Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/QoFAobTP3q0TNFC1nd2JvyylSck.roa
File:                     QoFAobTP3q0TNFC1nd2JvyylSck.roa (raw, json)
Hash identifier:          bKzmA5xp4M1d+jbktmc0fHnphG1Bg3/lQV5MTj1qJTo=
Subject key identifier:   42:81:40:A1:B4:CF:DE:AD:13:34:50:B5:9D:DD:89:BF:2C:A5:49:C9
Certificate issuer:       /CN=fe0c14a0bdc119f1ed496202d89be4fd2659ff01
Certificate serial:       018F3D5784863D88DE608F5DF2AEA59C0153
Authority key identifier: FE:0C:14:A0:BD:C1:19:F1:ED:49:62:02:D8:9B:E4:FD:26:59:FF:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/QoFAobTP3q0TNFC1nd2JvyylSck.roa
Signing time:             Fri 03 May 2024 07:24:56 +0000
ROA not before:           Fri 03 May 2024 07:24:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200715
IP address blocks:        37.143.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:57:84:86:3d:88:de:60:8f:5d:f2:ae:a5:9c:01:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe0c14a0bdc119f1ed496202d89be4fd2659ff01
        Validity
            Not Before: May  3 07:24:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=428140a1b4cfdead133450b59ddd89bf2ca549c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a2:3c:bb:39:0c:d5:4e:81:70:1e:1e:9a:9c:
                    e1:de:d1:80:1f:66:ad:c6:47:25:65:6d:7f:28:7d:
                    7e:c4:d9:98:71:13:bd:85:77:04:6a:6a:f8:48:44:
                    19:62:a7:c0:53:20:04:bb:79:5f:a9:c9:4d:73:7b:
                    5c:3c:d5:ea:9a:56:98:35:a6:06:82:84:b8:14:f3:
                    7a:2b:70:c3:75:0e:a9:73:85:f6:26:9f:54:c0:8b:
                    d8:a9:d1:43:d0:e7:49:9a:b7:3f:25:4f:d2:f9:23:
                    32:77:2d:e3:5a:a8:10:8d:04:e9:30:90:3b:46:8d:
                    6a:14:23:53:5e:74:dc:ea:c5:5c:1b:a7:f6:9b:6a:
                    30:bd:7d:d7:22:6a:c8:8d:b9:25:52:2e:37:3c:78:
                    7f:72:2d:ae:ea:69:88:47:b2:86:f7:93:7d:0d:eb:
                    64:9d:4b:42:ef:3b:50:00:6f:bb:af:93:09:3d:01:
                    ef:61:81:39:a8:f8:49:54:07:19:a3:4f:65:06:85:
                    10:d9:65:e5:ea:ea:24:80:18:aa:00:5b:38:30:a1:
                    ac:19:bf:5a:71:6a:be:d8:e5:58:b2:f6:bd:95:4a:
                    dd:10:66:8f:0f:78:fd:b9:b8:ba:4c:8b:4e:0b:34:
                    6b:98:ed:d4:89:b0:c9:ff:13:d0:50:86:65:f8:55:
                    c1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:81:40:A1:B4:CF:DE:AD:13:34:50:B5:9D:DD:89:BF:2C:A5:49:C9
            X509v3 Authority Key Identifier:
                keyid:FE:0C:14:A0:BD:C1:19:F1:ED:49:62:02:D8:9B:E4:FD:26:59:FF:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/QoFAobTP3q0TNFC1nd2JvyylSck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/711d0b-c631-4b6b-8700-cea65bce7324/1/_gwUoL3BGfHtSWIC2Jvk_SZZ_wE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:70:f3:77:51:e9:48:f4:c4:7e:9b:f2:be:4e:61:a9:ad:3b:
         89:55:40:72:4e:b7:ab:16:9d:39:fb:f6:bb:64:56:eb:60:4e:
         ec:df:f1:85:b6:f4:77:f3:93:82:72:8b:e0:d1:d3:1a:9f:c2:
         db:12:4a:fc:8b:bf:81:89:ee:08:2e:dd:81:49:99:6e:f6:66:
         fa:8a:42:9e:14:96:2e:7f:b1:bb:be:8f:b9:21:bb:f3:00:38:
         e2:2d:19:25:3f:2a:d9:f0:e3:d9:ce:f4:ca:ad:64:2b:fc:f0:
         2f:65:15:90:68:f9:19:0e:72:8a:ae:ba:8b:05:7d:8c:2e:c4:
         b4:6e:64:4c:ca:85:a4:a2:cd:15:59:b4:bb:88:cd:51:87:dd:
         9b:52:2f:b8:02:6b:3e:8f:ec:8a:76:41:a3:ab:a2:ff:1b:ab:
         22:df:69:5b:4f:46:f7:e5:d2:bb:2e:ab:5b:1a:c8:4c:dc:77:
         03:3c:53:5e:f5:12:db:31:cd:0f:fb:6d:eb:62:6f:89:76:81:
         ba:1c:83:85:16:db:5a:a4:0f:8b:63:63:c2:f8:0b:90:ad:07:
         1e:a0:36:40:1f:be:a7:57:33:58:84:c9:80:7a:d9:2d:0e:c1:
         03:8b:8b:9a:c5:f2:5d:13:9a:ee:27:0a:f8:6c:5c:22:05:00:
         c2:aa:c1:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY89V4SGPYjeYI9d8q6lnAFTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMGMxNGEwYmRjMTE5ZjFlZDQ5NjIwMmQ4OWJlNGZkMjY1
OWZmMDEwHhcNMjQwNTAzMDcyNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjgxNDBhMWI0Y2ZkZWFkMTMzNDUwYjU5ZGRkODliZjJjYTU0OWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqI8uzkM1U6BcB4empzh3tGAH2at
xkclZW1/KH1+xNmYcRO9hXcEamr4SEQZYqfAUyAEu3lfqclNc3tcPNXqmlaYNaYG
goS4FPN6K3DDdQ6pc4X2Jp9UwIvYqdFD0OdJmrc/JU/S+SMydy3jWqgQjQTpMJA7
Ro1qFCNTXnTc6sVcG6f2m2owvX3XImrIjbklUi43PHh/ci2u6mmIR7KG95N9Detk
nUtC7ztQAG+7r5MJPQHvYYE5qPhJVAcZo09lBoUQ2WXl6uokgBiqAFs4MKGsGb9a
cWq+2OVYsva9lUrdEGaPD3j9ubi6TItOCzRrmO3UibDJ/xPQUIZl+FXBfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKBQKG0z96tEzRQtZ3dib8spUnJMB8GA1UdIwQY
MBaAFP4MFKC9wRnx7UliAtib5P0mWf8BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2d3VW9MM0JHZkh0U1dJQzJKdmtfU1paX3dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83MTFkMGItYzYzMS00YjZiLTg3MDAt
Y2VhNjViY2U3MzI0LzEvUW9GQW9iVFAzcTBUTkZDMW5kMkp2eXlsU2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83MTFkMGItYzYzMS00YjZiLTg3MDAtY2VhNjViY2U3MzI0
LzEvX2d3VW9MM0JHZkh0U1dJQzJKdmtfU1paX3dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJY84MA0G
CSqGSIb3DQEBCwUAA4IBAQCjcPN3UelI9MR+m/K+TmGprTuJVUByTrerFp05+/a7
ZFbrYE7s3/GFtvR385OCcovg0dMan8LbEkr8i7+Bie4ILt2BSZlu9mb6ikKeFJYu
f7G7vo+5IbvzADjiLRklPyrZ8OPZzvTKrWQr/PAvZRWQaPkZDnKKrrqLBX2MLsS0
bmRMyoWkos0VWbS7iM1Rh92bUi+4Ams+j+yKdkGjq6L/G6si32lbT0b35dK7Lqtb
GshM3HcDPFNe9RLbMc0P+23rYm+JdoG6HIOFFttapA+LY2PC+AuQrQceoDZAH76n
VzNYhMmAetktDsEDi4uaxfJdE5ruJwr4bFwiBQDCqsFR
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:57:39 2024 by rpki-client on console-ams.rpki-client.org