Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/42af1e-d553-4fe6-9fc3-f9633292c977/1/qTd9HV14-BH0CuFzkTcPdmz3yws.roa
File:                     qTd9HV14-BH0CuFzkTcPdmz3yws.roa (raw, json)
Hash identifier:          4DFs5ALx30UN4GrAT+ZAH2HLHBlPyBWxn6bsoLy0Ve0=
Subject key identifier:   A9:37:7D:1D:5D:78:F8:11:F4:0A:E1:73:91:37:0F:76:6C:F7:CB:0B
Certificate issuer:       /CN=6c73a04a7d0eb2df47daf0c39fba75e365c8853d
Certificate serial:       018CC2DAEAE240D504B402D0B33759E33765
Authority key identifier: 6C:73:A0:4A:7D:0E:B2:DF:47:DA:F0:C3:9F:BA:75:E3:65:C8:85:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bHOgSn0Ost9H2vDDn7p142XIhT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/42af1e-d553-4fe6-9fc3-f9633292c977/1/qTd9HV14-BH0CuFzkTcPdmz3yws.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24675
IP address blocks:        193.178.2.0/24 maxlen: 24
                          193.178.3.0/24 maxlen: 24
                          193.178.4.0/24 maxlen: 24
                          193.178.1.0/24 maxlen: 24
                          193.178.9.0/24 maxlen: 24
                          193.178.10.0/24 maxlen: 24
                          193.178.11.0/24 maxlen: 24
                          193.178.5.0/24 maxlen: 24
                          193.178.6.0/24 maxlen: 24
                          193.178.7.0/24 maxlen: 24
                          193.178.8.0/24 maxlen: 24
                          193.178.16.0/22 maxlen: 22
                          193.178.12.0/24 maxlen: 24
                          193.178.13.0/24 maxlen: 24
                          193.178.14.0/24 maxlen: 24
                          193.178.15.0/24 maxlen: 24
                          193.178.20.0/24 maxlen: 24
                          193.178.21.0/24 maxlen: 24
                          193.178.30.0/24 maxlen: 24
                          193.178.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/42af1e-d553-4fe6-9fc3-f9633292c977/1/bHOgSn0Ost9H2vDDn7p142XIhT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/42af1e-d553-4fe6-9fc3-f9633292c977/1/bHOgSn0Ost9H2vDDn7p142XIhT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bHOgSn0Ost9H2vDDn7p142XIhT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ea:e2:40:d5:04:b4:02:d0:b3:37:59:e3:37:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c73a04a7d0eb2df47daf0c39fba75e365c8853d
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9377d1d5d78f811f40ae17391370f766cf7cb0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:09:d8:43:a5:0a:48:1d:0e:67:eb:6d:a6:46:
                    91:b2:65:1f:25:d9:93:aa:40:a6:c9:64:bd:8a:53:
                    ff:47:44:69:9b:4a:60:f4:cc:04:39:b1:d4:4a:b7:
                    ae:58:91:a9:0f:f3:68:40:90:f4:df:2b:32:c5:44:
                    5a:88:98:12:14:ac:36:e8:1b:5b:95:9c:14:b8:6a:
                    ae:3e:7b:2b:f4:13:1d:83:2e:2b:37:9f:6f:8f:32:
                    4b:dc:61:e5:83:c5:8d:cc:70:0a:79:46:19:17:0f:
                    8e:a6:1b:89:3b:a2:39:12:6a:12:59:1b:6f:cc:cf:
                    a4:97:21:34:d8:12:bb:11:04:d4:12:84:07:82:be:
                    3c:45:13:33:b5:b9:aa:c3:5d:91:c2:b0:6f:59:60:
                    60:e1:49:33:62:1a:40:ac:c3:3e:d0:a2:8b:56:14:
                    84:e8:4f:5e:e6:58:df:1c:2e:dd:02:84:51:ee:5f:
                    3e:7d:56:83:6c:75:92:3e:1c:b2:5e:fa:78:18:d8:
                    85:45:bb:37:2b:6f:7a:c6:c0:e4:6d:c6:7d:28:16:
                    13:eb:40:0a:65:25:0e:d0:70:11:c8:96:f4:4f:f7:
                    b8:19:ea:12:f1:46:5f:e1:0e:53:8f:02:94:a8:58:
                    6e:06:6c:fa:45:e8:f5:5f:07:0c:c3:81:46:51:45:
                    85:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:37:7D:1D:5D:78:F8:11:F4:0A:E1:73:91:37:0F:76:6C:F7:CB:0B
            X509v3 Authority Key Identifier:
                keyid:6C:73:A0:4A:7D:0E:B2:DF:47:DA:F0:C3:9F:BA:75:E3:65:C8:85:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bHOgSn0Ost9H2vDDn7p142XIhT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/42af1e-d553-4fe6-9fc3-f9633292c977/1/qTd9HV14-BH0CuFzkTcPdmz3yws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/42af1e-d553-4fe6-9fc3-f9633292c977/1/bHOgSn0Ost9H2vDDn7p142XIhT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.1.0-193.178.21.255
                  193.178.29.0-193.178.30.255

    Signature Algorithm: sha256WithRSAEncryption
         16:57:bd:bc:4f:32:e8:df:11:44:cf:da:7a:94:13:a5:e9:f8:
         19:cb:fd:16:93:11:de:52:18:5b:af:fd:c7:72:31:d8:be:09:
         e7:07:a6:4c:34:22:6b:8f:58:5f:5b:1d:1f:f1:99:40:e0:2a:
         67:24:5e:58:c6:43:3e:fb:da:d2:6b:51:f6:47:38:9a:06:9d:
         39:ab:b8:6b:ec:da:96:52:d7:42:39:34:5d:2d:c0:49:81:71:
         86:7c:df:20:c7:2d:7f:c8:03:13:43:f4:06:40:60:db:5e:57:
         03:ae:be:98:d5:06:b4:0d:4a:bb:f4:7e:86:bc:0f:88:1b:d9:
         27:09:01:0d:8a:63:47:a7:13:73:60:85:03:f9:b6:12:1f:25:
         3c:ef:6d:25:71:2d:d4:38:46:ae:13:bb:3a:06:90:1d:cb:43:
         a4:69:05:fe:85:a8:28:03:93:1d:2d:bf:25:c8:46:00:e7:3c:
         67:84:ed:57:da:bf:8b:b6:e5:c4:57:df:a4:63:a9:ec:85:38:
         98:f0:5b:b7:85:46:84:0b:3e:c0:12:39:28:25:66:d0:c4:49:
         0e:7d:67:7d:31:27:60:b0:ef:3c:7f:7a:93:64:35:ef:1d:e0:
         9b:df:7d:93:86:85:6e:40:96:08:18:b6:f4:78:96:06:2c:7e:
         05:b2:63:ad
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzC2uriQNUEtALQszdZ4zdlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNzNhMDRhN2QwZWIyZGY0N2RhZjBjMzlmYmE3NWUzNjVj
ODg1M2QwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTM3N2QxZDVkNzhmODExZjQwYWUxNzM5MTM3MGY3NjZjZjdjYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQnYQ6UKSB0OZ+ttpkaRsmUfJdmT
qkCmyWS9ilP/R0Rpm0pg9MwEObHUSreuWJGpD/NoQJD03ysyxURaiJgSFKw26Btb
lZwUuGquPnsr9BMdgy4rN59vjzJL3GHlg8WNzHAKeUYZFw+OphuJO6I5EmoSWRtv
zM+klyE02BK7EQTUEoQHgr48RRMztbmqw12RwrBvWWBg4UkzYhpArMM+0KKLVhSE
6E9e5ljfHC7dAoRR7l8+fVaDbHWSPhyyXvp4GNiFRbs3K296xsDkbcZ9KBYT60AK
ZSUO0HARyJb0T/e4GeoS8UZf4Q5TjwKUqFhuBmz6Rej1XwcMw4FGUUWFxQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFKk3fR1dePgR9Arhc5E3D3Zs98sLMB8GA1UdIwQY
MBaAFGxzoEp9DrLfR9rww5+6deNlyIU9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkhPZ1NuME9zdDlIMnZERG43cDE0MlhJaFQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi80MmFmMWUtZDU1My00ZmU2LTlmYzMt
Zjk2MzMyOTJjOTc3LzEvcVRkOUhWMTQtQkgwQ3VGemtUY1BkbXozeXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi80MmFmMWUtZDU1My00ZmU2LTlmYzMtZjk2MzMyOTJjOTc3
LzEvYkhPZ1NuME9zdDlIMnZERG43cDE0MlhJaFQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBADBsgED
BAHBshQwDAMEAMGyHQMEAMGyHjANBgkqhkiG9w0BAQsFAAOCAQEAFle9vE8y6N8R
RM/aepQTpen4Gcv9FpMR3lIYW6/9x3Ix2L4J5wemTDQia49YX1sdH/GZQOAqZyRe
WMZDPvva0mtR9kc4mgadOau4a+zallLXQjk0XS3ASYFxhnzfIMctf8gDE0P0BkBg
215XA66+mNUGtA1Ku/R+hrwPiBvZJwkBDYpjR6cTc2CFA/m2Eh8lPO9tJXEt1DhG
rhO7OgaQHctDpGkF/oWoKAOTHS2/JchGAOc8Z4TtV9q/i7blxFffpGOp7IU4mPBb
t4VGhAs+wBI5KCVm0MRJDn1nfTEnYLDvPH96k2Q17x3gm999k4aFbkCWCBi29HiW
Bix+BbJjrQ==
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:03:21 2024 by rpki-client on console-ams.rpki-client.org