Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/1-mLdgHivLO7VeKn3KgzP_Q35Lzc.roa
File:                     1-mLdgHivLO7VeKn3KgzP_Q35Lzc.roa (raw, json)
Hash identifier:          k/9VsZX8Uk0Jq6vYSIxCJXowC3Un/jJKVrOZPjXOCqA=
Subject key identifier:   FA:62:DD:80:78:AF:2C:EE:D5:78:A9:F7:2A:0C:CF:FD:0D:F9:2F:37
Certificate issuer:       /CN=6f20c1aae03c274f029428eea0a4424208d4f3ed
Certificate serial:       018CC34892AA8F1F836D90DB38266B4A4607
Authority key identifier: 6F:20:C1:AA:E0:3C:27:4F:02:94:28:EE:A0:A4:42:42:08:D4:F3:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/byDBquA8J08ClCjuoKRCQgjU8-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/1-mLdgHivLO7VeKn3KgzP_Q35Lzc.roa
Signing time:             Mon 01 Jan 2024 04:29:22 +0000
ROA not before:           Mon 01 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206602
IP address blocks:        185.245.144.0/24 maxlen: 24
                          185.245.145.0/24 maxlen: 24
                          185.245.144.0/22 maxlen: 22
                          185.245.146.0/24 maxlen: 24
                          185.245.147.0/24 maxlen: 24
                          2a12:bcc0:101::/48 maxlen: 48
                          2a12:bcc0:1::/48 maxlen: 48
                          2a12:bcc0::/29 maxlen: 29
                          2a12:bcc0:2::/48 maxlen: 48
                          2a12:bcc0:102::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/byDBquA8J08ClCjuoKRCQgjU8-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/byDBquA8J08ClCjuoKRCQgjU8-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/byDBquA8J08ClCjuoKRCQgjU8-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:92:aa:8f:1f:83:6d:90:db:38:26:6b:4a:46:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f20c1aae03c274f029428eea0a4424208d4f3ed
        Validity
            Not Before: Jan  1 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa62dd8078af2ceed578a9f72a0ccffd0df92f37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0b:a4:d2:9b:dd:f3:7d:79:e8:7d:cf:b3:b7:
                    b2:ea:03:04:f2:c0:c3:3c:c3:d9:1c:e9:9b:a2:2f:
                    f5:74:b2:21:13:6d:2e:8c:c1:b3:7b:d1:73:8c:a6:
                    d0:fc:09:66:19:e7:4d:80:f5:c9:e1:6a:45:f2:5f:
                    52:63:59:92:ab:91:a8:f9:e5:9d:3d:d4:9e:eb:ab:
                    a1:24:4a:26:e0:9e:63:f0:f5:aa:d5:bf:d8:25:36:
                    64:9d:be:c7:d0:27:de:6f:b7:8c:88:a8:91:40:b3:
                    82:2e:02:3b:58:6e:6c:50:2b:3a:62:19:c7:df:2e:
                    b1:12:04:8b:e7:f9:f6:d3:1e:1f:05:c0:55:a2:d5:
                    d7:b7:ef:1e:d0:d9:bf:04:42:b2:dc:77:a0:74:e5:
                    e4:9b:70:e9:c7:fe:2d:1c:b4:16:3c:8c:78:56:48:
                    52:71:2b:14:93:13:e9:5e:31:b4:ff:32:1b:4b:37:
                    2a:fd:16:a0:29:dd:6b:a2:cb:5a:62:03:a6:41:91:
                    e2:48:f1:2d:c1:ad:c9:cf:13:16:5f:1f:5f:0e:11:
                    ca:ab:aa:d2:dd:5e:56:65:0c:46:16:04:05:be:21:
                    74:7d:3d:1e:a5:40:74:41:37:90:ae:65:97:df:18:
                    d3:c2:5a:82:28:c8:2e:9c:d6:61:1a:d7:1b:a4:fd:
                    38:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:62:DD:80:78:AF:2C:EE:D5:78:A9:F7:2A:0C:CF:FD:0D:F9:2F:37
            X509v3 Authority Key Identifier:
                keyid:6F:20:C1:AA:E0:3C:27:4F:02:94:28:EE:A0:A4:42:42:08:D4:F3:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/byDBquA8J08ClCjuoKRCQgjU8-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/1-mLdgHivLO7VeKn3KgzP_Q35Lzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/byDBquA8J08ClCjuoKRCQgjU8-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.144.0/22
                IPv6:
                  2a12:bcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:c4:57:3c:a3:3f:c2:01:ed:f4:23:65:95:bf:5a:27:a9:01:
         26:38:5d:3b:00:2f:36:90:b6:13:c4:19:67:a1:85:bb:32:37:
         b7:59:fb:53:03:e8:1d:aa:b6:bb:2c:69:05:89:16:3a:e7:16:
         f9:78:22:9d:38:59:29:2a:6f:e8:ce:66:52:35:00:8a:b2:ad:
         ea:f1:81:e2:7f:3b:85:80:97:73:1d:12:c4:2a:2f:75:f8:c4:
         fd:65:35:ce:94:f5:d6:44:e1:de:d9:a9:ed:d6:00:7b:b2:70:
         6d:22:ee:28:d5:32:c8:b9:12:de:84:d2:48:bb:80:91:5b:b1:
         88:4c:40:6a:22:b4:5e:b8:72:c9:be:83:0d:38:25:63:5f:2b:
         cf:2e:44:de:6d:1c:50:88:8a:99:c2:f2:bc:c5:ba:55:ce:63:
         6e:77:88:56:c9:75:61:a6:e0:15:1e:24:38:74:7b:bb:07:b3:
         f9:8f:09:90:b0:f4:d6:7b:05:ba:cc:99:24:4b:04:6d:af:c4:
         50:4e:75:aa:1b:81:f1:e6:3f:25:f4:e9:07:de:c2:10:6a:d0:
         03:5a:e5:58:34:6a:8f:94:7c:ed:f4:b0:12:e6:ee:69:8a:a6:
         55:1b:91:80:2b:43:f5:ef:62:b2:3c:27:68:68:bc:e8:f2:e6:
         98:76:07:b3
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzDSJKqjx+DbZDbOCZrSkYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMjBjMWFhZTAzYzI3NGYwMjk0MjhlZWEwYTQ0MjQyMDhk
NGYzZWQwHhcNMjQwMTAxMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTYyZGQ4MDc4YWYyY2VlZDU3OGE5ZjcyYTBjY2ZmZDBkZjkyZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAuk0pvd83156H3Ps7ey6gME8sDD
PMPZHOmboi/1dLIhE20ujMGze9FzjKbQ/AlmGedNgPXJ4WpF8l9SY1mSq5Go+eWd
PdSe66uhJEom4J5j8PWq1b/YJTZknb7H0Cfeb7eMiKiRQLOCLgI7WG5sUCs6YhnH
3y6xEgSL5/n20x4fBcBVotXXt+8e0Nm/BEKy3HegdOXkm3Dpx/4tHLQWPIx4VkhS
cSsUkxPpXjG0/zIbSzcq/RagKd1rostaYgOmQZHiSPEtwa3JzxMWXx9fDhHKq6rS
3V5WZQxGFgQFviF0fT0epUB0QTeQrmWX3xjTwlqCKMgunNZhGtcbpP043wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPpi3YB4ryzu1Xip9yoMz/0N+S83MB8GA1UdIwQY
MBaAFG8gwargPCdPApQo7qCkQkII1PPtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnlEQnF1QThKMDhDbENqdW9LUkNRZ2pVOC0wLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS83ZTRiYTctZjU5Mi00ZWVjLWJjYWUt
MDk1ZDBiZDI1NTVmLzEvMS1tTGRnSGl2TE83VmVLbjNLZ3pQX1EzNUx6Yy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvN2U0YmE3LWY1OTItNGVlYy1iY2FlLTA5NWQwYmQyNTU1
Zi8xL2J5REJxdUE4SjA4Q2xDanVvS1JDUWdqVTgtMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArn1kDAN
BAIAAjAHAwUDKhK8wDANBgkqhkiG9w0BAQsFAAOCAQEAesRXPKM/wgHt9CNllb9a
J6kBJjhdOwAvNpC2E8QZZ6GFuzI3t1n7UwPoHaq2uyxpBYkWOucW+XginThZKSpv
6M5mUjUAirKt6vGB4n87hYCXcx0SxCovdfjE/WU1zpT11kTh3tmp7dYAe7JwbSLu
KNUyyLkS3oTSSLuAkVuxiExAaiK0Xrhyyb6DDTglY18rzy5E3m0cUIiKmcLyvMW6
Vc5jbneIVsl1YabgFR4kOHR7uwez+Y8JkLD01nsFusyZJEsEba/EUE51qhuB8eY/
JfTpB97CEGrQA1rlWDRqj5R87fSwEubuaYqmVRuRgCtD9e9isjwnaGi86PLmmHYH
sw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:51:20 2024 by rpki-client on console-fra.rpki-client.org