Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/QmlXxflJkt_fFVq2C1zRMxXieDg.roa
File:                     QmlXxflJkt_fFVq2C1zRMxXieDg.roa (raw, json)
Hash identifier:          SIqdEtrHHNbtKuXCYM8lg0OJ244TpdjoFBoYig2EKRg=
Subject key identifier:   42:69:57:C5:F9:49:92:DF:DF:15:5A:B6:0B:5C:D1:33:15:E2:78:38
Certificate issuer:       /CN=24d906b90c1d856673e414f39805be583d230ba7
Certificate serial:       018CCA2A803FE0B8267BDDDB4563A0428FE9
Authority key identifier: 24:D9:06:B9:0C:1D:85:66:73:E4:14:F3:98:05:BE:58:3D:23:0B:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JNkGuQwdhWZz5BTzmAW-WD0jC6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/QmlXxflJkt_fFVq2C1zRMxXieDg.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50434
IP address blocks:        195.254.184.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/JNkGuQwdhWZz5BTzmAW-WD0jC6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/JNkGuQwdhWZz5BTzmAW-WD0jC6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JNkGuQwdhWZz5BTzmAW-WD0jC6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:80:3f:e0:b8:26:7b:dd:db:45:63:a0:42:8f:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24d906b90c1d856673e414f39805be583d230ba7
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=426957c5f94992dfdf155ab60b5cd13315e27838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c6:8a:28:6f:53:ae:75:41:79:36:8c:59:8b:
                    99:e8:3c:c9:3e:f2:63:a7:3c:59:d3:d4:fd:a0:00:
                    5c:4d:ac:e4:61:6f:8d:7b:85:a3:96:24:1d:d3:1b:
                    ee:44:eb:51:36:a6:76:b5:af:d9:59:7d:24:1c:9d:
                    cb:90:c3:25:e7:50:05:b3:1a:81:f8:1e:e9:c3:76:
                    c7:07:7a:a3:51:0a:60:c0:33:bc:b0:6d:ab:63:19:
                    08:fd:af:e0:58:b9:9a:19:07:96:8e:d3:90:62:e5:
                    5e:2a:2a:c2:53:3d:49:2c:60:11:26:16:04:5c:4d:
                    ff:16:32:a7:53:61:93:af:b7:64:93:a0:20:ee:12:
                    1a:4f:34:13:2c:55:07:37:ff:d7:b2:5f:af:f3:b2:
                    ed:5a:35:66:2b:78:f8:18:06:66:6d:7d:50:7e:1a:
                    3d:18:bd:f4:9c:6f:57:27:d6:51:88:cc:15:98:e0:
                    c1:17:30:a0:60:a4:7d:a2:46:5c:9c:4d:27:a3:6c:
                    e9:89:f4:e1:5f:a3:69:5f:39:73:56:9d:e2:31:e5:
                    c7:3f:9b:5a:8e:c2:d8:c3:28:a1:06:a4:92:37:d9:
                    94:a6:dc:b0:1b:7e:66:54:91:77:4a:50:62:5c:f2:
                    5d:0f:d6:99:2f:84:37:8a:7b:73:13:50:e8:af:9e:
                    78:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:69:57:C5:F9:49:92:DF:DF:15:5A:B6:0B:5C:D1:33:15:E2:78:38
            X509v3 Authority Key Identifier:
                keyid:24:D9:06:B9:0C:1D:85:66:73:E4:14:F3:98:05:BE:58:3D:23:0B:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JNkGuQwdhWZz5BTzmAW-WD0jC6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/QmlXxflJkt_fFVq2C1zRMxXieDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/JNkGuQwdhWZz5BTzmAW-WD0jC6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:4f:19:8a:79:76:04:4b:53:b8:ee:e4:e1:06:8b:b6:05:bc:
         7b:55:46:e6:19:dd:bd:a6:be:99:f5:a5:c8:06:a7:ee:31:6c:
         c7:20:a2:b4:a4:c1:49:2c:70:ca:52:81:4d:f5:71:30:a8:7d:
         79:b6:41:ad:f3:ba:23:fa:05:95:72:34:86:ee:61:0a:55:d8:
         b3:5c:a4:a5:88:ff:0a:89:8a:bd:1f:91:d0:dc:99:1f:ec:20:
         12:84:55:54:b4:ac:0b:58:90:92:9a:5b:64:91:bd:46:ac:86:
         6a:7c:85:b8:e9:2e:f5:84:05:65:c2:3a:cb:83:cd:80:36:07:
         e4:b7:42:b8:2c:09:07:93:b1:cc:56:6d:fa:4a:f3:a6:e9:72:
         be:ce:90:1c:24:ef:04:7f:72:5c:95:0d:32:64:35:49:c8:63:
         75:be:48:10:ec:62:b8:40:f2:a1:5d:d3:92:ba:a8:19:b1:b2:
         1e:29:f1:88:02:36:12:2e:d8:5f:e1:36:6b:48:f6:3d:4f:44:
         d0:17:7f:7f:b8:67:9d:47:68:ba:8c:5b:d7:ea:eb:e2:bb:cf:
         41:9c:67:22:16:e4:9b:63:5c:e1:fe:ee:6e:d6:23:35:6c:82:
         ca:0f:9c:57:14:df:2d:35:85:4f:5c:a1:03:38:b7:9b:22:54:
         a6:82:9b:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoA/4Lgme93bRWOgQo/pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZDkwNmI5MGMxZDg1NjY3M2U0MTRmMzk4MDViZTU4M2Qy
MzBiYTcwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY5NTdjNWY5NDk5MmRmZGYxNTVhYjYwYjVjZDEzMzE1ZTI3ODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8aKKG9TrnVBeTaMWYuZ6DzJPvJj
pzxZ09T9oABcTazkYW+Ne4WjliQd0xvuROtRNqZ2ta/ZWX0kHJ3LkMMl51AFsxqB
+B7pw3bHB3qjUQpgwDO8sG2rYxkI/a/gWLmaGQeWjtOQYuVeKirCUz1JLGARJhYE
XE3/FjKnU2GTr7dkk6Ag7hIaTzQTLFUHN//Xsl+v87LtWjVmK3j4GAZmbX1Qfho9
GL30nG9XJ9ZRiMwVmODBFzCgYKR9okZcnE0no2zpifThX6NpXzlzVp3iMeXHP5ta
jsLYwyihBqSSN9mUptywG35mVJF3SlBiXPJdD9aZL4Q3intzE1Dor554+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJpV8X5SZLf3xVatgtc0TMV4ng4MB8GA1UdIwQY
MBaAFCTZBrkMHYVmc+QU85gFvlg9IwunMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk5rR3VRd2RoV1p6NUJUem1BVy1XRDBqQzZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iNTNkYjEtMWUwZS00NGQwLWExMzEt
NGZjMjhlNTA5OGM3LzEvUW1sWHhmbEprdF9mRlZxMkMxelJNeFhpZURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iNTNkYjEtMWUwZS00NGQwLWExMzEtNGZjMjhlNTA5OGM3
LzEvSk5rR3VRd2RoV1p6NUJUem1BVy1XRDBqQzZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/64MA0G
CSqGSIb3DQEBCwUAA4IBAQCsTxmKeXYES1O47uThBou2Bbx7VUbmGd29pr6Z9aXI
BqfuMWzHIKK0pMFJLHDKUoFN9XEwqH15tkGt87oj+gWVcjSG7mEKVdizXKSliP8K
iYq9H5HQ3Jkf7CAShFVUtKwLWJCSmltkkb1GrIZqfIW46S71hAVlwjrLg82ANgfk
t0K4LAkHk7HMVm36SvOm6XK+zpAcJO8Ef3JclQ0yZDVJyGN1vkgQ7GK4QPKhXdOS
uqgZsbIeKfGIAjYSLthf4TZrSPY9T0TQF39/uGedR2i6jFvX6uviu89BnGciFuSb
Y1zh/u5u1iM1bILKD5xXFN8tNYVPXKEDOLebIlSmgpt5
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:41:29 2024 by rpki-client on console-ams.rpki-client.org