Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/78b1a7-9fbd-4f6f-8eb4-7b622ddf84f4/1/sQUxTXma67k2-bbaCPNLRM7hs90.roa
File:                     sQUxTXma67k2-bbaCPNLRM7hs90.roa (raw, json)
Hash identifier:          siTLaJqqm6VBcJaDJc2+P6DbDofyorZgRE6mzf8bxPQ=
Subject key identifier:   B1:05:31:4D:79:9A:EB:B9:36:F9:B6:DA:08:F3:4B:44:CE:E1:B3:DD
Certificate issuer:       /CN=588394e3910d94a7bf0a78a0f302d02ae9907273
Certificate serial:       018CC500E0256608D2C65F12F63AA550641B
Authority key identifier: 58:83:94:E3:91:0D:94:A7:BF:0A:78:A0:F3:02:D0:2A:E9:90:72:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIOU45ENlKe_Cnig8wLQKumQcnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/78b1a7-9fbd-4f6f-8eb4-7b622ddf84f4/1/sQUxTXma67k2-bbaCPNLRM7hs90.roa
Signing time:             Mon 01 Jan 2024 12:30:18 +0000
ROA not before:           Mon 01 Jan 2024 12:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56851
IP address blocks:        193.111.60.0/22 maxlen: 24
                          31.131.16.0/20 maxlen: 24
                          2001:67c:15e4::/48 maxlen: 48
                          2001:67c:15f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/78b1a7-9fbd-4f6f-8eb4-7b622ddf84f4/1/WIOU45ENlKe_Cnig8wLQKumQcnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/78b1a7-9fbd-4f6f-8eb4-7b622ddf84f4/1/WIOU45ENlKe_Cnig8wLQKumQcnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIOU45ENlKe_Cnig8wLQKumQcnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e0:25:66:08:d2:c6:5f:12:f6:3a:a5:50:64:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588394e3910d94a7bf0a78a0f302d02ae9907273
        Validity
            Not Before: Jan  1 12:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b105314d799aebb936f9b6da08f34b44cee1b3dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5b:63:79:b1:e1:87:30:f1:52:e5:f4:34:3a:
                    f2:03:25:ad:e4:b1:fd:67:d9:4e:7f:97:5a:97:17:
                    b9:fd:60:18:df:eb:6e:c6:25:cc:30:7f:a8:13:4a:
                    bd:ae:92:da:5d:11:65:40:f2:ca:a6:91:9e:b8:5b:
                    9a:a7:b1:3e:13:8a:d6:71:65:1b:e6:87:64:b1:b0:
                    51:70:91:22:28:66:7b:04:13:0f:aa:1b:db:f6:59:
                    f4:66:b0:18:db:52:b8:cd:00:3b:c7:71:55:4d:00:
                    30:05:d3:5c:60:f1:8f:fd:dd:c1:f0:64:f7:1c:ab:
                    95:29:18:a0:91:b1:9c:42:6e:53:b0:52:e1:ab:5d:
                    80:c5:2c:2f:6c:02:53:05:41:4e:ea:d9:f4:e7:0c:
                    f1:92:6f:9b:86:ad:57:fd:8a:92:34:c9:38:1c:55:
                    09:c6:44:13:dc:3c:81:1c:36:45:b7:81:68:2c:ac:
                    b1:2f:ff:0c:1f:b1:e3:f6:34:39:43:23:de:08:b8:
                    f5:39:8a:ba:6c:4f:18:00:bd:b5:62:b0:dc:da:d8:
                    9f:db:49:80:01:4e:9e:dc:01:4b:fe:f0:5f:91:2b:
                    92:d1:0c:cb:4c:96:e9:42:f8:ae:6a:b4:a8:db:cb:
                    5f:e5:d2:5a:30:fc:45:a8:77:7d:0a:7a:9c:b9:65:
                    3e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:05:31:4D:79:9A:EB:B9:36:F9:B6:DA:08:F3:4B:44:CE:E1:B3:DD
            X509v3 Authority Key Identifier:
                keyid:58:83:94:E3:91:0D:94:A7:BF:0A:78:A0:F3:02:D0:2A:E9:90:72:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIOU45ENlKe_Cnig8wLQKumQcnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/78b1a7-9fbd-4f6f-8eb4-7b622ddf84f4/1/sQUxTXma67k2-bbaCPNLRM7hs90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/78b1a7-9fbd-4f6f-8eb4-7b622ddf84f4/1/WIOU45ENlKe_Cnig8wLQKumQcnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.16.0/20
                  193.111.60.0/22
                IPv6:
                  2001:67c:15e4::/48
                  2001:67c:15f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:15:3d:dd:61:e8:51:32:59:e5:7b:84:b9:da:03:a0:6d:42:
         a0:29:f9:86:08:2d:99:e8:07:f6:87:cb:d7:9c:0b:28:a6:bf:
         af:f1:19:36:fc:fc:79:ea:4f:91:23:c7:8b:fc:37:30:65:80:
         79:b7:28:48:78:ad:c0:d7:4b:d3:38:55:4c:8b:76:13:ca:18:
         17:d1:13:be:84:c1:11:17:ef:b0:44:7f:a8:a2:3d:43:6d:40:
         26:ba:89:7b:84:9f:72:fb:d4:70:79:81:a3:e8:43:42:32:b4:
         be:03:2f:2c:60:3d:9d:58:c9:3a:e5:b1:36:fd:ca:5f:8e:61:
         3b:c0:f2:27:f7:ad:24:23:83:a7:d2:10:cc:c6:f1:4c:c7:0e:
         a2:7d:2e:e8:e9:6d:4f:c3:db:ba:35:67:0f:38:50:da:a2:0a:
         2d:14:40:5d:ff:bf:70:9e:31:d0:dd:34:65:b4:41:70:5a:68:
         2f:ee:69:8e:60:1c:e4:a4:5e:e2:b8:6e:98:3d:0e:fb:35:77:
         00:ef:e5:68:93:75:f7:e0:98:b7:18:14:f1:9b:fb:8b:20:30:
         c0:d8:5c:4c:c4:12:9a:c8:22:f3:2e:57:b2:3c:02:63:a3:21:
         1b:3a:aa:33:1b:41:d9:fe:00:24:5b:7f:9c:ab:63:87:c2:94:
         aa:b8:47:a7
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzFAOAlZgjSxl8S9jqlUGQbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODM5NGUzOTEwZDk0YTdiZjBhNzhhMGYzMDJkMDJhZTk5
MDcyNzMwHhcNMjQwMTAxMTIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTA1MzE0ZDc5OWFlYmI5MzZmOWI2ZGEwOGYzNGI0NGNlZTFiM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVtjebHhhzDxUuX0NDryAyWt5LH9
Z9lOf5dalxe5/WAY3+tuxiXMMH+oE0q9rpLaXRFlQPLKppGeuFuap7E+E4rWcWUb
5odksbBRcJEiKGZ7BBMPqhvb9ln0ZrAY21K4zQA7x3FVTQAwBdNcYPGP/d3B8GT3
HKuVKRigkbGcQm5TsFLhq12AxSwvbAJTBUFO6tn05wzxkm+bhq1X/YqSNMk4HFUJ
xkQT3DyBHDZFt4FoLKyxL/8MH7Hj9jQ5QyPeCLj1OYq6bE8YAL21YrDc2tif20mA
AU6e3AFL/vBfkSuS0QzLTJbpQviuarSo28tf5dJaMPxFqHd9CnqcuWU+SQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFLEFMU15muu5Nvm22gjzS0TO4bPdMB8GA1UdIwQY
MBaAFFiDlOORDZSnvwp4oPMC0CrpkHJzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lPVTQ1RU5sS2VfQ25pZzh3TFFLdW1RY25NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS83OGIxYTctOWZiZC00ZjZmLThlYjQt
N2I2MjJkZGY4NGY0LzEvc1FVeFRYbWE2N2syLWJiYUNQTkxSTTdoczkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS83OGIxYTctOWZiZC00ZjZmLThlYjQtN2I2MjJkZGY4NGY0
LzEvV0lPVTQ1RU5sS2VfQ25pZzh3TFFLdW1RY25NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQEH4MQAwQC
wW88MBgEAgACMBIDBwAgAQZ8FeQDBwAgAQZ8FfAwDQYJKoZIhvcNAQELBQADggEB
AFQVPd1h6FEyWeV7hLnaA6BtQqAp+YYILZnoB/aHy9ecCyimv6/xGTb8/HnqT5Ej
x4v8NzBlgHm3KEh4rcDXS9M4VUyLdhPKGBfRE76EwREX77BEf6iiPUNtQCa6iXuE
n3L71HB5gaPoQ0IytL4DLyxgPZ1YyTrlsTb9yl+OYTvA8if3rSQjg6fSEMzG8UzH
DqJ9LujpbU/D27o1Zw84UNqiCi0UQF3/v3CeMdDdNGW0QXBaaC/uaY5gHOSkXuK4
bpg9Dvs1dwDv5WiTdffgmLcYFPGb+4sgMMDYXEzEEprIIvMuV7I8AmOjIRs6qjMb
Qdn+ACRbf5yrY4fClKq4R6c=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:23:33 2024 by rpki-client on console-ams.rpki-client.org