Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/QvQSfh8pcGgDjwC0vC43E21Vagc.roa
File:                     QvQSfh8pcGgDjwC0vC43E21Vagc.roa (raw, json)
Hash identifier:          E/AnTqXMYgxH2TzbglOQ0tRlcvZaLWIoJgrnMO2DZ3s=
Subject key identifier:   42:F4:12:7E:1F:29:70:68:03:8F:00:B4:BC:2E:37:13:6D:55:6A:07
Certificate issuer:       /CN=d74ce9d9e18a2a8a06cb4d9b08b59cd76b221184
Certificate serial:       018CC492B28DDCAD62418F7573917ED9F1AD
Authority key identifier: D7:4C:E9:D9:E1:8A:2A:8A:06:CB:4D:9B:08:B5:9C:D7:6B:22:11:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10zp2eGKKooGy02bCLWc12siEYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/QvQSfh8pcGgDjwC0vC43E21Vagc.roa
Signing time:             Mon 01 Jan 2024 10:29:57 +0000
ROA not before:           Mon 01 Jan 2024 10:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25376
IP address blocks:        185.108.44.0/22 maxlen: 24
                          2a01:8560::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/10zp2eGKKooGy02bCLWc12siEYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/10zp2eGKKooGy02bCLWc12siEYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10zp2eGKKooGy02bCLWc12siEYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:b2:8d:dc:ad:62:41:8f:75:73:91:7e:d9:f1:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d74ce9d9e18a2a8a06cb4d9b08b59cd76b221184
        Validity
            Not Before: Jan  1 10:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42f4127e1f297068038f00b4bc2e37136d556a07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ad:dc:b7:fa:5e:75:bc:1b:6f:88:d2:cd:c3:
                    30:5f:9a:78:d4:03:6b:a3:81:11:38:b4:68:44:4d:
                    26:38:1e:ba:b6:57:73:84:c9:1d:6d:cc:4e:ef:a2:
                    1e:9e:1c:af:19:34:db:15:7a:cf:80:f3:41:e5:71:
                    a3:53:cf:b9:e3:86:54:dc:23:b7:f2:4e:74:f9:61:
                    cc:8c:ab:06:9c:5b:53:95:ba:f1:3c:38:9e:fe:ea:
                    4e:c4:fd:eb:a0:a9:b6:3b:64:c3:45:fc:ec:7d:b6:
                    33:c8:5b:cf:41:b9:75:50:14:85:a8:01:54:d5:89:
                    3f:a2:86:14:22:5c:b1:18:c1:80:ad:51:de:7f:be:
                    e6:a7:03:99:0d:73:b2:09:ea:e0:be:6b:92:78:9e:
                    bf:dd:d9:9c:2a:9c:68:e0:9a:78:5b:e2:9b:f5:e1:
                    96:04:b3:ab:16:52:07:3b:40:90:53:41:92:b5:4b:
                    67:86:8c:47:ee:8e:0e:4a:9c:1a:9b:ca:71:5e:11:
                    99:e8:00:a2:df:cb:ae:49:87:a9:22:4b:e9:aa:ee:
                    e7:91:b9:0b:e7:91:78:30:e6:aa:4c:1b:48:5f:fc:
                    5f:b9:79:d7:12:b2:79:ea:58:df:1b:cb:86:ef:8a:
                    b6:4f:9f:43:67:11:fd:ae:67:4c:d8:c6:a5:b0:67:
                    ca:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F4:12:7E:1F:29:70:68:03:8F:00:B4:BC:2E:37:13:6D:55:6A:07
            X509v3 Authority Key Identifier:
                keyid:D7:4C:E9:D9:E1:8A:2A:8A:06:CB:4D:9B:08:B5:9C:D7:6B:22:11:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10zp2eGKKooGy02bCLWc12siEYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/QvQSfh8pcGgDjwC0vC43E21Vagc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ed5c1e-2d5f-4222-bdc7-63b95240d745/1/10zp2eGKKooGy02bCLWc12siEYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.44.0/22
                IPv6:
                  2a01:8560::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:93:74:97:01:6a:38:a1:e1:73:3e:61:f0:42:53:f7:72:04:
         ed:db:ed:12:bd:c9:69:07:5f:46:2e:c8:8e:47:24:63:8c:7c:
         5a:65:7a:ac:d8:da:60:63:d5:b0:8a:1c:fd:08:c6:6a:0f:cb:
         f6:18:eb:fd:c2:5c:89:6e:e8:65:45:fc:d5:ad:cb:6f:51:bb:
         84:f3:e9:c5:84:97:4e:c2:a7:8d:4f:10:5d:0c:07:27:4d:4b:
         dc:b8:18:70:9a:b9:b3:47:2e:7d:47:40:71:b6:a3:a1:f6:17:
         3f:25:51:4c:88:e5:2b:c2:c2:2a:07:51:cf:8d:b7:1a:7d:b9:
         5c:90:33:f1:4a:c7:b3:ba:e7:1a:c5:ba:d9:6d:be:7e:a9:0a:
         60:44:e9:91:bf:a9:47:96:12:cd:4b:88:44:37:c8:ea:a6:bc:
         cf:38:88:5e:06:d5:20:7b:61:d8:0a:c1:a2:aa:34:20:80:fa:
         6a:e8:fb:e5:52:d2:9d:c8:34:5c:1e:f0:7e:7f:35:51:e2:e6:
         7d:96:0c:aa:c6:95:5b:83:2d:4e:ea:ee:9d:1b:06:96:a8:67:
         63:c8:8a:a1:53:65:b0:3a:81:ae:e6:a6:39:9a:47:bf:6b:24:
         ba:4e:fd:f3:2b:e6:07:17:ed:7d:59:f1:e5:84:b5:81:5a:71:
         59:f1:54:6b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkrKN3K1iQY91c5F+2fGtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NGNlOWQ5ZTE4YTJhOGEwNmNiNGQ5YjA4YjU5Y2Q3NmIy
MjExODQwHhcNMjQwMTAxMTAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmY0MTI3ZTFmMjk3MDY4MDM4ZjAwYjRiYzJlMzcxMzZkNTU2YTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0q3ct/pedbwbb4jSzcMwX5p41ANr
o4EROLRoRE0mOB66tldzhMkdbcxO76IenhyvGTTbFXrPgPNB5XGjU8+544ZU3CO3
8k50+WHMjKsGnFtTlbrxPDie/upOxP3roKm2O2TDRfzsfbYzyFvPQbl1UBSFqAFU
1Yk/ooYUIlyxGMGArVHef77mpwOZDXOyCergvmuSeJ6/3dmcKpxo4Jp4W+Kb9eGW
BLOrFlIHO0CQU0GStUtnhoxH7o4OSpwam8pxXhGZ6ACi38uuSYepIkvpqu7nkbkL
55F4MOaqTBtIX/xfuXnXErJ56ljfG8uG74q2T59DZxH9rmdM2MalsGfKXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEL0En4fKXBoA48AtLwuNxNtVWoHMB8GA1UdIwQY
MBaAFNdM6dnhiiqKBstNmwi1nNdrIhGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTB6cDJlR0tLb29HeTAyYkNMV2MxMnNpRVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lZDVjMWUtMmQ1Zi00MjIyLWJkYzct
NjNiOTUyNDBkNzQ1LzEvUXZRU2ZoOHBjR2dEandDMHZDNDNFMjFWYWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lZDVjMWUtMmQ1Zi00MjIyLWJkYzctNjNiOTUyNDBkNzQ1
LzEvMTB6cDJlR0tLb29HeTAyYkNMV2MxMnNpRVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWwsMA0E
AgACMAcDBQAqAYVgMA0GCSqGSIb3DQEBCwUAA4IBAQBRk3SXAWo4oeFzPmHwQlP3
cgTt2+0SvclpB19GLsiORyRjjHxaZXqs2NpgY9Wwihz9CMZqD8v2GOv9wlyJbuhl
RfzVrctvUbuE8+nFhJdOwqeNTxBdDAcnTUvcuBhwmrmzRy59R0BxtqOh9hc/JVFM
iOUrwsIqB1HPjbcafblckDPxSsezuucaxbrZbb5+qQpgROmRv6lHlhLNS4hEN8jq
przPOIheBtUge2HYCsGiqjQggPpq6PvlUtKdyDRcHvB+fzVR4uZ9lgyqxpVbgy1O
6u6dGwaWqGdjyIqhU2WwOoGu5qY5mke/ayS6Tv3zK+YHF+19WfHlhLWBWnFZ8VRr
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:20:11 2024 by rpki-client on console-fra.rpki-client.org