Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/y_QomMEL04zbN99hSlDui5930sU.roa
File:                     y_QomMEL04zbN99hSlDui5930sU.roa (raw, json)
Hash identifier:          Hg/KqdtRkLvjDgSvnZVTWjhrUHI7JRNroqG3oqb4D0M=
Subject key identifier:   CB:F4:28:98:C1:0B:D3:8C:DB:37:DF:61:4A:50:EE:8B:9F:77:D2:C5
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       018CC3B6C376801427D79A8CA87D18989386
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/y_QomMEL04zbN99hSlDui5930sU.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43624
IP address blocks:        193.43.147.0/24 maxlen: 24
                          193.57.137.0/24 maxlen: 24
                          193.46.57.0/24 maxlen: 24
                          93.185.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c3:76:80:14:27:d7:9a:8c:a8:7d:18:98:93:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbf42898c10bd38cdb37df614a50ee8b9f77d2c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:32:56:7a:5c:66:55:a6:1b:2a:1d:3e:9c:96:
                    cc:a9:43:05:8b:88:ea:dd:21:7f:b2:aa:1e:b8:36:
                    0f:23:81:59:68:a0:75:73:a4:8a:b0:c2:e2:bc:4d:
                    fc:8b:bf:09:70:8e:9b:6a:82:8b:99:53:00:40:10:
                    57:2f:87:79:57:56:d5:36:b6:fe:f3:34:e8:9a:06:
                    a5:17:6d:35:c0:fb:73:16:93:46:46:92:04:a5:b5:
                    0c:3f:cb:6f:6a:78:7c:69:4c:a8:19:62:12:d7:44:
                    7f:b5:79:3a:21:2a:5d:ba:c1:f3:03:e7:1a:c5:d3:
                    32:f5:0b:4b:1f:57:28:25:02:9f:04:dc:d0:2f:43:
                    89:96:0d:5c:21:77:4f:10:59:19:e1:d2:53:62:0f:
                    d7:12:ef:41:c5:c9:52:fd:9f:3c:d3:8d:dd:86:e3:
                    ca:73:c0:67:cc:bf:a8:37:c6:b1:fd:cd:c3:44:d1:
                    f2:bf:38:91:0d:1f:c0:54:c3:e6:69:eb:f0:09:dc:
                    21:90:2b:3c:45:52:2f:b1:d2:46:4d:b0:23:10:0c:
                    0e:8d:dd:70:80:64:48:17:43:76:dd:b2:b4:22:d3:
                    b3:13:b7:5e:39:30:21:30:ee:89:ed:6c:49:49:74:
                    3c:24:9a:66:a0:45:7e:a6:1a:ef:7c:f9:f7:1b:c6:
                    7f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F4:28:98:C1:0B:D3:8C:DB:37:DF:61:4A:50:EE:8B:9F:77:D2:C5
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/y_QomMEL04zbN99hSlDui5930sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.166.0/24
                  193.43.147.0/24
                  193.46.57.0/24
                  193.57.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e8:c1:fe:93:5f:88:24:29:21:0c:2d:df:78:1d:bd:4d:7c:94:
         a8:8f:7e:d1:be:26:41:38:0d:7d:07:b9:8a:31:b5:55:66:e9:
         a5:e5:db:d0:7f:95:75:fc:40:ab:bd:bf:19:06:55:35:27:5b:
         c7:29:b0:8a:48:75:8d:43:e0:dd:07:d9:eb:bb:17:79:22:65:
         01:a2:ef:d6:60:a7:4f:67:67:ec:7a:3e:e7:e6:f0:e6:fb:f0:
         04:b5:92:05:d0:9d:0d:ae:7f:6e:8b:fa:ab:98:ba:b0:0e:3f:
         3c:b9:c6:3a:65:d3:fc:c3:b3:a5:69:88:d0:fe:37:c2:a0:93:
         4e:26:7e:24:74:2e:89:80:b1:a9:ef:fb:19:e2:82:40:ea:83:
         b7:d3:af:1b:d0:13:0e:49:99:c3:71:e7:7c:1b:7c:f0:a1:c3:
         d7:3c:61:8c:7b:39:d8:0c:48:13:59:b9:5a:b0:f4:be:56:40:
         40:98:0a:90:60:af:25:b5:15:b2:ee:b2:69:1f:64:47:02:b2:
         07:9a:fa:44:23:97:a7:6e:34:49:db:c9:b3:70:2e:89:bd:1b:
         da:7d:53:de:28:21:eb:1b:44:41:3c:4f:a3:7f:59:ef:66:c0:
         d1:c5:4c:70:9d:8e:cf:1c:b3:bf:36:81:f2:e2:ba:bb:5c:3c:
         ed:4d:a5:11
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzDtsN2gBQn15qMqH0YmJOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmY0Mjg5OGMxMGJkMzhjZGIzN2RmNjE0YTUwZWU4YjlmNzdkMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDJWelxmVaYbKh0+nJbMqUMFi4jq
3SF/sqoeuDYPI4FZaKB1c6SKsMLivE38i78JcI6baoKLmVMAQBBXL4d5V1bVNrb+
8zTomgalF201wPtzFpNGRpIEpbUMP8tvanh8aUyoGWIS10R/tXk6ISpdusHzA+ca
xdMy9QtLH1coJQKfBNzQL0OJlg1cIXdPEFkZ4dJTYg/XEu9BxclS/Z88043dhuPK
c8BnzL+oN8ax/c3DRNHyvziRDR/AVMPmaevwCdwhkCs8RVIvsdJGTbAjEAwOjd1w
gGRIF0N23bK0ItOzE7deOTAhMO6J7WxJSXQ8JJpmoEV+phrvfPn3G8Z/ywIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMv0KJjBC9OM2zffYUpQ7oufd9LFMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEveV9Rb21NRUwwNHpiTjk5aFNsRHVpNTkzMHNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAXbmmAwQA
wSuTAwQAwS45AwQAwTmJMA0GCSqGSIb3DQEBCwUAA4IBAQDowf6TX4gkKSEMLd94
Hb1NfJSoj37RviZBOA19B7mKMbVVZuml5dvQf5V1/ECrvb8ZBlU1J1vHKbCKSHWN
Q+DdB9nruxd5ImUBou/WYKdPZ2fsej7n5vDm+/AEtZIF0J0Nrn9ui/qrmLqwDj88
ucY6ZdP8w7OlaYjQ/jfCoJNOJn4kdC6JgLGp7/sZ4oJA6oO3068b0BMOSZnDced8
G3zwocPXPGGMeznYDEgTWblasPS+VkBAmAqQYK8ltRWy7rJpH2RHArIHmvpEI5en
bjRJ28mzcC6JvRvafVPeKCHrG0RBPE+jf1nvZsDRxUxwnY7PHLO/NoHy4rq7XDzt
TaUR
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:56:53 2024 by rpki-client on console-ams.rpki-client.org