Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/QGLEWvPPLqbKYig-R4po-MReaF4.roa
File:                     QGLEWvPPLqbKYig-R4po-MReaF4.roa (raw, json)
Hash identifier:          a6evvTo6rfY79EPPffjkRniOT/6YS5j0Y7ZhhZyo70k=
Subject key identifier:   40:62:C4:5A:F3:CF:2E:A6:CA:62:28:3E:47:8A:68:F8:C4:5E:68:5E
Certificate issuer:       /CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
Certificate serial:       018CC348EF81E728BFD095F0F04A92F342D9
Authority key identifier: AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/QGLEWvPPLqbKYig-R4po-MReaF4.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397065
IP address blocks:        78.143.240.0/24 maxlen: 24
                          78.143.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ef:81:e7:28:bf:d0:95:f0:f0:4a:92:f3:42:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4062c45af3cf2ea6ca62283e478a68f8c45e685e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ae:8b:90:b8:71:48:ae:4b:ab:a6:5e:1f:f4:
                    dc:c7:b1:81:a0:db:aa:5f:c7:cd:6c:ec:17:a1:b3:
                    c5:d6:0c:12:2f:f3:10:dc:c9:12:d7:7d:6f:82:fe:
                    93:09:10:5d:de:01:dc:b2:6c:0f:17:59:9c:21:c5:
                    a8:8a:f2:a7:74:f3:bf:ea:cb:a4:c5:b8:e9:40:d4:
                    12:e2:15:6e:80:41:75:f3:48:18:58:76:08:19:52:
                    b0:cb:f5:47:69:fe:e5:5e:29:21:c4:2e:e6:a5:7a:
                    1d:96:aa:e4:0d:19:e3:40:3c:39:fe:f4:cc:d6:a2:
                    6b:47:de:08:fd:5c:29:2c:de:20:45:90:3e:85:45:
                    7e:9e:2f:82:0e:66:68:07:31:51:02:92:79:d3:62:
                    f2:d4:66:60:14:a8:9a:bd:45:1b:9e:bf:90:2f:5a:
                    56:e3:f9:41:05:b1:09:04:41:7e:9c:dd:76:ec:83:
                    db:d2:8a:a3:02:af:3c:2b:8d:86:c3:11:de:f8:e7:
                    a1:fc:a4:1d:a5:e5:50:fb:41:1c:8b:c4:2e:c0:dc:
                    a9:c2:ad:6f:c2:66:19:c0:30:92:ba:b2:6f:8a:1b:
                    eb:f5:55:dd:5c:7f:a6:4d:2e:bc:32:ca:9c:15:95:
                    3a:bb:cb:55:cd:89:54:10:ef:13:22:73:df:89:65:
                    83:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:62:C4:5A:F3:CF:2E:A6:CA:62:28:3E:47:8A:68:F8:C4:5E:68:5E
            X509v3 Authority Key Identifier:
                keyid:AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/QGLEWvPPLqbKYig-R4po-MReaF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.240.0/24
                  78.143.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:5c:93:9e:49:dc:f2:ba:08:40:9e:e0:44:96:ba:f2:c0:92:
         66:67:57:0a:8e:ba:0a:3e:a4:f5:41:03:be:70:b5:43:d5:dd:
         9b:6e:8c:5a:6f:a2:4f:31:f4:49:30:35:71:8f:7f:95:c9:3b:
         4b:ae:bc:bd:c1:a4:ef:35:7b:4f:3b:c8:a2:11:a4:08:3b:8c:
         8d:d0:09:ba:6d:09:5f:ae:b4:ed:e1:14:a1:7d:9b:a6:5c:7e:
         0d:ec:e8:de:12:83:af:0b:04:7f:e5:e9:94:b7:d6:0c:bb:c6:
         d0:da:55:f6:04:31:c6:9e:76:0e:d0:b1:28:05:60:b5:05:e3:
         f5:27:17:bb:52:68:75:73:b1:93:17:6d:8c:e5:0b:23:f2:87:
         a8:31:a9:c0:3e:df:84:c7:c4:b7:8f:a6:ee:40:d4:da:b5:2d:
         69:71:c7:92:2a:59:ec:e1:d3:60:4c:75:7c:ed:df:04:b8:51:
         25:75:5f:f9:e1:39:b3:b9:b8:43:5c:41:00:48:9f:39:7a:65:
         d4:9f:9b:a3:95:0e:62:b8:91:3b:1b:da:14:38:13:a1:85:f9:
         78:81:03:82:c6:0f:4e:13:97:ca:ad:e3:d8:2a:88:5e:a9:84:
         16:4f:ea:6e:e4:72:32:36:0b:cf:6b:da:c6:51:2a:41:6b:48:
         01:44:a3:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSO+B5yi/0JXw8EqS80LZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjY2ZWM1ZThmMjQwNWY2ZjhkNDg2ZTczZmI4MmI4ZGUw
ZGVlMGYwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDYyYzQ1YWYzY2YyZWE2Y2E2MjI4M2U0NzhhNjhmOGM0NWU2ODVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla6LkLhxSK5Lq6ZeH/Tcx7GBoNuq
X8fNbOwXobPF1gwSL/MQ3MkS131vgv6TCRBd3gHcsmwPF1mcIcWoivKndPO/6suk
xbjpQNQS4hVugEF180gYWHYIGVKwy/VHaf7lXikhxC7mpXodlqrkDRnjQDw5/vTM
1qJrR94I/VwpLN4gRZA+hUV+ni+CDmZoBzFRApJ502Ly1GZgFKiavUUbnr+QL1pW
4/lBBbEJBEF+nN127IPb0oqjAq88K42GwxHe+Oeh/KQdpeVQ+0Eci8QuwNypwq1v
wmYZwDCSurJvihvr9VXdXH+mTS68MsqcFZU6u8tVzYlUEO8TInPfiWWDwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEBixFrzzy6mymIoPkeKaPjEXmheMB8GA1UdIwQY
MBaAFK62bsXo8kBfb41IbnP7grjeDe4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUt
NmFlYTkwNTdjODAwLzEvUUdMRVd2UFBMcWJLWWlnLVI0cG8tTVJlYUY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUtNmFlYTkwNTdjODAw
LzEvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATo/wAwQA
To/zMA0GCSqGSIb3DQEBCwUAA4IBAQArXJOeSdzyughAnuBElrrywJJmZ1cKjroK
PqT1QQO+cLVD1d2bboxab6JPMfRJMDVxj3+VyTtLrry9waTvNXtPO8iiEaQIO4yN
0Am6bQlfrrTt4RShfZumXH4N7OjeEoOvCwR/5emUt9YMu8bQ2lX2BDHGnnYO0LEo
BWC1BeP1Jxe7Umh1c7GTF22M5Qsj8oeoManAPt+Ex8S3j6buQNTatS1pcceSKlns
4dNgTHV87d8EuFEldV/54TmzubhDXEEASJ85emXUn5ujlQ5iuJE7G9oUOBOhhfl4
gQOCxg9OE5fKrePYKoheqYQWT+pu5HIyNgvPa9rGUSpBa0gBRKNm
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:10:42 2024 by rpki-client on console-fra.rpki-client.org