Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/KQzuC7TEzVd8SYmxAqelUhEFYEQ.roa
File:                     KQzuC7TEzVd8SYmxAqelUhEFYEQ.roa (raw, json)
Hash identifier:          zif3ZruXP6qs7u1JJizympbwHoKy2KqCPM2sHOoaH7o=
Subject key identifier:   29:0C:EE:0B:B4:C4:CD:57:7C:49:89:B1:02:A7:A5:52:11:05:60:44
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       0191320577AD28475D9D74F298A0870F3678
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/KQzuC7TEzVd8SYmxAqelUhEFYEQ.roa
Signing time:             Thu 08 Aug 2024 12:45:04 +0000
ROA not before:           Thu 08 Aug 2024 12:45:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        89.44.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Dec 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:05:77:ad:28:47:5d:9d:74:f2:98:a0:87:0f:36:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug  8 12:45:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=290cee0bb4c4cd577c4989b102a7a55211056044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5d:3b:8c:69:ca:9b:8c:fb:7a:9c:95:9b:42:
                    38:b7:ac:46:d2:53:c7:c7:57:b4:15:ed:5c:f5:86:
                    6c:1f:7d:42:06:b5:90:a2:4b:55:9f:db:30:e3:b3:
                    e4:78:45:cb:81:ab:b5:8e:e5:7b:ae:2f:25:52:d1:
                    a4:72:ef:44:af:ca:2b:87:8d:64:f9:94:9c:99:eb:
                    85:5e:45:27:9a:b1:1c:26:c7:b4:f0:49:f0:83:90:
                    24:33:b6:ee:cd:ba:df:fa:1e:ac:4e:23:5b:c5:75:
                    ac:1e:fa:69:3b:92:d2:f6:b4:05:9d:b0:5d:dc:0e:
                    d1:fb:37:0d:83:3e:bd:af:c3:cd:16:dc:4e:ea:da:
                    3c:2d:06:61:16:9d:e3:9d:5c:fb:1d:93:d7:ad:ed:
                    bf:da:fc:29:48:73:d3:cf:e8:99:68:0a:fd:62:68:
                    14:31:0c:8e:b3:50:80:2f:f0:59:8a:6b:d4:db:23:
                    5d:8e:7b:a4:fb:8f:03:eb:08:46:a5:0f:bd:ee:b3:
                    45:fe:5f:9f:da:25:ca:5a:bf:32:ed:4e:80:83:24:
                    56:62:98:44:0d:7f:4c:a2:1c:97:73:f2:f4:5c:2a:
                    94:54:67:5e:bb:23:2b:5d:ae:42:46:fe:af:d9:38:
                    92:bc:d0:ec:59:ce:fd:df:79:8e:d9:c0:d9:dc:e4:
                    a9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:0C:EE:0B:B4:C4:CD:57:7C:49:89:B1:02:A7:A5:52:11:05:60:44
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/KQzuC7TEzVd8SYmxAqelUhEFYEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:48:90:ff:8d:30:25:ae:7e:c9:4e:0a:69:ac:ca:1a:0d:0b:
         31:04:d5:02:fa:b4:9e:c9:ac:30:27:26:61:09:1d:f6:ab:c3:
         35:b1:0d:bf:83:c7:f6:23:76:64:e1:51:68:fd:d7:2e:9c:e1:
         40:85:e5:65:a7:ae:f6:df:ef:42:6b:a3:3e:58:75:6a:77:ce:
         d8:68:47:50:b7:96:f3:df:29:95:3b:4e:91:75:09:2c:6a:ad:
         82:4e:f9:33:c9:05:be:55:4d:60:0e:e1:a9:b3:78:f1:77:6d:
         f9:22:4c:b1:52:20:da:f2:ce:24:9b:67:37:b6:20:dd:a0:ab:
         70:f9:e3:4e:d2:c0:02:a0:e6:13:ab:f9:52:33:23:7d:6a:ce:
         db:be:57:4f:b5:59:8c:bc:11:62:01:0f:7a:91:19:30:aa:9a:
         3a:fc:f0:2e:64:26:55:ed:d5:d1:b8:a4:ce:f3:4d:d6:4e:77:
         3c:2c:7c:9f:fb:da:b2:30:ae:28:2e:9e:d7:cc:c6:2a:19:1d:
         0f:1a:2a:82:79:54:63:43:f0:87:7a:5a:b7:6a:e9:d7:99:fd:
         5e:73:b0:87:55:c5:ef:b8:e6:97:26:9f:8d:80:8d:28:67:2b:
         f1:3b:7b:12:bb:92:f0:60:96:a5:24:aa:8f:f1:43:e2:7e:fe:
         ea:04:fc:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEyBXetKEddnXTymKCHDzZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwODA4MTI0NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTBjZWUwYmI0YzRjZDU3N2M0OTg5YjEwMmE3YTU1MjExMDU2MDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuF07jGnKm4z7epyVm0I4t6xG0lPH
x1e0Fe1c9YZsH31CBrWQoktVn9sw47PkeEXLgau1juV7ri8lUtGkcu9Er8orh41k
+ZScmeuFXkUnmrEcJse08Enwg5AkM7buzbrf+h6sTiNbxXWsHvppO5LS9rQFnbBd
3A7R+zcNgz69r8PNFtxO6to8LQZhFp3jnVz7HZPXre2/2vwpSHPTz+iZaAr9YmgU
MQyOs1CAL/BZimvU2yNdjnuk+48D6whGpQ+97rNF/l+f2iXKWr8y7U6AgyRWYphE
DX9MohyXc/L0XCqUVGdeuyMrXa5CRv6v2TiSvNDsWc7933mO2cDZ3OSppQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkM7gu0xM1XfEmJsQKnpVIRBWBEMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvS1F6dUM3VEV6VmQ4U1lteEFxZWxVaEVGWUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSxmMA0G
CSqGSIb3DQEBCwUAA4IBAQAXSJD/jTAlrn7JTgpprMoaDQsxBNUC+rSeyawwJyZh
CR32q8M1sQ2/g8f2I3Zk4VFo/dcunOFAheVlp6723+9Ca6M+WHVqd87YaEdQt5bz
3ymVO06RdQksaq2CTvkzyQW+VU1gDuGps3jxd235IkyxUiDa8s4km2c3tiDdoKtw
+eNO0sACoOYTq/lSMyN9as7bvldPtVmMvBFiAQ96kRkwqpo6/PAuZCZV7dXRuKTO
803WTnc8LHyf+9qyMK4oLp7XzMYqGR0PGiqCeVRjQ/CHelq3aunXmf1ec7CHVcXv
uOaXJp+NgI0oZyvxO3sSu5LwYJalJKqP8UPifv7qBPyn
-----END CERTIFICATE-----
Generated at Fri Dec 13 16:29:25 2024 by rpki-client on console-ams.rpki-client.org