Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/qyaweZi6Z-M5f4pXSXT-2MEVYIE.roa
File:                     qyaweZi6Z-M5f4pXSXT-2MEVYIE.roa (raw, json)
Hash identifier:          aoU5TLAROdBTg2egHSRdcZBVZfQeXldNRI1MtlVMiZA=
Subject key identifier:   AB:26:B0:79:98:BA:67:E3:39:7F:8A:57:49:74:FE:D8:C1:15:60:81
Certificate issuer:       /CN=6a37982207e62ded0691dcb18ef6ea32d413f3f6
Certificate serial:       018CCA2B882C3796A4306F8A21D91F5197CC
Authority key identifier: 6A:37:98:22:07:E6:2D:ED:06:91:DC:B1:8E:F6:EA:32:D4:13:F3:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/qyaweZi6Z-M5f4pXSXT-2MEVYIE.roa
Signing time:             Tue 02 Jan 2024 12:34:59 +0000
ROA not before:           Tue 02 Jan 2024 12:34:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42184
IP address blocks:        89.251.128.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:88:2c:37:96:a4:30:6f:8a:21:d9:1f:51:97:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a37982207e62ded0691dcb18ef6ea32d413f3f6
        Validity
            Not Before: Jan  2 12:34:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab26b07998ba67e3397f8a574974fed8c1156081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f6:7b:cb:3f:7d:8b:16:95:e6:9e:99:60:c9:
                    1c:4a:d8:4a:3f:56:7a:96:cf:9d:4d:b8:f7:20:85:
                    1d:a6:b6:83:4a:3f:27:93:4a:a6:c0:70:28:bb:59:
                    26:8f:6f:93:58:36:7e:38:fa:56:f8:69:2f:9c:98:
                    b4:cd:b5:1a:59:32:f2:21:9c:d2:da:f2:70:62:25:
                    2e:3c:30:6e:03:6b:29:b0:77:f6:57:76:2d:be:88:
                    9b:5e:8a:56:a4:82:29:bd:40:1c:0e:53:1e:88:1d:
                    98:d9:24:ff:75:76:33:2b:85:58:91:fa:8f:64:bc:
                    63:88:63:2b:70:32:4d:e4:ed:bc:e1:ec:3f:ec:ab:
                    f8:49:93:ec:67:fd:bc:4d:64:54:e2:57:de:74:ed:
                    d0:68:c2:72:e2:24:f6:0e:7f:80:62:94:59:da:1a:
                    18:53:db:cf:23:ae:35:fa:01:dd:06:7a:af:83:42:
                    72:e0:c0:ae:97:1b:f2:9b:33:e2:05:25:0e:ff:6e:
                    d7:24:6c:13:d3:42:2d:1a:b8:e1:5a:a6:fa:f6:3d:
                    b7:74:fe:d1:b7:21:b1:56:45:0f:a6:5d:a7:07:dd:
                    9e:5c:62:f0:11:92:e7:5d:e1:8b:2c:d9:a2:6e:7d:
                    05:82:4c:05:90:59:e8:3a:8a:b9:7d:5b:0f:ce:52:
                    a8:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:26:B0:79:98:BA:67:E3:39:7F:8A:57:49:74:FE:D8:C1:15:60:81
            X509v3 Authority Key Identifier:
                keyid:6A:37:98:22:07:E6:2D:ED:06:91:DC:B1:8E:F6:EA:32:D4:13:F3:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/qyaweZi6Z-M5f4pXSXT-2MEVYIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/b811d5-ba35-423d-862f-23531654e589/1/ajeYIgfmLe0GkdyxjvbqMtQT8_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:cf:5f:41:6e:57:09:13:b4:94:53:a3:78:d6:61:22:ab:b8:
         30:54:42:e5:fe:91:57:4e:5d:e6:fe:2b:e3:71:4d:92:e8:16:
         5e:d3:43:2c:9d:21:f9:4d:42:09:ba:4f:5a:7e:a6:bd:8f:89:
         6a:d3:ae:2b:dc:f9:76:63:ac:35:90:1f:e7:21:37:5b:74:42:
         86:11:95:55:f3:6c:51:5f:fe:2f:b4:1e:37:07:62:55:78:ba:
         f1:0e:9f:d9:c7:00:70:c0:b8:28:a7:d1:8a:ef:92:90:87:27:
         70:5f:c2:8a:35:a2:1c:80:48:83:66:72:5d:2c:b3:2a:a6:38:
         10:7d:21:8c:8f:3f:ab:32:c4:af:f2:3f:09:5e:0f:65:36:bc:
         7e:60:a9:6f:8d:7a:bd:96:02:49:de:24:44:ab:cc:de:92:b4:
         13:76:12:e0:40:b1:0d:22:9d:e3:7e:cd:6d:56:ed:0a:7d:f0:
         1d:62:18:94:15:49:2c:9a:a4:4b:98:27:ac:3b:26:80:d5:88:
         00:9c:f9:48:3d:a3:18:60:aa:e9:0a:78:65:01:40:7a:e3:17:
         b2:2e:ee:2c:34:c3:26:b0:67:88:40:29:8b:75:ff:2e:1c:e3:
         5e:2d:eb:6d:00:2e:78:74:4d:be:7b:9a:7a:67:35:cd:21:2d:
         5a:ab:ae:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK4gsN5akMG+KIdkfUZfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMzc5ODIyMDdlNjJkZWQwNjkxZGNiMThlZjZlYTMyZDQx
M2YzZjYwHhcNMjQwMTAyMTIzNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjI2YjA3OTk4YmE2N2UzMzk3ZjhhNTc0OTc0ZmVkOGMxMTU2MDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPZ7yz99ixaV5p6ZYMkcSthKP1Z6
ls+dTbj3IIUdpraDSj8nk0qmwHAou1kmj2+TWDZ+OPpW+GkvnJi0zbUaWTLyIZzS
2vJwYiUuPDBuA2spsHf2V3YtvoibXopWpIIpvUAcDlMeiB2Y2ST/dXYzK4VYkfqP
ZLxjiGMrcDJN5O284ew/7Kv4SZPsZ/28TWRU4lfedO3QaMJy4iT2Dn+AYpRZ2hoY
U9vPI641+gHdBnqvg0Jy4MCulxvymzPiBSUO/27XJGwT00ItGrjhWqb69j23dP7R
tyGxVkUPpl2nB92eXGLwEZLnXeGLLNmibn0FgkwFkFnoOoq5fVsPzlKotwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsmsHmYumfjOX+KV0l0/tjBFWCBMB8GA1UdIwQY
MBaAFGo3mCIH5i3tBpHcsY726jLUE/P2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWplWUlnZm1MZTBHa2R5eGp2YnFNdFFUOF9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9iODExZDUtYmEzNS00MjNkLTg2MmYt
MjM1MzE2NTRlNTg5LzEvcXlhd2VaaTZaLU01ZjRwWFNYVC0yTUVWWUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9iODExZDUtYmEzNS00MjNkLTg2MmYtMjM1MzE2NTRlNTg5
LzEvYWplWUlnZm1MZTBHa2R5eGp2YnFNdFFUOF9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWfuAMA0G
CSqGSIb3DQEBCwUAA4IBAQAQz19BblcJE7SUU6N41mEiq7gwVELl/pFXTl3m/ivj
cU2S6BZe00MsnSH5TUIJuk9afqa9j4lq064r3Pl2Y6w1kB/nITdbdEKGEZVV82xR
X/4vtB43B2JVeLrxDp/ZxwBwwLgop9GK75KQhydwX8KKNaIcgEiDZnJdLLMqpjgQ
fSGMjz+rMsSv8j8JXg9lNrx+YKlvjXq9lgJJ3iREq8zekrQTdhLgQLENIp3jfs1t
Vu0KffAdYhiUFUksmqRLmCesOyaA1YgAnPlIPaMYYKrpCnhlAUB64xeyLu4sNMMm
sGeIQCmLdf8uHONeLettAC54dE2+e5p6ZzXNIS1aq66m
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:56:18 2024 by rpki-client on console-ams.rpki-client.org