Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/fc8883-aad2-418b-9b87-ea216ba2594d/1/qCtYdkPr-91zN7xQdAM1DbVObKE.roa
File:                     qCtYdkPr-91zN7xQdAM1DbVObKE.roa (raw, json)
Hash identifier:          ANUMGWKADuGJKq2ZyUI1TEvO++fg4YAAOU1qthjNvpE=
Subject key identifier:   A8:2B:58:76:43:EB:FB:DD:73:37:BC:50:74:03:35:0D:B5:4E:6C:A1
Certificate issuer:       /CN=16fcf4866b6c85eb0cb7688edd43830f419d66a2
Certificate serial:       018CC500399295470C8D747CA69E80B54298
Authority key identifier: 16:FC:F4:86:6B:6C:85:EB:0C:B7:68:8E:DD:43:83:0F:41:9D:66:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fvz0hmtshesMt2iO3UODD0GdZqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/fc8883-aad2-418b-9b87-ea216ba2594d/1/qCtYdkPr-91zN7xQdAM1DbVObKE.roa
Signing time:             Mon 01 Jan 2024 12:29:35 +0000
ROA not before:           Mon 01 Jan 2024 12:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212613
IP address blocks:        193.176.121.0/24 maxlen: 24
                          193.176.120.0/22 maxlen: 22
                          193.176.120.0/24 maxlen: 24
                          193.176.123.0/24 maxlen: 24
                          193.176.122.0/24 maxlen: 24
                          2a05:5a00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/fc8883-aad2-418b-9b87-ea216ba2594d/1/Fvz0hmtshesMt2iO3UODD0GdZqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/fc8883-aad2-418b-9b87-ea216ba2594d/1/Fvz0hmtshesMt2iO3UODD0GdZqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fvz0hmtshesMt2iO3UODD0GdZqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:39:92:95:47:0c:8d:74:7c:a6:9e:80:b5:42:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16fcf4866b6c85eb0cb7688edd43830f419d66a2
        Validity
            Not Before: Jan  1 12:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a82b587643ebfbdd7337bc507403350db54e6ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ed:63:87:af:2a:af:2e:96:b4:a1:51:0a:16:
                    25:d4:c1:76:e4:3e:de:8f:22:a1:14:42:17:75:67:
                    77:09:d8:d6:c4:2c:c7:8e:14:b3:8f:7a:05:c7:97:
                    51:12:a7:15:e9:3a:13:3b:a0:0b:9e:aa:05:41:97:
                    2a:3f:cd:7b:a3:ba:4f:3c:24:a7:c9:bf:e1:11:59:
                    eb:15:6a:d8:30:f3:50:c1:7c:44:c8:79:29:67:4f:
                    2e:3c:2f:1f:97:c3:85:12:a6:6a:c4:40:cd:0a:26:
                    50:a8:ae:ee:8d:fe:4e:f5:be:ee:ed:98:5b:54:e8:
                    72:5e:7c:3c:f5:17:84:32:7a:89:42:31:cf:79:97:
                    2b:59:08:dd:a3:ab:f2:e9:1b:d4:34:62:94:d4:a7:
                    ea:f9:e4:a6:2f:83:3a:9d:bc:93:0d:f8:c6:b8:8f:
                    dc:09:b9:09:93:8c:32:98:40:0b:d4:5b:df:3e:0a:
                    76:af:2f:61:91:69:46:49:43:82:7a:d2:35:cf:7f:
                    ec:8d:55:b9:fd:38:10:19:f7:62:d6:12:c8:14:19:
                    26:3a:28:63:5f:5d:c3:6a:3e:b6:93:2d:d8:96:9f:
                    1d:59:55:2f:75:fb:55:8b:b0:65:e6:93:0f:51:3b:
                    ff:e1:e8:20:2c:97:be:75:df:f7:1f:f7:bc:ba:83:
                    d3:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:2B:58:76:43:EB:FB:DD:73:37:BC:50:74:03:35:0D:B5:4E:6C:A1
            X509v3 Authority Key Identifier:
                keyid:16:FC:F4:86:6B:6C:85:EB:0C:B7:68:8E:DD:43:83:0F:41:9D:66:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fvz0hmtshesMt2iO3UODD0GdZqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fc8883-aad2-418b-9b87-ea216ba2594d/1/qCtYdkPr-91zN7xQdAM1DbVObKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fc8883-aad2-418b-9b87-ea216ba2594d/1/Fvz0hmtshesMt2iO3UODD0GdZqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.120.0/22
                IPv6:
                  2a05:5a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:03:ee:5a:ad:23:54:fd:fb:ee:07:87:26:c8:48:a7:5a:7b:
         c3:69:ae:32:fc:af:91:63:6c:0f:b5:60:c7:ba:33:60:14:a0:
         30:be:5f:fb:03:c9:b3:ba:8f:9c:09:92:78:b6:fa:a7:ec:ef:
         6b:cc:4b:87:7b:1c:c2:c2:9f:00:78:98:ce:6e:e8:c6:36:a2:
         57:04:3b:cb:d8:60:20:27:cc:71:cf:8f:60:35:7b:88:a8:97:
         8d:90:40:7e:67:41:15:54:50:ff:55:46:a2:80:be:13:ef:17:
         cf:ff:12:82:5e:58:ee:85:e8:fa:56:81:43:07:16:07:05:6e:
         bf:b2:f2:f2:2c:1a:f6:0a:c5:31:96:3e:aa:36:a5:ba:bd:cd:
         17:be:d8:49:a5:35:d7:66:7f:11:52:b5:1f:d3:64:04:b5:55:
         68:3f:c1:80:bf:28:b1:6a:dd:c9:5b:03:5a:6c:21:d1:00:48:
         1f:e4:e4:97:69:33:e7:8c:5c:85:95:ac:09:2d:9c:87:18:12:
         7b:28:78:3f:aa:b6:61:97:fd:9c:7d:92:88:b2:0b:51:a4:d8:
         1d:1d:d3:16:a2:00:6d:80:64:ef:27:e6:32:f9:37:1f:8f:e8:
         80:d8:a9:f7:4d:10:fe:fc:96:1e:7d:dc:1e:e1:2f:4c:bb:fc:
         4f:42:cb:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFADmSlUcMjXR8pp6AtUKYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZmNmNDg2NmI2Yzg1ZWIwY2I3Njg4ZWRkNDM4MzBmNDE5
ZDY2YTIwHhcNMjQwMTAxMTIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODJiNTg3NjQzZWJmYmRkNzMzN2JjNTA3NDAzMzUwZGI1NGU2Y2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhu1jh68qry6WtKFRChYl1MF25D7e
jyKhFEIXdWd3CdjWxCzHjhSzj3oFx5dREqcV6ToTO6ALnqoFQZcqP817o7pPPCSn
yb/hEVnrFWrYMPNQwXxEyHkpZ08uPC8fl8OFEqZqxEDNCiZQqK7ujf5O9b7u7Zhb
VOhyXnw89ReEMnqJQjHPeZcrWQjdo6vy6RvUNGKU1Kfq+eSmL4M6nbyTDfjGuI/c
CbkJk4wymEAL1FvfPgp2ry9hkWlGSUOCetI1z3/sjVW5/TgQGfdi1hLIFBkmOihj
X13Daj62ky3Ylp8dWVUvdftVi7Bl5pMPUTv/4eggLJe+dd/3H/e8uoPTTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKgrWHZD6/vdcze8UHQDNQ21TmyhMB8GA1UdIwQY
MBaAFBb89IZrbIXrDLdojt1Dgw9BnWaiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnZ6MGhtdHNoZXNNdDJpTzNVT0REMEdkWnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mYzg4ODMtYWFkMi00MThiLTliODct
ZWEyMTZiYTI1OTRkLzEvcUN0WWRrUHItOTF6Tjd4UWRBTTFEYlZPYktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mYzg4ODMtYWFkMi00MThiLTliODctZWEyMTZiYTI1OTRk
LzEvRnZ6MGhtdHNoZXNNdDJpTzNVT0REMEdkWnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwbB4MA0E
AgACMAcDBQMqBVoAMA0GCSqGSIb3DQEBCwUAA4IBAQA5A+5arSNU/fvuB4cmyEin
WnvDaa4y/K+RY2wPtWDHujNgFKAwvl/7A8mzuo+cCZJ4tvqn7O9rzEuHexzCwp8A
eJjObujGNqJXBDvL2GAgJ8xxz49gNXuIqJeNkEB+Z0EVVFD/VUaigL4T7xfP/xKC
Xljuhej6VoFDBxYHBW6/svLyLBr2CsUxlj6qNqW6vc0XvthJpTXXZn8RUrUf02QE
tVVoP8GAvyixat3JWwNabCHRAEgf5OSXaTPnjFyFlawJLZyHGBJ7KHg/qrZhl/2c
fZKIsgtRpNgdHdMWogBtgGTvJ+Yy+Tcfj+iA2Kn3TRD+/JYefdwe4S9Mu/xPQsuf
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:25 2024 by rpki-client on console-fra.rpki-client.org