Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/DUQSx04274WpRndnyarrff3nGEQ.roa
File:                     DUQSx04274WpRndnyarrff3nGEQ.roa (raw, json)
Hash identifier:          9s8U7DT0n9exf09vHF90VqhCURYAzKitXIwJmWcORM0=
Subject key identifier:   0D:44:12:C7:4E:36:EF:85:A9:46:77:67:C9:AA:EB:7D:FD:E7:18:44
Certificate issuer:       /CN=f19cf09771b8f184caa1a00421b9294491e97e6b
Certificate serial:       018CC5DC3B0B2B5B3C40B7A87A46049D26F1
Authority key identifier: F1:9C:F0:97:71:B8:F1:84:CA:A1:A0:04:21:B9:29:44:91:E9:7E:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8Zzwl3G48YTKoaAEIbkpRJHpfms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/DUQSx04274WpRndnyarrff3nGEQ.roa
Signing time:             Mon 01 Jan 2024 16:29:53 +0000
ROA not before:           Mon 01 Jan 2024 16:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51695
IP address blocks:        217.78.98.0/24 maxlen: 24
                          217.78.97.0/24 maxlen: 24
                          217.78.101.0/24 maxlen: 24
                          217.78.100.0/24 maxlen: 24
                          217.78.99.0/24 maxlen: 24
                          217.78.105.0/24 maxlen: 24
                          217.78.104.0/24 maxlen: 24
                          217.78.103.0/24 maxlen: 24
                          217.78.102.0/24 maxlen: 24
                          217.78.108.0/24 maxlen: 24
                          217.78.107.0/24 maxlen: 24
                          217.78.106.0/24 maxlen: 24
                          217.78.111.0/24 maxlen: 24
                          217.78.110.0/24 maxlen: 24
                          217.78.109.0/24 maxlen: 24
                          2a02:6700::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/8Zzwl3G48YTKoaAEIbkpRJHpfms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/8Zzwl3G48YTKoaAEIbkpRJHpfms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8Zzwl3G48YTKoaAEIbkpRJHpfms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3b:0b:2b:5b:3c:40:b7:a8:7a:46:04:9d:26:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19cf09771b8f184caa1a00421b9294491e97e6b
        Validity
            Not Before: Jan  1 16:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d4412c74e36ef85a9467767c9aaeb7dfde71844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:84:08:65:46:11:69:5e:00:6d:1a:4a:6c:bb:
                    e7:fa:9a:e6:36:3f:b4:38:68:4d:5e:fc:9f:19:4a:
                    19:27:8b:dd:37:d6:4c:f8:73:a8:5f:17:dc:5e:54:
                    5e:b3:99:6a:42:77:f7:f5:7e:f8:61:3e:da:22:ab:
                    3b:69:52:cb:29:16:16:4d:71:46:93:8e:d2:3e:b4:
                    f8:dc:6c:f6:24:18:0c:ad:82:91:72:d3:6a:e9:b2:
                    39:37:fa:b6:8e:1d:b9:3f:2d:dc:03:9f:75:2c:73:
                    f4:22:e9:af:b4:6b:16:7b:38:cc:67:30:5e:13:d1:
                    55:de:0d:e6:7f:ad:71:e3:ac:d1:18:37:8c:40:c5:
                    a8:7b:af:1b:7e:cf:14:65:8d:57:93:af:4c:6a:4b:
                    3b:91:88:a2:72:e2:12:80:00:a9:9a:9d:2a:b4:60:
                    64:2c:36:9a:58:27:3e:a4:ff:ed:33:5d:c5:db:a6:
                    2f:9d:af:41:8a:9f:3a:c3:25:76:a1:fd:03:4b:02:
                    55:f5:78:94:29:39:3c:0d:dd:b9:6f:21:7f:69:14:
                    30:69:09:b7:4a:ec:e3:db:f2:fd:69:2e:36:30:cb:
                    55:71:fc:cc:b1:9b:c3:59:97:8a:78:04:34:bd:f0:
                    9e:f7:95:49:7a:d6:b9:c8:82:9a:8f:57:a1:9a:50:
                    86:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:44:12:C7:4E:36:EF:85:A9:46:77:67:C9:AA:EB:7D:FD:E7:18:44
            X509v3 Authority Key Identifier:
                keyid:F1:9C:F0:97:71:B8:F1:84:CA:A1:A0:04:21:B9:29:44:91:E9:7E:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Zzwl3G48YTKoaAEIbkpRJHpfms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/DUQSx04274WpRndnyarrff3nGEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/650c97-4eb6-4c91-b5a3-dc1db67db3cb/1/8Zzwl3G48YTKoaAEIbkpRJHpfms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.78.97.0-217.78.111.255
                IPv6:
                  2a02:6700::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:2c:e5:a5:51:60:88:28:e6:76:dc:6f:fc:08:29:b1:c1:10:
         ad:4d:5a:55:85:59:86:73:f2:b6:b9:87:8b:ba:ae:68:4e:99:
         02:eb:4e:0c:b4:48:57:33:b6:38:73:64:7d:52:45:4c:67:29:
         2f:0d:86:e5:5d:af:d5:d1:39:0d:e9:b9:af:cf:99:c6:b9:c6:
         d8:57:2c:79:ab:d8:d6:a2:84:8d:33:e9:67:8d:cc:11:3c:84:
         38:20:b7:49:24:4e:5c:7f:13:24:0a:22:56:ac:ae:9b:b3:cc:
         31:b1:28:56:c5:98:d2:21:e9:cc:58:df:2f:7a:59:3a:18:8a:
         4a:71:ea:a8:d0:86:d5:37:a3:ae:79:f2:86:35:36:eb:2f:7f:
         50:e9:95:7c:83:66:de:6e:8e:45:40:25:cb:03:24:29:f7:68:
         b2:f0:95:c6:b6:3f:6e:16:41:4b:ef:90:60:9b:d2:e2:ba:e8:
         1b:65:d2:a3:6e:a6:02:44:00:68:01:b6:d0:a0:07:eb:17:23:
         4e:70:60:1c:fb:15:ad:0a:83:a0:72:a3:de:a8:3e:c6:47:ba:
         3f:ac:c5:df:18:81:26:ec:c5:67:af:e0:e0:01:4f:e7:ef:a9:
         3a:03:83:3c:90:90:c7:8e:67:01:c6:40:82:81:a7:01:32:42:
         15:0c:a8:c2
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzF3DsLK1s8QLeoekYEnSbxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOWNmMDk3NzFiOGYxODRjYWExYTAwNDIxYjkyOTQ0OTFl
OTdlNmIwHhcNMjQwMTAxMTYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQ0MTJjNzRlMzZlZjg1YTk0Njc3NjdjOWFhZWI3ZGZkZTcxODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIQIZUYRaV4AbRpKbLvn+prmNj+0
OGhNXvyfGUoZJ4vdN9ZM+HOoXxfcXlRes5lqQnf39X74YT7aIqs7aVLLKRYWTXFG
k47SPrT43Gz2JBgMrYKRctNq6bI5N/q2jh25Py3cA591LHP0IumvtGsWezjMZzBe
E9FV3g3mf61x46zRGDeMQMWoe68bfs8UZY1Xk69Maks7kYiicuISgACpmp0qtGBk
LDaaWCc+pP/tM13F26Yvna9Bip86wyV2of0DSwJV9XiUKTk8Dd25byF/aRQwaQm3
Suzj2/L9aS42MMtVcfzMsZvDWZeKeAQ0vfCe95VJeta5yIKaj1ehmlCGnwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFA1EEsdONu+FqUZ3Z8mq63395xhEMB8GA1UdIwQY
MBaAFPGc8JdxuPGEyqGgBCG5KUSR6X5rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFp6d2wzRzQ4WVRLb2FBRUlia3BSSkhwZm1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82NTBjOTctNGViNi00YzkxLWI1YTMt
ZGMxZGI2N2RiM2NiLzEvRFVRU3gwNDI3NFdwUm5kbnlhcnJmZjNuR0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82NTBjOTctNGViNi00YzkxLWI1YTMtZGMxZGI2N2RiM2Ni
LzEvOFp6d2wzRzQ4WVRLb2FBRUlia3BSSkhwZm1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBADZTmED
BATZTmAwDQQCAAIwBwMFACoCZwAwDQYJKoZIhvcNAQELBQADggEBAEUs5aVRYIgo
5nbcb/wIKbHBEK1NWlWFWYZz8ra5h4u6rmhOmQLrTgy0SFcztjhzZH1SRUxnKS8N
huVdr9XROQ3pua/Pmca5xthXLHmr2NaihI0z6WeNzBE8hDggt0kkTlx/EyQKIlas
rpuzzDGxKFbFmNIh6cxY3y96WToYikpx6qjQhtU3o6558oY1Nusvf1DplXyDZt5u
jkVAJcsDJCn3aLLwlca2P24WQUvvkGCb0uK66Btl0qNupgJEAGgBttCgB+sXI05w
YBz7Fa0Kg6Byo96oPsZHuj+sxd8YgSbsxWev4OABT+fvqToDgzyQkMeOZwHGQIKB
pwEyQhUMqMI=
-----END CERTIFICATE-----
Generated at Sat Nov 23 08:46:15 2024 by rpki-client on console-fra.rpki-client.org