Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/_QEEguz0rsLjAlxLJrbXWOpbAqM.roa
File:                     _QEEguz0rsLjAlxLJrbXWOpbAqM.roa (raw, json)
Hash identifier:          oAG9zjfg1Z9ShV7XKrL5zWlvMrG2NWInmeuK8dIOeKo=
Subject key identifier:   FD:01:04:82:EC:F4:AE:C2:E3:02:5C:4B:26:B6:D7:58:EA:5B:02:A3
Certificate issuer:       /CN=6d3ee1a52a5d65b9091de5a5b464fb97032d0e9b
Certificate serial:       018CC50151A115F6E61803C35AE6D09DCD95
Authority key identifier: 6D:3E:E1:A5:2A:5D:65:B9:09:1D:E5:A5:B4:64:FB:97:03:2D:0E:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bT7hpSpdZbkJHeWltGT7lwMtDps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/_QEEguz0rsLjAlxLJrbXWOpbAqM.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204776
IP address blocks:        194.143.130.0/23 maxlen: 24
                          193.16.100.0/24 maxlen: 24
                          195.246.98.0/24 maxlen: 24
                          195.246.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/bT7hpSpdZbkJHeWltGT7lwMtDps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/bT7hpSpdZbkJHeWltGT7lwMtDps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bT7hpSpdZbkJHeWltGT7lwMtDps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:51:a1:15:f6:e6:18:03:c3:5a:e6:d0:9d:cd:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d3ee1a52a5d65b9091de5a5b464fb97032d0e9b
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd010482ecf4aec2e3025c4b26b6d758ea5b02a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:07:8a:bb:a7:a2:ec:90:23:36:23:10:b0:d4:
                    70:c9:ff:b0:3d:e3:ff:9c:30:a2:c8:4c:d2:50:ad:
                    61:38:82:3c:49:62:b8:cf:91:4c:a0:57:9f:43:12:
                    91:df:05:69:f7:fb:bd:43:47:62:4e:42:a6:b6:e7:
                    8c:2d:5b:38:f5:46:9e:ef:e4:87:8a:fc:8a:06:5d:
                    c4:33:47:47:e0:92:ee:48:5e:bb:d6:f7:94:7a:43:
                    42:6e:bd:45:f8:ed:2c:05:e3:d3:1e:c9:fd:af:00:
                    0a:40:b4:ba:00:74:48:05:fc:f4:c6:12:df:ad:10:
                    3b:8e:51:db:0b:e7:83:78:6f:b2:f4:8b:86:33:f3:
                    18:17:54:fa:82:91:b5:c3:d2:0f:a9:df:ff:9b:4c:
                    c5:9f:bb:13:c6:12:a0:72:2b:3d:8e:bc:69:fa:ff:
                    d9:11:38:43:ec:5a:11:57:c2:34:df:c1:64:f9:a5:
                    d1:df:bb:9e:57:13:7e:0c:24:a2:b9:82:8c:d9:c7:
                    73:c2:49:f0:9e:0b:d0:bf:95:6b:a3:4f:72:6b:12:
                    86:a0:f9:5e:bc:6b:87:82:0e:9d:27:69:85:11:ff:
                    f2:c8:d5:7d:1f:0f:aa:cb:a0:31:0b:f1:04:fb:36:
                    ea:6f:1e:b8:f1:d2:ed:35:b0:ed:4f:43:f1:b7:2d:
                    9a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:01:04:82:EC:F4:AE:C2:E3:02:5C:4B:26:B6:D7:58:EA:5B:02:A3
            X509v3 Authority Key Identifier:
                keyid:6D:3E:E1:A5:2A:5D:65:B9:09:1D:E5:A5:B4:64:FB:97:03:2D:0E:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bT7hpSpdZbkJHeWltGT7lwMtDps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/_QEEguz0rsLjAlxLJrbXWOpbAqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/bT7hpSpdZbkJHeWltGT7lwMtDps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.100.0/24
                  194.143.130.0/23
                  195.246.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:b4:61:74:6d:0d:2c:55:1b:c5:0b:71:bb:f1:2e:2d:9f:15:
         15:d8:11:63:15:b0:9a:2a:dd:5c:7f:0c:d7:8f:57:d8:45:6c:
         ad:a6:d4:25:b7:d7:3e:d7:99:33:9e:6c:8b:f4:8b:b1:eb:f0:
         c9:b2:15:57:5e:c2:30:dd:34:e5:01:f2:10:da:f4:bf:4b:b6:
         4e:72:d9:99:6d:43:3e:6f:02:ae:ca:9d:ff:03:85:0b:8a:d8:
         3f:2b:54:85:20:d8:47:cb:65:f4:1b:6b:68:42:78:44:7e:b8:
         02:0c:50:b4:b6:07:d4:a0:7f:a8:47:66:d1:f6:a2:67:5f:78:
         61:2c:e3:ab:24:af:06:cd:97:68:7b:f9:60:d6:c9:02:02:40:
         74:bd:57:6f:fe:0d:bb:ae:f4:0b:e6:8a:ad:12:82:37:52:13:
         b1:74:57:92:99:d1:49:6d:1a:ec:d3:ab:06:49:2d:51:4b:8b:
         c2:04:86:01:63:a4:19:ff:f0:4d:ab:df:6e:6d:0f:bb:21:23:
         27:77:d2:e0:b9:a0:57:f0:0b:00:c0:e8:31:e9:d3:db:22:5e:
         06:b1:5b:b9:08:a0:25:04:b8:ca:6e:90:6d:44:a7:bb:a8:fc:
         b4:10:4d:87:fc:c5:b8:bd:7f:95:c6:24:38:65:e2:5d:d4:92:
         52:c4:49:12
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFAVGhFfbmGAPDWubQnc2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkM2VlMWE1MmE1ZDY1YjkwOTFkZTVhNWI0NjRmYjk3MDMy
ZDBlOWIwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDAxMDQ4MmVjZjRhZWMyZTMwMjVjNGIyNmI2ZDc1OGVhNWIwMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjweKu6ei7JAjNiMQsNRwyf+wPeP/
nDCiyEzSUK1hOII8SWK4z5FMoFefQxKR3wVp9/u9Q0diTkKmtueMLVs49Uae7+SH
ivyKBl3EM0dH4JLuSF671veUekNCbr1F+O0sBePTHsn9rwAKQLS6AHRIBfz0xhLf
rRA7jlHbC+eDeG+y9IuGM/MYF1T6gpG1w9IPqd//m0zFn7sTxhKgcis9jrxp+v/Z
EThD7FoRV8I038Fk+aXR37ueVxN+DCSiuYKM2cdzwknwngvQv5Vro09yaxKGoPle
vGuHgg6dJ2mFEf/yyNV9Hw+qy6AxC/EE+zbqbx648dLtNbDtT0Pxty2aWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP0BBILs9K7C4wJcSya211jqWwKjMB8GA1UdIwQY
MBaAFG0+4aUqXWW5CR3lpbRk+5cDLQ6bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlQ3aHBTcGRaYmtKSGVXbHRHVDdsd010RHBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMmU3ZDUtM2EwZi00YmM2LTk2MTEt
MDU0MzVlZmQ4YmY2LzEvX1FFRWd1ejByc0xqQWx4TEpyYlhXT3BiQXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMmU3ZDUtM2EwZi00YmM2LTk2MTEtMDU0MzVlZmQ4YmY2
LzEvYlQ3aHBTcGRaYmtKSGVXbHRHVDdsd010RHBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwRBkAwQB
wo+CAwQBw/ZiMA0GCSqGSIb3DQEBCwUAA4IBAQBRtGF0bQ0sVRvFC3G78S4tnxUV
2BFjFbCaKt1cfwzXj1fYRWytptQlt9c+15kznmyL9Iux6/DJshVXXsIw3TTlAfIQ
2vS/S7ZOctmZbUM+bwKuyp3/A4ULitg/K1SFINhHy2X0G2toQnhEfrgCDFC0tgfU
oH+oR2bR9qJnX3hhLOOrJK8GzZdoe/lg1skCAkB0vVdv/g27rvQL5oqtEoI3UhOx
dFeSmdFJbRrs06sGSS1RS4vCBIYBY6QZ//BNq99ubQ+7ISMnd9LguaBX8AsAwOgx
6dPbIl4GsVu5CKAlBLjKbpBtRKe7qPy0EE2H/MW4vX+VxiQ4ZeJd1JJSxEkS
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:09:39 2024 by rpki-client on console-ams.rpki-client.org