Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/qqBGBeLrwS4P6BsbgQoG46nXSO4.roa
File:                     qqBGBeLrwS4P6BsbgQoG46nXSO4.roa (raw, json)
Hash identifier:          qJJC/spopEMc5ztpfRZbbvSoCP3MPk/mlGkpKdJdenw=
Subject key identifier:   AA:A0:46:05:E2:EB:C1:2E:0F:E8:1B:1B:81:0A:06:E3:A9:D7:48:EE
Certificate issuer:       /CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Certificate serial:       018DD0942D1EAD2A356190009F49E322B2F5
Authority key identifier: AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/qqBGBeLrwS4P6BsbgQoG46nXSO4.roa
Signing time:             Thu 22 Feb 2024 11:29:48 +0000
ROA not before:           Thu 22 Feb 2024 11:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16223
IP address blocks:        5.58.0.0/16 maxlen: 23
                          185.53.79.0/24 maxlen: 24
                          217.196.160.0/20 maxlen: 20
                          2a00:1210:fffd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:94:2d:1e:ad:2a:35:61:90:00:9f:49:e3:22:b2:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
        Validity
            Not Before: Feb 22 11:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aaa04605e2ebc12e0fe81b1b810a06e3a9d748ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:54:e8:7d:f2:77:88:11:ae:3e:74:8c:45:52:
                    d0:b7:32:3f:f8:e7:5a:19:4a:da:02:22:40:19:97:
                    bc:62:8b:b3:8e:0b:fd:ab:7b:a5:12:da:3a:82:16:
                    75:e7:b2:88:fc:07:8b:22:cb:44:21:0d:06:a0:83:
                    54:06:f7:95:03:eb:c2:04:1d:e8:b1:07:21:67:55:
                    30:8d:c6:00:e2:6b:a8:e0:3b:31:ed:d5:36:92:b9:
                    11:b5:f7:4e:99:b1:7b:bc:d9:fe:be:14:17:9b:9f:
                    7c:ab:b0:19:67:52:7c:6f:87:60:90:44:82:1d:de:
                    12:a2:0f:ba:d9:05:20:2d:22:42:34:1c:f7:04:b2:
                    71:b2:78:c8:75:55:c6:d1:04:d2:f1:6b:e9:29:1d:
                    fa:5c:42:f8:8f:a9:93:41:ec:d4:34:46:79:a1:5b:
                    25:a9:32:26:5f:55:4b:c0:be:cb:71:ee:93:55:3a:
                    5f:84:c6:39:94:aa:92:17:d0:40:17:66:05:ed:6f:
                    86:5d:e7:13:3b:c6:fa:4d:79:4e:15:b6:30:d7:e7:
                    1f:04:fc:38:3c:fb:6c:e5:3a:2d:21:86:17:98:21:
                    90:2c:75:6c:8b:01:0a:da:96:b1:fb:5b:53:d1:21:
                    6c:82:f3:59:b8:64:ae:fd:f0:b9:6a:7b:e1:b7:a9:
                    c3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A0:46:05:E2:EB:C1:2E:0F:E8:1B:1B:81:0A:06:E3:A9:D7:48:EE
            X509v3 Authority Key Identifier:
                keyid:AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/qqBGBeLrwS4P6BsbgQoG46nXSO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.58.0.0/16
                  185.53.79.0/24
                  217.196.160.0/20
                IPv6:
                  2a00:1210:fffd::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:3b:58:b6:b5:70:aa:72:d4:93:15:ab:d4:f7:bf:8d:49:2f:
         d4:00:3d:2e:94:6f:f0:a7:b8:c7:fe:0b:69:98:28:95:24:4d:
         cd:3d:0f:fe:69:6a:47:c7:32:59:25:7e:d9:df:f0:88:5b:e8:
         c9:ac:71:1b:0f:59:d0:92:7b:fe:28:fc:99:10:36:cc:15:d3:
         4f:eb:d9:79:2d:b1:0a:ea:cc:b5:fc:5f:ed:f8:90:ed:37:70:
         96:ff:d5:2e:51:a9:ba:c8:53:4d:4b:df:19:fe:8c:e7:10:46:
         72:41:f9:ab:9a:62:35:8a:61:d2:25:0b:f8:d6:c8:bc:3a:12:
         8c:c0:f0:d2:79:3a:d3:f6:89:25:c3:4d:fd:f3:41:d1:01:70:
         3c:a2:7d:d1:7f:8c:4f:99:be:3e:f0:38:5a:db:9f:a5:22:19:
         17:7c:c9:c9:4c:4f:e3:35:a2:94:1f:9a:8f:57:cd:4b:e0:dc:
         72:36:27:6c:49:70:e7:50:8d:4b:34:65:f8:0f:32:d9:2f:1d:
         ab:ff:db:b4:01:7b:f4:83:75:6e:05:58:76:70:17:eb:d7:f0:
         c0:42:f3:c6:62:a6:51:98:9a:11:09:1d:16:40:17:e9:f8:b9:
         ad:e3:4b:8c:58:10:4c:6f:47:2f:a5:6a:4c:6b:85:13:fd:6d:
         79:bb:26:6f
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAY3QlC0erSo1YZAAn0njIrL1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2E5YjE3NDVhNWE3MGMzYmY3YmNjMmMyZWUxNjY0NjBh
ZmY3YTgwHhcNMjQwMjIyMTEyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWEwNDYwNWUyZWJjMTJlMGZlODFiMWI4MTBhMDZlM2E5ZDc0OGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVToffJ3iBGuPnSMRVLQtzI/+Oda
GUraAiJAGZe8Youzjgv9q3ulEto6ghZ157KI/AeLIstEIQ0GoINUBveVA+vCBB3o
sQchZ1UwjcYA4muo4Dsx7dU2krkRtfdOmbF7vNn+vhQXm598q7AZZ1J8b4dgkESC
Hd4Sog+62QUgLSJCNBz3BLJxsnjIdVXG0QTS8WvpKR36XEL4j6mTQezUNEZ5oVsl
qTImX1VLwL7Lce6TVTpfhMY5lKqSF9BAF2YF7W+GXecTO8b6TXlOFbYw1+cfBPw4
PPts5TotIYYXmCGQLHVsiwEK2pax+1tT0SFsgvNZuGSu/fC5anvht6nDeQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFKqgRgXi68EuD+gbG4EKBuOp10juMB8GA1UdIwQY
MBaAFK56mxdFpacMO/e8wsLuFmRgr/eoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMt
Y2M5YTc1OGM5OTE2LzEvcXFCR0JlTHJ3UzRQNkJzYmdRb0c0Nm5YU080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMtY2M5YTc1OGM5OTE2
LzEvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAXBAIAATARAwMABToDBAC5
NU8DBATZxKAwDwQCAAIwCQMHACoAEhD//TANBgkqhkiG9w0BAQsFAAOCAQEAhDtY
trVwqnLUkxWr1Pe/jUkv1AA9LpRv8Ke4x/4LaZgolSRNzT0P/mlqR8cyWSV+2d/w
iFvoyaxxGw9Z0JJ7/ij8mRA2zBXTT+vZeS2xCurMtfxf7fiQ7Tdwlv/VLlGpushT
TUvfGf6M5xBGckH5q5piNYph0iUL+NbIvDoSjMDw0nk60/aJJcNN/fNB0QFwPKJ9
0X+MT5m+PvA4WtufpSIZF3zJyUxP4zWilB+aj1fNS+DccjYnbElw51CNSzRl+A8y
2S8dq//btAF79IN1bgVYdnAX69fwwELzxmKmUZiaEQkdFkAX6fi5reNLjFgQTG9H
L6VqTGuFE/1tebsmbw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:04:20 2024 by rpki-client on console-fra.rpki-client.org