Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/2qkgVF4JKaqCD7OYA8TqPy3RdnU.roa
File:                     2qkgVF4JKaqCD7OYA8TqPy3RdnU.roa (raw, json)
Hash identifier:          G7FhXX3DLGB6SlXSP+l3xP1/urZ1YMBYYmvVWepv1Fc=
Subject key identifier:   DA:A9:20:54:5E:09:29:AA:82:0F:B3:98:03:C4:EA:3F:2D:D1:76:75
Certificate issuer:       /CN=c75799ff4335b7b1ae7188edfa53fd7e213eb216
Certificate serial:       018CC56EE33BD21F74456E277B464386F0E8
Authority key identifier: C7:57:99:FF:43:35:B7:B1:AE:71:88:ED:FA:53:FD:7E:21:3E:B2:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1eZ_0M1t7GucYjt-lP9fiE-shY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/2qkgVF4JKaqCD7OYA8TqPy3RdnU.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41477
IP address blocks:        91.215.164.0/22 maxlen: 23
                          91.215.166.0/24 maxlen: 24
                          91.215.165.0/24 maxlen: 24
                          91.215.167.0/24 maxlen: 24
                          185.34.164.0/22 maxlen: 23
                          185.34.165.0/24 maxlen: 24
                          185.34.166.0/24 maxlen: 24
                          185.34.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/x1eZ_0M1t7GucYjt-lP9fiE-shY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/x1eZ_0M1t7GucYjt-lP9fiE-shY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x1eZ_0M1t7GucYjt-lP9fiE-shY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e3:3b:d2:1f:74:45:6e:27:7b:46:43:86:f0:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c75799ff4335b7b1ae7188edfa53fd7e213eb216
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=daa920545e0929aa820fb39803c4ea3f2dd17675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:70:90:64:8e:74:11:88:73:5c:b9:5c:b0:64:
                    32:9d:74:f8:fe:43:a1:4f:c4:ac:9a:69:40:1c:aa:
                    0c:bb:1d:62:a2:62:48:00:e4:3a:16:8a:27:1a:9a:
                    c7:8a:4f:df:22:49:75:65:5f:62:5f:0f:e7:03:a1:
                    a1:31:92:54:c9:1e:3e:fb:e3:3c:f4:f0:32:32:de:
                    f8:99:e8:e1:d8:f8:da:6b:a4:37:4f:b7:40:3e:18:
                    94:4e:13:58:d8:ff:25:46:0c:12:04:f2:1d:75:04:
                    7d:91:6d:fb:2b:eb:1d:c1:f2:e9:5c:6d:37:29:f9:
                    7f:07:53:51:2b:fc:90:36:40:8d:23:ff:87:84:99:
                    84:68:73:83:73:ab:07:ce:01:36:37:1e:7f:97:8e:
                    69:28:aa:85:6c:5d:7e:5c:ff:8a:86:33:4c:f3:d8:
                    cf:50:81:b5:73:b2:32:ee:16:fe:96:b7:ca:64:33:
                    fd:45:eb:28:83:e9:b8:a3:71:98:1f:90:df:f9:5a:
                    9a:dd:d4:a8:65:03:05:f7:32:03:9e:0a:1f:75:f8:
                    98:46:71:87:e7:2d:87:db:3b:62:f2:aa:5e:b5:96:
                    14:38:ad:64:67:32:19:e0:5b:39:86:06:6c:ad:b4:
                    94:43:b3:58:c7:0a:2a:73:83:0c:b6:f4:5b:79:9d:
                    49:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A9:20:54:5E:09:29:AA:82:0F:B3:98:03:C4:EA:3F:2D:D1:76:75
            X509v3 Authority Key Identifier:
                keyid:C7:57:99:FF:43:35:B7:B1:AE:71:88:ED:FA:53:FD:7E:21:3E:B2:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1eZ_0M1t7GucYjt-lP9fiE-shY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/2qkgVF4JKaqCD7OYA8TqPy3RdnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1e4c03-f619-47a3-81bd-36ef7aeebe3b/1/x1eZ_0M1t7GucYjt-lP9fiE-shY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.164.0/22
                  185.34.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:17:19:53:0d:9d:00:fb:26:b9:1d:ec:08:59:c8:e2:9e:ee:
         00:95:08:fc:b8:77:b0:e7:da:d0:b8:12:65:6e:6b:43:b1:84:
         c9:b5:aa:cb:1b:3f:00:d1:9d:5c:cd:d2:9e:44:f8:4e:15:a9:
         67:28:49:96:e6:89:8f:9c:79:b4:b9:fd:99:a8:a0:d2:a8:4b:
         b0:92:08:d4:9d:53:d9:4d:44:b9:2b:88:23:48:0a:79:db:4c:
         7b:fc:e7:c6:95:17:d0:7b:d0:36:8f:01:a7:cf:ce:6f:27:2d:
         99:8b:a0:fc:ca:76:11:83:bc:5c:7e:11:a8:2c:f1:30:53:ad:
         b7:cc:8a:7c:bc:e9:0f:76:cd:7b:2e:ab:d9:ce:58:96:a5:fc:
         de:a6:c0:67:4d:60:d1:a9:59:c3:bd:77:71:a4:f8:ae:25:b0:
         a2:0c:d9:e6:0c:2c:65:8a:18:96:f6:a6:9c:00:d9:13:02:f1:
         e9:6a:05:1a:e3:0a:0a:c4:d4:d2:7b:f3:2c:5d:92:0a:5b:4c:
         33:b2:7c:60:76:6d:eb:51:3f:a4:6a:db:e9:d2:2d:6f:6c:10:
         33:8d:0e:99:8a:8f:ae:f7:1c:f8:ca:4a:62:38:2d:ea:05:04:
         4c:70:60:9f:12:35:03:01:41:fd:ba:6d:50:3e:db:63:a2:53:
         8b:97:c7:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbuM70h90RW4ne0ZDhvDoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTc5OWZmNDMzNWI3YjFhZTcxODhlZGZhNTNmZDdlMjEz
ZWIyMTYwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWE5MjA1NDVlMDkyOWFhODIwZmIzOTgwM2M0ZWEzZjJkZDE3Njc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnCQZI50EYhzXLlcsGQynXT4/kOh
T8SsmmlAHKoMux1iomJIAOQ6FoonGprHik/fIkl1ZV9iXw/nA6GhMZJUyR4+++M8
9PAyMt74mejh2Pjaa6Q3T7dAPhiUThNY2P8lRgwSBPIddQR9kW37K+sdwfLpXG03
Kfl/B1NRK/yQNkCNI/+HhJmEaHODc6sHzgE2Nx5/l45pKKqFbF1+XP+KhjNM89jP
UIG1c7Iy7hb+lrfKZDP9Resog+m4o3GYH5Df+Vqa3dSoZQMF9zIDngofdfiYRnGH
5y2H2zti8qpetZYUOK1kZzIZ4Fs5hgZsrbSUQ7NYxwoqc4MMtvRbeZ1JuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNqpIFReCSmqgg+zmAPE6j8t0XZ1MB8GA1UdIwQY
MBaAFMdXmf9DNbexrnGI7fpT/X4hPrIWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFlWl8wTTF0N0d1Y1lqdC1sUDlmaUUtc2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xZTRjMDMtZjYxOS00N2EzLTgxYmQt
MzZlZjdhZWViZTNiLzEvMnFrZ1ZGNEpLYXFDRDdPWUE4VHFQeTNSZG5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xZTRjMDMtZjYxOS00N2EzLTgxYmQtMzZlZjdhZWViZTNi
LzEveDFlWl8wTTF0N0d1Y1lqdC1sUDlmaUUtc2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9ekAwQC
uSKkMA0GCSqGSIb3DQEBCwUAA4IBAQCwFxlTDZ0A+ya5HewIWcjinu4AlQj8uHew
59rQuBJlbmtDsYTJtarLGz8A0Z1czdKeRPhOFalnKEmW5omPnHm0uf2ZqKDSqEuw
kgjUnVPZTUS5K4gjSAp520x7/OfGlRfQe9A2jwGnz85vJy2Zi6D8ynYRg7xcfhGo
LPEwU623zIp8vOkPds17LqvZzliWpfzepsBnTWDRqVnDvXdxpPiuJbCiDNnmDCxl
ihiW9qacANkTAvHpagUa4woKxNTSe/MsXZIKW0wzsnxgdm3rUT+katvp0i1vbBAz
jQ6Zio+u9xz4ykpiOC3qBQRMcGCfEjUDAUH9um1QPttjolOLl8ej
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:14:17 2024 by rpki-client on console-fra.rpki-client.org