Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/Q_jJvKdVKYdETQOtgfVI8kaDxBY.roa
File:                     Q_jJvKdVKYdETQOtgfVI8kaDxBY.roa (raw, json)
Hash identifier:          gcRyeULCo6372CJdBpTY/d8gFseO+qZsVD5j24anMME=
Subject key identifier:   43:F8:C9:BC:A7:55:29:87:44:4D:03:AD:81:F5:48:F2:46:83:C4:16
Certificate issuer:       /CN=83bce35561f541bda97e777e6879a1d704e7b42f
Certificate serial:       018CC349089B12B411053EBDE64329285EF7
Authority key identifier: 83:BC:E3:55:61:F5:41:BD:A9:7E:77:7E:68:79:A1:D7:04:E7:B4:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g7zjVWH1Qb2pfnd-aHmh1wTntC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/Q_jJvKdVKYdETQOtgfVI8kaDxBY.roa
Signing time:             Mon 01 Jan 2024 04:29:52 +0000
ROA not before:           Mon 01 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44527
IP address blocks:        31.44.214.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/g7zjVWH1Qb2pfnd-aHmh1wTntC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/g7zjVWH1Qb2pfnd-aHmh1wTntC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g7zjVWH1Qb2pfnd-aHmh1wTntC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:08:9b:12:b4:11:05:3e:bd:e6:43:29:28:5e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83bce35561f541bda97e777e6879a1d704e7b42f
        Validity
            Not Before: Jan  1 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43f8c9bca7552987444d03ad81f548f24683c416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b5:72:e4:a7:c6:29:f3:98:e5:bb:4c:74:fb:
                    bd:b1:31:34:6b:30:d4:cf:0c:9e:76:8f:92:59:02:
                    8d:d9:c5:cd:9c:1f:f0:6e:bc:54:fd:f5:bb:49:91:
                    8b:6d:74:06:fa:1c:91:e6:18:d6:27:50:82:0e:9f:
                    07:70:73:5d:19:5d:b1:ed:f5:05:83:fc:d8:67:13:
                    06:27:02:05:6b:f3:ce:4e:a1:3c:86:7e:2b:25:06:
                    4b:14:53:e2:a7:16:64:b0:15:85:49:c2:a3:98:7e:
                    2a:b7:e0:c1:94:59:7e:78:94:3e:68:7d:0a:c8:6d:
                    1b:49:d0:7a:25:94:1d:22:3d:83:b9:d9:a3:c2:c3:
                    7f:be:78:12:d0:00:9b:e3:56:3c:69:ab:f9:f1:28:
                    33:9a:25:53:ef:f4:85:9f:bf:88:09:af:91:17:83:
                    c8:b0:86:0d:37:15:cf:2c:bd:d9:0a:1b:37:45:74:
                    42:54:e4:5d:0b:8a:a9:bc:b7:8b:de:2e:63:33:4c:
                    92:d9:7e:88:dd:5e:58:6d:4e:54:40:e6:47:42:91:
                    17:00:88:7a:2e:a5:07:85:a3:5d:69:23:b0:2f:a9:
                    0a:7c:6c:b7:81:09:bf:74:9b:25:d2:02:7a:85:e9:
                    92:46:dc:70:8c:4e:31:b7:60:75:21:9f:8f:8f:8e:
                    cc:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F8:C9:BC:A7:55:29:87:44:4D:03:AD:81:F5:48:F2:46:83:C4:16
            X509v3 Authority Key Identifier:
                keyid:83:BC:E3:55:61:F5:41:BD:A9:7E:77:7E:68:79:A1:D7:04:E7:B4:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g7zjVWH1Qb2pfnd-aHmh1wTntC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/Q_jJvKdVKYdETQOtgfVI8kaDxBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/35064b-7a5a-4c74-8743-fd8660c4fd6e/1/g7zjVWH1Qb2pfnd-aHmh1wTntC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:da:0d:52:38:14:a2:5a:d7:93:3d:1c:28:80:2e:39:74:2a:
         69:a0:e3:5b:9f:e2:eb:c5:67:f0:ed:50:a3:45:58:a5:73:1d:
         0c:e3:fb:b6:8f:b2:88:eb:14:10:b5:e9:64:bd:1b:72:f4:61:
         ad:f5:22:a3:fe:53:3d:7e:62:6f:b8:8b:9c:40:93:6f:56:ef:
         31:ef:e4:e5:96:15:b8:8c:80:44:bf:a6:89:c2:35:1e:d5:9d:
         17:b0:d9:80:b5:0b:48:21:6b:89:4b:99:26:d4:7d:d3:90:4e:
         8b:f4:2d:e3:10:28:4c:1f:6c:14:56:27:13:f7:84:aa:f4:77:
         6a:74:6b:bd:53:2b:7a:eb:b2:2e:24:90:e0:80:13:1e:e2:e3:
         1b:3c:13:a3:d5:e9:31:45:07:02:81:4b:b2:10:67:4c:ad:eb:
         eb:f4:18:2c:ce:f2:ef:c6:c4:37:27:0a:59:00:66:14:f5:1c:
         65:49:fe:81:d4:80:df:d0:e1:a3:01:5e:a3:29:5f:f0:09:8a:
         22:bd:c7:4c:5d:7f:f0:11:de:a1:04:12:8e:b3:1c:85:0c:ec:
         83:d2:cd:46:36:47:28:58:4c:3a:01:6d:61:23:8d:20:57:6f:
         6a:f9:ae:66:81:dc:eb:39:1f:ed:fb:fb:fa:bd:91:33:50:be:
         bb:97:d9:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQibErQRBT695kMpKF73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYmNlMzU1NjFmNTQxYmRhOTdlNzc3ZTY4NzlhMWQ3MDRl
N2I0MmYwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Y4YzliY2E3NTUyOTg3NDQ0ZDAzYWQ4MWY1NDhmMjQ2ODNjNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rVy5KfGKfOY5btMdPu9sTE0azDU
zwyedo+SWQKN2cXNnB/wbrxU/fW7SZGLbXQG+hyR5hjWJ1CCDp8HcHNdGV2x7fUF
g/zYZxMGJwIFa/POTqE8hn4rJQZLFFPipxZksBWFScKjmH4qt+DBlFl+eJQ+aH0K
yG0bSdB6JZQdIj2DudmjwsN/vngS0ACb41Y8aav58SgzmiVT7/SFn7+ICa+RF4PI
sIYNNxXPLL3ZChs3RXRCVORdC4qpvLeL3i5jM0yS2X6I3V5YbU5UQOZHQpEXAIh6
LqUHhaNdaSOwL6kKfGy3gQm/dJsl0gJ6hemSRtxwjE4xt2B1IZ+Pj47MgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEP4ybynVSmHRE0DrYH1SPJGg8QWMB8GA1UdIwQY
MBaAFIO841Vh9UG9qX53fmh5odcE57QvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzd6alZXSDFRYjJwZm5kLWFIbWgxd1RudEM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zNTA2NGItN2E1YS00Yzc0LTg3NDMt
ZmQ4NjYwYzRmZDZlLzEvUV9qSnZLZFZLWWRFVFFPdGdmVkk4a2FEeEJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zNTA2NGItN2E1YS00Yzc0LTg3NDMtZmQ4NjYwYzRmZDZl
LzEvZzd6alZXSDFRYjJwZm5kLWFIbWgxd1RudEM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHyzWMA0G
CSqGSIb3DQEBCwUAA4IBAQBg2g1SOBSiWteTPRwogC45dCppoONbn+LrxWfw7VCj
RVilcx0M4/u2j7KI6xQQtelkvRty9GGt9SKj/lM9fmJvuIucQJNvVu8x7+TllhW4
jIBEv6aJwjUe1Z0XsNmAtQtIIWuJS5km1H3TkE6L9C3jEChMH2wUVicT94Sq9Hdq
dGu9Uyt667IuJJDggBMe4uMbPBOj1ekxRQcCgUuyEGdMrevr9BgszvLvxsQ3JwpZ
AGYU9RxlSf6B1IDf0OGjAV6jKV/wCYoivcdMXX/wEd6hBBKOsxyFDOyD0s1GNkco
WEw6AW1hI40gV29q+a5mgdzrOR/t+/v6vZEzUL67l9lw
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:15:36 2024 by rpki-client on console-ams.rpki-client.org