Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/42872a-5617-4ec2-ab8d-c8604720642d/1/QPCcgVd0TuwiCLQdDDUYjpm9gR8.roa
File:                     QPCcgVd0TuwiCLQdDDUYjpm9gR8.roa (raw, json)
Hash identifier:          88ygav6yIv+VnVu9T1Qv+Gl86jFuakl9TbSKftzDTuU=
Subject key identifier:   40:F0:9C:81:57:74:4E:EC:22:08:B4:1D:0C:35:18:8E:99:BD:81:1F
Certificate issuer:       /CN=ba4c685efa6a2c1045637f027a325c0aec79c015
Certificate serial:       018F39FF7F84FCDC9BF7596CAA39D76F21B9
Authority key identifier: BA:4C:68:5E:FA:6A:2C:10:45:63:7F:02:7A:32:5C:0A:EC:79:C0:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ukxoXvpqLBBFY38CejJcCux5wBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/42872a-5617-4ec2-ab8d-c8604720642d/1/QPCcgVd0TuwiCLQdDDUYjpm9gR8.roa
Signing time:             Thu 02 May 2024 15:49:56 +0000
ROA not before:           Thu 02 May 2024 15:49:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12557
IP address blocks:        185.117.180.0/22 maxlen: 22
                          185.117.182.0/24 maxlen: 24
                          2a03:52a0::/32 maxlen: 32
                          2a03:52a0:172::/48 maxlen: 48
                          2a03:52a0:180::/48 maxlen: 48
                          2a03:52a0:181::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/42872a-5617-4ec2-ab8d-c8604720642d/1/ukxoXvpqLBBFY38CejJcCux5wBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/42872a-5617-4ec2-ab8d-c8604720642d/1/ukxoXvpqLBBFY38CejJcCux5wBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ukxoXvpqLBBFY38CejJcCux5wBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:39:ff:7f:84:fc:dc:9b:f7:59:6c:aa:39:d7:6f:21:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba4c685efa6a2c1045637f027a325c0aec79c015
        Validity
            Not Before: May  2 15:49:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40f09c8157744eec2208b41d0c35188e99bd811f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:59:27:dc:bc:44:53:d8:b5:ec:81:c9:27:ff:
                    38:26:d4:c2:22:6b:d3:f5:8f:d6:f8:e3:5d:79:67:
                    d5:98:73:da:cc:eb:c7:d9:14:e3:d9:f1:15:27:ba:
                    73:8b:10:0c:8a:16:30:01:0a:1a:2f:ce:5a:f9:3f:
                    87:eb:89:eb:ea:8c:e7:c3:9e:a9:da:a8:51:93:7d:
                    ee:26:45:de:d8:d1:42:54:c3:39:2e:6b:c0:91:c6:
                    e2:21:1f:80:49:8f:ce:4a:30:40:59:7f:5c:77:ae:
                    b5:2c:b8:6c:5d:9f:81:fa:ee:b9:b0:37:06:86:5a:
                    7c:e1:dc:a6:49:75:02:e2:c1:99:4e:f7:69:35:00:
                    ff:67:2b:35:b9:85:97:4e:5e:b4:69:61:d1:39:ee:
                    c9:cb:5f:27:36:04:c4:4b:dd:e4:19:44:b3:15:91:
                    aa:f6:6c:18:ee:c2:54:ed:7a:e1:11:5d:7d:82:69:
                    28:41:b7:01:15:4f:e2:00:72:2f:6b:70:cc:e1:7b:
                    ef:fd:ec:99:2c:ba:33:4f:36:4b:c3:30:c5:fe:a2:
                    94:a9:95:a8:07:69:e3:16:50:4d:8e:e1:e1:59:ef:
                    d9:0d:e8:0e:c9:d2:1f:88:eb:c1:28:fa:9b:87:41:
                    91:a5:16:58:78:8d:42:d4:84:ab:24:43:36:71:34:
                    8b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F0:9C:81:57:74:4E:EC:22:08:B4:1D:0C:35:18:8E:99:BD:81:1F
            X509v3 Authority Key Identifier:
                keyid:BA:4C:68:5E:FA:6A:2C:10:45:63:7F:02:7A:32:5C:0A:EC:79:C0:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ukxoXvpqLBBFY38CejJcCux5wBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/42872a-5617-4ec2-ab8d-c8604720642d/1/QPCcgVd0TuwiCLQdDDUYjpm9gR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/42872a-5617-4ec2-ab8d-c8604720642d/1/ukxoXvpqLBBFY38CejJcCux5wBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.180.0/22
                IPv6:
                  2a03:52a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:2d:60:e5:80:26:b5:7b:4a:4c:3c:f2:6e:5a:cf:52:46:53:
         4b:06:92:b0:9b:21:46:25:b1:3f:63:c9:c8:8b:08:4e:bc:f3:
         21:c2:2c:7c:3d:f6:14:ed:d9:c4:60:24:f9:d9:7e:19:8b:03:
         30:d9:d3:ba:0b:02:4f:0f:9d:58:cd:ad:10:4e:1a:cf:3f:8e:
         6d:0f:bb:95:3a:77:41:7e:95:6e:e9:ae:ea:f3:8a:84:32:09:
         33:4c:bf:2b:dd:f0:e1:63:ff:d6:d3:5c:49:ad:7b:3d:76:01:
         a3:85:fb:cb:90:86:1c:07:3a:b8:d9:56:a3:3b:5c:dd:77:32:
         47:94:87:d8:a4:53:7d:f0:aa:f7:59:04:0e:bc:62:c2:d4:82:
         57:6e:0b:6a:1c:8a:6a:c8:86:58:80:1a:61:bb:19:ea:70:99:
         76:ac:4e:f5:fa:de:1e:1d:e1:53:88:67:e5:7e:e3:b3:24:4c:
         d1:8f:59:f8:92:de:3e:20:fe:ef:06:c7:fc:6a:e5:0f:3d:8d:
         5b:7a:15:e8:f7:a7:8d:5f:28:e3:ab:8c:d7:98:1f:b6:c0:d2:
         10:64:18:37:d3:dc:68:1b:a2:21:00:46:35:ec:57:12:aa:8b:
         5c:6b:fd:c8:b6:23:ce:18:7c:5f:af:54:98:d7:b2:5f:3c:e6:
         fb:a2:6a:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY85/3+E/Nyb91lsqjnXbyG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNGM2ODVlZmE2YTJjMTA0NTYzN2YwMjdhMzI1YzBhZWM3
OWMwMTUwHhcNMjQwNTAyMTU0OTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGYwOWM4MTU3NzQ0ZWVjMjIwOGI0MWQwYzM1MTg4ZTk5YmQ4MTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1kn3LxEU9i17IHJJ/84JtTCImvT
9Y/W+ONdeWfVmHPazOvH2RTj2fEVJ7pzixAMihYwAQoaL85a+T+H64nr6oznw56p
2qhRk33uJkXe2NFCVMM5LmvAkcbiIR+ASY/OSjBAWX9cd661LLhsXZ+B+u65sDcG
hlp84dymSXUC4sGZTvdpNQD/Zys1uYWXTl60aWHROe7Jy18nNgTES93kGUSzFZGq
9mwY7sJU7XrhEV19gmkoQbcBFU/iAHIva3DM4Xvv/eyZLLozTzZLwzDF/qKUqZWo
B2njFlBNjuHhWe/ZDegOydIfiOvBKPqbh0GRpRZYeI1C1ISrJEM2cTSLpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEDwnIFXdE7sIgi0HQw1GI6ZvYEfMB8GA1UdIwQY
MBaAFLpMaF76aiwQRWN/AnoyXArsecAVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWt4b1h2cHFMQkJGWTM4Q2VqSmNDdXg1d0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS80Mjg3MmEtNTYxNy00ZWMyLWFiOGQt
Yzg2MDQ3MjA2NDJkLzEvUVBDY2dWZDBUdXdpQ0xRZEREVVlqcG05Z1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS80Mjg3MmEtNTYxNy00ZWMyLWFiOGQtYzg2MDQ3MjA2NDJk
LzEvdWt4b1h2cHFMQkJGWTM4Q2VqSmNDdXg1d0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXW0MA0E
AgACMAcDBQAqA1KgMA0GCSqGSIb3DQEBCwUAA4IBAQCDLWDlgCa1e0pMPPJuWs9S
RlNLBpKwmyFGJbE/Y8nIiwhOvPMhwix8PfYU7dnEYCT52X4ZiwMw2dO6CwJPD51Y
za0QThrPP45tD7uVOndBfpVu6a7q84qEMgkzTL8r3fDhY//W01xJrXs9dgGjhfvL
kIYcBzq42VajO1zddzJHlIfYpFN98Kr3WQQOvGLC1IJXbgtqHIpqyIZYgBphuxnq
cJl2rE71+t4eHeFTiGflfuOzJEzRj1n4kt4+IP7vBsf8auUPPY1behXo96eNXyjj
q4zXmB+2wNIQZBg309xoG6IhAEY17FcSqotca/3ItiPOGHxfr1SY17JfPOb7omr5
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:00:10 2024 by rpki-client on console-ams.rpki-client.org