Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/qMeUtrw65x1_mh8MKibAohkWeng.roa
File:                     qMeUtrw65x1_mh8MKibAohkWeng.roa (raw, json)
Hash identifier:          telTy9TKJvTEcqlMgm1bM/JpV9b6NIBX+cBGLByN79Q=
Subject key identifier:   A8:C7:94:B6:BC:3A:E7:1D:7F:9A:1F:0C:2A:26:C0:A2:19:16:7A:78
Certificate issuer:       /CN=b143fa703fbee04bbd91ce63a32148b36b8e55aa
Certificate serial:       018CC8DF9F68BB39E4092B6720983AF896E1
Authority key identifier: B1:43:FA:70:3F:BE:E0:4B:BD:91:CE:63:A3:21:48:B3:6B:8E:55:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/qMeUtrw65x1_mh8MKibAohkWeng.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211631
IP address blocks:        85.112.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9f:68:bb:39:e4:09:2b:67:20:98:3a:f8:96:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b143fa703fbee04bbd91ce63a32148b36b8e55aa
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8c794b6bc3ae71d7f9a1f0c2a26c0a219167a78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:34:c1:7f:93:20:4a:a3:95:3a:fe:aa:b5:93:
                    24:f1:43:0c:f3:b6:ca:0d:f3:d0:22:b1:cf:0d:ef:
                    e6:55:0f:3b:75:e6:60:71:73:6f:5a:6c:bb:48:1b:
                    a6:b7:d5:16:ad:e2:63:c7:46:72:f6:8a:62:9b:ca:
                    7c:e6:39:4c:3e:cf:a4:df:e9:18:45:3e:f5:d0:e5:
                    80:be:88:5e:ab:49:a6:2e:18:48:8d:00:5d:25:e2:
                    d3:35:3c:1a:77:7c:34:ee:24:ed:8a:9c:ca:e8:c5:
                    55:fe:a4:5e:91:fb:d2:dc:8e:70:81:48:0c:de:22:
                    ed:e3:1a:f5:89:08:d5:08:bb:a6:b1:c0:cf:fb:99:
                    78:b1:79:0f:84:5f:cc:75:2b:c4:b5:08:22:93:34:
                    f4:e4:0e:58:7e:e9:8e:45:96:49:3f:c5:a5:32:f8:
                    2c:5f:2c:e2:8f:c2:4d:6e:fb:4c:bb:15:8c:ca:42:
                    ac:e3:ac:1c:78:8a:b0:6e:6e:bc:86:25:05:5d:eb:
                    f8:d3:dd:87:91:35:ce:3a:73:ec:f0:6a:56:51:fd:
                    d0:cf:d9:e5:49:54:d9:e1:bd:8c:92:92:2a:43:d0:
                    0f:a4:65:02:75:86:09:68:ff:97:94:2e:73:d1:e8:
                    fe:0f:e8:5a:e5:eb:94:5e:3b:9e:f6:91:3f:ce:28:
                    4b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C7:94:B6:BC:3A:E7:1D:7F:9A:1F:0C:2A:26:C0:A2:19:16:7A:78
            X509v3 Authority Key Identifier:
                keyid:B1:43:FA:70:3F:BE:E0:4B:BD:91:CE:63:A3:21:48:B3:6B:8E:55:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUP6cD--4Eu9kc5joyFIs2uOVao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/qMeUtrw65x1_mh8MKibAohkWeng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/b9342f-5916-4644-b1aa-00d1e7a170a2/1/sUP6cD--4Eu9kc5joyFIs2uOVao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.112.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:46:c7:13:58:9a:81:16:23:33:72:01:d3:55:1e:ef:63:4f:
         8b:b1:a8:87:cf:d4:e8:6e:40:3c:1c:cc:83:e4:d2:ac:ab:48:
         2d:98:d0:f1:e1:31:9a:42:1e:39:9e:19:fe:43:6a:f1:14:f9:
         2e:2d:d1:5c:07:35:3d:4b:25:cd:40:bb:e8:42:6e:00:0c:83:
         13:af:1b:4a:b2:8b:92:c1:c3:86:0e:68:82:32:2a:91:fa:a2:
         9e:0b:cf:68:eb:32:6c:77:ae:95:e7:ec:02:f8:55:d2:a7:16:
         de:8b:6c:52:31:52:3b:e0:80:60:ca:8b:0b:72:8d:fb:7f:46:
         0c:e9:2a:87:09:c3:f1:14:b1:98:14:5f:e3:38:4f:dc:40:b1:
         bf:8f:e5:93:72:1d:92:cb:5a:95:11:08:47:f7:d2:01:80:9d:
         5e:77:2c:cc:1e:3f:2d:1d:f3:14:71:43:8d:f5:fb:01:de:f1:
         04:94:36:e0:71:9c:94:94:af:e7:bb:ba:56:92:08:dc:7c:da:
         0b:aa:b1:33:60:3e:b9:c4:9b:00:2a:ae:bd:45:02:6f:ce:9c:
         b4:14:95:31:4b:a6:28:e8:f8:88:e0:48:32:4e:1c:bb:b5:11:
         03:80:c9:3c:8d:2d:b5:b2:ee:76:6c:54:7c:e0:d7:67:26:07:
         92:f9:05:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI359ouznkCStnIJg6+JbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNDNmYTcwM2ZiZWUwNGJiZDkxY2U2M2EzMjE0OGIzNmI4
ZTU1YWEwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGM3OTRiNmJjM2FlNzFkN2Y5YTFmMGMyYTI2YzBhMjE5MTY3YTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TTBf5MgSqOVOv6qtZMk8UMM87bK
DfPQIrHPDe/mVQ87deZgcXNvWmy7SBumt9UWreJjx0Zy9opim8p85jlMPs+k3+kY
RT710OWAvoheq0mmLhhIjQBdJeLTNTwad3w07iTtipzK6MVV/qRekfvS3I5wgUgM
3iLt4xr1iQjVCLumscDP+5l4sXkPhF/MdSvEtQgikzT05A5YfumORZZJP8WlMvgs
Xyzij8JNbvtMuxWMykKs46wceIqwbm68hiUFXev4092HkTXOOnPs8GpWUf3Qz9nl
SVTZ4b2MkpIqQ9APpGUCdYYJaP+XlC5z0ej+D+ha5euUXjue9pE/zihLkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjHlLa8Oucdf5ofDComwKIZFnp4MB8GA1UdIwQY
MBaAFLFD+nA/vuBLvZHOY6MhSLNrjlWqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VQNmNELS00RXU5a2M1am95RklzMnVPVmFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iOTM0MmYtNTkxNi00NjQ0LWIxYWEt
MDBkMWU3YTE3MGEyLzEvcU1lVXRydzY1eDFfbWg4TUtpYkFvaGtXZW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iOTM0MmYtNTkxNi00NjQ0LWIxYWEtMDBkMWU3YTE3MGEy
LzEvc1VQNmNELS00RXU5a2M1am95RklzMnVPVmFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXBiMA0G
CSqGSIb3DQEBCwUAA4IBAQA5RscTWJqBFiMzcgHTVR7vY0+LsaiHz9TobkA8HMyD
5NKsq0gtmNDx4TGaQh45nhn+Q2rxFPkuLdFcBzU9SyXNQLvoQm4ADIMTrxtKsouS
wcOGDmiCMiqR+qKeC89o6zJsd66V5+wC+FXSpxbei2xSMVI74IBgyosLco37f0YM
6SqHCcPxFLGYFF/jOE/cQLG/j+WTch2Sy1qVEQhH99IBgJ1edyzMHj8tHfMUcUON
9fsB3vEElDbgcZyUlK/nu7pWkgjcfNoLqrEzYD65xJsAKq69RQJvzpy0FJUxS6Yo
6PiI4EgyThy7tREDgMk8jS21su52bFR84NdnJgeS+QXB
-----END CERTIFICATE-----
Generated at Sat Nov 23 14:55:33 2024 by rpki-client on console-ams.rpki-client.org