Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/QFNoJynQHDPkkRQ_q1jmUp9mQbg.roa
File:                     QFNoJynQHDPkkRQ_q1jmUp9mQbg.roa (raw, json)
Hash identifier:          69OSYX3FWri22UAuH4GB3liTOfcLf59RlugBZYWJW54=
Subject key identifier:   40:53:68:27:29:D0:1C:33:E4:91:14:3F:AB:58:E6:52:9F:66:41:B8
Certificate issuer:       /CN=3787b324b0d32fb1a3678b02c482286d4c26ba0f
Certificate serial:       018CC49355F877BFAB2E1CCFB143077B3126
Authority key identifier: 37:87:B3:24:B0:D3:2F:B1:A3:67:8B:02:C4:82:28:6D:4C:26:BA:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N4ezJLDTL7GjZ4sCxIIobUwmug8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/QFNoJynQHDPkkRQ_q1jmUp9mQbg.roa
Signing time:             Mon 01 Jan 2024 10:30:39 +0000
ROA not before:           Mon 01 Jan 2024 10:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205315
IP address blocks:        185.222.116.0/24 maxlen: 24
                          2a0c:3800:ff::/48 maxlen: 48
                          2a0c:3800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/N4ezJLDTL7GjZ4sCxIIobUwmug8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/N4ezJLDTL7GjZ4sCxIIobUwmug8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N4ezJLDTL7GjZ4sCxIIobUwmug8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:55:f8:77:bf:ab:2e:1c:cf:b1:43:07:7b:31:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3787b324b0d32fb1a3678b02c482286d4c26ba0f
        Validity
            Not Before: Jan  1 10:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4053682729d01c33e491143fab58e6529f6641b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e5:48:c3:07:2e:c5:cc:b6:b6:bb:a7:d2:5a:
                    50:66:17:9e:41:6c:f5:83:a0:1b:24:8d:46:0b:12:
                    6c:ef:f8:b0:00:0a:81:0b:64:d3:1a:d8:80:8a:af:
                    c5:90:d3:5b:b6:0c:61:e4:34:53:2b:17:3b:74:6c:
                    17:98:80:b2:19:eb:8e:c2:16:3a:e3:b7:b9:a9:d4:
                    03:2c:f8:29:43:4f:a4:9d:a3:b7:0c:5f:81:b0:f1:
                    b7:59:a8:16:cf:4f:d5:40:cb:98:02:77:3d:30:ba:
                    04:d1:10:2f:f5:80:14:bb:5f:b7:4e:b9:53:c8:58:
                    ce:11:7e:7a:be:2d:54:c6:d4:69:55:94:dd:81:92:
                    60:86:56:a4:4f:76:fd:79:e0:89:87:f7:e7:35:80:
                    c4:b5:50:63:83:1f:dd:63:82:d7:64:37:81:76:e0:
                    5f:c5:9b:71:e2:2f:94:07:80:90:46:54:6a:cc:c4:
                    72:f9:2e:9d:e3:b6:21:07:fe:6b:bb:4e:b0:09:34:
                    5d:2d:81:74:b3:76:b0:b9:64:93:b6:c6:f4:f0:a4:
                    44:19:da:3a:b3:63:42:55:21:fa:42:04:0a:c4:e3:
                    3c:cc:18:94:b3:0a:df:15:cc:58:bc:ce:20:10:ef:
                    c4:79:ed:13:42:8b:89:f6:4d:77:be:c3:26:d4:53:
                    83:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:53:68:27:29:D0:1C:33:E4:91:14:3F:AB:58:E6:52:9F:66:41:B8
            X509v3 Authority Key Identifier:
                keyid:37:87:B3:24:B0:D3:2F:B1:A3:67:8B:02:C4:82:28:6D:4C:26:BA:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N4ezJLDTL7GjZ4sCxIIobUwmug8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/QFNoJynQHDPkkRQ_q1jmUp9mQbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/602244-7699-4103-bc7e-c4711482380e/1/N4ezJLDTL7GjZ4sCxIIobUwmug8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.116.0/24
                IPv6:
                  2a0c:3800::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:3a:f7:e8:56:f8:87:94:08:2a:70:be:fb:b8:3a:6d:d6:96:
         69:e6:3f:98:24:74:57:b4:12:84:71:19:01:fb:b0:ba:de:21:
         06:ad:d1:88:ec:21:db:47:d5:51:b4:77:4d:05:a4:c0:46:ab:
         73:7f:89:d5:dc:4d:b0:54:d3:e1:3a:34:50:32:c6:22:eb:68:
         6f:da:69:1f:72:04:9f:c3:5c:88:ae:8c:90:8a:fc:1c:bc:bb:
         af:90:80:eb:0d:8b:2c:90:56:f8:17:63:ab:b1:e6:63:32:1c:
         94:91:65:85:10:d7:47:21:90:cf:d3:68:31:e2:58:b4:1f:e4:
         05:9d:fb:31:2e:45:d7:9e:3a:8d:1f:34:2b:75:e4:f2:67:46:
         91:89:c6:1a:f3:e7:9d:26:25:7a:df:c0:ff:3a:a4:55:1e:a0:
         05:d1:39:0f:19:2b:8b:3f:27:d0:5f:94:0a:6f:18:39:d0:55:
         88:09:1d:46:46:77:2b:30:89:cd:db:90:b9:19:b4:ee:3d:52:
         94:e9:d1:4f:5d:74:ac:bb:3c:76:9a:e4:07:38:b7:a0:34:dd:
         d3:14:5e:59:6d:22:46:2f:9b:bf:da:d4:05:74:ef:e7:b0:d9:
         de:cb:28:c5:8b:5a:00:68:bf:ac:5d:23:2f:fa:c1:5e:3b:a6:
         e7:d6:dd:00
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzEk1X4d7+rLhzPsUMHezEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ODdiMzI0YjBkMzJmYjFhMzY3OGIwMmM0ODIyODZkNGMy
NmJhMGYwHhcNMjQwMTAxMTAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDUzNjgyNzI5ZDAxYzMzZTQ5MTE0M2ZhYjU4ZTY1MjlmNjY0MWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteVIwwcuxcy2trun0lpQZheeQWz1
g6AbJI1GCxJs7/iwAAqBC2TTGtiAiq/FkNNbtgxh5DRTKxc7dGwXmICyGeuOwhY6
47e5qdQDLPgpQ0+knaO3DF+BsPG3WagWz0/VQMuYAnc9MLoE0RAv9YAUu1+3TrlT
yFjOEX56vi1UxtRpVZTdgZJghlakT3b9eeCJh/fnNYDEtVBjgx/dY4LXZDeBduBf
xZtx4i+UB4CQRlRqzMRy+S6d47YhB/5ru06wCTRdLYF0s3awuWSTtsb08KREGdo6
s2NCVSH6QgQKxOM8zBiUswrfFcxYvM4gEO/Eee0TQouJ9k13vsMm1FODLQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFEBTaCcp0Bwz5JEUP6tY5lKfZkG4MB8GA1UdIwQY
MBaAFDeHsySw0y+xo2eLAsSCKG1MJroPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjRlekpMRFRMN0dqWjRzQ3hJSW9iVXdtdWc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS82MDIyNDQtNzY5OS00MTAzLWJjN2Ut
YzQ3MTE0ODIzODBlLzEvUUZOb0p5blFIRFBra1JRX3Exam1VcDltUWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS82MDIyNDQtNzY5OS00MTAzLWJjN2UtYzQ3MTE0ODIzODBl
LzEvTjRlekpMRFRMN0dqWjRzQ3hJSW9iVXdtdWc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAud50MA4E
AgACMAgDBgAqDDgAADANBgkqhkiG9w0BAQsFAAOCAQEAYzr36Fb4h5QIKnC++7g6
bdaWaeY/mCR0V7QShHEZAfuwut4hBq3RiOwh20fVUbR3TQWkwEarc3+J1dxNsFTT
4To0UDLGIutob9ppH3IEn8NciK6MkIr8HLy7r5CA6w2LLJBW+Bdjq7HmYzIclJFl
hRDXRyGQz9NoMeJYtB/kBZ37MS5F1546jR80K3Xk8mdGkYnGGvPnnSYlet/A/zqk
VR6gBdE5Dxkriz8n0F+UCm8YOdBViAkdRkZ3KzCJzduQuRm07j1SlOnRT110rLs8
dprkBzi3oDTd0xReWW0iRi+bv9rUBXTv57DZ3ssoxYtaAGi/rF0jL/rBXjum59bd
AA==
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:51:37 2024 by rpki-client on console-ams.rpki-client.org