Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/qtzkdjS6Yb8fVRpHxSHyL_C8oD8.roa
File:                     qtzkdjS6Yb8fVRpHxSHyL_C8oD8.roa (raw, json)
Hash identifier:          0JNoXDdZeWdOvQH614NIANI/gbB4cvtoJl+ml386CsI=
Subject key identifier:   AA:DC:E4:76:34:BA:61:BF:1F:55:1A:47:C5:21:F2:2F:F0:BC:A0:3F
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F3AEF78EF48CF5712D93A76A12BD
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/qtzkdjS6Yb8fVRpHxSHyL_C8oD8.roa
Signing time:             Mon 01 Jan 2024 08:30:05 +0000
ROA not before:           Mon 01 Jan 2024 08:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47952
IP address blocks:        194.127.118.0/24 maxlen: 24
                          194.127.117.0/24 maxlen: 24
                          194.127.116.0/24 maxlen: 24
                          194.127.119.0/24 maxlen: 24
                          185.185.235.0/24 maxlen: 24
                          91.106.219.0/24 maxlen: 24
                          91.106.218.0/24 maxlen: 24
                          91.106.217.0/24 maxlen: 24
                          91.106.216.0/24 maxlen: 24
                          193.35.206.0/24 maxlen: 24
                          193.35.205.0/24 maxlen: 24
                          193.35.204.0/24 maxlen: 24
                          193.35.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f3:ae:f7:8e:f4:8c:f5:71:2d:93:a7:6a:12:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aadce47634ba61bf1f551a47c521f22ff0bca03f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9e:c0:68:99:8f:10:0d:86:19:ab:e6:7e:8c:
                    ea:fa:9a:18:96:b4:80:47:67:36:06:e0:73:ea:42:
                    50:6c:58:b9:db:40:82:79:ef:1c:ce:99:00:01:1c:
                    39:c6:94:fa:5b:bb:60:f0:75:9e:81:4b:bd:3f:05:
                    fe:a5:ab:41:9c:72:14:c9:31:9f:47:b5:65:8a:08:
                    25:ed:51:83:b8:41:f1:0b:0f:d2:cc:fe:d0:ba:45:
                    23:0f:fb:cd:da:5a:0e:61:66:84:6e:7e:78:e6:b0:
                    17:b4:ee:99:9f:f3:b2:85:45:a7:ed:fb:cb:6c:76:
                    1d:56:40:80:aa:0c:b7:e5:aa:b1:df:1b:a5:bb:a5:
                    15:8c:99:f9:2d:96:7d:e9:20:4c:35:27:e2:e5:26:
                    df:c2:90:9a:ef:73:8e:5d:33:f3:6e:93:6a:b0:a4:
                    17:7b:0b:d3:96:68:03:29:5e:8e:ab:2b:dc:29:b0:
                    1d:3f:03:1a:88:06:43:d2:fb:98:77:c1:f1:25:1c:
                    cd:4e:88:7d:94:48:a4:f4:fd:aa:30:7d:23:f5:d6:
                    b6:25:4b:80:e0:ed:b5:67:63:81:b3:d5:e3:99:df:
                    53:4d:d2:09:71:bd:36:2f:a1:90:fe:14:ee:b0:f5:
                    12:83:68:6a:b2:5b:79:fd:e4:d5:9c:2f:71:fa:e8:
                    64:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:DC:E4:76:34:BA:61:BF:1F:55:1A:47:C5:21:F2:2F:F0:BC:A0:3F
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/qtzkdjS6Yb8fVRpHxSHyL_C8oD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.106.216.0/22
                  185.185.235.0/24
                  193.35.204.0/22
                  194.127.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:85:42:01:60:c3:8a:48:b7:ee:3b:af:e5:05:aa:db:3c:04:
         0c:e2:b7:e8:bd:f4:a8:a6:cc:c3:80:0d:1c:ac:d8:2c:53:d7:
         88:03:b2:f5:34:ad:c7:f5:54:91:7e:fe:ad:ce:55:af:98:82:
         75:a5:ad:a4:cf:95:39:d3:6f:93:af:4f:09:fd:08:b7:f8:e5:
         0c:4d:0a:de:d3:ad:81:c2:c0:46:e6:55:31:19:6c:69:88:cc:
         92:15:f4:42:f2:23:cc:50:08:b5:b5:e7:31:9b:ff:d4:98:fb:
         6a:34:ac:60:b9:5d:77:36:1c:f1:fe:f0:94:01:48:d3:dc:c6:
         fb:e0:f9:58:8d:2d:8d:0c:90:1c:79:76:c5:d7:9e:14:6e:b0:
         38:b4:ac:6f:70:d3:e6:33:e7:59:38:52:f6:ff:f7:00:9e:b7:
         10:eb:42:03:28:94:00:23:83:f5:93:64:ea:eb:f5:df:e3:eb:
         bd:62:ac:c6:a8:c2:de:9c:0c:e0:32:bc:43:0c:57:6a:28:07:
         c2:4a:94:d7:88:6f:78:25:10:e0:46:50:1b:49:54:99:07:f4:
         7b:e4:91:3f:9d:ce:c3:47:3f:77:e8:a5:13:8e:81:93:33:7a:
         53:38:cf:d2:1b:11:b2:2a:4c:98:44:bb:85:a7:d8:92:b1:45:
         2d:6c:3c:6f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEJPOu9470jPVxLZOnahK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWRjZTQ3NjM0YmE2MWJmMWY1NTFhNDdjNTIxZjIyZmYwYmNhMDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg57AaJmPEA2GGavmfozq+poYlrSA
R2c2BuBz6kJQbFi520CCee8czpkAARw5xpT6W7tg8HWegUu9PwX+patBnHIUyTGf
R7Vliggl7VGDuEHxCw/SzP7QukUjD/vN2loOYWaEbn545rAXtO6Zn/OyhUWn7fvL
bHYdVkCAqgy35aqx3xulu6UVjJn5LZZ96SBMNSfi5SbfwpCa73OOXTPzbpNqsKQX
ewvTlmgDKV6OqyvcKbAdPwMaiAZD0vuYd8HxJRzNToh9lEik9P2qMH0j9da2JUuA
4O21Z2OBs9Xjmd9TTdIJcb02L6GQ/hTusPUSg2hqslt5/eTVnC9x+uhkzwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKrc5HY0umG/H1UaR8Uh8i/wvKA/MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvcXR6a2RqUzZZYjhmVlJwSHhTSHlMX0M4b0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW2rYAwQA
ubnrAwQCwSPMAwQCwn90MA0GCSqGSIb3DQEBCwUAA4IBAQAHhUIBYMOKSLfuO6/l
BarbPAQM4rfovfSopszDgA0crNgsU9eIA7L1NK3H9VSRfv6tzlWvmIJ1pa2kz5U5
02+Tr08J/Qi3+OUMTQre062BwsBG5lUxGWxpiMySFfRC8iPMUAi1tecxm//UmPtq
NKxguV13Nhzx/vCUAUjT3Mb74PlYjS2NDJAceXbF154UbrA4tKxvcNPmM+dZOFL2
//cAnrcQ60IDKJQAI4P1k2Tq6/Xf4+u9YqzGqMLenAzgMrxDDFdqKAfCSpTXiG94
JRDgRlAbSVSZB/R75JE/nc7DRz936KUTjoGTM3pTOM/SGxGyKkyYRLuFp9iSsUUt
bDxv
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:26:18 2024 by rpki-client on console-fra.rpki-client.org