Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/7256ec-c346-4b29-b7f5-3e40d01740b2/1/Glr0pxpXKUvkQiBq0__UGqpEZNQ.roa
File:                     Glr0pxpXKUvkQiBq0__UGqpEZNQ.roa (raw, json)
Hash identifier:          3I1JzdFBx95hXYXMbZglQbQ7A9UO7sJL3pCjLgGLHwk=
Subject key identifier:   1A:5A:F4:A7:1A:57:29:4B:E4:42:20:6A:D3:FF:D4:1A:AA:44:64:D4
Certificate issuer:       /CN=d10d5b30b46c7b97b2dbc4589cea3622ad756156
Certificate serial:       018CC2DB5944966F48B2F4CC6DB1A00913FA
Authority key identifier: D1:0D:5B:30:B4:6C:7B:97:B2:DB:C4:58:9C:EA:36:22:AD:75:61:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Q1bMLRse5ey28RYnOo2Iq11YVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/7256ec-c346-4b29-b7f5-3e40d01740b2/1/Glr0pxpXKUvkQiBq0__UGqpEZNQ.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.86.0/24 maxlen: 32
                          2001:7f8:af::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/7256ec-c346-4b29-b7f5-3e40d01740b2/1/0Q1bMLRse5ey28RYnOo2Iq11YVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/7256ec-c346-4b29-b7f5-3e40d01740b2/1/0Q1bMLRse5ey28RYnOo2Iq11YVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Q1bMLRse5ey28RYnOo2Iq11YVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:59:44:96:6f:48:b2:f4:cc:6d:b1:a0:09:13:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d10d5b30b46c7b97b2dbc4589cea3622ad756156
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a5af4a71a57294be442206ad3ffd41aaa4464d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:98:b0:ec:a2:1f:5d:8c:c8:a1:3e:b8:ce:a1:
                    e9:9d:87:6f:1e:e9:9c:23:6f:f7:d9:ab:b3:1a:0a:
                    00:73:f6:92:3b:18:87:75:a0:ed:11:5d:8a:44:95:
                    07:61:f8:11:bf:64:ed:1f:65:a0:ee:5e:68:00:98:
                    6d:ce:ed:06:ab:65:7b:48:c3:3b:2c:67:d1:2b:76:
                    7b:fa:ef:13:28:20:26:cd:35:80:5a:00:62:45:dd:
                    9a:ea:a3:12:47:01:a0:d0:41:47:ea:7a:d1:01:82:
                    e5:4b:d6:7f:29:12:9c:e9:b4:5e:bd:f3:93:e7:a8:
                    e0:b4:c6:42:f6:71:0c:ff:01:be:f6:33:7a:18:99:
                    03:6e:c7:dc:51:14:27:27:ef:6a:f4:fd:f3:25:7a:
                    03:d2:b6:17:c0:9e:23:0c:16:bd:5b:a5:74:6d:38:
                    76:8b:fc:33:c2:d8:08:d5:51:4c:df:ad:6d:27:57:
                    4a:e9:da:28:9b:78:91:58:f8:98:1e:be:b1:a0:d6:
                    5c:ee:2d:36:25:28:59:f5:b5:0d:fb:5b:3d:83:4d:
                    a8:15:16:99:50:f2:02:7c:07:ef:67:ff:4c:3a:55:
                    c0:20:83:88:cf:7a:84:6d:c4:b8:b3:aa:fd:b4:a9:
                    e1:a0:b2:d8:a0:5c:53:6e:f8:dc:a0:c8:2b:8d:ba:
                    50:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:5A:F4:A7:1A:57:29:4B:E4:42:20:6A:D3:FF:D4:1A:AA:44:64:D4
            X509v3 Authority Key Identifier:
                keyid:D1:0D:5B:30:B4:6C:7B:97:B2:DB:C4:58:9C:EA:36:22:AD:75:61:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Q1bMLRse5ey28RYnOo2Iq11YVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7256ec-c346-4b29-b7f5-3e40d01740b2/1/Glr0pxpXKUvkQiBq0__UGqpEZNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/7256ec-c346-4b29-b7f5-3e40d01740b2/1/0Q1bMLRse5ey28RYnOo2Iq11YVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.86.0/24
                IPv6:
                  2001:7f8:af::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:47:b0:88:bc:3a:ac:41:b9:48:59:d8:89:77:d9:ed:82:01:
         7c:d0:39:fd:27:80:cd:97:37:3a:73:c6:ad:7f:71:49:e0:c7:
         62:7e:6b:67:8d:2d:6b:de:40:6b:e6:1b:d0:0a:84:75:46:fc:
         ab:ce:58:8a:49:bc:89:69:35:83:d0:d1:05:9b:8e:2e:3f:89:
         75:79:50:66:be:ad:2b:eb:2b:d2:5f:2b:e5:95:92:43:07:ea:
         39:08:1d:35:05:1c:b5:18:d1:11:63:c9:c1:c5:78:28:e4:ce:
         d8:5e:31:68:54:5b:56:8d:fb:16:b4:83:e2:ea:d0:bf:aa:40:
         77:73:3f:5e:50:94:1d:cc:05:67:ae:c1:ec:58:6e:b3:03:8c:
         88:12:12:66:f4:e4:9f:4f:4d:46:c4:09:cc:8c:d2:a6:95:6e:
         51:a0:79:98:e7:f6:2d:6d:55:0b:e9:ad:b6:ee:db:89:61:fe:
         0b:40:47:8c:48:68:ed:2a:54:92:6b:82:9c:89:30:60:13:81:
         00:2a:53:ec:70:b7:4e:d5:42:36:ea:1d:1b:74:8e:4a:72:bd:
         fd:e9:6b:f0:96:f4:bf:77:49:51:ef:2a:1f:ca:4a:89:9e:73:
         14:ca:ea:6e:19:c2:79:d1:d1:99:b3:aa:69:57:8f:0f:40:0e:
         45:83:1d:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC21lElm9IsvTMbbGgCRP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMGQ1YjMwYjQ2YzdiOTdiMmRiYzQ1ODljZWEzNjIyYWQ3
NTYxNTYwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTVhZjRhNzFhNTcyOTRiZTQ0MjIwNmFkM2ZmZDQxYWFhNDQ2NGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZiw7KIfXYzIoT64zqHpnYdvHumc
I2/32auzGgoAc/aSOxiHdaDtEV2KRJUHYfgRv2TtH2Wg7l5oAJhtzu0Gq2V7SMM7
LGfRK3Z7+u8TKCAmzTWAWgBiRd2a6qMSRwGg0EFH6nrRAYLlS9Z/KRKc6bRevfOT
56jgtMZC9nEM/wG+9jN6GJkDbsfcURQnJ+9q9P3zJXoD0rYXwJ4jDBa9W6V0bTh2
i/wzwtgI1VFM361tJ1dK6doom3iRWPiYHr6xoNZc7i02JShZ9bUN+1s9g02oFRaZ
UPICfAfvZ/9MOlXAIIOIz3qEbcS4s6r9tKnhoLLYoFxTbvjcoMgrjbpQBwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBpa9KcaVylL5EIgatP/1BqqRGTUMB8GA1UdIwQY
MBaAFNENWzC0bHuXstvEWJzqNiKtdWFWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFExYk1MUnNlNWV5MjhSWW5PbzJJcTExWVZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS83MjU2ZWMtYzM0Ni00YjI5LWI3ZjUt
M2U0MGQwMTc0MGIyLzEvR2xyMHB4cFhLVXZrUWlCcTBfX1VHcXBFWk5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS83MjU2ZWMtYzM0Ni00YjI5LWI3ZjUtM2U0MGQwMTc0MGIy
LzEvMFExYk1MUnNlNWV5MjhSWW5PbzJJcTExWVZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQFWMA8E
AgACMAkDBwAgAQf4AK8wDQYJKoZIhvcNAQELBQADggEBABNHsIi8OqxBuUhZ2Il3
2e2CAXzQOf0ngM2XNzpzxq1/cUngx2J+a2eNLWveQGvmG9AKhHVG/KvOWIpJvIlp
NYPQ0QWbji4/iXV5UGa+rSvrK9JfK+WVkkMH6jkIHTUFHLUY0RFjycHFeCjkzthe
MWhUW1aN+xa0g+Lq0L+qQHdzP15QlB3MBWeuwexYbrMDjIgSEmb05J9PTUbECcyM
0qaVblGgeZjn9i1tVQvprbbu24lh/gtAR4xIaO0qVJJrgpyJMGATgQAqU+xwt07V
QjbqHRt0jkpyvf3pa/CW9L93SVHvKh/KSomecxTK6m4ZwnnR0ZmzqmlXjw9ADkWD
HZM=
-----END CERTIFICATE-----
Generated at Thu Nov 21 23:46:58 2024 by rpki-client on console-ams.rpki-client.org