Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/q-k9OJB6lmDShSUgxkNbYP1QWs8.roa
File:                     q-k9OJB6lmDShSUgxkNbYP1QWs8.roa (raw, json)
Hash identifier:          iXXi7ZaE3R6JSv2pUC5HJqMyqRPg0oc6N/N2GVVLhpw=
Subject key identifier:   AB:E9:3D:38:90:7A:96:60:D2:85:25:20:C6:43:5B:60:FD:50:5A:CF
Certificate issuer:       /CN=b51e3f6bebcd05291dc5265e08b1cd6c401b9cfd
Certificate serial:       018CC64A464633D90CA43B9E3324088A303D
Authority key identifier: B5:1E:3F:6B:EB:CD:05:29:1D:C5:26:5E:08:B1:CD:6C:40:1B:9C:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tR4_a-vNBSkdxSZeCLHNbEAbnP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/q-k9OJB6lmDShSUgxkNbYP1QWs8.roa
Signing time:             Mon 01 Jan 2024 18:30:05 +0000
ROA not before:           Mon 01 Jan 2024 18:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8495
IP address blocks:        89.146.192.0/18 maxlen: 24
                          85.209.200.0/22 maxlen: 24
                          195.34.160.0/19 maxlen: 24
                          2a01:130::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/tR4_a-vNBSkdxSZeCLHNbEAbnP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/tR4_a-vNBSkdxSZeCLHNbEAbnP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tR4_a-vNBSkdxSZeCLHNbEAbnP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:46:46:33:d9:0c:a4:3b:9e:33:24:08:8a:30:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b51e3f6bebcd05291dc5265e08b1cd6c401b9cfd
        Validity
            Not Before: Jan  1 18:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abe93d38907a9660d2852520c6435b60fd505acf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:70:49:4c:75:25:bd:83:c3:33:a3:cb:ea:ae:
                    fa:d4:7d:bd:bc:41:f2:f0:a1:ff:cf:de:0d:53:17:
                    79:ca:d8:44:45:37:6d:bb:46:95:b4:59:78:48:df:
                    c2:c9:3c:c4:a8:7c:57:87:db:7c:c6:c6:3c:d9:ba:
                    70:31:3a:1d:90:c3:50:a1:40:94:a5:f0:45:d4:9c:
                    e1:da:41:f3:44:82:6c:a2:e4:6d:64:4b:12:83:43:
                    94:99:e5:9f:94:1d:7d:02:6f:13:0c:c3:0a:d4:32:
                    1a:94:14:4b:bd:92:55:72:11:8a:2f:0e:31:80:a2:
                    ac:66:e4:21:e9:eb:09:a2:53:c2:d4:7a:ce:59:90:
                    be:d3:47:da:4d:17:8e:76:e2:7e:e6:d4:16:61:09:
                    bf:66:b8:4a:66:69:b1:71:7e:4a:a9:ef:52:d1:f7:
                    04:31:50:b8:fc:b2:ce:b6:6f:26:49:6f:74:20:0f:
                    54:89:1b:3b:a0:3d:60:a9:c0:1e:d3:c1:f5:ab:08:
                    58:c0:8e:20:b9:1d:fa:fa:bd:a3:ea:57:f1:35:35:
                    ce:11:3b:74:e9:45:85:84:6e:72:51:a9:6b:ea:ce:
                    9a:f9:13:5e:a1:e9:9a:92:78:5b:c7:5c:bf:a1:10:
                    69:76:26:47:c2:40:12:3a:f3:b5:8f:ec:e6:07:41:
                    f0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E9:3D:38:90:7A:96:60:D2:85:25:20:C6:43:5B:60:FD:50:5A:CF
            X509v3 Authority Key Identifier:
                keyid:B5:1E:3F:6B:EB:CD:05:29:1D:C5:26:5E:08:B1:CD:6C:40:1B:9C:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tR4_a-vNBSkdxSZeCLHNbEAbnP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/q-k9OJB6lmDShSUgxkNbYP1QWs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/02fdfd-7ac8-4321-b930-8fa551e6ae75/1/tR4_a-vNBSkdxSZeCLHNbEAbnP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.200.0/22
                  89.146.192.0/18
                  195.34.160.0/19
                IPv6:
                  2a01:130::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:19:4e:2d:08:75:d9:65:23:1b:db:77:eb:4c:54:f7:5d:5f:
         a7:dc:65:c2:e0:f3:49:a7:3f:08:5c:4b:9e:cf:e2:ac:bd:cc:
         3f:76:e4:cc:ab:18:ce:cb:1f:74:63:28:f0:8e:74:93:f9:76:
         92:a3:fc:34:ae:e5:c3:38:d7:27:6d:6c:be:24:9c:23:c6:44:
         9e:51:5d:ad:b9:34:bf:53:0b:a7:9e:34:f1:c1:11:1a:02:68:
         8e:5c:74:e2:df:59:9b:09:83:19:fc:8d:32:1b:45:c5:1f:e9:
         e0:6f:f1:ba:49:ca:81:33:f0:3c:7c:0e:62:2c:cb:18:c0:9d:
         04:04:c4:54:cc:7d:25:3f:bb:41:5c:3e:d1:0f:7f:75:fd:6d:
         ff:4e:2b:74:4a:d1:ef:f9:df:bb:12:57:c8:84:bb:7b:de:50:
         a6:fc:ad:a4:08:3b:91:7a:57:a0:1c:88:ff:3c:fa:55:03:04:
         c6:8f:01:c9:38:ba:79:32:70:43:03:e5:8a:2c:93:48:8d:bc:
         1b:ac:f9:49:f8:6d:6e:fa:ad:c5:a5:09:67:2c:5e:f3:b9:36:
         80:f6:72:7d:23:d1:b6:9f:bf:27:b7:4f:74:b6:6b:28:51:30:
         91:16:9f:42:5a:40:66:d7:7b:a0:a3:8d:93:f3:5a:8a:8b:bb:
         6b:aa:9f:1b
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzGSkZGM9kMpDueMyQIijA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MWUzZjZiZWJjZDA1MjkxZGM1MjY1ZTA4YjFjZDZjNDAx
YjljZmQwHhcNMjQwMTAxMTgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmU5M2QzODkwN2E5NjYwZDI4NTI1MjBjNjQzNWI2MGZkNTA1YWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHBJTHUlvYPDM6PL6q761H29vEHy
8KH/z94NUxd5ythERTdtu0aVtFl4SN/CyTzEqHxXh9t8xsY82bpwMTodkMNQoUCU
pfBF1Jzh2kHzRIJsouRtZEsSg0OUmeWflB19Am8TDMMK1DIalBRLvZJVchGKLw4x
gKKsZuQh6esJolPC1HrOWZC+00faTReOduJ+5tQWYQm/ZrhKZmmxcX5Kqe9S0fcE
MVC4/LLOtm8mSW90IA9UiRs7oD1gqcAe08H1qwhYwI4guR36+r2j6lfxNTXOETt0
6UWFhG5yUalr6s6a+RNeoemaknhbx1y/oRBpdiZHwkASOvO1j+zmB0Hw8wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKvpPTiQepZg0oUlIMZDW2D9UFrPMB8GA1UdIwQY
MBaAFLUeP2vrzQUpHcUmXgixzWxAG5z9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFI0X2Etdk5CU2tkeFNaZUNMSE5iRUFiblAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8wMmZkZmQtN2FjOC00MzIxLWI5MzAt
OGZhNTUxZTZhZTc1LzEvcS1rOU9KQjZsbURTaFNVZ3hrTmJZUDFRV3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8wMmZkZmQtN2FjOC00MzIxLWI5MzAtOGZhNTUxZTZhZTc1
LzEvdFI0X2Etdk5CU2tkeFNaZUNMSE5iRUFiblAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCVdHIAwQG
WZLAAwQFwyKgMA0EAgACMAcDBQAqAQEwMA0GCSqGSIb3DQEBCwUAA4IBAQA3GU4t
CHXZZSMb23frTFT3XV+n3GXC4PNJpz8IXEuez+Ksvcw/duTMqxjOyx90YyjwjnST
+XaSo/w0ruXDONcnbWy+JJwjxkSeUV2tuTS/UwunnjTxwREaAmiOXHTi31mbCYMZ
/I0yG0XFH+ngb/G6ScqBM/A8fA5iLMsYwJ0EBMRUzH0lP7tBXD7RD391/W3/Tit0
StHv+d+7ElfIhLt73lCm/K2kCDuRelegHIj/PPpVAwTGjwHJOLp5MnBDA+WKLJNI
jbwbrPlJ+G1u+q3FpQlnLF7zuTaA9nJ9I9G2n78nt090tmsoUTCRFp9CWkBm13ug
o42T81qKi7trqp8b
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:26:57 2024 by rpki-client on console-ams.rpki-client.org