Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/qLPR5OK0CBdJ9SXYZf73vnlyGgs.roa
File:                     qLPR5OK0CBdJ9SXYZf73vnlyGgs.roa (raw, json)
Hash identifier:          a97fHkOJsKN720YMSWWsjWA65Jb/MkVCy/H4OsG0+JQ=
Subject key identifier:   A8:B3:D1:E4:E2:B4:08:17:49:F5:25:D8:65:FE:F7:BE:79:72:1A:0B
Certificate issuer:       /CN=baa23f740ad564c5693b77091c71b3c03136a580
Certificate serial:       018CC793FB243A210F68EF9EFD1EACD03A4A
Authority key identifier: BA:A2:3F:74:0A:D5:64:C5:69:3B:77:09:1C:71:B3:C0:31:36:A5:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqI_dArVZMVpO3cJHHGzwDE2pYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/qLPR5OK0CBdJ9SXYZf73vnlyGgs.roa
Signing time:             Tue 02 Jan 2024 00:30:13 +0000
ROA not before:           Tue 02 Jan 2024 00:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49040
IP address blocks:        185.242.90.0/24 maxlen: 24
                          185.242.89.0/24 maxlen: 24
                          185.242.88.0/24 maxlen: 24
                          185.242.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/uqI_dArVZMVpO3cJHHGzwDE2pYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/uqI_dArVZMVpO3cJHHGzwDE2pYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqI_dArVZMVpO3cJHHGzwDE2pYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:fb:24:3a:21:0f:68:ef:9e:fd:1e:ac:d0:3a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baa23f740ad564c5693b77091c71b3c03136a580
        Validity
            Not Before: Jan  2 00:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8b3d1e4e2b4081749f525d865fef7be79721a0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:74:de:c3:f9:e1:90:4f:e2:53:78:be:a4:31:
                    de:cc:19:f5:a9:62:d1:0f:45:8f:b5:06:a0:30:a8:
                    8b:6b:3b:9d:5d:8f:ca:f8:4c:d4:53:9d:b6:2f:92:
                    cd:53:a1:5b:f9:e0:03:2b:1b:ee:d5:54:7a:69:86:
                    c0:47:ed:48:f0:90:d1:1f:6c:ba:cd:d0:e7:16:76:
                    d1:c0:c5:30:8e:70:ad:c8:e5:ea:79:56:db:e1:07:
                    96:a5:5c:b4:50:b9:b5:6e:a6:a2:23:b7:32:bb:0a:
                    1e:21:1b:1d:d8:e1:78:7e:52:ed:a3:6e:3c:87:18:
                    cb:ed:53:e5:d8:e3:c1:80:57:5f:11:dc:af:b6:09:
                    2f:d0:c1:08:ab:8d:ff:ae:77:04:35:f6:82:ce:ef:
                    43:e9:c8:a9:5f:28:78:62:9e:03:ef:3c:3b:c4:1e:
                    71:1f:6e:be:01:04:a6:27:02:d5:0e:69:0a:5c:11:
                    a7:aa:cc:4c:20:54:f5:ef:35:ab:d5:69:1e:14:66:
                    f0:e0:bb:a9:4d:d1:3e:90:4a:27:9c:b4:f4:ad:e6:
                    63:d2:e5:b4:75:89:ea:8b:08:30:2a:61:2c:43:48:
                    e9:4d:6d:b4:ab:87:cc:83:35:7f:15:a3:d5:94:4e:
                    5e:c1:fe:9b:eb:f3:2e:06:64:a2:9e:6a:99:d0:53:
                    d9:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B3:D1:E4:E2:B4:08:17:49:F5:25:D8:65:FE:F7:BE:79:72:1A:0B
            X509v3 Authority Key Identifier:
                keyid:BA:A2:3F:74:0A:D5:64:C5:69:3B:77:09:1C:71:B3:C0:31:36:A5:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqI_dArVZMVpO3cJHHGzwDE2pYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/qLPR5OK0CBdJ9SXYZf73vnlyGgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8c09b3-f6d8-4c9a-964c-8527c9b3e75f/1/uqI_dArVZMVpO3cJHHGzwDE2pYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:90:f6:22:d2:4e:c1:4f:43:1d:26:30:e9:f3:83:44:67:f2:
         2c:d0:85:2c:0e:b6:f5:f6:2b:c3:cf:a3:9d:6f:c2:b9:34:87:
         0a:3f:fb:34:f2:06:71:67:2a:7c:66:c4:2a:9d:73:38:e7:f7:
         14:5d:2a:ab:dc:f1:66:f0:8d:71:42:d6:5a:5d:6e:6a:75:32:
         a0:95:7f:48:6d:5f:9f:cd:7c:19:b4:87:5d:dd:de:f0:bd:0d:
         aa:b5:70:e2:82:72:58:5b:ee:b7:9a:fa:2a:21:ba:d6:4d:8a:
         6c:66:f8:ce:95:49:cc:68:eb:e5:61:93:9f:e8:3a:25:e9:30:
         2a:29:2d:33:a6:12:71:63:84:91:8c:d9:3f:f9:04:27:4d:31:
         9e:95:8a:76:51:61:32:44:94:95:33:c2:ba:9d:24:fc:c9:6a:
         6a:4d:04:0f:e5:74:ac:d0:8a:51:f0:39:c4:68:95:ac:3e:33:
         86:61:58:91:fa:e1:e2:5d:a1:c2:40:b2:09:5a:51:1e:a6:f7:
         f8:65:80:2b:78:ed:11:82:93:6b:f3:5c:db:8d:03:35:f7:5c:
         60:9c:87:40:fa:62:2d:10:c5:22:64:16:c7:20:88:ee:21:26:
         ef:72:40:d4:db:e3:36:66:8a:d7:b7:18:55:15:7c:8b:92:9f:
         e6:b0:52:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk/skOiEPaO+e/R6s0DpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTIzZjc0MGFkNTY0YzU2OTNiNzcwOTFjNzFiM2MwMzEz
NmE1ODAwHhcNMjQwMTAyMDAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGIzZDFlNGUyYjQwODE3NDlmNTI1ZDg2NWZlZjdiZTc5NzIxYTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnTew/nhkE/iU3i+pDHezBn1qWLR
D0WPtQagMKiLazudXY/K+EzUU522L5LNU6Fb+eADKxvu1VR6aYbAR+1I8JDRH2y6
zdDnFnbRwMUwjnCtyOXqeVbb4QeWpVy0ULm1bqaiI7cyuwoeIRsd2OF4flLto248
hxjL7VPl2OPBgFdfEdyvtgkv0MEIq43/rncENfaCzu9D6cipXyh4Yp4D7zw7xB5x
H26+AQSmJwLVDmkKXBGnqsxMIFT17zWr1WkeFGbw4LupTdE+kEonnLT0reZj0uW0
dYnqiwgwKmEsQ0jpTW20q4fMgzV/FaPVlE5ewf6b6/MuBmSinmqZ0FPZrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiz0eTitAgXSfUl2GX+9755choLMB8GA1UdIwQY
MBaAFLqiP3QK1WTFaTt3CRxxs8AxNqWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFJX2RBclZaTVZwTzNjSkhIR3p3REUycFlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi84YzA5YjMtZjZkOC00YzlhLTk2NGMt
ODUyN2M5YjNlNzVmLzEvcUxQUjVPSzBDQmRKOVNYWVpmNzN2bmx5R2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi84YzA5YjMtZjZkOC00YzlhLTk2NGMtODUyN2M5YjNlNzVm
LzEvdXFJX2RBclZaTVZwTzNjSkhIR3p3REUycFlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufJYMA0G
CSqGSIb3DQEBCwUAA4IBAQBJkPYi0k7BT0MdJjDp84NEZ/Is0IUsDrb19ivDz6Od
b8K5NIcKP/s08gZxZyp8ZsQqnXM45/cUXSqr3PFm8I1xQtZaXW5qdTKglX9IbV+f
zXwZtIdd3d7wvQ2qtXDignJYW+63mvoqIbrWTYpsZvjOlUnMaOvlYZOf6Dol6TAq
KS0zphJxY4SRjNk/+QQnTTGelYp2UWEyRJSVM8K6nST8yWpqTQQP5XSs0IpR8DnE
aJWsPjOGYViR+uHiXaHCQLIJWlEepvf4ZYAreO0RgpNr81zbjQM191xgnIdA+mIt
EMUiZBbHIIjuISbvckDU2+M2ZorXtxhVFXyLkp/msFJa
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:31:58 2024 by rpki-client on console-ams.rpki-client.org