Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/QnRMxCKrbhy8lZSE-hsnjzQ39DI.roa
File:                     QnRMxCKrbhy8lZSE-hsnjzQ39DI.roa (raw, json)
Hash identifier:          XtWSemzjh8w9yc9XxNVZrUjtlGHWd11FPFgXEP3ENFE=
Subject key identifier:   42:74:4C:C4:22:AB:6E:1C:BC:95:94:84:FA:1B:27:8F:34:37:F4:32
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A88613672604653ED3961F42F897E
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/QnRMxCKrbhy8lZSE-hsnjzQ39DI.roa
Signing time:             Mon 01 Jan 2024 18:30:22 +0000
ROA not before:           Mon 01 Jan 2024 18:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207676
IP address blocks:        46.243.179.0/24 maxlen: 24
                          178.170.249.0/24 maxlen: 24
                          178.170.251.0/24 maxlen: 24
                          141.101.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:88:61:36:72:60:46:53:ed:39:61:f4:2f:89:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42744cc422ab6e1cbc959484fa1b278f3437f432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:71:1d:7c:d6:ca:c5:a3:09:75:48:a3:79:b7:
                    87:5a:04:cd:ff:63:88:be:83:76:ad:7d:6a:1a:18:
                    21:0a:2a:74:3d:96:e4:dc:6d:a6:ad:7d:69:ac:0e:
                    f5:46:84:d1:5f:d0:31:fc:7f:78:0f:d6:70:9d:d6:
                    80:e1:fe:66:b1:3d:a2:f6:b8:28:34:b2:a9:50:eb:
                    8f:54:e2:50:17:4e:13:12:cf:ed:9e:6f:c8:6a:d6:
                    9c:35:f7:16:06:36:42:fc:4b:9d:f5:07:89:5d:79:
                    98:13:3f:aa:93:a0:4d:75:c4:57:90:3a:fa:b0:a9:
                    5b:db:e1:cd:99:67:5d:cf:89:36:0d:2f:b8:11:e4:
                    bb:6f:87:d3:30:0d:45:2d:cd:a3:44:07:c0:a2:c3:
                    50:a2:0f:bb:13:4d:63:3a:59:5b:42:97:87:9b:90:
                    f0:26:8d:84:8e:fb:80:ae:ab:03:8e:8b:b5:68:af:
                    4d:b7:ef:51:98:21:1f:ed:dd:f7:d5:c1:7c:ed:b5:
                    ce:df:93:48:5b:32:00:b3:c8:fc:8e:15:61:b0:10:
                    bf:3a:72:3a:fe:3f:7a:a3:1a:95:7a:f1:c4:28:c0:
                    49:ac:9d:50:06:ce:53:32:71:33:c4:91:fa:9f:f1:
                    03:69:56:e5:80:1e:87:b8:01:ad:4a:84:7f:db:7f:
                    da:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:74:4C:C4:22:AB:6E:1C:BC:95:94:84:FA:1B:27:8F:34:37:F4:32
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/QnRMxCKrbhy8lZSE-hsnjzQ39DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.179.0/24
                  141.101.249.0/24
                  178.170.249.0/24
                  178.170.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:dd:e4:1a:b6:a4:ec:20:24:c7:dc:d3:a3:33:20:bb:63:67:
         94:33:fc:e2:d7:6f:09:54:9d:73:42:ce:98:8d:82:97:f9:81:
         b3:e6:bb:f2:5f:ce:1e:f4:4f:70:d2:38:5e:e4:6b:aa:0c:6c:
         dd:08:d2:f9:d6:0e:0a:ca:ac:46:17:3d:1e:7d:dd:25:0f:a7:
         d8:23:5d:c0:7f:d4:5e:bb:f9:af:d5:05:ce:3b:f6:0d:fb:bb:
         a6:b2:17:66:9e:92:3a:99:06:4f:1d:26:9d:11:d1:f5:17:a1:
         1d:6c:bf:2d:ae:a0:8e:59:bc:9d:5d:ce:0f:27:f2:b0:99:4a:
         25:f1:2e:41:dd:dd:dc:42:69:52:ec:bc:1a:9d:31:48:21:8b:
         8f:4f:d2:ee:4c:18:72:6b:5d:82:68:fe:9e:13:87:7a:d8:bc:
         73:89:40:d3:da:5f:63:5f:32:d6:17:14:03:05:57:8e:3f:73:
         d3:a4:2f:f5:0a:65:a1:29:8a:f9:2f:a7:2f:7a:ab:8a:44:98:
         df:cf:8d:c8:e5:65:31:ea:33:37:1f:ef:30:f7:1b:11:f9:1e:
         e3:26:4c:83:21:c8:e1:c5:57:b2:ba:4d:4e:ea:47:ca:77:3f:
         e4:34:9c:f5:55:88:2e:2a:9d:57:b0:46:4f:7a:3f:c7:ac:94:
         c1:36:b0:ab
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzGSohhNnJgRlPtOWH0L4l+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjc0NGNjNDIyYWI2ZTFjYmM5NTk0ODRmYTFiMjc4ZjM0MzdmNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3EdfNbKxaMJdUijebeHWgTN/2OI
voN2rX1qGhghCip0PZbk3G2mrX1prA71RoTRX9Ax/H94D9ZwndaA4f5msT2i9rgo
NLKpUOuPVOJQF04TEs/tnm/IatacNfcWBjZC/Eud9QeJXXmYEz+qk6BNdcRXkDr6
sKlb2+HNmWddz4k2DS+4EeS7b4fTMA1FLc2jRAfAosNQog+7E01jOllbQpeHm5Dw
Jo2EjvuArqsDjou1aK9Nt+9RmCEf7d331cF87bXO35NIWzIAs8j8jhVhsBC/OnI6
/j96oxqVevHEKMBJrJ1QBs5TMnEzxJH6n/EDaVblgB6HuAGtSoR/23/a1wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEJ0TMQiq24cvJWUhPobJ480N/QyMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvUW5STXhDS3JiaHk4bFpTRS1oc25qelEzOURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALvOzAwQA
jWX5AwQAsqr5AwQAsqr7MA0GCSqGSIb3DQEBCwUAA4IBAQAu3eQatqTsICTH3NOj
MyC7Y2eUM/zi128JVJ1zQs6YjYKX+YGz5rvyX84e9E9w0jhe5GuqDGzdCNL51g4K
yqxGFz0efd0lD6fYI13Af9Reu/mv1QXOO/YN+7umshdmnpI6mQZPHSadEdH1F6Ed
bL8trqCOWbydXc4PJ/KwmUol8S5B3d3cQmlS7LwanTFIIYuPT9LuTBhya12CaP6e
E4d62LxziUDT2l9jXzLWFxQDBVeOP3PTpC/1CmWhKYr5L6cvequKRJjfz43I5WUx
6jM3H+8w9xsR+R7jJkyDIcjhxVeyuk1O6kfKdz/kNJz1VYguKp1XsEZPej/HrJTB
NrCr
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:45:12 2024 by rpki-client on console-ams.rpki-client.org