Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/kqQ7pPITj79d4W_1ortCBpzvcxc.roa
File:                     kqQ7pPITj79d4W_1ortCBpzvcxc.roa (raw, json)
Hash identifier:          akx5Yi0kh5U1BK87ybgykYCap5lEnV9dVxzwXgLIsVs=
Subject key identifier:   92:A4:3B:A4:F2:13:8F:BF:5D:E1:6F:F5:A2:BB:42:06:9C:EF:73:17
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F8E1ADB687C28281E620020627935
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/kqQ7pPITj79d4W_1ortCBpzvcxc.roa
Signing time:             Tue 02 Jan 2024 04:30:03 +0000
ROA not before:           Tue 02 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34073
IP address blocks:        94.100.10.0/24 maxlen: 24
                          87.246.172.0/24 maxlen: 24
                          81.198.73.0/24 maxlen: 24
                          81.198.192.0/22 maxlen: 24
                          81.198.194.0/24 maxlen: 24
                          87.110.221.0/24 maxlen: 24
                          87.110.220.0/24 maxlen: 24
                          2a02:2330:b2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8e:1a:db:68:7c:28:28:1e:62:00:20:62:79:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92a43ba4f2138fbf5de16ff5a2bb42069cef7317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b3:b3:56:89:5c:d5:9e:5a:74:b5:45:66:8a:
                    0c:e3:7c:9f:02:8a:6a:58:68:1c:12:0e:70:c4:42:
                    26:3c:18:2e:f4:30:27:07:62:c6:07:0d:c9:f0:89:
                    ec:98:06:f7:6e:0c:fa:b7:7d:be:e5:62:53:52:2f:
                    22:d2:98:f9:e3:7b:2d:f9:79:1c:28:54:6f:6b:42:
                    de:92:08:2d:2e:02:da:f1:42:ed:a4:4a:7c:47:40:
                    18:bc:af:35:ba:c2:13:af:f5:4a:87:28:be:ea:bc:
                    df:7d:13:33:8b:97:5f:a0:0b:76:f8:9a:2c:11:b0:
                    f0:fe:13:3e:d6:14:11:48:34:5e:a3:b2:cb:9f:2f:
                    96:42:2c:57:b4:9f:72:d0:b0:ae:f2:0d:1c:21:c0:
                    53:d0:4c:66:23:4f:7f:8d:cd:96:f9:51:cf:49:81:
                    1f:d0:d4:2e:4f:70:37:16:23:6f:6b:8b:ad:2f:60:
                    df:e1:fe:3b:20:40:37:b0:91:95:5e:12:f8:cc:16:
                    ca:6c:ad:e1:35:2f:78:f6:89:02:fc:55:c6:90:f5:
                    92:41:6c:67:e3:7e:85:14:0c:57:98:84:45:19:b9:
                    bb:be:d1:60:bd:8f:5b:7d:28:9e:a8:70:9d:c4:9c:
                    fa:37:9c:18:47:aa:6d:1f:30:d0:56:62:4e:9b:5d:
                    09:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A4:3B:A4:F2:13:8F:BF:5D:E1:6F:F5:A2:BB:42:06:9C:EF:73:17
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/kqQ7pPITj79d4W_1ortCBpzvcxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.198.73.0/24
                  81.198.192.0/22
                  87.110.220.0/23
                  87.246.172.0/24
                  94.100.10.0/24
                IPv6:
                  2a02:2330:b2::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:54:7a:09:6f:30:2b:f0:2c:78:7e:b3:04:e7:b0:25:73:68:
         be:d5:c7:8b:8e:29:78:ab:9d:1b:e0:70:4a:66:be:ec:7e:25:
         a2:a1:8d:8f:f0:d2:a6:28:8b:9b:21:e7:3a:38:87:93:3b:a1:
         f9:7c:13:69:25:9b:47:b1:38:91:00:33:2b:0a:0f:45:b1:08:
         54:c1:d2:90:7a:7e:01:5a:9a:50:17:55:35:a1:33:d0:78:52:
         f3:1e:2d:39:35:13:f0:e3:2d:ba:ad:44:9d:dd:d5:b8:35:a0:
         3c:7d:f0:ae:36:51:7c:a0:64:cd:29:5a:83:2a:ca:cc:5a:fd:
         6a:ad:50:68:22:36:2f:0c:b5:91:5b:ff:59:1d:3d:a2:51:dc:
         8b:e9:f2:39:5b:a9:d0:7e:c2:14:00:8e:c4:86:4b:16:00:27:
         05:49:69:3e:7e:d2:2b:5d:96:e4:36:05:93:f6:e0:dc:0f:fd:
         a1:b0:eb:1e:aa:de:ed:e6:60:7d:a5:b5:a2:6d:2b:cd:9d:18:
         0b:5d:0c:7e:e0:57:ea:ab:bc:d1:f6:f7:d7:a2:95:36:ec:6f:
         e9:96:16:53:1a:d3:da:50:d9:cb:4a:77:71:ab:ea:7e:4e:94:
         4b:44:4a:5c:50:eb:54:2a:c1:b1:f2:95:be:f8:85:d5:86:58:
         0c:34:27:b8
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzIb44a22h8KCgeYgAgYnk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmE0M2JhNGYyMTM4ZmJmNWRlMTZmZjVhMmJiNDIwNjljZWY3MzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrOzVolc1Z5adLVFZooM43yfAopq
WGgcEg5wxEImPBgu9DAnB2LGBw3J8InsmAb3bgz6t32+5WJTUi8i0pj543st+Xkc
KFRva0LekggtLgLa8ULtpEp8R0AYvK81usITr/VKhyi+6rzffRMzi5dfoAt2+Jos
EbDw/hM+1hQRSDReo7LLny+WQixXtJ9y0LCu8g0cIcBT0ExmI09/jc2W+VHPSYEf
0NQuT3A3FiNva4utL2Df4f47IEA3sJGVXhL4zBbKbK3hNS949okC/FXGkPWSQWxn
436FFAxXmIRFGbm7vtFgvY9bfSieqHCdxJz6N5wYR6ptHzDQVmJOm10JZQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJKkO6TyE4+/XeFv9aK7Qgac73MXMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEva3FRN3BQSVRqNzlkNFdfMW9ydENCcHp2Y3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQAUcZJAwQC
UcbAAwQBV27cAwQAV/asAwQAXmQKMA8EAgACMAkDBwAqAiMwALIwDQYJKoZIhvcN
AQELBQADggEBACxUeglvMCvwLHh+swTnsCVzaL7Vx4uOKXirnRvgcEpmvux+JaKh
jY/w0qYoi5sh5zo4h5M7ofl8E2klm0exOJEAMysKD0WxCFTB0pB6fgFamlAXVTWh
M9B4UvMeLTk1E/DjLbqtRJ3d1bg1oDx98K42UXygZM0pWoMqysxa/WqtUGgiNi8M
tZFb/1kdPaJR3Ivp8jlbqdB+whQAjsSGSxYAJwVJaT5+0itdluQ2BZP24NwP/aGw
6x6q3u3mYH2ltaJtK82dGAtdDH7gV+qrvNH299eilTbsb+mWFlMa09pQ2ctKd3Gr
6n5OlEtESlxQ61QqwbHylb74hdWGWAw0J7g=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:24:50 2024 by rpki-client on console-ams.rpki-client.org