Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/qwsyEaNMjcz8YmlkY5ldCSOix9g.roa
File:                     qwsyEaNMjcz8YmlkY5ldCSOix9g.roa (raw, json)
Hash identifier:          +O9G9pgG5yJmzlke6ioyUm8dNmN/TDh6WqxpGFZE4vU=
Subject key identifier:   AB:0B:32:11:A3:4C:8D:CC:FC:62:69:64:63:99:5D:09:23:A2:C7:D8
Certificate issuer:       /CN=9b3f29ff9ea71b3c3dc1f5af054b41647c91af98
Certificate serial:       018CC6B8DC17FB4ADE4F6605A0BECFD71273
Authority key identifier: 9B:3F:29:FF:9E:A7:1B:3C:3D:C1:F5:AF:05:4B:41:64:7C:91:AF:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mz8p_56nGzw9wfWvBUtBZHyRr5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/qwsyEaNMjcz8YmlkY5ldCSOix9g.roa
Signing time:             Mon 01 Jan 2024 20:30:52 +0000
ROA not before:           Mon 01 Jan 2024 20:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60602
IP address blocks:        194.33.40.0/22 maxlen: 24
                          185.181.230.0/24 maxlen: 24
                          185.181.228.0/24 maxlen: 24
                          185.181.228.0/23 maxlen: 23
                          185.181.229.0/24 maxlen: 24
                          2a0a:d580::/32 maxlen: 32
                          2a0a:d580::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/mz8p_56nGzw9wfWvBUtBZHyRr5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/mz8p_56nGzw9wfWvBUtBZHyRr5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mz8p_56nGzw9wfWvBUtBZHyRr5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:dc:17:fb:4a:de:4f:66:05:a0:be:cf:d7:12:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b3f29ff9ea71b3c3dc1f5af054b41647c91af98
        Validity
            Not Before: Jan  1 20:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab0b3211a34c8dccfc62696463995d0923a2c7d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:cf:16:c6:c7:1c:61:11:76:ff:83:05:7e:68:
                    45:6d:a5:22:bf:c8:f0:2f:de:c1:90:f9:87:18:5b:
                    6e:99:17:e3:90:fb:7e:c5:7d:93:20:43:92:5a:1b:
                    64:eb:48:3f:be:7a:f5:c9:fb:8a:34:33:0e:c7:d3:
                    7b:40:05:d6:78:80:80:26:c4:40:2d:9e:10:e9:20:
                    8f:ed:83:13:3e:85:f5:70:19:e9:65:27:f0:81:9f:
                    9c:c7:8c:92:5a:53:2d:bc:2f:04:4e:62:33:f8:c2:
                    d8:74:92:8c:f3:d4:6c:7d:51:ef:13:9b:b0:d1:ba:
                    68:75:d7:09:79:b5:07:71:2a:84:c8:fa:7e:4c:b9:
                    8c:01:d1:a8:f4:cf:d4:65:9f:e5:5a:6e:b5:e2:d8:
                    3c:ad:56:fb:b7:cb:cf:1e:9b:ef:e7:25:37:7f:e5:
                    68:28:a9:16:f1:1d:d4:53:f2:93:ef:4a:3a:f7:96:
                    3b:12:67:e0:b6:31:4b:87:4c:4a:ed:d8:0f:6e:44:
                    12:f4:41:2e:95:f8:48:fc:ac:4c:c8:08:e8:a3:61:
                    ff:5d:a7:6b:bb:4a:2a:fb:8c:4b:64:d6:27:87:71:
                    4f:e1:92:37:a3:cb:ee:1c:cb:ce:8f:11:aa:9c:f2:
                    5d:7c:9e:03:70:06:e5:37:78:a0:18:e1:21:ae:61:
                    0c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:0B:32:11:A3:4C:8D:CC:FC:62:69:64:63:99:5D:09:23:A2:C7:D8
            X509v3 Authority Key Identifier:
                keyid:9B:3F:29:FF:9E:A7:1B:3C:3D:C1:F5:AF:05:4B:41:64:7C:91:AF:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mz8p_56nGzw9wfWvBUtBZHyRr5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/qwsyEaNMjcz8YmlkY5ldCSOix9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1aa2d8-6106-4808-8c97-f46224b0d161/1/mz8p_56nGzw9wfWvBUtBZHyRr5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.228.0-185.181.230.255
                  194.33.40.0/22
                IPv6:
                  2a0a:d580::/32

    Signature Algorithm: sha256WithRSAEncryption
         cc:53:7c:9a:c2:e9:55:9b:d1:23:7c:02:d2:28:5c:2a:1d:4e:
         44:18:0a:75:93:35:13:e3:46:3c:48:a4:5b:63:e6:0f:a8:ef:
         b3:e0:c8:dc:3c:85:62:99:0e:30:3e:f8:18:e1:7a:a3:99:db:
         e8:cc:f2:3f:cf:67:42:2f:bc:f6:e3:c1:90:0a:e3:86:38:e1:
         9d:57:85:6d:30:66:bf:4e:05:0d:2a:ad:6b:b6:e1:a4:f0:84:
         28:ca:44:76:e8:59:1e:84:7e:51:38:b5:13:16:23:b8:b9:70:
         33:24:5f:ff:19:5c:53:c1:70:13:a4:b6:c1:df:12:45:c6:2b:
         11:9f:b9:d9:a2:27:d8:b1:92:9a:2d:f7:cd:b0:42:f2:3f:5f:
         47:5a:26:43:a1:2a:f4:97:08:b4:51:d4:17:06:b0:50:87:71:
         25:75:b6:48:44:4d:d7:88:1c:26:32:c3:47:83:f4:90:61:45:
         f0:b7:b5:59:c2:ee:eb:44:ed:f5:97:ed:c8:51:51:a4:4e:e7:
         69:dd:3d:45:0e:00:35:34:8e:2a:1b:6c:88:d6:b3:40:3e:12:
         cb:5c:06:43:f1:dd:48:b8:03:70:e2:18:18:5c:b9:6d:bc:be:
         3d:6e:22:6a:55:d5:3d:30:c2:db:61:c7:28:96:a0:13:c6:fd:
         59:ae:cf:6e
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzGuNwX+0reT2YFoL7P1xJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliM2YyOWZmOWVhNzFiM2MzZGMxZjVhZjA1NGI0MTY0N2M5
MWFmOTgwHhcNMjQwMTAxMjAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjBiMzIxMWEzNGM4ZGNjZmM2MjY5NjQ2Mzk5NWQwOTIzYTJjN2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtc8WxsccYRF2/4MFfmhFbaUiv8jw
L97BkPmHGFtumRfjkPt+xX2TIEOSWhtk60g/vnr1yfuKNDMOx9N7QAXWeICAJsRA
LZ4Q6SCP7YMTPoX1cBnpZSfwgZ+cx4ySWlMtvC8ETmIz+MLYdJKM89RsfVHvE5uw
0bpoddcJebUHcSqEyPp+TLmMAdGo9M/UZZ/lWm614tg8rVb7t8vPHpvv5yU3f+Vo
KKkW8R3UU/KT70o695Y7EmfgtjFLh0xK7dgPbkQS9EEulfhI/KxMyAjoo2H/Xadr
u0oq+4xLZNYnh3FP4ZI3o8vuHMvOjxGqnPJdfJ4DcAblN3igGOEhrmEMmwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFKsLMhGjTI3M/GJpZGOZXQkjosfYMB8GA1UdIwQY
MBaAFJs/Kf+epxs8PcH1rwVLQWR8ka+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXo4cF81Nm5Henc5d2ZXdkJVdEJaSHlScjVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8xYWEyZDgtNjEwNi00ODA4LThjOTct
ZjQ2MjI0YjBkMTYxLzEvcXdzeUVhTk1qY3o4WW1sa1k1bGRDU09peDlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8xYWEyZDgtNjEwNi00ODA4LThjOTctZjQ2MjI0YjBkMTYx
LzEvbXo4cF81Nm5Henc5d2ZXdkJVdEJaSHlScjVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAK5teQD
BAC5teYDBALCISgwDQQCAAIwBwMFACoK1YAwDQYJKoZIhvcNAQELBQADggEBAMxT
fJrC6VWb0SN8AtIoXCodTkQYCnWTNRPjRjxIpFtj5g+o77PgyNw8hWKZDjA++Bjh
eqOZ2+jM8j/PZ0IvvPbjwZAK44Y44Z1XhW0wZr9OBQ0qrWu24aTwhCjKRHboWR6E
flE4tRMWI7i5cDMkX/8ZXFPBcBOktsHfEkXGKxGfudmiJ9ixkpot982wQvI/X0da
JkOhKvSXCLRR1BcGsFCHcSV1tkhETdeIHCYyw0eD9JBhRfC3tVnC7utE7fWX7chR
UaRO52ndPUUOADU0jiobbIjWs0A+EstcBkPx3Ui4A3DiGBhcuW28vj1uImpV1T0w
wtthxyiWoBPG/Vmuz24=
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:05:20 2024 by rpki-client on console-fra.rpki-client.org