Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/QJZZm1l8HlG4iLfHYInW9Vp9K1g.roa
File:                     QJZZm1l8HlG4iLfHYInW9Vp9K1g.roa (raw, json)
Hash identifier:          Q9J+gRipddUXliNqsKRpg0v8hfnYfmMUiLuS0wdAkc4=
Subject key identifier:   40:96:59:9B:59:7C:1E:51:B8:88:B7:C7:60:89:D6:F5:5A:7D:2B:58
Certificate issuer:       /CN=9b89b8cf47f7c485d628d0a359a16a815cd004ab
Certificate serial:       018CC870F258D186B70CF818029E6F2CC899
Authority key identifier: 9B:89:B8:CF:47:F7:C4:85:D6:28:D0:A3:59:A1:6A:81:5C:D0:04:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m4m4z0f3xIXWKNCjWaFqgVzQBKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/QJZZm1l8HlG4iLfHYInW9Vp9K1g.roa
Signing time:             Tue 02 Jan 2024 04:31:34 +0000
ROA not before:           Tue 02 Jan 2024 04:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51170
IP address blocks:        185.185.77.0/24 maxlen: 24
                          185.185.78.0/24 maxlen: 24
                          5.180.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/m4m4z0f3xIXWKNCjWaFqgVzQBKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/m4m4z0f3xIXWKNCjWaFqgVzQBKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m4m4z0f3xIXWKNCjWaFqgVzQBKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:f2:58:d1:86:b7:0c:f8:18:02:9e:6f:2c:c8:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b89b8cf47f7c485d628d0a359a16a815cd004ab
        Validity
            Not Before: Jan  2 04:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4096599b597c1e51b888b7c76089d6f55a7d2b58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1c:72:a9:a0:72:54:d9:58:51:81:52:a3:d5:
                    b3:48:9f:73:a3:76:70:a3:12:15:87:fa:57:df:98:
                    3d:1a:ad:4d:6a:88:fd:5d:4f:5c:25:b3:9d:62:ea:
                    d1:81:4a:c6:6e:3e:9f:e1:60:bc:0a:01:95:06:b8:
                    53:71:a1:46:e1:88:08:76:ed:04:8c:8b:1e:65:50:
                    a8:40:df:a0:b7:01:8e:08:29:d8:3e:c2:6a:f9:8f:
                    d0:0d:ba:a8:37:34:e9:c9:46:b7:ae:29:5e:cc:23:
                    3a:06:40:83:64:34:5d:97:35:c3:43:f1:d4:b4:64:
                    93:92:17:73:33:24:de:c8:8b:a7:ff:95:43:da:2e:
                    3c:c5:b6:39:25:aa:7c:0a:de:af:d4:1c:19:34:09:
                    29:71:e1:45:57:e4:15:78:63:ca:5e:08:6e:28:d1:
                    3a:0f:49:99:21:4f:4c:83:85:3c:2e:a1:d0:26:48:
                    d7:39:c3:00:ac:72:b4:d2:fb:97:f0:2f:ac:27:f0:
                    80:97:c0:cf:bd:d2:9e:95:7a:52:8c:cb:1a:57:4a:
                    5b:a6:c6:f3:ac:b2:a7:51:a5:9c:b6:91:06:4a:42:
                    c0:82:db:50:8a:ff:a3:5e:e6:5f:f8:b2:a8:dc:ff:
                    49:2d:d7:43:0c:d6:0d:df:4d:84:79:54:3d:a9:9d:
                    7f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:96:59:9B:59:7C:1E:51:B8:88:B7:C7:60:89:D6:F5:5A:7D:2B:58
            X509v3 Authority Key Identifier:
                keyid:9B:89:B8:CF:47:F7:C4:85:D6:28:D0:A3:59:A1:6A:81:5C:D0:04:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m4m4z0f3xIXWKNCjWaFqgVzQBKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/QJZZm1l8HlG4iLfHYInW9Vp9K1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/757fc5-8029-4828-8547-62e260313e4c/1/m4m4z0f3xIXWKNCjWaFqgVzQBKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.188.0/22
                  185.185.77.0-185.185.78.255

    Signature Algorithm: sha256WithRSAEncryption
         86:7d:08:e3:89:ba:d4:5c:3f:d8:61:c9:ee:1c:95:27:1f:dd:
         a2:11:b3:57:8f:12:75:20:6b:8d:90:48:8f:18:dd:de:9a:73:
         21:93:64:55:e7:d0:87:9d:9c:c6:04:7c:01:45:60:04:87:8e:
         31:de:26:f7:4a:92:8c:2a:9a:f5:75:0e:b6:ea:20:ab:26:e9:
         d9:d8:14:c4:ec:f6:4c:57:d0:7a:54:b6:05:16:7c:c9:6f:48:
         24:33:a7:3c:aa:a4:34:a5:e8:9e:e3:84:2c:a5:f6:3a:23:46:
         77:46:49:38:e3:9d:e0:76:8e:c4:ab:d6:94:1c:95:24:57:ef:
         b2:c0:2f:af:70:ee:ef:8e:6e:ca:6f:6a:94:69:1b:f7:1f:05:
         42:94:38:55:2a:b1:64:67:96:c9:0e:50:8b:a0:f8:3d:8a:84:
         a4:2d:5f:07:82:1e:cc:06:69:fa:63:3d:38:5c:be:8f:ab:3b:
         35:36:18:cd:c2:35:fb:d8:b6:83:54:bb:3c:5c:2a:3a:65:1c:
         97:12:52:01:82:ea:1d:4c:01:81:90:f5:77:17:d4:56:c9:e5:
         d2:36:5b:ee:62:c2:8c:ad:59:dd:63:6f:29:a8:f4:32:64:e2:
         58:b2:d9:5f:c4:b0:82:40:54:c2:7f:00:6d:ec:9f:e7:cc:6c:
         f0:f0:2a:78
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzIcPJY0Ya3DPgYAp5vLMiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliODliOGNmNDdmN2M0ODVkNjI4ZDBhMzU5YTE2YTgxNWNk
MDA0YWIwHhcNMjQwMTAyMDQzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDk2NTk5YjU5N2MxZTUxYjg4OGI3Yzc2MDg5ZDZmNTVhN2QyYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRxyqaByVNlYUYFSo9WzSJ9zo3Zw
oxIVh/pX35g9Gq1Naoj9XU9cJbOdYurRgUrGbj6f4WC8CgGVBrhTcaFG4YgIdu0E
jIseZVCoQN+gtwGOCCnYPsJq+Y/QDbqoNzTpyUa3rilezCM6BkCDZDRdlzXDQ/HU
tGSTkhdzMyTeyIun/5VD2i48xbY5Jap8Ct6v1BwZNAkpceFFV+QVeGPKXghuKNE6
D0mZIU9Mg4U8LqHQJkjXOcMArHK00vuX8C+sJ/CAl8DPvdKelXpSjMsaV0pbpsbz
rLKnUaWctpEGSkLAgttQiv+jXuZf+LKo3P9JLddDDNYN302EeVQ9qZ1/6QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFECWWZtZfB5RuIi3x2CJ1vVafStYMB8GA1UdIwQY
MBaAFJuJuM9H98SF1ijQo1mhaoFc0ASrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTRtNHowZjN4SVhXS05DaldhRnFnVnpRQktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS83NTdmYzUtODAyOS00ODI4LTg1NDct
NjJlMjYwMzEzZTRjLzEvUUpaWm0xbDhIbEc0aUxmSFlJblc5VnA5SzFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS83NTdmYzUtODAyOS00ODI4LTg1NDctNjJlMjYwMzEzZTRj
LzEvbTRtNHowZjN4SVhXS05DaldhRnFnVnpRQktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCBbS8MAwD
BAC5uU0DBAC5uU4wDQYJKoZIhvcNAQELBQADggEBAIZ9COOJutRcP9hhye4clScf
3aIRs1ePEnUga42QSI8Y3d6acyGTZFXn0IednMYEfAFFYASHjjHeJvdKkowqmvV1
DrbqIKsm6dnYFMTs9kxX0HpUtgUWfMlvSCQzpzyqpDSl6J7jhCyl9jojRndGSTjj
neB2jsSr1pQclSRX77LAL69w7u+ObspvapRpG/cfBUKUOFUqsWRnlskOUIug+D2K
hKQtXweCHswGafpjPThcvo+rOzU2GM3CNfvYtoNUuzxcKjplHJcSUgGC6h1MAYGQ
9XcX1FbJ5dI2W+5iwoytWd1jbymo9DJk4liy2V/EsIJAVMJ/AG3sn+fMbPDwKng=
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:39:53 2024 by rpki-client on console-ams.rpki-client.org