Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/066221-0eeb-42d9-9c07-fc69e0bca622/1/1-Q4pDvmpZIPP7TOHf6tcH9MxxPI.roa
File:                     1-Q4pDvmpZIPP7TOHf6tcH9MxxPI.roa (raw, json)
Hash identifier:          nVDZ84mR+NQHTVdr+CQKvDdTotonDBXu00EF1uw2K+s=
Subject key identifier:   F9:0E:29:0E:F9:A9:64:83:CF:ED:33:87:7F:AB:5C:1F:D3:31:C4:F2
Certificate issuer:       /CN=1b21dbffb192e14919cfe2786baf44840c3aca3c
Certificate serial:       018CC94BE90044FE0F03D7FE111EA3F63749
Authority key identifier: 1B:21:DB:FF:B1:92:E1:49:19:CF:E2:78:6B:AF:44:84:0C:3A:CA:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GyHb_7GS4UkZz-J4a69EhAw6yjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/066221-0eeb-42d9-9c07-fc69e0bca622/1/1-Q4pDvmpZIPP7TOHf6tcH9MxxPI.roa
Signing time:             Tue 02 Jan 2024 08:30:44 +0000
ROA not before:           Tue 02 Jan 2024 08:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203348
IP address blocks:        193.201.166.0/24 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/066221-0eeb-42d9-9c07-fc69e0bca622/1/GyHb_7GS4UkZz-J4a69EhAw6yjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/066221-0eeb-42d9-9c07-fc69e0bca622/1/GyHb_7GS4UkZz-J4a69EhAw6yjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GyHb_7GS4UkZz-J4a69EhAw6yjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e9:00:44:fe:0f:03:d7:fe:11:1e:a3:f6:37:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b21dbffb192e14919cfe2786baf44840c3aca3c
        Validity
            Not Before: Jan  2 08:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f90e290ef9a96483cfed33877fab5c1fd331c4f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:62:d8:61:82:9e:37:27:27:19:74:24:86:2d:
                    0c:89:70:a8:1b:1b:5e:67:66:7f:ed:ee:8b:41:e1:
                    f0:06:0e:bd:58:41:58:ba:e3:36:94:75:65:de:01:
                    a2:53:e9:70:25:a2:41:75:3a:8b:e2:cb:33:e0:16:
                    21:79:e4:74:3e:2d:9e:4f:d0:28:1d:d9:d6:75:e0:
                    bb:7d:9e:9f:be:29:82:bf:16:7a:c8:5a:15:ad:55:
                    61:3c:c6:03:1c:c2:46:e0:b9:7b:fd:4a:60:7e:b0:
                    e2:02:c5:7c:f3:aa:73:9f:2f:16:c4:ca:74:cf:be:
                    45:85:30:fc:59:c3:6f:7a:1b:9d:1a:1b:56:79:29:
                    90:b1:95:7d:24:98:7c:75:e8:83:c4:e9:7b:a9:f0:
                    af:53:35:24:9b:81:60:f6:cb:aa:20:23:13:b6:bc:
                    23:84:24:74:89:db:e6:2c:5a:7f:c8:30:e3:b7:2d:
                    56:21:8f:a6:a9:c2:78:3c:b8:6b:07:a7:aa:b9:10:
                    d7:3f:a4:b0:98:d2:d0:90:c7:79:dc:fd:5b:86:6f:
                    2f:5d:61:2d:28:f8:d8:fb:c5:01:f2:3f:d9:c0:c2:
                    b9:0e:46:86:58:9c:34:82:c6:97:fd:ea:24:7e:76:
                    f0:88:4b:eb:73:31:0f:1c:75:b3:a2:11:ef:1a:5a:
                    39:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:0E:29:0E:F9:A9:64:83:CF:ED:33:87:7F:AB:5C:1F:D3:31:C4:F2
            X509v3 Authority Key Identifier:
                keyid:1B:21:DB:FF:B1:92:E1:49:19:CF:E2:78:6B:AF:44:84:0C:3A:CA:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GyHb_7GS4UkZz-J4a69EhAw6yjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/066221-0eeb-42d9-9c07-fc69e0bca622/1/1-Q4pDvmpZIPP7TOHf6tcH9MxxPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/066221-0eeb-42d9-9c07-fc69e0bca622/1/GyHb_7GS4UkZz-J4a69EhAw6yjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:b2:a4:62:d2:2c:7a:46:eb:ae:ab:3e:bc:3e:5b:9c:ac:a9:
         f1:7e:13:ae:fd:ae:a9:5e:fb:8e:f4:67:b5:bd:4d:d9:ec:c2:
         b9:f7:ec:31:98:93:e3:89:fa:61:21:af:d9:71:94:82:13:56:
         b0:5c:bb:b4:a9:ab:39:0e:e6:a4:6f:7e:ea:65:91:9a:6e:7d:
         00:2b:a1:4a:db:36:2b:a5:76:bb:95:b3:27:12:2b:6d:1d:38:
         da:50:ac:6d:42:bb:d0:15:e6:ca:d8:46:4f:7c:ee:47:77:92:
         4d:75:9b:56:ba:cf:65:ee:9c:e2:0a:22:61:88:17:45:83:62:
         31:48:36:eb:95:bc:8d:de:2a:e2:21:65:35:91:23:ad:90:48:
         ad:49:18:14:51:3c:04:d6:c1:13:39:21:86:95:01:3a:9a:a9:
         9a:72:30:fd:fb:70:61:91:d9:9d:5d:c6:93:e0:1e:b2:20:a3:
         d6:8e:c7:91:f5:ca:46:cc:7b:1a:bd:12:dd:e2:93:e5:3c:e5:
         cd:24:2e:38:26:42:ad:c1:d3:86:13:52:34:81:09:67:d9:26:
         7a:81:7f:6d:b8:98:1b:c0:fc:88:70:d5:22:97:25:8f:30:b1:
         81:1b:9d:69:66:20:b1:02:24:3b:88:96:d4:be:bf:2d:33:aa:
         ee:02:bb:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJS+kARP4PA9f+ER6j9jdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMjFkYmZmYjE5MmUxNDkxOWNmZTI3ODZiYWY0NDg0MGMz
YWNhM2MwHhcNMjQwMTAyMDgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTBlMjkwZWY5YTk2NDgzY2ZlZDMzODc3ZmFiNWMxZmQzMzFjNGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmLYYYKeNycnGXQkhi0MiXCoGxte
Z2Z/7e6LQeHwBg69WEFYuuM2lHVl3gGiU+lwJaJBdTqL4ssz4BYheeR0Pi2eT9Ao
HdnWdeC7fZ6fvimCvxZ6yFoVrVVhPMYDHMJG4Ll7/UpgfrDiAsV886pzny8WxMp0
z75FhTD8WcNvehudGhtWeSmQsZV9JJh8deiDxOl7qfCvUzUkm4Fg9suqICMTtrwj
hCR0idvmLFp/yDDjty1WIY+mqcJ4PLhrB6equRDXP6SwmNLQkMd53P1bhm8vXWEt
KPjY+8UB8j/ZwMK5DkaGWJw0gsaX/eokfnbwiEvrczEPHHWzohHvGlo52wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkOKQ75qWSDz+0zh3+rXB/TMcTyMB8GA1UdIwQY
MBaAFBsh2/+xkuFJGc/ieGuvRIQMOso8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3lIYl83R1M0VWtaei1KNGE2OUVoQXc2eWp3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8wNjYyMjEtMGVlYi00MmQ5LTljMDct
ZmM2OWUwYmNhNjIyLzEvMS1RNHBEdm1wWklQUDdUT0hmNnRjSDlNeHhQSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDUvMDY2MjIxLTBlZWItNDJkOS05YzA3LWZjNjllMGJjYTYy
Mi8xL0d5SGJfN0dTNFVrWnotSjRhNjlFaEF3Nnlqdy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMHJpjAN
BgkqhkiG9w0BAQsFAAOCAQEANbKkYtIsekbrrqs+vD5bnKyp8X4Trv2uqV77jvRn
tb1N2ezCuffsMZiT44n6YSGv2XGUghNWsFy7tKmrOQ7mpG9+6mWRmm59ACuhSts2
K6V2u5WzJxIrbR042lCsbUK70BXmythGT3zuR3eSTXWbVrrPZe6c4goiYYgXRYNi
MUg265W8jd4q4iFlNZEjrZBIrUkYFFE8BNbBEzkhhpUBOpqpmnIw/ftwYZHZnV3G
k+AesiCj1o7HkfXKRsx7Gr0S3eKT5TzlzSQuOCZCrcHThhNSNIEJZ9kmeoF/bbiY
G8D8iHDVIpcljzCxgRudaWYgsQIkO4iW1L6/LTOq7gK7JQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 16:20:02 2024 by rpki-client on console-fra.rpki-client.org