Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/b5f177-bbdd-40cf-87e5-b0b4c4f2fd90/1/KqMxRckrH6WOT1C93pHEVg-lLYk.roa
File:                     KqMxRckrH6WOT1C93pHEVg-lLYk.roa (raw, json)
Hash identifier:          3qHSSUSEIC5E1zxT8rJpxovBhRPgIYS/dngYzHibgho=
Subject key identifier:   2A:A3:31:45:C9:2B:1F:A5:8E:4F:50:BD:DE:91:C4:56:0F:A5:2D:89
Certificate issuer:       /CN=47662f9ff6b643c467a2b434b76f825ebb66fed4
Certificate serial:       018D334C8E14F727BE5791FF4206ACAAC094
Authority key identifier: 47:66:2F:9F:F6:B6:43:C4:67:A2:B4:34:B7:6F:82:5E:BB:66:FE:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R2Yvn_a2Q8RnorQ0t2-CXrtm_tQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/b5f177-bbdd-40cf-87e5-b0b4c4f2fd90/1/KqMxRckrH6WOT1C93pHEVg-lLYk.roa
Signing time:             Mon 22 Jan 2024 22:31:11 +0000
ROA not before:           Mon 22 Jan 2024 22:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42344
IP address blocks:        91.142.32.0/20 maxlen: 20
                          185.18.144.0/22 maxlen: 22
                          185.107.8.0/22 maxlen: 22
                          2a01:418::/32 maxlen: 32
                          2a06:3fc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/b5f177-bbdd-40cf-87e5-b0b4c4f2fd90/1/R2Yvn_a2Q8RnorQ0t2-CXrtm_tQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/b5f177-bbdd-40cf-87e5-b0b4c4f2fd90/1/R2Yvn_a2Q8RnorQ0t2-CXrtm_tQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R2Yvn_a2Q8RnorQ0t2-CXrtm_tQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:33:4c:8e:14:f7:27:be:57:91:ff:42:06:ac:aa:c0:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47662f9ff6b643c467a2b434b76f825ebb66fed4
        Validity
            Not Before: Jan 22 22:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aa33145c92b1fa58e4f50bdde91c4560fa52d89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:30:1e:ca:1e:d4:4b:ab:e8:88:1b:bb:81:aa:
                    3d:ec:10:c2:df:4a:d6:98:0e:8e:2f:d7:f4:64:ce:
                    23:47:86:96:01:53:d8:c6:d3:3c:49:21:ff:02:64:
                    2b:44:1a:86:fe:aa:02:0d:e3:27:cd:dc:77:db:b7:
                    99:8b:6c:b3:cc:c1:22:cc:2d:a0:a5:7e:af:55:e0:
                    b3:4d:0f:ca:62:d0:98:79:1d:4b:c4:bb:8d:22:3a:
                    3c:87:ba:3b:1f:c9:c8:d3:ec:64:95:3a:b8:e5:b0:
                    cc:e0:aa:43:b9:0d:ed:4e:bb:a0:c4:50:18:df:87:
                    97:61:5d:c9:81:b3:3f:93:89:ad:d5:eb:6b:ee:0a:
                    23:8a:e1:82:be:bc:e8:3c:9a:40:64:62:fd:6a:5e:
                    5c:5c:36:1f:9d:05:d8:6b:1a:b0:40:90:46:20:07:
                    eb:20:07:d9:17:eb:88:fc:1c:6a:03:1c:2c:7d:db:
                    0d:b1:d0:a0:3b:2b:7d:16:14:88:70:4a:b7:00:ab:
                    79:cd:6e:b5:5f:6e:39:7d:90:06:68:e7:c1:bb:f5:
                    b0:ed:67:27:08:fe:fd:b5:48:13:b3:40:eb:b4:ed:
                    12:30:e3:9a:25:57:fa:b0:c7:6e:49:1c:44:e2:22:
                    02:e9:b0:3e:c2:de:ef:3c:19:fc:c0:2e:06:1c:dd:
                    80:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:A3:31:45:C9:2B:1F:A5:8E:4F:50:BD:DE:91:C4:56:0F:A5:2D:89
            X509v3 Authority Key Identifier:
                keyid:47:66:2F:9F:F6:B6:43:C4:67:A2:B4:34:B7:6F:82:5E:BB:66:FE:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R2Yvn_a2Q8RnorQ0t2-CXrtm_tQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/b5f177-bbdd-40cf-87e5-b0b4c4f2fd90/1/KqMxRckrH6WOT1C93pHEVg-lLYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/b5f177-bbdd-40cf-87e5-b0b4c4f2fd90/1/R2Yvn_a2Q8RnorQ0t2-CXrtm_tQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.32.0/20
                  185.18.144.0/22
                  185.107.8.0/22
                IPv6:
                  2a01:418::/32
                  2a06:3fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:42:5b:1f:dc:4f:21:a1:6c:07:24:24:46:5a:33:ad:5b:a5:
         46:5b:0a:61:e4:13:5a:1b:e9:07:e7:ce:37:5a:b7:59:56:5d:
         db:75:1d:26:13:2a:6d:f6:c8:c6:54:94:23:5c:4c:3c:32:40:
         18:23:1a:0a:e2:58:b2:fc:42:12:58:33:c8:09:4d:1d:ef:ce:
         40:60:86:f0:6a:63:44:9f:56:5f:06:9c:ab:86:36:c2:48:60:
         ce:42:48:11:6c:4b:20:ff:35:62:64:94:e3:34:0b:51:6c:e4:
         13:f0:28:c4:20:44:ac:19:b0:e5:7d:ac:23:12:52:6a:18:4c:
         a6:7a:11:cc:d2:60:95:30:02:cd:9e:71:88:ed:25:d5:41:88:
         75:52:ab:1b:c2:4d:18:62:2f:6c:f8:f6:a6:e7:5e:f4:4f:8c:
         89:b2:0b:2a:58:4d:7e:d6:ff:72:98:b1:85:72:2f:2a:81:18:
         20:b5:88:62:28:aa:a5:5d:46:cb:86:85:f8:32:f5:15:5a:6c:
         6e:4d:0d:8a:cc:04:b7:cd:56:a9:d3:26:0b:c9:b7:a0:85:e3:
         2f:c2:cd:ae:cd:c4:bc:fc:07:0d:af:17:e9:21:b1:2d:2d:63:
         e6:45:33:cf:4e:1c:50:96:01:f0:b1:38:ec:ea:fd:14:74:3a:
         0e:d9:fa:23
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAY0zTI4U9ye+V5H/QgasqsCUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NjYyZjlmZjZiNjQzYzQ2N2EyYjQzNGI3NmY4MjVlYmI2
NmZlZDQwHhcNMjQwMTIyMjIzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWEzMzE0NWM5MmIxZmE1OGU0ZjUwYmRkZTkxYzQ1NjBmYTUyZDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzAeyh7US6voiBu7gao97BDC30rW
mA6OL9f0ZM4jR4aWAVPYxtM8SSH/AmQrRBqG/qoCDeMnzdx327eZi2yzzMEizC2g
pX6vVeCzTQ/KYtCYeR1LxLuNIjo8h7o7H8nI0+xklTq45bDM4KpDuQ3tTrugxFAY
34eXYV3JgbM/k4mt1etr7gojiuGCvrzoPJpAZGL9al5cXDYfnQXYaxqwQJBGIAfr
IAfZF+uI/BxqAxwsfdsNsdCgOyt9FhSIcEq3AKt5zW61X245fZAGaOfBu/Ww7Wcn
CP79tUgTs0DrtO0SMOOaJVf6sMduSRxE4iIC6bA+wt7vPBn8wC4GHN2AeQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFCqjMUXJKx+ljk9Qvd6RxFYPpS2JMB8GA1UdIwQY
MBaAFEdmL5/2tkPEZ6K0NLdvgl67Zv7UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjJZdm5fYTJROFJub3JRMHQyLUNYcnRtX3RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9iNWYxNzctYmJkZC00MGNmLTg3ZTUt
YjBiNGM0ZjJmZDkwLzEvS3FNeFJja3JINldPVDFDOTNwSEVWZy1sTFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9iNWYxNzctYmJkZC00MGNmLTg3ZTUtYjBiNGM0ZjJmZDkw
LzEvUjJZdm5fYTJROFJub3JRMHQyLUNYcnRtX3RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQEW44gAwQC
uRKQAwQCuWsIMBQEAgACMA4DBQAqAQQYAwUDKgY/wDANBgkqhkiG9w0BAQsFAAOC
AQEAfUJbH9xPIaFsByQkRlozrVulRlsKYeQTWhvpB+fON1q3WVZd23UdJhMqbfbI
xlSUI1xMPDJAGCMaCuJYsvxCElgzyAlNHe/OQGCG8GpjRJ9WXwacq4Y2wkhgzkJI
EWxLIP81YmSU4zQLUWzkE/AoxCBErBmw5X2sIxJSahhMpnoRzNJglTACzZ5xiO0l
1UGIdVKrG8JNGGIvbPj2pude9E+MibILKlhNftb/cpixhXIvKoEYILWIYiiqpV1G
y4aF+DL1FVpsbk0NiswEt81WqdMmC8m3oIXjL8LNrs3EvPwHDa8X6SGxLS1j5kUz
z04cUJYB8LE47Or9FHQ6Dtn6Iw==
-----END CERTIFICATE-----
Generated at Sun Jun 16 13:11:17 2024 by rpki-client on console-ams.rpki-client.org