Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/2bb706-66d4-4fae-93a1-b97c2c4ad439/1/UZlQM9Ac06vVIav-KMAIFOFYjYY.roa
File:                     UZlQM9Ac06vVIav-KMAIFOFYjYY.roa (raw, json)
Hash identifier:          9O+e/qjden+xtp4QSPqqsCG82xsP+xhezQN8BrPWUQI=
Subject key identifier:   51:99:50:33:D0:1C:D3:AB:D5:21:AB:FE:28:C0:08:14:E1:58:8D:86
Certificate issuer:       /CN=aa8fd05eeb6ea05a11d667abedd8ea1093d271b3
Certificate serial:       018D68A2CD4E3C5BDCDABB8294B96CD36466
Authority key identifier: AA:8F:D0:5E:EB:6E:A0:5A:11:D6:67:AB:ED:D8:EA:10:93:D2:71:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qo_QXutuoFoR1mer7djqEJPScbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/2bb706-66d4-4fae-93a1-b97c2c4ad439/1/UZlQM9Ac06vVIav-KMAIFOFYjYY.roa
Signing time:             Fri 02 Feb 2024 07:05:16 +0000
ROA not before:           Fri 02 Feb 2024 07:05:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48757
IP address blocks:        91.215.172.0/22 maxlen: 22
                          95.128.176.0/22 maxlen: 22
                          95.128.180.0/22 maxlen: 22
                          95.128.180.0/24 maxlen: 24
                          95.128.181.0/24 maxlen: 24
                          95.128.182.0/24 maxlen: 24
                          95.128.183.0/24 maxlen: 24
                          185.17.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/2bb706-66d4-4fae-93a1-b97c2c4ad439/1/qo_QXutuoFoR1mer7djqEJPScbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/2bb706-66d4-4fae-93a1-b97c2c4ad439/1/qo_QXutuoFoR1mer7djqEJPScbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qo_QXutuoFoR1mer7djqEJPScbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:68:a2:cd:4e:3c:5b:dc:da:bb:82:94:b9:6c:d3:64:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa8fd05eeb6ea05a11d667abedd8ea1093d271b3
        Validity
            Not Before: Feb  2 07:05:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51995033d01cd3abd521abfe28c00814e1588d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8a:76:b9:e0:c3:2f:c5:c2:13:19:90:44:a2:
                    c5:58:64:1b:1d:b3:63:c4:f3:d7:36:3a:89:d5:c9:
                    98:d9:e0:d8:7c:29:2e:63:a8:bd:4b:f2:1f:bd:5f:
                    84:42:d1:e6:c4:75:e8:26:64:fd:d8:35:0a:5a:10:
                    80:39:f1:55:5f:c7:be:23:e6:1e:3e:a0:68:e1:66:
                    89:3f:0e:ce:10:22:48:8e:83:b9:33:ae:57:f1:9c:
                    0a:d1:01:4c:19:c8:c8:25:ea:6b:11:c7:b8:8e:62:
                    bd:b0:a4:33:2b:aa:df:78:37:9e:4f:0b:05:25:77:
                    16:a8:81:cc:2d:0f:30:f8:ad:fb:af:6d:66:cd:77:
                    d8:cb:a3:12:37:97:84:86:6f:b4:77:c7:9c:47:8d:
                    16:39:91:9b:68:84:16:d8:54:71:2a:7b:1c:4b:83:
                    42:e7:bb:59:dd:81:a0:fd:ad:e8:42:27:e1:c0:5c:
                    a8:a9:4c:36:f9:3d:29:fa:02:d9:33:d3:fb:b6:27:
                    c4:da:c9:ce:2f:38:35:d7:57:70:7c:38:a0:2f:12:
                    28:b1:18:d8:27:c1:fb:75:b6:85:25:3b:cc:a6:ac:
                    16:10:43:72:6c:a3:fe:89:03:70:ea:42:d3:b3:fe:
                    66:95:1e:89:e1:c2:c4:e9:9c:ad:66:c0:4f:c1:8b:
                    e9:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:99:50:33:D0:1C:D3:AB:D5:21:AB:FE:28:C0:08:14:E1:58:8D:86
            X509v3 Authority Key Identifier:
                keyid:AA:8F:D0:5E:EB:6E:A0:5A:11:D6:67:AB:ED:D8:EA:10:93:D2:71:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qo_QXutuoFoR1mer7djqEJPScbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/2bb706-66d4-4fae-93a1-b97c2c4ad439/1/UZlQM9Ac06vVIav-KMAIFOFYjYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/2bb706-66d4-4fae-93a1-b97c2c4ad439/1/qo_QXutuoFoR1mer7djqEJPScbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.172.0/22
                  95.128.176.0/21
                  185.17.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:8f:17:b0:d1:51:b2:ec:8f:75:fe:9c:8c:23:4a:2f:28:78:
         f1:fe:e3:01:5d:f9:c8:47:35:cd:8c:ab:c8:6d:4b:78:c6:b4:
         6b:4e:2a:d4:5d:80:14:b1:f6:05:39:74:63:14:c2:83:c4:84:
         64:a0:76:10:36:ca:42:21:f7:ee:ee:af:f5:4a:fa:c6:91:13:
         cc:0d:2d:bf:29:05:ce:78:bb:d9:80:a4:59:43:4b:fe:07:6e:
         07:e4:e0:fd:d7:20:9c:c3:69:3e:4e:fa:78:49:fc:ed:54:f8:
         63:ab:6c:65:e4:1a:94:3f:e2:5a:ca:7c:54:7b:49:a0:df:22:
         2c:da:5f:f9:66:41:2c:64:47:2a:38:f9:74:85:4a:4d:8b:d7:
         34:06:c2:f2:9b:42:ed:16:43:a4:50:db:a9:66:55:b3:9b:5a:
         d2:f1:02:72:5c:18:ce:ae:c8:37:73:23:1f:07:c4:c9:5f:f4:
         1c:83:ce:50:b3:1f:5d:02:6d:af:2b:4e:8c:2d:5a:51:69:b3:
         df:41:63:ca:31:c4:71:28:5b:51:c7:88:5b:68:64:83:ac:57:
         dc:df:bc:53:bc:25:34:f0:1b:98:be:3e:37:2b:b9:da:56:18:
         7d:15:84:cc:45:4d:3d:a5:73:0d:27:ef:49:62:37:23:e0:8b:
         c7:03:4e:05
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY1oos1OPFvc2ruClLls02RmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhOGZkMDVlZWI2ZWEwNWExMWQ2NjdhYmVkZDhlYTEwOTNk
MjcxYjMwHhcNMjQwMjAyMDcwNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTk5NTAzM2QwMWNkM2FiZDUyMWFiZmUyOGMwMDgxNGUxNTg4ZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4p2ueDDL8XCExmQRKLFWGQbHbNj
xPPXNjqJ1cmY2eDYfCkuY6i9S/IfvV+EQtHmxHXoJmT92DUKWhCAOfFVX8e+I+Ye
PqBo4WaJPw7OECJIjoO5M65X8ZwK0QFMGcjIJeprEce4jmK9sKQzK6rfeDeeTwsF
JXcWqIHMLQ8w+K37r21mzXfYy6MSN5eEhm+0d8ecR40WOZGbaIQW2FRxKnscS4NC
57tZ3YGg/a3oQifhwFyoqUw2+T0p+gLZM9P7tifE2snOLzg111dwfDigLxIosRjY
J8H7dbaFJTvMpqwWEENybKP+iQNw6kLTs/5mlR6J4cLE6ZytZsBPwYvpcQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFGZUDPQHNOr1SGr/ijACBThWI2GMB8GA1UdIwQY
MBaAFKqP0F7rbqBaEdZnq+3Y6hCT0nGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW9fUVh1dHVvRm9SMW1lcjdkanFFSlBTY2JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8yYmI3MDYtNjZkNC00ZmFlLTkzYTEt
Yjk3YzJjNGFkNDM5LzEvVVpsUU05QWMwNnZWSWF2LUtNQUlGT0ZZallZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8yYmI3MDYtNjZkNC00ZmFlLTkzYTEtYjk3YzJjNGFkNDM5
LzEvcW9fUVh1dHVvRm9SMW1lcjdkanFFSlBTY2JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW9esAwQD
X4CwAwQCuRGMMA0GCSqGSIb3DQEBCwUAA4IBAQBujxew0VGy7I91/pyMI0ovKHjx
/uMBXfnIRzXNjKvIbUt4xrRrTirUXYAUsfYFOXRjFMKDxIRkoHYQNspCIffu7q/1
SvrGkRPMDS2/KQXOeLvZgKRZQ0v+B24H5OD91yCcw2k+Tvp4SfztVPhjq2xl5BqU
P+JaynxUe0mg3yIs2l/5ZkEsZEcqOPl0hUpNi9c0BsLym0LtFkOkUNupZlWzm1rS
8QJyXBjOrsg3cyMfB8TJX/Qcg85Qsx9dAm2vK06MLVpRabPfQWPKMcRxKFtRx4hb
aGSDrFfc37xTvCU08BuYvj43K7naVhh9FYTMRU09pXMNJ+9JYjcj4IvHA04F
-----END CERTIFICATE-----
Generated at Sun Jun 16 08:13:10 2024 by rpki-client on console-ams.rpki-client.org