Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/1-rD-wfu8vyZ787pNbsLl0LRbsoA.roa
File:                     1-rD-wfu8vyZ787pNbsLl0LRbsoA.roa (raw, json)
Hash identifier:          +RBYoxokBRzSDMi2Oyx9NxuyDdmUl3Ozvy+nGuK4NKc=
Subject key identifier:   FA:B0:FE:C1:FB:BC:BF:26:7B:F3:BA:4D:6E:C2:E5:D0:B4:5B:B2:80
Certificate issuer:       /CN=39a3cebb811046a0966e9554d07e5d16b36dbf04
Certificate serial:       018CC870EEA5E95641DB3973C79D0ADA4136
Authority key identifier: 39:A3:CE:BB:81:10:46:A0:96:6E:95:54:D0:7E:5D:16:B3:6D:BF:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/1-rD-wfu8vyZ787pNbsLl0LRbsoA.roa
Signing time:             Tue 02 Jan 2024 04:31:33 +0000
ROA not before:           Tue 02 Jan 2024 04:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8943
IP address blocks:        185.98.212.0/22 maxlen: 23
                          2a06:ec0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:ee:a5:e9:56:41:db:39:73:c7:9d:0a:da:41:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39a3cebb811046a0966e9554d07e5d16b36dbf04
        Validity
            Not Before: Jan  2 04:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fab0fec1fbbcbf267bf3ba4d6ec2e5d0b45bb280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:54:7c:01:05:40:86:59:76:a7:97:6a:38:b9:
                    c1:f1:0c:96:53:ea:2f:00:7f:9a:cc:65:69:f3:05:
                    22:9e:4c:de:06:17:17:fc:4e:0c:d9:66:7b:89:77:
                    b1:62:e1:6e:26:98:e9:b7:a2:3c:7d:d6:0b:01:99:
                    4c:2d:8b:5e:84:21:3b:7e:04:77:51:19:35:bb:a2:
                    2b:73:0b:28:af:fd:f5:a5:ea:84:a9:1d:81:7b:ad:
                    7b:57:9d:32:ca:36:00:43:c5:0e:f9:2d:42:c2:8c:
                    95:07:06:6c:ed:56:ae:d7:b5:1c:1c:33:7d:d4:db:
                    3f:ff:09:ba:98:78:8d:eb:81:05:60:67:7c:14:20:
                    62:8a:54:0b:c0:e0:18:ee:20:2d:d6:56:2e:a3:2d:
                    39:b1:b2:ea:a3:7a:79:88:fe:f0:00:ad:4e:01:45:
                    e4:7b:e6:99:c6:84:3b:85:df:79:ff:07:c4:eb:5d:
                    57:5f:08:a4:ba:4c:6b:33:fa:e3:5b:c8:93:32:9e:
                    50:b0:e8:fe:b6:c1:b0:d0:c4:d1:ce:a9:e6:cf:ac:
                    7e:4c:36:5a:61:fb:c3:6e:0c:77:69:36:6f:be:ed:
                    b9:76:52:85:fc:78:e4:ba:3c:cc:0a:b9:b6:5e:06:
                    82:dd:78:27:39:5b:31:98:ee:c7:94:34:47:a8:d5:
                    00:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B0:FE:C1:FB:BC:BF:26:7B:F3:BA:4D:6E:C2:E5:D0:B4:5B:B2:80
            X509v3 Authority Key Identifier:
                keyid:39:A3:CE:BB:81:10:46:A0:96:6E:95:54:D0:7E:5D:16:B3:6D:BF:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/1-rD-wfu8vyZ787pNbsLl0LRbsoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d84a54-188f-4faf-9d45-6f21f4c751f3/1/OaPOu4EQRqCWbpVU0H5dFrNtvwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.212.0/22
                IPv6:
                  2a06:ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:7f:0c:4f:3f:41:99:4b:7c:41:0d:ef:7d:bb:e1:ec:1c:ee:
         36:2f:81:c3:f6:b0:08:ad:b4:84:c1:b9:95:0d:8e:d7:32:66:
         86:44:50:de:8b:d9:18:d5:b2:ff:0d:c1:dc:73:1c:9f:5a:b8:
         21:c3:af:55:a9:4e:36:9d:06:51:6c:26:77:e9:a0:38:ec:85:
         3d:50:c5:c2:63:9c:9f:05:74:b1:79:bd:d9:e4:ec:e8:1d:82:
         e1:f9:8b:f4:cc:c0:71:cf:37:ab:ec:70:29:e1:5a:07:fc:0d:
         66:20:bb:dd:53:fb:8f:6f:b2:59:a8:a3:82:c5:5c:18:1f:03:
         42:4f:d3:c2:53:cb:55:a0:4b:9e:dc:42:5f:da:db:60:c8:26:
         17:d9:18:9d:58:0e:cd:77:9e:9f:de:72:fc:dc:e6:cb:1b:f8:
         eb:0f:cc:05:a0:1e:81:d6:a5:e1:59:96:13:37:d6:67:da:ba:
         05:db:6a:ee:7c:69:e9:28:14:cb:7f:03:18:99:2f:71:c2:0a:
         03:6d:5f:1b:d7:b4:20:a7:45:83:b2:5a:4a:3d:c5:3d:e9:9e:
         2c:74:e8:ff:b8:3c:fb:1d:50:15:f2:4e:56:62:9a:f5:cf:d9:
         2d:50:16:c8:4c:d5:92:48:34:23:cc:0c:5b:dd:8e:18:59:60:
         9b:b2:30:22
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzIcO6l6VZB2zlzx50K2kE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5YTNjZWJiODExMDQ2YTA5NjZlOTU1NGQwN2U1ZDE2YjM2
ZGJmMDQwHhcNMjQwMTAyMDQzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWIwZmVjMWZiYmNiZjI2N2JmM2JhNGQ2ZWMyZTVkMGI0NWJiMjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVR8AQVAhll2p5dqOLnB8QyWU+ov
AH+azGVp8wUinkzeBhcX/E4M2WZ7iXexYuFuJpjpt6I8fdYLAZlMLYtehCE7fgR3
URk1u6Ircwsor/31peqEqR2Be617V50yyjYAQ8UO+S1CwoyVBwZs7Vau17UcHDN9
1Ns//wm6mHiN64EFYGd8FCBiilQLwOAY7iAt1lYuoy05sbLqo3p5iP7wAK1OAUXk
e+aZxoQ7hd95/wfE611XXwikukxrM/rjW8iTMp5QsOj+tsGw0MTRzqnmz6x+TDZa
YfvDbgx3aTZvvu25dlKF/HjkujzMCrm2XgaC3XgnOVsxmO7HlDRHqNUAmQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPqw/sH7vL8me/O6TW7C5dC0W7KAMB8GA1UdIwQY
MBaAFDmjzruBEEaglm6VVNB+XRazbb8EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2FQT3U0RVFScUNXYnBWVTBINWRGck50dndRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kODRhNTQtMTg4Zi00ZmFmLTlkNDUt
NmYyMWY0Yzc1MWYzLzEvMS1yRC13ZnU4dnlaNzg3cE5ic0xsMExSYnNvQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjkvZDg0YTU0LTE4OGYtNGZhZi05ZDQ1LTZmMjFmNGM3NTFm
My8xL09hUE91NEVRUnFDV2JwVlUwSDVkRnJOdHZ3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArli1DAN
BAIAAjAHAwUAKgYOwDANBgkqhkiG9w0BAQsFAAOCAQEAj38MTz9BmUt8QQ3vfbvh
7BzuNi+Bw/awCK20hMG5lQ2O1zJmhkRQ3ovZGNWy/w3B3HMcn1q4IcOvValONp0G
UWwmd+mgOOyFPVDFwmOcnwV0sXm92eTs6B2C4fmL9MzAcc83q+xwKeFaB/wNZiC7
3VP7j2+yWaijgsVcGB8DQk/TwlPLVaBLntxCX9rbYMgmF9kYnVgOzXeen95y/Nzm
yxv46w/MBaAegdal4VmWEzfWZ9q6Bdtq7nxp6SgUy38DGJkvccIKA21fG9e0IKdF
g7JaSj3FPemeLHTo/7g8+x1QFfJOVmKa9c/ZLVAWyEzVkkg0I8wMW92OGFlgm7Iw
Ig==
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:40:28 2024 by rpki-client on console-ams.rpki-client.org