Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d1a71c-b8f8-412d-9da1-2401b74206f3/1/ObQ-a-YoT9d0J20R2C8_0PoZ-R4.roa
File:                     ObQ-a-YoT9d0J20R2C8_0PoZ-R4.roa (raw, json)
Hash identifier:          fUFOhLtcYVAdfkaJN9B9AkGUOQi+JBVh1S7d0tqQ1Wc=
Subject key identifier:   39:B4:3E:6B:E6:28:4F:D7:74:27:6D:11:D8:2F:3F:D0:FA:19:F9:1E
Certificate issuer:       /CN=f56b2049b3a9aa6f2368e6eeb4bfcd167953a5e9
Certificate serial:       018CC8DFB349683A7AC4A8C525F7DD50E11C
Authority key identifier: F5:6B:20:49:B3:A9:AA:6F:23:68:E6:EE:B4:BF:CD:16:79:53:A5:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9WsgSbOpqm8jaObutL_NFnlTpek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/d1a71c-b8f8-412d-9da1-2401b74206f3/1/ObQ-a-YoT9d0J20R2C8_0PoZ-R4.roa
Signing time:             Tue 02 Jan 2024 06:32:32 +0000
ROA not before:           Tue 02 Jan 2024 06:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43366
IP address blocks:        45.155.212.0/22 maxlen: 25
                          195.35.114.0/23 maxlen: 24
                          185.103.76.0/22 maxlen: 24
                          2a06:2a80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/d1a71c-b8f8-412d-9da1-2401b74206f3/1/9WsgSbOpqm8jaObutL_NFnlTpek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/d1a71c-b8f8-412d-9da1-2401b74206f3/1/9WsgSbOpqm8jaObutL_NFnlTpek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9WsgSbOpqm8jaObutL_NFnlTpek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:b3:49:68:3a:7a:c4:a8:c5:25:f7:dd:50:e1:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f56b2049b3a9aa6f2368e6eeb4bfcd167953a5e9
        Validity
            Not Before: Jan  2 06:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39b43e6be6284fd774276d11d82f3fd0fa19f91e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:19:0d:ea:93:85:ce:42:c5:a6:cf:4c:cd:a2:
                    37:fa:1f:3b:c4:8f:25:9f:d4:76:ac:24:bf:a1:4b:
                    45:78:81:66:e4:7f:76:11:b8:2a:38:da:46:02:92:
                    6f:54:5c:b8:b5:f9:d1:60:f9:fd:6c:1d:3e:9a:86:
                    7e:45:d9:1f:4b:f8:7c:b3:4a:08:59:3a:7f:d6:1f:
                    74:91:3f:fd:62:89:db:59:92:47:ad:67:f7:54:30:
                    26:fa:8d:20:a1:10:bb:6d:d7:4b:d4:03:3e:26:15:
                    d1:46:55:3f:ee:0d:4f:6b:15:8e:b6:65:11:19:30:
                    e2:16:11:2d:02:5d:a2:5c:cb:d7:18:0e:58:64:e2:
                    af:79:bc:d5:4a:34:d6:b8:7f:b3:d1:16:02:82:a9:
                    1a:87:23:26:40:67:5b:ae:c1:87:e8:ab:c1:66:2b:
                    ae:55:4b:36:28:9c:cf:9a:c8:fe:97:89:97:e7:73:
                    4a:e6:8a:bb:54:7f:52:a5:83:ac:58:af:f0:af:0d:
                    f2:ff:be:ca:f8:6b:d8:62:47:ad:50:14:e6:63:9f:
                    35:08:89:4d:35:0a:d1:bd:13:f9:22:fb:6c:d5:cd:
                    9e:df:c6:0a:cc:fd:07:ea:1a:fd:36:53:ea:b5:3c:
                    e2:0c:df:d7:ca:61:e4:6c:fd:d0:29:f7:18:9e:5f:
                    1d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B4:3E:6B:E6:28:4F:D7:74:27:6D:11:D8:2F:3F:D0:FA:19:F9:1E
            X509v3 Authority Key Identifier:
                keyid:F5:6B:20:49:B3:A9:AA:6F:23:68:E6:EE:B4:BF:CD:16:79:53:A5:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9WsgSbOpqm8jaObutL_NFnlTpek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d1a71c-b8f8-412d-9da1-2401b74206f3/1/ObQ-a-YoT9d0J20R2C8_0PoZ-R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d1a71c-b8f8-412d-9da1-2401b74206f3/1/9WsgSbOpqm8jaObutL_NFnlTpek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.212.0/22
                  185.103.76.0/22
                  195.35.114.0/23
                IPv6:
                  2a06:2a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:0d:5d:0b:bd:9a:eb:fa:c7:73:18:8f:17:dc:02:40:42:d4:
         1e:ec:3d:69:ea:ed:d4:f1:cd:8e:27:20:0d:93:2f:ed:25:a6:
         06:63:c6:eb:bc:0c:00:6b:17:68:d5:a9:3d:c8:13:e4:0c:61:
         e3:2d:d4:da:91:d1:5b:8d:01:b9:15:e4:bb:56:11:13:03:45:
         db:2b:d7:97:33:43:48:6e:06:15:29:89:c1:8a:e0:ac:65:31:
         f1:bf:ef:3d:24:4a:e9:d4:84:59:a6:f2:7e:02:a9:0e:ab:d0:
         98:e8:1b:21:98:35:75:d3:dd:06:6e:35:75:87:e2:c9:44:6e:
         b9:76:32:ea:a7:cb:00:46:96:58:39:e7:64:a4:7d:81:f0:2f:
         65:05:59:57:30:36:ec:af:d5:1e:d5:7e:df:7a:b9:12:81:0b:
         a2:3e:b3:c9:b5:34:a5:e9:5e:a1:8d:7f:9b:5f:ca:fb:e2:a8:
         8e:e8:7d:e4:6a:e5:bb:8c:6e:ff:f4:fb:a4:69:57:94:04:61:
         b7:e5:dc:e5:c2:6e:8c:1c:34:25:f1:c6:14:97:41:db:4d:52:
         11:d8:be:93:d6:76:69:d7:0e:db:26:75:3c:9c:d2:94:e7:6f:
         80:2a:0d:5a:99:23:c6:54:52:e8:08:9d:6e:6a:22:57:1c:b2:
         00:a7:7c:31
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzI37NJaDp6xKjFJffdUOEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NmIyMDQ5YjNhOWFhNmYyMzY4ZTZlZWI0YmZjZDE2Nzk1
M2E1ZTkwHhcNMjQwMTAyMDYzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWI0M2U2YmU2Mjg0ZmQ3NzQyNzZkMTFkODJmM2ZkMGZhMTlmOTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxkN6pOFzkLFps9MzaI3+h87xI8l
n9R2rCS/oUtFeIFm5H92EbgqONpGApJvVFy4tfnRYPn9bB0+moZ+RdkfS/h8s0oI
WTp/1h90kT/9YonbWZJHrWf3VDAm+o0goRC7bddL1AM+JhXRRlU/7g1PaxWOtmUR
GTDiFhEtAl2iXMvXGA5YZOKvebzVSjTWuH+z0RYCgqkahyMmQGdbrsGH6KvBZiuu
VUs2KJzPmsj+l4mX53NK5oq7VH9SpYOsWK/wrw3y/77K+GvYYketUBTmY581CIlN
NQrRvRP5Ivts1c2e38YKzP0H6hr9NlPqtTziDN/XymHkbP3QKfcYnl8d2wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDm0PmvmKE/XdCdtEdgvP9D6GfkeMB8GA1UdIwQY
MBaAFPVrIEmzqapvI2jm7rS/zRZ5U6XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVdzZ1NiT3BxbThqYU9idXRMX05GbmxUcGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kMWE3MWMtYjhmOC00MTJkLTlkYTEt
MjQwMWI3NDIwNmYzLzEvT2JRLWEtWW9UOWQwSjIwUjJDOF8wUG9aLVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kMWE3MWMtYjhmOC00MTJkLTlkYTEtMjQwMWI3NDIwNmYz
LzEvOVdzZ1NiT3BxbThqYU9idXRMX05GbmxUcGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLZvUAwQC
uWdMAwQBwyNyMA0EAgACMAcDBQMqBiqAMA0GCSqGSIb3DQEBCwUAA4IBAQBUDV0L
vZrr+sdzGI8X3AJAQtQe7D1p6u3U8c2OJyANky/tJaYGY8brvAwAaxdo1ak9yBPk
DGHjLdTakdFbjQG5FeS7VhETA0XbK9eXM0NIbgYVKYnBiuCsZTHxv+89JErp1IRZ
pvJ+AqkOq9CY6BshmDV1090GbjV1h+LJRG65djLqp8sARpZYOedkpH2B8C9lBVlX
MDbsr9Ue1X7ferkSgQuiPrPJtTSl6V6hjX+bX8r74qiO6H3kauW7jG7/9PukaVeU
BGG35dzlwm6MHDQl8cYUl0HbTVIR2L6T1nZp1w7bJnU8nNKU52+AKg1amSPGVFLo
CJ1uaiJXHLIAp3wx
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:05:24 2024 by rpki-client on console-ams.rpki-client.org