Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/qDbtLpk6UejzhXP-ZFQmJ3h9p7o.roa
File:                     qDbtLpk6UejzhXP-ZFQmJ3h9p7o.roa (raw, json)
Hash identifier:          faJ/HsPjnbat0bBSJvZK5tWvTJgytu3X2RXRauVcUng=
Subject key identifier:   A8:36:ED:2E:99:3A:51:E8:F3:85:73:FE:64:54:26:27:78:7D:A7:BA
Certificate issuer:       /CN=63926fcff81bb91a6a71ae5e8935ab4daae53744
Certificate serial:       018CC50115109EE7C1863FDEA2E3CDC28032
Authority key identifier: 63:92:6F:CF:F8:1B:B9:1A:6A:71:AE:5E:89:35:AB:4D:AA:E5:37:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/qDbtLpk6UejzhXP-ZFQmJ3h9p7o.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41853
IP address blocks:        91.102.152.0/21 maxlen: 24
                          91.102.158.0/24 maxlen: 24
                          91.102.155.0/24 maxlen: 24
                          91.102.154.0/24 maxlen: 24
                          93.189.40.0/21 maxlen: 24
                          2a00:5820::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:15:10:9e:e7:c1:86:3f:de:a2:e3:cd:c2:80:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63926fcff81bb91a6a71ae5e8935ab4daae53744
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a836ed2e993a51e8f38573fe64542627787da7ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ae:b5:b0:d8:bf:b5:fb:10:8a:71:3e:58:f7:
                    59:c8:fe:ed:78:40:d1:db:82:d3:dc:a2:e3:a5:46:
                    d1:ec:66:20:bd:f6:0b:90:6f:ea:66:6b:2c:aa:93:
                    09:ee:4c:a1:e4:72:73:9a:f5:21:40:94:7c:41:a9:
                    e2:97:5d:e2:81:af:f6:30:c7:83:fc:e5:5e:37:db:
                    1c:9c:82:ec:10:e9:33:ac:5f:ba:99:7d:bb:22:f8:
                    1b:77:6c:6c:f7:3a:ae:e6:c3:13:5a:39:48:06:2b:
                    cd:97:b7:61:0e:c9:79:64:d5:8e:6a:b9:8f:fa:10:
                    1c:e5:8f:6b:79:bf:ed:8c:41:52:cf:e3:fb:2c:fb:
                    85:47:d8:a2:7d:dd:0f:90:63:e5:d2:6c:cb:c5:22:
                    8c:2e:30:5b:b3:e7:c7:30:42:6f:15:e7:bc:ab:cb:
                    4c:e1:51:20:26:d4:c2:b0:b3:93:c8:4c:0f:fe:fa:
                    59:54:13:4a:0d:b6:37:6d:78:7e:49:cc:83:0f:15:
                    8b:f5:40:ef:4c:4f:0b:f4:88:8b:07:1c:53:74:0d:
                    e5:05:75:df:96:fc:6d:8d:db:25:03:7c:4f:ba:f7:
                    dc:2b:2b:46:16:d1:30:f4:79:3d:25:ad:8f:f9:c3:
                    f5:66:ef:a3:7b:92:68:ab:4e:14:a3:fa:f6:fc:58:
                    6a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:36:ED:2E:99:3A:51:E8:F3:85:73:FE:64:54:26:27:78:7D:A7:BA
            X509v3 Authority Key Identifier:
                keyid:63:92:6F:CF:F8:1B:B9:1A:6A:71:AE:5E:89:35:AB:4D:AA:E5:37:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/qDbtLpk6UejzhXP-ZFQmJ3h9p7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/e04fc4-2c6e-4af7-939e-048391f8db9c/1/Y5Jvz_gbuRpqca5eiTWrTarlN0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.152.0/21
                  93.189.40.0/21
                IPv6:
                  2a00:5820::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:86:7b:f9:70:69:bd:b3:1f:a4:db:97:5f:6a:de:82:76:2c:
         84:53:db:bc:d5:78:41:42:c5:ca:35:11:72:14:91:01:7c:83:
         26:1e:a5:8e:52:d9:85:10:ef:34:6b:0c:10:10:5d:9b:ab:a9:
         0c:a9:c5:f1:7b:7c:8a:14:e4:84:18:f8:ee:8d:72:7b:d0:61:
         d5:61:a8:5e:85:40:a0:4b:81:6c:e0:48:c8:3f:f6:50:aa:cc:
         3f:62:e9:42:d0:1f:43:ce:cf:cf:70:f8:ee:7a:7e:d3:f0:62:
         2a:f2:15:70:5e:46:6f:59:8c:f5:be:aa:b9:f3:88:cf:d5:90:
         c1:61:b4:94:2d:93:1c:cf:41:e1:cd:70:22:1c:5a:e7:24:1a:
         af:99:ea:ba:00:fa:82:3b:64:d9:4d:2f:1c:2c:16:13:5e:46:
         6f:b1:14:ce:df:e7:51:30:60:a4:aa:51:1a:99:48:b5:75:6b:
         1a:de:e5:48:fc:ed:ed:47:54:d8:9e:a1:39:17:35:96:55:6d:
         7e:05:08:ae:5a:33:cd:75:c3:08:9c:b3:9d:6e:62:a2:72:c0:
         1f:11:8e:e9:c1:17:e3:c7:6d:7d:28:a0:89:62:df:60:52:16:
         f6:29:6c:6b:56:33:f1:cb:85:da:ac:b1:5d:88:ab:91:22:15:
         19:fd:fb:28
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFARUQnufBhj/eouPNwoAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzOTI2ZmNmZjgxYmI5MWE2YTcxYWU1ZTg5MzVhYjRkYWFl
NTM3NDQwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODM2ZWQyZTk5M2E1MWU4ZjM4NTczZmU2NDU0MjYyNzc4N2RhN2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr661sNi/tfsQinE+WPdZyP7teEDR
24LT3KLjpUbR7GYgvfYLkG/qZmssqpMJ7kyh5HJzmvUhQJR8Qanil13iga/2MMeD
/OVeN9scnILsEOkzrF+6mX27Ivgbd2xs9zqu5sMTWjlIBivNl7dhDsl5ZNWOarmP
+hAc5Y9reb/tjEFSz+P7LPuFR9iifd0PkGPl0mzLxSKMLjBbs+fHMEJvFee8q8tM
4VEgJtTCsLOTyEwP/vpZVBNKDbY3bXh+ScyDDxWL9UDvTE8L9IiLBxxTdA3lBXXf
lvxtjdslA3xPuvfcKytGFtEw9Hk9Ja2P+cP1Zu+je5Joq04Uo/r2/FhqrQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKg27S6ZOlHo84Vz/mRUJid4fae6MB8GA1UdIwQY
MBaAFGOSb8/4G7kaanGuXok1q02q5TdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTVKdnpfZ2J1UnBxY2E1ZWlUV3JUYXJsTjBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9lMDRmYzQtMmM2ZS00YWY3LTkzOWUt
MDQ4MzkxZjhkYjljLzEvcURidExwazZVZWp6aFhQLVpGUW1KM2g5cDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9lMDRmYzQtMmM2ZS00YWY3LTkzOWUtMDQ4MzkxZjhkYjlj
LzEvWTVKdnpfZ2J1UnBxY2E1ZWlUV3JUYXJsTjBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDW2aYAwQD
Xb0oMA0EAgACMAcDBQAqAFggMA0GCSqGSIb3DQEBCwUAA4IBAQAqhnv5cGm9sx+k
25dfat6CdiyEU9u81XhBQsXKNRFyFJEBfIMmHqWOUtmFEO80awwQEF2bq6kMqcXx
e3yKFOSEGPjujXJ70GHVYahehUCgS4Fs4EjIP/ZQqsw/YulC0B9Dzs/PcPjuen7T
8GIq8hVwXkZvWYz1vqq584jP1ZDBYbSULZMcz0HhzXAiHFrnJBqvmeq6APqCO2TZ
TS8cLBYTXkZvsRTO3+dRMGCkqlEamUi1dWsa3uVI/O3tR1TYnqE5FzWWVW1+BQiu
WjPNdcMInLOdbmKicsAfEY7pwRfjx219KKCJYt9gUhb2KWxrVjPxy4XarLFdiKuR
IhUZ/fso
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:38:55 2024 by rpki-client on console-ams.rpki-client.org