Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/qgSbllRaE3S4wsXA8xAr0bWFPOY.roa
File:                     qgSbllRaE3S4wsXA8xAr0bWFPOY.roa (raw, json)
Hash identifier:          6jTsnY4AUFJTBPpYGmJBMYzJnEaTZMXYLaT0o+8uk5I=
Subject key identifier:   AA:04:9B:96:54:5A:13:74:B8:C2:C5:C0:F3:10:2B:D1:B5:85:3C:E6
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CF75487105DA89920ED754C8BF15083AD
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/qgSbllRaE3S4wsXA8xAr0bWFPOY.roa
Signing time:             Thu 11 Jan 2024 07:02:40 +0000
ROA not before:           Thu 11 Jan 2024 07:02:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215888
IP address blocks:        213.91.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f7:54:87:10:5d:a8:99:20:ed:75:4c:8b:f1:50:83:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan 11 07:02:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa049b96545a1374b8c2c5c0f3102bd1b5853ce6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:40:32:d4:5a:3b:fa:61:04:cc:20:9d:85:14:
                    c2:38:75:c7:b9:10:4d:76:e1:79:8f:ea:ec:77:d8:
                    ad:9e:dc:30:9c:3a:76:c3:42:0f:dd:3d:93:ea:b6:
                    f8:e8:9d:10:0c:c1:52:9b:71:cc:0f:97:20:87:a5:
                    82:15:a6:37:d4:57:20:69:77:92:a1:3a:15:fd:02:
                    ae:ce:0a:34:0b:7f:69:c4:15:cd:92:ed:3b:b3:06:
                    23:c0:d3:fc:a0:cb:49:b1:6c:2a:9f:91:7f:dc:ef:
                    4d:c4:79:8a:f2:ce:17:67:29:98:2d:3c:8e:3a:1c:
                    b2:be:c0:4f:f3:c7:a1:73:d4:35:22:3d:f1:8d:dc:
                    30:f8:68:6f:61:71:fc:21:c0:5a:88:6b:20:54:7c:
                    b6:a4:98:8a:64:71:9f:65:1c:01:c2:ed:a3:f0:e2:
                    8a:d4:7a:a7:fd:14:87:2b:a9:6f:24:10:77:8c:5b:
                    ce:ab:7d:b9:cb:95:11:9d:36:89:66:11:14:c4:55:
                    2a:96:ae:75:f1:21:2a:da:53:d2:8c:21:87:4f:c1:
                    80:9b:7a:6c:81:47:1a:3b:73:56:c2:c3:ca:6c:30:
                    db:bc:3d:9c:f9:10:32:0c:b9:e5:1b:9f:29:c1:d0:
                    38:71:69:2b:7a:ef:e0:47:6c:3a:38:ea:d6:0a:d7:
                    11:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:04:9B:96:54:5A:13:74:B8:C2:C5:C0:F3:10:2B:D1:B5:85:3C:E6
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/qgSbllRaE3S4wsXA8xAr0bWFPOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:82:69:a2:d5:d0:ff:f3:5e:af:57:cf:86:2b:43:19:df:1c:
         d1:65:89:ea:f5:bd:40:bd:2a:45:da:bf:d0:b0:50:13:4b:e5:
         b0:4a:27:c6:33:7c:bd:22:1c:95:af:6b:da:1a:21:32:db:8f:
         d0:fc:7f:fa:2d:d2:15:05:d9:fd:27:88:20:6b:65:1d:54:43:
         2e:d3:4d:68:2a:e2:4f:6c:40:3a:c1:d8:f9:9a:98:78:32:f5:
         97:76:5c:a4:c1:35:57:e9:a8:e3:44:19:02:03:80:57:69:82:
         21:de:83:40:27:a2:11:2b:55:41:b6:85:4e:87:cd:e5:31:5b:
         5d:70:bb:d0:10:2d:62:32:1d:a6:4b:42:05:76:62:1a:a4:d4:
         45:0d:0d:8d:28:94:9e:2f:ff:fc:bb:6f:bf:ea:72:39:fc:41:
         c7:ef:43:ee:23:e1:d9:a0:49:83:fd:98:e1:cd:36:de:b6:ce:
         24:45:58:8e:f0:e2:a4:5a:f8:0d:64:01:60:af:a3:54:0d:2a:
         1c:5f:cc:70:b6:da:d2:47:a5:3f:e3:44:47:df:f6:e0:06:13:
         ed:4b:d8:05:25:bb:71:9b:69:5e:9a:19:35:01:4c:f9:f4:a7:
         65:22:1f:4a:06:74:ef:fb:c5:87:9b:17:c4:6b:37:bf:fb:12:
         bb:75:7b:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz3VIcQXaiZIO11TIvxUIOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTExMDcwMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTA0OWI5NjU0NWExMzc0YjhjMmM1YzBmMzEwMmJkMWI1ODUzY2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUAy1Fo7+mEEzCCdhRTCOHXHuRBN
duF5j+rsd9itntwwnDp2w0IP3T2T6rb46J0QDMFSm3HMD5cgh6WCFaY31FcgaXeS
oToV/QKuzgo0C39pxBXNku07swYjwNP8oMtJsWwqn5F/3O9NxHmK8s4XZymYLTyO
OhyyvsBP88ehc9Q1Ij3xjdww+GhvYXH8IcBaiGsgVHy2pJiKZHGfZRwBwu2j8OKK
1Hqn/RSHK6lvJBB3jFvOq325y5URnTaJZhEUxFUqlq518SEq2lPSjCGHT8GAm3ps
gUcaO3NWwsPKbDDbvD2c+RAyDLnlG58pwdA4cWkreu/gR2w6OOrWCtcRSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoEm5ZUWhN0uMLFwPMQK9G1hTzmMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvcWdTYmxsUmFFM1M0d3NYQTh4QXIwYldGUE9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VucMA0G
CSqGSIb3DQEBCwUAA4IBAQCGgmmi1dD/816vV8+GK0MZ3xzRZYnq9b1AvSpF2r/Q
sFATS+WwSifGM3y9IhyVr2vaGiEy24/Q/H/6LdIVBdn9J4gga2UdVEMu001oKuJP
bEA6wdj5mph4MvWXdlykwTVX6ajjRBkCA4BXaYIh3oNAJ6IRK1VBtoVOh83lMVtd
cLvQEC1iMh2mS0IFdmIapNRFDQ2NKJSeL//8u2+/6nI5/EHH70PuI+HZoEmD/Zjh
zTbets4kRViO8OKkWvgNZAFgr6NUDSocX8xwttrSR6U/40RH3/bgBhPtS9gFJbtx
m2lemhk1AUz59KdlIh9KBnTv+8WHmxfEaze/+xK7dXvU
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:32:41 2024 by rpki-client on console-ams.rpki-client.org