Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/dAOzua8OV9Kl53YG_HqeOLpvKR8.roa
File:                     dAOzua8OV9Kl53YG_HqeOLpvKR8.roa (raw, json)
Hash identifier:          6Sk2TNdidKj1Cbz3OhIueNa1qW1T1m0HnqxKYC9w5g0=
Subject key identifier:   74:03:B3:B9:AF:0E:57:D2:A5:E7:76:06:FC:7A:9E:38:BA:6F:29:1F
Certificate issuer:       /CN=5c32a925c55f1d4e6e40c10f4e8e019b483c1d50
Certificate serial:       018CC64B25E12D5212E388BA425493573576
Authority key identifier: 5C:32:A9:25:C5:5F:1D:4E:6E:40:C1:0F:4E:8E:01:9B:48:3C:1D:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/dAOzua8OV9Kl53YG_HqeOLpvKR8.roa
Signing time:             Mon 01 Jan 2024 18:31:02 +0000
ROA not before:           Mon 01 Jan 2024 18:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48611
IP address blocks:        185.250.184.0/24 maxlen: 24
                          185.250.185.0/24 maxlen: 24
                          2a0c:1144::/30 maxlen: 30
                          2a0c:1140::/29 maxlen: 29
                          2a0c:1140::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:25:e1:2d:52:12:e3:88:ba:42:54:93:57:35:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c32a925c55f1d4e6e40c10f4e8e019b483c1d50
        Validity
            Not Before: Jan  1 18:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7403b3b9af0e57d2a5e77606fc7a9e38ba6f291f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3d:bd:8b:66:b7:9a:1d:f9:ff:f8:12:f1:ea:
                    76:8d:59:b7:d7:b4:fb:14:0c:8e:54:94:59:3f:5b:
                    b0:e4:7d:9c:ff:d2:e5:12:20:82:ed:a1:36:f3:31:
                    06:39:32:df:c8:4b:b4:4c:56:c9:16:ac:4d:e8:6b:
                    92:b3:ce:a8:61:1d:36:21:15:9e:8a:e1:c3:43:32:
                    e6:75:9c:89:0d:70:83:4f:d1:7b:78:5c:a2:53:a2:
                    98:41:42:86:f9:3b:f4:4c:85:70:00:c0:a8:1c:25:
                    c8:61:af:83:01:35:19:e7:80:3a:69:42:af:f3:c1:
                    84:d9:85:58:22:a8:1c:7a:17:1e:10:a5:d3:f5:9a:
                    7b:c6:d0:62:97:00:4a:31:b4:dc:b9:08:d2:31:25:
                    9a:af:78:b1:09:b3:19:72:ce:b2:b0:1d:90:d8:03:
                    a6:6a:a7:0c:24:81:4f:2c:00:3b:c5:9f:b2:4f:62:
                    68:85:13:99:98:f6:cd:b8:ea:5c:93:92:96:b8:db:
                    e9:8e:1a:9c:a2:56:f0:7a:13:63:23:66:56:d7:25:
                    08:9b:1e:f6:6a:50:37:fa:08:57:e1:8f:a7:f7:2f:
                    df:c0:30:b0:ad:f6:60:5c:c4:eb:7a:0d:f8:0d:61:
                    eb:06:41:bf:ec:8f:7e:ab:be:17:11:6d:6d:82:cb:
                    ba:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:03:B3:B9:AF:0E:57:D2:A5:E7:76:06:FC:7A:9E:38:BA:6F:29:1F
            X509v3 Authority Key Identifier:
                keyid:5C:32:A9:25:C5:5F:1D:4E:6E:40:C1:0F:4E:8E:01:9B:48:3C:1D:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/dAOzua8OV9Kl53YG_HqeOLpvKR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/d3c8f7-ff8d-42b8-a762-45377418fbb2/1/XDKpJcVfHU5uQMEPTo4Bm0g8HVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.184.0/23
                IPv6:
                  2a0c:1140::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:28:b5:82:58:f9:e3:e1:3d:d3:ba:e4:5b:74:a7:5f:e4:df:
         d2:04:47:ef:10:b8:86:bb:7c:b0:50:22:cc:8e:bb:c0:a2:06:
         3c:24:69:d6:07:e8:8b:53:59:b0:3b:a4:0b:7e:36:53:9d:e5:
         f7:0b:0e:9c:71:7b:0a:37:8a:0e:7b:9e:5c:2c:1f:af:8d:7e:
         2b:d5:19:8c:32:39:a9:da:ba:86:e5:32:ba:dc:2f:e9:dd:14:
         48:52:3c:f5:3a:eb:fd:47:7b:a9:67:0b:d3:0c:65:bf:e6:cb:
         da:58:26:79:4c:08:28:5e:83:29:04:37:15:e8:e9:ef:15:8a:
         3c:fe:2c:31:13:a8:a8:06:03:d9:96:4b:a5:01:bf:71:87:1f:
         68:8d:8d:ba:ec:fa:fe:64:e4:ca:cb:7e:1c:50:60:ae:1a:c2:
         5b:17:ae:6f:38:05:74:43:cd:af:02:56:59:f2:91:6d:57:3f:
         21:be:6e:7d:28:b7:e6:3e:2b:20:c4:cf:ce:a5:10:2c:c8:5c:
         e0:95:d8:38:6d:4b:63:ab:d3:50:69:55:28:ad:c3:2c:45:c3:
         35:56:e7:a8:cf:db:50:19:2d:a5:dc:e6:a8:81:01:b5:29:78:
         6d:8e:b4:e3:6a:9f:d5:61:50:8b:69:d2:f1:39:7d:31:62:b1:
         04:e4:23:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSyXhLVIS44i6QlSTVzV2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMzJhOTI1YzU1ZjFkNGU2ZTQwYzEwZjRlOGUwMTliNDgz
YzFkNTAwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDAzYjNiOWFmMGU1N2QyYTVlNzc2MDZmYzdhOWUzOGJhNmYyOTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAij29i2a3mh35//gS8ep2jVm317T7
FAyOVJRZP1uw5H2c/9LlEiCC7aE28zEGOTLfyEu0TFbJFqxN6GuSs86oYR02IRWe
iuHDQzLmdZyJDXCDT9F7eFyiU6KYQUKG+Tv0TIVwAMCoHCXIYa+DATUZ54A6aUKv
88GE2YVYIqgcehceEKXT9Zp7xtBilwBKMbTcuQjSMSWar3ixCbMZcs6ysB2Q2AOm
aqcMJIFPLAA7xZ+yT2JohROZmPbNuOpck5KWuNvpjhqcolbwehNjI2ZW1yUImx72
alA3+ghX4Y+n9y/fwDCwrfZgXMTreg34DWHrBkG/7I9+q74XEW1tgsu6UQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHQDs7mvDlfSped2Bvx6nji6bykfMB8GA1UdIwQY
MBaAFFwyqSXFXx1ObkDBD06OAZtIPB1QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWERLcEpjVmZIVTV1UU1FUFRvNEJtMGc4SFZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kM2M4ZjctZmY4ZC00MmI4LWE3NjIt
NDUzNzc0MThmYmIyLzEvZEFPenVhOE9WOUtsNTNZR19IcWVPTHB2S1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kM2M4ZjctZmY4ZC00MmI4LWE3NjItNDUzNzc0MThmYmIy
LzEvWERLcEpjVmZIVTV1UU1FUFRvNEJtMGc4SFZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBufq4MA0E
AgACMAcDBQMqDBFAMA0GCSqGSIb3DQEBCwUAA4IBAQBdKLWCWPnj4T3TuuRbdKdf
5N/SBEfvELiGu3ywUCLMjrvAogY8JGnWB+iLU1mwO6QLfjZTneX3Cw6ccXsKN4oO
e55cLB+vjX4r1RmMMjmp2rqG5TK63C/p3RRIUjz1Ouv9R3upZwvTDGW/5svaWCZ5
TAgoXoMpBDcV6OnvFYo8/iwxE6ioBgPZlkulAb9xhx9ojY267Pr+ZOTKy34cUGCu
GsJbF65vOAV0Q82vAlZZ8pFtVz8hvm59KLfmPisgxM/OpRAsyFzgldg4bUtjq9NQ
aVUorcMsRcM1Vueoz9tQGS2l3OaogQG1KXhtjrTjap/VYVCLadLxOX0xYrEE5CMr
-----END CERTIFICATE-----
Generated at Mon Jun 17 02:08:31 2024 by rpki-client on console-fra.rpki-client.org