ab:17:08:a2:c5:da:
         6c:91:c1:36:06:d4:31:e8:c9:8d:ec:c5:34:12:7e:88:78:b2:
         08:71:36:bc:2c:c1:74:c4:c1:c8:74:3a:37:93:f2:47:e3:c2:
         9b:33:d6:a9:1a:2b:d1:ab:3a:80:b4:1b:44:69:56:21:1a:f4:
         c0:0c:ad:ea:e5:ae:87:57:be:42:1a:32:0f:5f:df:ca:d6:3c:
         a2:2e:a5:ec:87:f9:67:7e:b7:b1:39:f1:1a:6c:8e:74:22:37:
         1e:59:d2:46:c5:ad:36:ac:20:f6:e3:55:a5:1f:b1:b0:67:a4:
         bc:57:c5:46:7b:5f:98:d3:99:7e:1b:75:39:47:f4:c8:29:03:
         c7:d4:60:88:cd:b0:25:ed:33:d1:92:f9:b0:c6:f4:d0:0b:25:
         3b:6a:41:0b:2f:bf:26:bb:45:06:ff:b2:06:b5:76:9a:20:d1:
         6e:12:ed:38:1a:df:20:ed:98:1e:1c:b6:0d:ce:af:19:d4:c5:
         42:38:ce:db:90:31:2d:f0:d5:e8:1e:8c:fc:ac:90:62:07:6c:
         1d:b5:32:77
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzFbv4OAOI9kPiCklh7eGTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Yjc1YjY0ZDVkYTE3ZDcwYmJhYmQ4MTFhMzlhNjAyZGRh
Zjk2M2EwHhcNMjQwMTAxMTQzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjU2NWM2MWZmYzk0ZmQzN2NkMjY3OGRlMWY5NmNkYzQ4ZjU0MzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAio1syim1HZ2G5NSXdFnGSeKSEvfN
rr5hfUBrpH3p9fjPzWjO7VtMJn0M3NQVRbYqUF4cfakIdC/C3OUqTnNi01O7IvXH
//FLMNy98XaRB1crPfNIDeAGVdYyXcw8idS12UFi9QX+gqjC8SgR9DurBjNBaLLZ
Of8oCOwZqSYRxDHWeDZ5dVdJt5b/Ek8KHu2C+Ke4DfE/X1Gv9fuAlNf8xjLsfBen
JS9mC5m4d6SM5Q7y2r7TUiVE0WguuFXlXdDcZ/uVSGT6IaO78qGM2Qv263XBYdpw
xyF+adFXK1QW/aoDHuRaqrh2HGp74JnliOJqJtCyVkEpMihHlNrJV7RxrwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFKtWXGH/yU/TfNJnjeH5bNxI9UM5MB8GA1UdIwQY
MBaAFKm3W2TV2hfXC7q9gRo5pgLdr5Y6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUt
OWIxMTgwNGVjZDM5LzEvcTFaY1lmX0pUOU44MG1lTjRmbHMzRWoxUXprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUtOWIxMTgwNGVjZDM5
LzEvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBTgQAwQE
HwewAwQEUP8AAwQEUV8AAwQFUseAAwQDU45QAwQDXCtoAwQDw4r4MA0EAgACMAcD
BQMqAQSgMA0GCSqGSIb3DQEBCwUAA4IBAQAOFjURQl12nxGTrlD3S4aTmTiyUzYU
6+BDceE2d39oAuQJDpvVyYq8EzzEC3rHR5KrFwiixdpskcE2BtQx6MmN7MU0En6I
eLIIcTa8LMF0xMHIdDo3k/JH48KbM9apGivRqzqAtBtEaVYhGvTADK3q5a6HV75C
GjIPX9/K1jyiLqXsh/lnfrexOfEabI50IjceWdJGxa02rCD241WlH7GwZ6S8V8VG
e1+Y05l+G3U5R/TIKQPH1GCIzbAl7TPRkvmwxvTQCyU7akELL78mu0UG/7IGtXaa
INFuEu04Gt8g7ZgeHLYNzq8Z1MVCOM7bkDEt8NXoHoz8rJBiB2wdtTJ3
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:16:06 2024 by rpki-client on console-fra.rpki-client.org