Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/QLO2VyVtyhzo35Mp7Hn5Fnanlz8.roa
File:                     QLO2VyVtyhzo35Mp7Hn5Fnanlz8.roa (raw, json)
Hash identifier:          OMCwpAgfsNKBBKaK3GJopD7aAY0Bz+29a2mFhlZxDsM=
Subject key identifier:   40:B3:B6:57:25:6D:CA:1C:E8:DF:93:29:EC:79:F9:16:76:A7:97:3F
Certificate issuer:       /CN=0502861f923c7ec1132b548f7abb861baca1f406
Certificate serial:       018CC86F051235F9AE5C55FC971D6BB2B0F6
Authority key identifier: 05:02:86:1F:92:3C:7E:C1:13:2B:54:8F:7A:BB:86:1B:AC:A1:F4:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BQKGH5I8fsETK1SPeruGG6yh9AY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/QLO2VyVtyhzo35Mp7Hn5Fnanlz8.roa
Signing time:             Tue 02 Jan 2024 04:29:28 +0000
ROA not before:           Tue 02 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        185.104.28.0/22 maxlen: 24
                          2a06:2ec0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/BQKGH5I8fsETK1SPeruGG6yh9AY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/BQKGH5I8fsETK1SPeruGG6yh9AY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BQKGH5I8fsETK1SPeruGG6yh9AY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:05:12:35:f9:ae:5c:55:fc:97:1d:6b:b2:b0:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0502861f923c7ec1132b548f7abb861baca1f406
        Validity
            Not Before: Jan  2 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40b3b657256dca1ce8df9329ec79f91676a7973f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d1:15:b5:0a:5f:2a:4e:7c:8a:a5:81:ad:84:
                    3a:77:b0:04:8d:b1:c3:69:6e:53:b2:5b:84:9a:03:
                    61:f3:8d:22:a1:27:0a:29:50:d7:2b:e7:11:96:aa:
                    f2:d9:4e:8e:3c:e8:4e:b3:45:28:54:48:9e:22:69:
                    eb:2c:8c:58:5c:c5:69:ca:b6:5e:5a:cc:d8:f1:fb:
                    49:cf:35:7c:f7:58:d8:de:b5:e8:2d:49:81:4a:b0:
                    a1:18:c7:bb:aa:44:d1:f0:9b:57:65:91:40:96:bc:
                    f6:1b:de:af:41:46:d6:51:40:dd:48:c9:2e:31:99:
                    2c:81:96:20:6d:12:1b:20:77:31:2b:d2:5c:fa:48:
                    3d:14:b6:6d:d5:be:84:ee:79:3d:86:8f:9b:b7:59:
                    96:dc:b5:91:a0:06:e1:23:dc:50:9e:20:64:29:a4:
                    96:f3:a0:0f:23:ab:f5:3e:89:48:78:db:d6:dc:fc:
                    9e:6c:81:6b:4e:d6:15:52:ee:b5:d0:d3:a5:c5:cd:
                    79:cf:87:5f:47:37:6e:94:01:04:95:0d:e6:8a:51:
                    4c:35:19:2d:fd:41:f6:26:3c:dc:7d:77:e1:43:d1:
                    c2:c5:a8:4e:5d:43:cc:11:d5:26:ef:cd:b8:30:d8:
                    6b:4f:04:f0:c4:df:89:e9:d8:7f:30:2d:77:41:9d:
                    e9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:B3:B6:57:25:6D:CA:1C:E8:DF:93:29:EC:79:F9:16:76:A7:97:3F
            X509v3 Authority Key Identifier:
                keyid:05:02:86:1F:92:3C:7E:C1:13:2B:54:8F:7A:BB:86:1B:AC:A1:F4:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BQKGH5I8fsETK1SPeruGG6yh9AY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/QLO2VyVtyhzo35Mp7Hn5Fnanlz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/BQKGH5I8fsETK1SPeruGG6yh9AY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.28.0/22
                IPv6:
                  2a06:2ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:dd:42:e0:34:5c:19:0b:d5:ce:86:e1:36:5c:53:30:bb:f6:
         b4:32:7a:fe:ac:9e:65:92:b1:97:8a:fc:20:4d:22:09:29:4b:
         0d:52:6d:1d:14:6f:72:45:79:00:f0:aa:3b:05:41:a8:19:8c:
         ed:7d:61:15:16:1c:3b:9f:7f:ea:83:ce:32:72:02:60:6b:a5:
         6b:18:43:f1:6c:c2:cd:f3:28:85:fb:5c:e7:b9:24:af:28:f0:
         af:26:2f:b5:07:a4:ba:f2:33:45:c9:d2:47:ca:1a:0a:09:7a:
         76:21:31:25:4f:44:83:11:f2:bd:60:b6:c9:e3:ae:3b:28:9b:
         d9:d4:76:6b:b9:52:28:92:ee:7b:6b:7d:0b:49:8e:17:6b:d2:
         26:aa:de:11:0c:73:de:b2:9a:e2:7b:ce:cc:dc:06:04:3c:be:
         f1:62:d1:e2:8b:99:96:6e:d2:ba:9f:86:5b:ad:f9:f2:2b:d8:
         fa:35:ab:9d:47:83:b4:26:00:4b:eb:69:cf:1d:c9:1e:ae:c9:
         47:d7:a8:c4:df:5a:39:b5:ee:4c:66:33:f2:8e:aa:7b:d7:5e:
         fd:1f:bb:3c:b6:ff:44:8a:87:71:9b:b8:5d:03:4b:f8:20:e4:
         9a:c4:c0:2d:ec:e6:5c:54:e0:2d:41:fb:67:b2:b3:95:50:a5:
         8e:8f:67:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbwUSNfmuXFX8lx1rsrD2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MDI4NjFmOTIzYzdlYzExMzJiNTQ4ZjdhYmI4NjFiYWNh
MWY0MDYwHhcNMjQwMTAyMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGIzYjY1NzI1NmRjYTFjZThkZjkzMjllYzc5ZjkxNjc2YTc5NzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09EVtQpfKk58iqWBrYQ6d7AEjbHD
aW5TsluEmgNh840ioScKKVDXK+cRlqry2U6OPOhOs0UoVEieImnrLIxYXMVpyrZe
WszY8ftJzzV891jY3rXoLUmBSrChGMe7qkTR8JtXZZFAlrz2G96vQUbWUUDdSMku
MZksgZYgbRIbIHcxK9Jc+kg9FLZt1b6E7nk9ho+bt1mW3LWRoAbhI9xQniBkKaSW
86API6v1PolIeNvW3PyebIFrTtYVUu610NOlxc15z4dfRzdulAEElQ3milFMNRkt
/UH2JjzcfXfhQ9HCxahOXUPMEdUm7824MNhrTwTwxN+J6dh/MC13QZ3pgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFECztlclbcoc6N+TKex5+RZ2p5c/MB8GA1UdIwQY
MBaAFAUChh+SPH7BEytUj3q7hhusofQGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlFLR0g1SThmc0VUSzFTUGVydUdHNnloOUFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9hOTI3NmYtZThjMS00NWQ2LWE0MmQt
MGM2NGRlYmU5ZWM0LzEvUUxPMlZ5VnR5aHpvMzVNcDdIbjVGbmFubHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9hOTI3NmYtZThjMS00NWQ2LWE0MmQtMGM2NGRlYmU5ZWM0
LzEvQlFLR0g1SThmc0VUSzFTUGVydUdHNnloOUFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWgcMA0E
AgACMAcDBQMqBi7AMA0GCSqGSIb3DQEBCwUAA4IBAQBC3ULgNFwZC9XOhuE2XFMw
u/a0Mnr+rJ5lkrGXivwgTSIJKUsNUm0dFG9yRXkA8Ko7BUGoGYztfWEVFhw7n3/q
g84ycgJga6VrGEPxbMLN8yiF+1znuSSvKPCvJi+1B6S68jNFydJHyhoKCXp2ITEl
T0SDEfK9YLbJ4647KJvZ1HZruVIoku57a30LSY4Xa9Imqt4RDHPesprie87M3AYE
PL7xYtHii5mWbtK6n4ZbrfnyK9j6NaudR4O0JgBL62nPHckerslH16jE31o5te5M
ZjPyjqp71179H7s8tv9Eiodxm7hdA0v4IOSaxMAt7OZcVOAtQftnsrOVUKWOj2fo
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:17:52 2024 by rpki-client on console-ams.rpki-client.org