Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/e1d4b7-746c-426f-a6c5-dd5f55010a06/1/qwb8nF-ZD-uMosapm9u4lx1dVic.roa
File:                     qwb8nF-ZD-uMosapm9u4lx1dVic.roa (raw, json)
Hash identifier:          YWT0yUfqmQRnq3vf9AovfAlreSHxaZoUAfFRJltcEYw=
Subject key identifier:   AB:06:FC:9C:5F:99:0F:EB:8C:A2:C6:A9:9B:DB:B8:97:1D:5D:56:27
Certificate issuer:       /CN=adc647ba017c8a4599c009be04d81b268eca62f4
Certificate serial:       018E6B704AC8F4C4E93FEBB2F3179F6380DE
Authority key identifier: AD:C6:47:BA:01:7C:8A:45:99:C0:09:BE:04:D8:1B:26:8E:CA:62:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rcZHugF8ikWZwAm-BNgbJo7KYvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/e1d4b7-746c-426f-a6c5-dd5f55010a06/1/qwb8nF-ZD-uMosapm9u4lx1dVic.roa
Signing time:             Sat 23 Mar 2024 13:11:45 +0000
ROA not before:           Sat 23 Mar 2024 13:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20956
IP address blocks:        193.238.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/e1d4b7-746c-426f-a6c5-dd5f55010a06/1/rcZHugF8ikWZwAm-BNgbJo7KYvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/e1d4b7-746c-426f-a6c5-dd5f55010a06/1/rcZHugF8ikWZwAm-BNgbJo7KYvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rcZHugF8ikWZwAm-BNgbJo7KYvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6b:70:4a:c8:f4:c4:e9:3f:eb:b2:f3:17:9f:63:80:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adc647ba017c8a4599c009be04d81b268eca62f4
        Validity
            Not Before: Mar 23 13:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab06fc9c5f990feb8ca2c6a99bdbb8971d5d5627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a5:69:99:6f:d4:c1:85:2d:2c:c3:ff:81:cb:
                    16:59:67:6f:bb:a3:6b:74:f1:10:d2:c8:31:e8:1f:
                    d1:80:cd:50:78:89:56:7d:83:f4:1d:3b:68:62:c5:
                    eb:d7:76:4d:44:f1:2f:72:ea:2c:f8:f1:1a:58:21:
                    d3:b5:4c:cf:69:84:d7:0c:18:3c:a9:36:2b:e9:86:
                    9b:12:44:88:75:ef:d3:9b:3d:30:34:a8:fd:4c:74:
                    04:83:09:ed:3f:1c:5d:6a:5c:11:ec:97:d5:b0:e2:
                    9f:c5:d6:15:60:7f:8c:fd:2c:24:be:e7:d6:9e:20:
                    5b:3c:18:83:c2:0b:42:ca:fe:4a:94:d5:6b:35:ca:
                    66:3e:a0:a2:2e:51:12:0a:1c:c7:d7:39:ad:6b:25:
                    8a:97:68:39:47:71:9f:53:6f:3b:7d:f6:43:3f:42:
                    30:e1:05:a5:1e:1b:61:90:82:37:39:9f:a6:ae:e5:
                    eb:d9:a3:a6:ee:6d:b3:45:26:2a:95:3a:cc:65:b6:
                    71:09:e8:c9:53:82:75:39:5d:06:00:eb:bd:05:d3:
                    54:b9:4b:06:c0:0f:28:46:e7:8a:37:d1:14:3f:45:
                    e2:a8:e7:f8:99:bb:e5:6e:da:d2:ce:69:b8:40:b6:
                    8e:9c:ff:96:7b:b9:47:1b:d0:61:3d:d8:f2:0c:67:
                    08:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:06:FC:9C:5F:99:0F:EB:8C:A2:C6:A9:9B:DB:B8:97:1D:5D:56:27
            X509v3 Authority Key Identifier:
                keyid:AD:C6:47:BA:01:7C:8A:45:99:C0:09:BE:04:D8:1B:26:8E:CA:62:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rcZHugF8ikWZwAm-BNgbJo7KYvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e1d4b7-746c-426f-a6c5-dd5f55010a06/1/qwb8nF-ZD-uMosapm9u4lx1dVic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e1d4b7-746c-426f-a6c5-dd5f55010a06/1/rcZHugF8ikWZwAm-BNgbJo7KYvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:60:81:f5:8e:8a:b2:b2:6a:54:75:63:6a:76:20:fb:12:5d:
         a1:f5:ab:2e:f6:eb:c9:6d:4f:73:98:1b:ec:20:ac:fd:ca:c5:
         bb:d2:9d:88:da:b9:60:ec:04:81:19:d7:08:d5:c9:5d:14:ec:
         c5:47:a4:cf:31:ad:96:62:a8:f1:e1:a5:16:12:55:86:71:d3:
         23:0f:82:0e:21:32:48:8d:27:7c:69:38:97:ae:53:9e:ae:08:
         72:de:f6:0a:48:83:fd:cf:83:1b:34:ac:2b:8e:e3:82:63:31:
         fe:d2:9c:4a:0e:36:c0:ad:08:5d:e0:d3:85:32:90:05:14:b5:
         46:a3:c3:54:49:6c:c3:a7:cc:80:37:78:19:cb:e9:7a:f1:23:
         1e:1e:90:7c:a0:e8:8c:90:92:8c:b1:b1:3c:aa:7e:73:c2:6a:
         fa:46:32:11:a7:87:2d:ee:35:bf:a8:8e:06:e2:d8:42:0b:cc:
         56:5a:7c:b6:0b:9e:3e:1f:40:6e:85:86:d8:8a:96:26:4b:2e:
         f9:2c:95:c1:e9:76:71:21:90:f8:c1:bd:3c:48:21:eb:66:28:
         b5:b7:71:89:95:0a:66:fd:c5:11:7c:aa:ca:8c:91:d0:c2:98:
         ce:35:9a:03:ae:ff:51:68:a0:fe:96:41:cd:da:01:31:49:ba:
         64:da:1c:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5rcErI9MTpP+uy8xefY4DeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYzY0N2JhMDE3YzhhNDU5OWMwMDliZTA0ZDgxYjI2OGVj
YTYyZjQwHhcNMjQwMzIzMTMxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjA2ZmM5YzVmOTkwZmViOGNhMmM2YTk5YmRiYjg5NzFkNWQ1NjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKVpmW/UwYUtLMP/gcsWWWdvu6Nr
dPEQ0sgx6B/RgM1QeIlWfYP0HTtoYsXr13ZNRPEvcuos+PEaWCHTtUzPaYTXDBg8
qTYr6YabEkSIde/Tmz0wNKj9THQEgwntPxxdalwR7JfVsOKfxdYVYH+M/SwkvufW
niBbPBiDwgtCyv5KlNVrNcpmPqCiLlESChzH1zmtayWKl2g5R3GfU287ffZDP0Iw
4QWlHhthkII3OZ+mruXr2aOm7m2zRSYqlTrMZbZxCejJU4J1OV0GAOu9BdNUuUsG
wA8oRueKN9EUP0XiqOf4mbvlbtrSzmm4QLaOnP+We7lHG9BhPdjyDGcIowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsG/JxfmQ/rjKLGqZvbuJcdXVYnMB8GA1UdIwQY
MBaAFK3GR7oBfIpFmcAJvgTYGyaOymL0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmNaSHVnRjhpa1dad0FtLUJOZ2JKbzdLWXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9lMWQ0YjctNzQ2Yy00MjZmLWE2YzUt
ZGQ1ZjU1MDEwYTA2LzEvcXdiOG5GLVpELXVNb3NhcG05dTRseDFkVmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9lMWQ0YjctNzQ2Yy00MjZmLWE2YzUtZGQ1ZjU1MDEwYTA2
LzEvcmNaSHVnRjhpa1dad0FtLUJOZ2JKbzdLWXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe6uMA0G
CSqGSIb3DQEBCwUAA4IBAQAkYIH1joqysmpUdWNqdiD7El2h9asu9uvJbU9zmBvs
IKz9ysW70p2I2rlg7ASBGdcI1cldFOzFR6TPMa2WYqjx4aUWElWGcdMjD4IOITJI
jSd8aTiXrlOerghy3vYKSIP9z4MbNKwrjuOCYzH+0pxKDjbArQhd4NOFMpAFFLVG
o8NUSWzDp8yAN3gZy+l68SMeHpB8oOiMkJKMsbE8qn5zwmr6RjIRp4ct7jW/qI4G
4thCC8xWWny2C54+H0BuhYbYipYmSy75LJXB6XZxIZD4wb08SCHrZii1t3GJlQpm
/cURfKrKjJHQwpjONZoDrv9RaKD+lkHN2gExSbpk2hxl
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:01:46 2024 by rpki-client on console-ams.rpki-client.org