Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/f8434c-0230-4adf-bd00-2829aa3df258/1/Q6S67dUtQlrlYptIoghLLcauLms.roa
File:                     Q6S67dUtQlrlYptIoghLLcauLms.roa (raw, json)
Hash identifier:          LdBMFn1GdF4yFbRHb1cfXRR//0d9C25uFjgCDDJn5BE=
Subject key identifier:   43:A4:BA:ED:D5:2D:42:5A:E5:62:9B:48:A2:08:4B:2D:C6:AE:2E:6B
Certificate issuer:       /CN=9c52b6a051471bec51db74d7256e7a30a55ecf1a
Certificate serial:       018CC64B87657E037A0AE6097B9265EC47FF
Authority key identifier: 9C:52:B6:A0:51:47:1B:EC:51:DB:74:D7:25:6E:7A:30:A5:5E:CF:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFK2oFFHG-xR23TXJW56MKVezxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/f8434c-0230-4adf-bd00-2829aa3df258/1/Q6S67dUtQlrlYptIoghLLcauLms.roa
Signing time:             Mon 01 Jan 2024 18:31:27 +0000
ROA not before:           Mon 01 Jan 2024 18:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204386
IP address blocks:        185.250.159.0/24 maxlen: 24
                          185.250.156.0/24 maxlen: 24
                          185.250.157.0/24 maxlen: 24
                          185.250.158.0/24 maxlen: 24
                          185.250.156.0/22 maxlen: 22
                          185.251.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/f8434c-0230-4adf-bd00-2829aa3df258/1/nFK2oFFHG-xR23TXJW56MKVezxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/f8434c-0230-4adf-bd00-2829aa3df258/1/nFK2oFFHG-xR23TXJW56MKVezxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFK2oFFHG-xR23TXJW56MKVezxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:87:65:7e:03:7a:0a:e6:09:7b:92:65:ec:47:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c52b6a051471bec51db74d7256e7a30a55ecf1a
        Validity
            Not Before: Jan  1 18:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43a4baedd52d425ae5629b48a2084b2dc6ae2e6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c4:ed:ff:0f:b3:f4:d1:63:21:54:f9:f2:77:
                    39:4c:86:94:94:aa:89:29:f4:57:ad:60:15:67:52:
                    a2:1b:08:ff:72:6f:1f:5c:f6:0c:e4:eb:4d:ce:05:
                    f9:fc:2d:fb:8f:cb:10:e9:f4:45:55:d9:fe:e0:a9:
                    f8:23:17:ad:3e:5a:30:1d:ca:d3:ae:2b:8c:26:a6:
                    38:b8:ae:2c:20:60:e4:35:13:08:6d:a4:e2:29:ae:
                    5c:8d:71:fd:61:e3:32:6d:f3:cf:a3:c5:60:f2:8f:
                    43:69:06:98:91:54:18:28:f2:ef:66:16:85:c5:92:
                    e3:13:d0:1c:85:9c:5d:bd:ab:41:f7:88:f8:af:56:
                    77:67:94:1a:32:25:82:65:5a:1c:ad:b9:91:50:2e:
                    03:f8:96:f7:d2:c0:98:9f:99:ff:49:0a:93:d8:43:
                    bf:77:96:7c:6b:04:78:aa:56:5c:d4:6d:b0:6f:04:
                    45:4d:37:0e:ac:d7:9a:b9:06:0d:f7:10:99:9c:1d:
                    fa:31:f4:00:65:e2:63:12:38:48:6e:b9:aa:8b:76:
                    21:97:8f:08:98:c1:da:e7:9d:fd:0f:9f:5e:d9:2c:
                    a7:69:9d:9d:34:85:45:6b:d7:e0:08:31:7e:b6:0e:
                    10:7d:b9:e5:41:8a:b5:e7:ee:81:8a:62:63:28:31:
                    58:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A4:BA:ED:D5:2D:42:5A:E5:62:9B:48:A2:08:4B:2D:C6:AE:2E:6B
            X509v3 Authority Key Identifier:
                keyid:9C:52:B6:A0:51:47:1B:EC:51:DB:74:D7:25:6E:7A:30:A5:5E:CF:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFK2oFFHG-xR23TXJW56MKVezxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f8434c-0230-4adf-bd00-2829aa3df258/1/Q6S67dUtQlrlYptIoghLLcauLms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f8434c-0230-4adf-bd00-2829aa3df258/1/nFK2oFFHG-xR23TXJW56MKVezxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.156.0/22
                  185.251.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:6a:e5:ee:01:21:e6:03:f6:c0:b8:70:58:7e:06:e9:72:a3:
         01:0a:23:35:17:f9:90:9e:fb:ef:a1:09:3b:88:29:b8:cc:a3:
         2e:cf:ce:50:93:c0:94:fa:88:6e:41:ec:d2:e0:0c:db:89:85:
         69:93:15:82:68:72:7b:4a:13:07:2c:3b:70:60:a5:30:68:74:
         88:82:61:bd:0a:98:9c:bf:54:d7:12:b3:62:4d:ea:d6:d3:d0:
         83:e5:2f:6c:5b:36:3e:a5:fc:ed:66:38:b3:d6:e1:af:6b:dd:
         40:2d:19:11:68:2b:47:5b:dc:32:fd:44:75:0c:b1:92:79:5d:
         14:32:f9:2e:cd:b4:03:c8:9d:d9:b2:ed:dd:ba:7c:07:2e:88:
         db:bd:7c:7d:a0:00:44:91:9b:3f:7f:c8:93:ef:9a:39:8c:76:
         d9:3c:7f:42:5d:9c:e5:a8:c3:bd:0b:33:9b:46:b5:b9:4e:ea:
         5f:3e:b1:72:1e:58:7a:a9:68:31:bf:2f:87:99:06:9d:c7:ba:
         9e:a6:30:3d:9d:64:07:1a:a2:b5:a7:77:f5:d2:59:33:e7:e2:
         f1:4d:b7:16:2d:8d:43:fd:b3:90:bd:03:6d:a9:9c:6a:b1:71:
         d1:99:c1:c1:2f:d1:87:28:90:42:a2:eb:04:42:b0:73:c1:2a:
         3f:52:03:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS4dlfgN6CuYJe5Jl7Ef/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTJiNmEwNTE0NzFiZWM1MWRiNzRkNzI1NmU3YTMwYTU1
ZWNmMWEwHhcNMjQwMTAxMTgzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2E0YmFlZGQ1MmQ0MjVhZTU2MjliNDhhMjA4NGIyZGM2YWUyZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsTt/w+z9NFjIVT58nc5TIaUlKqJ
KfRXrWAVZ1KiGwj/cm8fXPYM5OtNzgX5/C37j8sQ6fRFVdn+4Kn4IxetPlowHcrT
riuMJqY4uK4sIGDkNRMIbaTiKa5cjXH9YeMybfPPo8Vg8o9DaQaYkVQYKPLvZhaF
xZLjE9AchZxdvatB94j4r1Z3Z5QaMiWCZVocrbmRUC4D+Jb30sCYn5n/SQqT2EO/
d5Z8awR4qlZc1G2wbwRFTTcOrNeauQYN9xCZnB36MfQAZeJjEjhIbrmqi3Yhl48I
mMHa5539D59e2SynaZ2dNIVFa9fgCDF+tg4QfbnlQYq15+6BimJjKDFYjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEOkuu3VLUJa5WKbSKIISy3Gri5rMB8GA1UdIwQY
MBaAFJxStqBRRxvsUdt01yVuejClXs8aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZLMm9GRkhHLXhSMjNUWEpXNTZNS1ZlenhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9mODQzNGMtMDIzMC00YWRmLWJkMDAt
MjgyOWFhM2RmMjU4LzEvUTZTNjdkVXRRbHJsWXB0SW9naExMY2F1TG1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9mODQzNGMtMDIzMC00YWRmLWJkMDAtMjgyOWFhM2RmMjU4
LzEvbkZLMm9GRkhHLXhSMjNUWEpXNTZNS1ZlenhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCufqcAwQA
ufsaMA0GCSqGSIb3DQEBCwUAA4IBAQBSauXuASHmA/bAuHBYfgbpcqMBCiM1F/mQ
nvvvoQk7iCm4zKMuz85Qk8CU+ohuQezS4AzbiYVpkxWCaHJ7ShMHLDtwYKUwaHSI
gmG9Cpicv1TXErNiTerW09CD5S9sWzY+pfztZjiz1uGva91ALRkRaCtHW9wy/UR1
DLGSeV0UMvkuzbQDyJ3Zsu3dunwHLojbvXx9oABEkZs/f8iT75o5jHbZPH9CXZzl
qMO9CzObRrW5TupfPrFyHlh6qWgxvy+HmQadx7qepjA9nWQHGqK1p3f10lkz5+Lx
TbcWLY1D/bOQvQNtqZxqsXHRmcHBL9GHKJBCousEQrBzwSo/UgPf
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:14:01 2024 by rpki-client on console-ams.rpki-client.org