Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/qxQRjFpAYtwEWIJSya9A6x0-itw.roa
File:                     qxQRjFpAYtwEWIJSya9A6x0-itw.roa (raw, json)
Hash identifier:          WRSbJrZG0LfZRTw6e6ZwG7KOhYbxVc664ac8s82F6+Q=
Subject key identifier:   AB:14:11:8C:5A:40:62:DC:04:58:82:52:C9:AF:40:EB:1D:3E:8A:DC
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FE9F5AE7B7C65C020E559D75AC9EE
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/qxQRjFpAYtwEWIJSya9A6x0-itw.roa
Signing time:             Tue 02 Jan 2024 04:30:26 +0000
ROA not before:           Tue 02 Jan 2024 04:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31541
IP address blocks:        212.252.206.0/24 maxlen: 24
                          212.252.204.0/24 maxlen: 24
                          212.252.205.0/24 maxlen: 24
                          212.252.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:e9:f5:ae:7b:7c:65:c0:20:e5:59:d7:5a:c9:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab14118c5a4062dc04588252c9af40eb1d3e8adc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cd:dd:5a:62:e8:57:7d:6b:4a:43:32:e8:ba:
                    96:8d:51:15:47:c0:e0:91:39:1a:87:05:98:94:2e:
                    dc:73:ee:bb:3b:da:24:a0:40:46:1d:47:c0:94:59:
                    e0:94:ea:a0:b5:98:4e:f6:87:5a:0d:5e:11:3b:33:
                    0f:81:fd:0c:6f:f7:54:64:17:7b:93:78:6f:33:ab:
                    27:5b:cb:7f:b1:b7:46:0d:cb:3c:b7:f7:e5:92:d7:
                    52:a3:05:fa:75:60:4c:78:0a:69:7f:08:fa:b2:dc:
                    95:4f:7f:b6:e6:6c:45:64:1c:8c:90:07:ab:14:11:
                    26:b3:a3:79:06:22:89:f4:f9:07:4c:d0:b5:39:c9:
                    5b:93:87:83:89:12:b6:f8:f4:8f:95:e0:04:22:91:
                    c2:58:a6:fb:a0:03:08:64:00:04:83:eb:ad:78:74:
                    ef:68:d3:18:a0:db:63:f5:05:e4:d4:84:06:f1:01:
                    cf:fb:fa:8f:6e:63:2a:48:70:3b:e9:ca:de:ab:c5:
                    0d:d1:7d:19:64:d8:67:b3:7a:a2:fc:fb:d5:07:7a:
                    a7:84:f5:a8:a2:0a:45:52:5f:c1:c7:d7:98:90:11:
                    13:bc:76:67:e8:8e:f2:0c:53:4e:ea:1f:ab:57:d2:
                    66:68:70:bf:d1:87:1e:57:f5:4a:c1:69:e3:39:d5:
                    50:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:14:11:8C:5A:40:62:DC:04:58:82:52:C9:AF:40:EB:1D:3E:8A:DC
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/qxQRjFpAYtwEWIJSya9A6x0-itw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.252.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:61:b7:1a:30:d6:05:c9:d9:92:b0:b8:e2:cc:fc:d7:b3:73:
         a8:c3:46:4b:16:8f:20:6c:5d:63:50:bb:cc:80:29:5b:d0:30:
         08:7a:80:e7:62:fd:c5:54:a7:59:06:62:c1:f3:fb:3d:57:15:
         a0:24:bf:a5:a3:73:50:38:31:b4:05:74:09:bf:2b:e1:ba:60:
         67:4f:62:5e:b9:24:2e:70:fa:51:ef:64:22:26:0c:8c:20:9d:
         f3:1b:07:3c:ab:35:e0:11:07:17:e7:10:8c:a3:bd:5d:83:8d:
         40:32:97:65:ad:9f:41:eb:88:15:b8:0a:c6:b8:dd:3f:e7:33:
         bc:81:29:ef:63:d8:26:59:87:ab:23:c9:f1:50:9f:bf:63:9f:
         1d:09:d8:67:04:90:c9:5b:27:1c:3d:15:33:a2:d9:de:99:1c:
         5f:aa:69:74:3a:d0:4f:66:1b:f3:a8:ca:17:fa:28:9e:e9:8f:
         f2:c2:8e:d4:5f:1a:9c:2b:50:a8:62:de:7f:bd:f2:81:35:b8:
         38:c4:c7:0a:c8:1a:f3:93:3c:2c:fd:39:6c:a2:3c:9b:9d:3e:
         0d:a0:e4:87:f1:b0:c5:5f:aa:2a:8e:90:2e:28:23:78:65:c4:
         35:05:a5:4b:e0:e2:f6:0d:01:80:42:90:33:a4:00:3c:45:3d:
         99:5c:87:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb+n1rnt8ZcAg5VnXWsnuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjE0MTE4YzVhNDA2MmRjMDQ1ODgyNTJjOWFmNDBlYjFkM2U4YWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmc3dWmLoV31rSkMy6LqWjVEVR8Dg
kTkahwWYlC7cc+67O9okoEBGHUfAlFnglOqgtZhO9odaDV4ROzMPgf0Mb/dUZBd7
k3hvM6snW8t/sbdGDcs8t/flktdSowX6dWBMeAppfwj6styVT3+25mxFZByMkAer
FBEms6N5BiKJ9PkHTNC1Oclbk4eDiRK2+PSPleAEIpHCWKb7oAMIZAAEg+uteHTv
aNMYoNtj9QXk1IQG8QHP+/qPbmMqSHA76creq8UN0X0ZZNhns3qi/PvVB3qnhPWo
ogpFUl/Bx9eYkBETvHZn6I7yDFNO6h+rV9JmaHC/0YceV/VKwWnjOdVQAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsUEYxaQGLcBFiCUsmvQOsdPorcMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvcXhRUmpGcEFZdHdFV0lKU3lhOUE2eDAtaXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1PzMMA0G
CSqGSIb3DQEBCwUAA4IBAQAnYbcaMNYFydmSsLjizPzXs3Oow0ZLFo8gbF1jULvM
gClb0DAIeoDnYv3FVKdZBmLB8/s9VxWgJL+lo3NQODG0BXQJvyvhumBnT2JeuSQu
cPpR72QiJgyMIJ3zGwc8qzXgEQcX5xCMo71dg41AMpdlrZ9B64gVuArGuN0/5zO8
gSnvY9gmWYerI8nxUJ+/Y58dCdhnBJDJWyccPRUzotnemRxfqml0OtBPZhvzqMoX
+iie6Y/ywo7UXxqcK1CoYt5/vfKBNbg4xMcKyBrzkzws/TlsojybnT4NoOSH8bDF
X6oqjpAuKCN4ZcQ1BaVL4OL2DQGAQpAzpAA8RT2ZXIcO
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:47:33 2024 by rpki-client on console-fra.rpki-client.org