Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/3gcR-yvgc5JiU3-qLhCmMi1ejKQ.roa
File:                     3gcR-yvgc5JiU3-qLhCmMi1ejKQ.roa (raw, json)
Hash identifier:          sZyNZm1jhgkfB2fLi5wp0PzFUJtk8oy9xaknqhzTsm8=
Subject key identifier:   DE:07:11:FB:2B:E0:73:92:62:53:7F:AA:2E:10:A6:32:2D:5E:8C:A4
Certificate issuer:       /CN=9301ea05963c9756f28ee2e98b8f3cc479dc9f58
Certificate serial:       018CC79544AC48B7F85D477D7A05AF0E8474
Authority key identifier: 93:01:EA:05:96:3C:97:56:F2:8E:E2:E9:8B:8F:3C:C4:79:DC:9F:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kwHqBZY8l1byjuLpi488xHncn1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/3gcR-yvgc5JiU3-qLhCmMi1ejKQ.roa
Signing time:             Tue 02 Jan 2024 00:31:37 +0000
ROA not before:           Tue 02 Jan 2024 00:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206746
IP address blocks:        185.176.100.0/24 maxlen: 24
                          185.176.102.0/24 maxlen: 24
                          185.176.103.0/24 maxlen: 24
                          185.176.101.0/24 maxlen: 24
                          2a0a:1181::/32 maxlen: 32
                          2a0a:1183::/32 maxlen: 32
                          2a0a:1180::/32 maxlen: 32
                          2a0a:1182::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/kwHqBZY8l1byjuLpi488xHncn1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/kwHqBZY8l1byjuLpi488xHncn1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kwHqBZY8l1byjuLpi488xHncn1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 06:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:44:ac:48:b7:f8:5d:47:7d:7a:05:af:0e:84:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9301ea05963c9756f28ee2e98b8f3cc479dc9f58
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de0711fb2be0739262537faa2e10a6322d5e8ca4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:24:2f:bf:40:df:9a:22:98:e2:d3:79:67:d1:
                    83:15:49:3b:1f:f9:de:bd:16:f7:63:48:34:41:1d:
                    29:b6:2f:5b:69:56:1e:51:82:85:6d:8a:7d:b8:45:
                    be:7a:3c:e1:c9:1c:06:55:0c:d1:d5:72:87:cd:d5:
                    41:f9:2d:50:bd:0f:fc:26:ec:ab:68:84:e2:84:90:
                    87:97:f8:95:0f:e4:d4:69:ca:4b:5e:6f:8f:8b:e0:
                    2e:1d:cb:e5:74:92:75:bf:8c:00:ed:94:b3:1f:bd:
                    75:22:c3:75:49:1f:7d:aa:d3:b4:d7:f5:9c:b2:d0:
                    94:7c:cb:0d:17:d8:73:81:8e:c9:f5:48:f8:54:ea:
                    ee:35:a3:9b:b4:36:58:34:3d:9d:13:93:93:4b:1c:
                    60:bc:a0:9a:d9:07:42:d3:cf:53:45:35:9a:75:7a:
                    9a:ee:4c:d9:c5:98:11:ec:ad:b1:86:b5:72:f0:cc:
                    39:db:07:dc:5e:b9:13:60:c8:ae:66:41:8d:b8:32:
                    05:d7:26:7f:1e:c2:09:e5:fd:d9:bb:ff:f5:73:14:
                    2b:8a:1d:62:4d:d9:36:c9:45:9c:40:9f:3e:71:c8:
                    2d:91:a1:4f:00:35:6e:db:95:9d:48:31:5c:fc:52:
                    f6:af:01:37:74:70:04:01:9c:a1:45:a8:96:89:df:
                    41:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:07:11:FB:2B:E0:73:92:62:53:7F:AA:2E:10:A6:32:2D:5E:8C:A4
            X509v3 Authority Key Identifier:
                keyid:93:01:EA:05:96:3C:97:56:F2:8E:E2:E9:8B:8F:3C:C4:79:DC:9F:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kwHqBZY8l1byjuLpi488xHncn1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/3gcR-yvgc5JiU3-qLhCmMi1ejKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/kwHqBZY8l1byjuLpi488xHncn1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.100.0/22
                IPv6:
                  2a0a:1180::/30

    Signature Algorithm: sha256WithRSAEncryption
         1d:a7:fb:53:cb:e5:ec:2d:b2:6c:4e:85:b0:a9:00:2b:24:df:
         f3:66:bd:cf:d3:2e:0c:97:de:96:af:80:57:b8:48:bf:74:57:
         b9:e8:bd:0c:e1:9a:30:6e:3c:64:89:e2:d6:f0:e2:02:b0:02:
         e1:10:7f:59:4a:d6:94:64:3c:57:6f:01:af:6b:45:e6:07:02:
         2d:40:ae:7b:4d:83:40:61:b1:b7:2a:5b:0f:17:af:b8:67:d6:
         8d:bf:c5:62:91:10:58:2d:b0:22:98:15:f5:d5:0c:3d:88:27:
         7a:c4:13:26:70:3b:6b:4e:a9:41:65:ac:8b:46:1c:34:7f:ac:
         2e:11:f2:cd:ce:87:4c:f5:e7:0c:b1:ce:fb:89:a1:49:f7:72:
         bb:8c:7d:8c:f7:06:08:36:dd:d2:e7:3e:b6:42:fb:fe:09:02:
         85:1c:25:3e:5a:e8:d5:fd:06:df:2a:04:f6:03:c7:d6:11:d5:
         23:dd:56:f3:03:71:45:e1:47:c2:6f:73:bc:49:3b:ff:b1:72:
         c4:40:2e:ca:0c:93:d3:d8:74:31:36:7a:9b:68:3c:ad:25:51:
         d3:28:10:67:79:ce:b5:cb:22:c6:53:e9:d6:64:74:7d:22:ff:
         59:e4:81:e0:0b:a5:60:45:06:fa:e6:ac:1e:81:c0:a7:75:59:
         a0:41:f8:ed
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlUSsSLf4XUd9egWvDoR0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMDFlYTA1OTYzYzk3NTZmMjhlZTJlOThiOGYzY2M0Nzlk
YzlmNTgwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTA3MTFmYjJiZTA3MzkyNjI1MzdmYWEyZTEwYTYzMjJkNWU4Y2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyQvv0DfmiKY4tN5Z9GDFUk7H/ne
vRb3Y0g0QR0pti9baVYeUYKFbYp9uEW+ejzhyRwGVQzR1XKHzdVB+S1QvQ/8Juyr
aITihJCHl/iVD+TUacpLXm+Pi+AuHcvldJJ1v4wA7ZSzH711IsN1SR99qtO01/Wc
stCUfMsNF9hzgY7J9Uj4VOruNaObtDZYND2dE5OTSxxgvKCa2QdC089TRTWadXqa
7kzZxZgR7K2xhrVy8Mw52wfcXrkTYMiuZkGNuDIF1yZ/HsIJ5f3Zu//1cxQrih1i
Tdk2yUWcQJ8+ccgtkaFPADVu25WdSDFc/FL2rwE3dHAEAZyhRaiWid9BdwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN4HEfsr4HOSYlN/qi4QpjItXoykMB8GA1UdIwQY
MBaAFJMB6gWWPJdW8o7i6YuPPMR53J9YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3dIcUJaWThsMWJ5anVMcGk0ODh4SG5jbjFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9lYmY2Y2ItYTc3OS00NjRmLThiZWUt
OGYwOGUwMjcyZGY4LzEvM2djUi15dmdjNUppVTMtcUxoQ21NaTFlaktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9lYmY2Y2ItYTc3OS00NjRmLThiZWUtOGYwOGUwMjcyZGY4
LzEva3dIcUJaWThsMWJ5anVMcGk0ODh4SG5jbjFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubBkMA0E
AgACMAcDBQIqChGAMA0GCSqGSIb3DQEBCwUAA4IBAQAdp/tTy+XsLbJsToWwqQAr
JN/zZr3P0y4Ml96Wr4BXuEi/dFe56L0M4ZowbjxkieLW8OICsALhEH9ZStaUZDxX
bwGva0XmBwItQK57TYNAYbG3KlsPF6+4Z9aNv8VikRBYLbAimBX11Qw9iCd6xBMm
cDtrTqlBZayLRhw0f6wuEfLNzodM9ecMsc77iaFJ93K7jH2M9wYINt3S5z62Qvv+
CQKFHCU+WujV/QbfKgT2A8fWEdUj3VbzA3FF4UfCb3O8STv/sXLEQC7KDJPT2HQx
NnqbaDytJVHTKBBnec61yyLGU+nWZHR9Iv9Z5IHgC6VgRQb65qwegcCndVmgQfjt
-----END CERTIFICATE-----
Generated at Mon Jun 17 14:46:31 2024 by rpki-client on console-fra.rpki-client.org