Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/qLWf2mRKFKxIdrSjxVwcVnO-h2k.roa
File:                     qLWf2mRKFKxIdrSjxVwcVnO-h2k.roa (raw, json)
Hash identifier:          dEfDxREs0H+Ilr57BFZrm+nNxNDiz7PohVgIRBirefs=
Subject key identifier:   A8:B5:9F:DA:64:4A:14:AC:48:76:B4:A3:C5:5C:1C:56:73:BE:87:69
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       018CC3B6C5AEF040BB6A7E951B19A04E515C
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/qLWf2mRKFKxIdrSjxVwcVnO-h2k.roa
Signing time:             Mon 01 Jan 2024 06:29:44 +0000
ROA not before:           Mon 01 Jan 2024 06:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51395
IP address blocks:        5.182.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c5:ae:f0:40:bb:6a:7e:95:1b:19:a0:4e:51:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  1 06:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8b59fda644a14ac4876b4a3c55c1c5673be8769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5a:e7:2f:af:01:71:26:62:31:c0:00:85:30:
                    a2:95:db:16:7d:a6:08:80:95:43:33:3b:04:b0:9a:
                    3c:83:f2:2e:1b:5b:ee:04:01:48:41:5f:87:e3:bf:
                    cb:d7:f0:07:3a:b9:86:a9:02:ef:19:1d:cf:b8:29:
                    3d:36:17:86:cd:df:7b:75:17:68:1a:34:d3:ac:b7:
                    57:db:17:d7:33:05:7d:55:de:0e:a4:1c:1a:a3:39:
                    c1:62:c8:b1:c6:92:4d:e5:d6:88:77:a3:6a:44:9d:
                    8e:88:a6:30:f0:7a:52:da:4e:03:b8:ab:da:c8:8d:
                    2b:ef:66:11:16:0f:f7:1b:5f:8f:3a:1f:e6:a3:00:
                    82:4c:76:26:5c:2f:d7:f4:47:b5:fd:64:2e:85:27:
                    d4:52:e2:b6:2a:03:2c:65:87:90:5d:14:ee:25:26:
                    97:88:fd:41:29:48:c1:3b:92:61:8d:9e:8b:f3:89:
                    65:7c:b2:1c:65:15:98:63:23:d7:99:0e:8d:64:88:
                    33:d3:e8:b7:2f:0e:29:4a:e7:18:09:5a:99:6c:db:
                    28:73:99:70:6b:a9:f4:95:55:4e:02:70:c0:b7:8f:
                    49:3c:c1:64:a4:8d:74:18:ad:a3:58:5d:21:ba:ed:
                    b2:47:46:df:5e:dd:fd:90:43:2f:3b:f9:8a:89:e8:
                    36:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B5:9F:DA:64:4A:14:AC:48:76:B4:A3:C5:5C:1C:56:73:BE:87:69
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/qLWf2mRKFKxIdrSjxVwcVnO-h2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:18:2e:c3:40:c9:85:c4:a9:9e:88:2a:dd:e5:93:25:3a:9f:
         83:11:ea:1b:a9:95:01:35:52:8e:07:62:c0:45:0d:6f:dd:ef:
         fc:49:c5:ad:25:17:c4:f5:c7:dd:f1:2d:40:04:8a:48:f3:c3:
         21:81:d5:2d:6d:29:1a:d0:7b:a8:2d:6d:67:ae:9e:db:02:61:
         7c:22:f5:ab:b9:43:ae:88:11:5d:8f:2a:19:bf:5f:90:86:63:
         c0:17:8e:36:12:4b:b3:b8:a2:ac:f2:a3:c2:d0:2b:90:63:48:
         f0:56:98:60:5f:09:fd:63:8e:8e:39:b6:f9:f6:31:25:01:e7:
         b4:b4:73:6b:40:eb:3b:80:5a:4d:f6:46:00:99:ca:18:9b:48:
         59:86:cd:59:96:bc:2a:3f:b3:7a:e4:d6:73:c9:46:c8:9e:96:
         b6:cf:ce:68:d7:0d:93:33:e9:77:cb:9a:6f:64:37:f3:89:f8:
         e8:af:5c:57:69:71:40:09:bd:60:ea:cd:53:fb:d1:d8:0b:f3:
         21:f8:13:95:05:41:c4:0a:56:0e:70:11:9b:fd:ac:64:ed:b5:
         99:77:29:cc:4d:44:3a:93:2f:7d:1a:54:68:af:fd:63:7d:18:
         17:5b:99:1c:d1:3f:2e:ab:47:3c:b1:91:43:15:aa:1b:78:27:
         df:e5:60:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsWu8EC7an6VGxmgTlFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjQwMTAxMDYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGI1OWZkYTY0NGExNGFjNDg3NmI0YTNjNTVjMWM1NjczYmU4NzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFrnL68BcSZiMcAAhTCildsWfaYI
gJVDMzsEsJo8g/IuG1vuBAFIQV+H47/L1/AHOrmGqQLvGR3PuCk9NheGzd97dRdo
GjTTrLdX2xfXMwV9Vd4OpBwaoznBYsixxpJN5daId6NqRJ2OiKYw8HpS2k4DuKva
yI0r72YRFg/3G1+POh/mowCCTHYmXC/X9Ee1/WQuhSfUUuK2KgMsZYeQXRTuJSaX
iP1BKUjBO5JhjZ6L84llfLIcZRWYYyPXmQ6NZIgz0+i3Lw4pSucYCVqZbNsoc5lw
a6n0lVVOAnDAt49JPMFkpI10GK2jWF0huu2yR0bfXt39kEMvO/mKieg2RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKi1n9pkShSsSHa0o8VcHFZzvodpMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvcUxXZjJtUktGS3hJZHJTanhWd2NWbk8taDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbYkMA0G
CSqGSIb3DQEBCwUAA4IBAQBoGC7DQMmFxKmeiCrd5ZMlOp+DEeobqZUBNVKOB2LA
RQ1v3e/8ScWtJRfE9cfd8S1ABIpI88MhgdUtbSka0HuoLW1nrp7bAmF8IvWruUOu
iBFdjyoZv1+QhmPAF442EkuzuKKs8qPC0CuQY0jwVphgXwn9Y46OObb59jElAee0
tHNrQOs7gFpN9kYAmcoYm0hZhs1ZlrwqP7N65NZzyUbInpa2z85o1w2TM+l3y5pv
ZDfzifjor1xXaXFACb1g6s1T+9HYC/Mh+BOVBUHEClYOcBGb/axk7bWZdynMTUQ6
ky99GlRor/1jfRgXW5kc0T8uq0c8sZFDFaobeCff5WCo
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:26:42 2024 by rpki-client on console-fra.rpki-client.org