Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/e709de-6b2d-4be4-8503-a1e4877cee48/1/Q4EmkvlHXnclVcsKCSrBbxXVnUw.roa
File:                     Q4EmkvlHXnclVcsKCSrBbxXVnUw.roa (raw, json)
Hash identifier:          ia3774ap6kjlUoG6brpsKwoaS4U7a2gUHCkPMWx80F4=
Subject key identifier:   43:81:26:92:F9:47:5E:77:25:55:CB:0A:09:2A:C1:6F:15:D5:9D:4C
Certificate issuer:       /CN=e7e5c4c99d6131049982af9ad9b86602b2929bb8
Certificate serial:       018CC649A56187A01382D159C8833E7D5AFC
Authority key identifier: E7:E5:C4:C9:9D:61:31:04:99:82:AF:9A:D9:B8:66:02:B2:92:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5-XEyZ1hMQSZgq-a2bhmArKSm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/e709de-6b2d-4be4-8503-a1e4877cee48/1/Q4EmkvlHXnclVcsKCSrBbxXVnUw.roa
Signing time:             Mon 01 Jan 2024 18:29:24 +0000
ROA not before:           Mon 01 Jan 2024 18:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50463
IP address blocks:        194.56.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/e709de-6b2d-4be4-8503-a1e4877cee48/1/5-XEyZ1hMQSZgq-a2bhmArKSm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/e709de-6b2d-4be4-8503-a1e4877cee48/1/5-XEyZ1hMQSZgq-a2bhmArKSm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5-XEyZ1hMQSZgq-a2bhmArKSm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:a5:61:87:a0:13:82:d1:59:c8:83:3e:7d:5a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7e5c4c99d6131049982af9ad9b86602b2929bb8
        Validity
            Not Before: Jan  1 18:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43812692f9475e772555cb0a092ac16f15d59d4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:01:92:2c:7f:8e:74:e2:71:49:40:19:b9:03:
                    fc:09:76:d0:f7:1a:c0:cc:37:fb:e8:5b:3c:54:10:
                    14:59:89:21:ee:b3:36:50:92:43:f4:5b:18:4d:7c:
                    0a:54:d4:45:8d:99:4e:01:5b:ca:df:b2:7e:25:eb:
                    a3:4e:d4:34:87:5a:9c:77:29:26:a5:d4:c2:f0:78:
                    28:8b:a0:f0:11:fe:da:bd:38:f1:70:91:76:0c:03:
                    f9:c0:7e:a6:fc:79:d6:8e:4f:b8:87:de:f5:15:74:
                    c8:70:95:85:b9:61:c1:03:a3:d6:90:ce:69:44:ce:
                    95:1c:ce:5e:60:a6:b5:30:eb:60:55:82:82:4b:04:
                    5e:63:1e:ab:84:09:a5:ed:62:ff:cb:c0:2f:7d:09:
                    a4:37:43:0c:5f:f8:3f:ce:3f:17:8a:9b:a8:86:e1:
                    ee:e2:7f:00:dd:1b:c7:a0:fa:36:a0:7d:b2:a1:12:
                    6d:db:40:33:9f:de:61:64:87:68:9e:0d:be:7a:fe:
                    c7:05:3c:6f:5d:94:7a:89:9c:53:d0:58:bb:2f:bc:
                    d7:ac:1e:34:d3:4b:dd:ed:e5:26:8d:2f:be:d5:e9:
                    eb:36:14:5c:c1:60:d4:23:67:7c:ed:46:ab:c6:df:
                    02:56:31:93:45:52:7d:71:65:f1:83:d8:42:7f:e5:
                    df:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:81:26:92:F9:47:5E:77:25:55:CB:0A:09:2A:C1:6F:15:D5:9D:4C
            X509v3 Authority Key Identifier:
                keyid:E7:E5:C4:C9:9D:61:31:04:99:82:AF:9A:D9:B8:66:02:B2:92:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5-XEyZ1hMQSZgq-a2bhmArKSm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/e709de-6b2d-4be4-8503-a1e4877cee48/1/Q4EmkvlHXnclVcsKCSrBbxXVnUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/e709de-6b2d-4be4-8503-a1e4877cee48/1/5-XEyZ1hMQSZgq-a2bhmArKSm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:a0:75:0b:db:e9:79:ad:cd:33:5e:1e:31:9f:0a:47:eb:25:
         57:63:76:01:5e:b2:b3:ea:de:f0:c2:94:f9:6d:ec:43:70:6c:
         3a:9a:14:0c:96:29:8c:f6:80:c6:58:a8:4b:95:c1:00:69:39:
         2d:8f:20:cd:5b:09:06:b9:aa:2f:9c:3d:43:74:8d:0f:30:f2:
         51:ce:27:55:7a:c6:b2:56:60:8c:e5:69:17:89:69:02:4b:d8:
         aa:ff:47:bc:49:6f:7e:fc:26:aa:60:d9:24:81:39:57:54:65:
         8a:31:22:5e:8e:7f:fa:fe:28:2d:2d:f5:25:10:1a:a0:0a:09:
         0e:ed:b8:bd:cd:31:0e:85:c7:83:61:5e:0d:bf:bf:37:be:d3:
         90:99:0e:4d:da:47:cc:66:85:39:70:94:32:7e:a9:f8:e6:01:
         3a:e5:50:0b:1a:52:51:a1:1e:84:a0:e2:20:b4:34:0d:ce:ed:
         8c:ad:de:04:a6:22:d6:9c:98:c4:af:48:84:29:45:e6:65:17:
         20:3e:32:f6:56:ce:dd:95:73:af:3d:82:d8:7a:40:87:f0:05:
         38:d1:79:67:81:90:18:95:c5:fa:8d:39:41:0f:31:b0:55:77:
         02:66:fb:0d:a7:d9:49:7a:ee:dc:61:69:61:5b:ab:90:87:59:
         66:62:62:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSaVhh6ATgtFZyIM+fVr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZTVjNGM5OWQ2MTMxMDQ5OTgyYWY5YWQ5Yjg2NjAyYjI5
MjliYjgwHhcNMjQwMTAxMTgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzgxMjY5MmY5NDc1ZTc3MjU1NWNiMGEwOTJhYzE2ZjE1ZDU5ZDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAGSLH+OdOJxSUAZuQP8CXbQ9xrA
zDf76Fs8VBAUWYkh7rM2UJJD9FsYTXwKVNRFjZlOAVvK37J+JeujTtQ0h1qcdykm
pdTC8Hgoi6DwEf7avTjxcJF2DAP5wH6m/HnWjk+4h971FXTIcJWFuWHBA6PWkM5p
RM6VHM5eYKa1MOtgVYKCSwReYx6rhAml7WL/y8AvfQmkN0MMX/g/zj8XipuohuHu
4n8A3RvHoPo2oH2yoRJt20Azn95hZIdong2+ev7HBTxvXZR6iZxT0Fi7L7zXrB40
00vd7eUmjS++1enrNhRcwWDUI2d87Uarxt8CVjGTRVJ9cWXxg9hCf+XfbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOBJpL5R153JVXLCgkqwW8V1Z1MMB8GA1UdIwQY
MBaAFOflxMmdYTEEmYKvmtm4ZgKykpu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNS1YRXlaMWhNUVNaZ3EtYTJiaG1BcktTbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9lNzA5ZGUtNmIyZC00YmU0LTg1MDMt
YTFlNDg3N2NlZTQ4LzEvUTRFbWt2bEhYbmNsVmNzS0NTckJieFhWblV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9lNzA5ZGUtNmIyZC00YmU0LTg1MDMtYTFlNDg3N2NlZTQ4
LzEvNS1YRXlaMWhNUVNaZ3EtYTJiaG1BcktTbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjjXMA0G
CSqGSIb3DQEBCwUAA4IBAQAOoHUL2+l5rc0zXh4xnwpH6yVXY3YBXrKz6t7wwpT5
bexDcGw6mhQMlimM9oDGWKhLlcEAaTktjyDNWwkGuaovnD1DdI0PMPJRzidVesay
VmCM5WkXiWkCS9iq/0e8SW9+/CaqYNkkgTlXVGWKMSJejn/6/igtLfUlEBqgCgkO
7bi9zTEOhceDYV4Nv783vtOQmQ5N2kfMZoU5cJQyfqn45gE65VALGlJRoR6EoOIg
tDQNzu2Mrd4EpiLWnJjEr0iEKUXmZRcgPjL2Vs7dlXOvPYLYekCH8AU40XlngZAY
lcX6jTlBDzGwVXcCZvsNp9lJeu7cYWlhW6uQh1lmYmIq
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:59:46 2024 by rpki-client on console-ams.rpki-client.org