Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f60134-6d6d-4dc1-92a9-659ae821991c/1/dRVtkMeroqkBbq1y5rAUB_CzSdg.roa
File:                     dRVtkMeroqkBbq1y5rAUB_CzSdg.roa (raw, json)
Hash identifier:          UF1ZbbyjpOGWBrFbd2kCYxKIGAj8fzXA8+Voktr9q00=
Subject key identifier:   75:15:6D:90:C7:AB:A2:A9:01:6E:AD:72:E6:B0:14:07:F0:B3:49:D8
Certificate issuer:       /CN=aceb99748999ab8e0218f7c8dbdcc5698d669d39
Certificate serial:       018CC26D154D5F7848AFE9BF3A66D60023A4
Authority key identifier: AC:EB:99:74:89:99:AB:8E:02:18:F7:C8:DB:DC:C5:69:8D:66:9D:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rOuZdImZq44CGPfI29zFaY1mnTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f60134-6d6d-4dc1-92a9-659ae821991c/1/dRVtkMeroqkBbq1y5rAUB_CzSdg.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5484
IP address blocks:        185.219.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f60134-6d6d-4dc1-92a9-659ae821991c/1/rOuZdImZq44CGPfI29zFaY1mnTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f60134-6d6d-4dc1-92a9-659ae821991c/1/rOuZdImZq44CGPfI29zFaY1mnTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rOuZdImZq44CGPfI29zFaY1mnTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:15:4d:5f:78:48:af:e9:bf:3a:66:d6:00:23:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aceb99748999ab8e0218f7c8dbdcc5698d669d39
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75156d90c7aba2a9016ead72e6b01407f0b349d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8d:7b:9d:0c:b1:83:51:44:27:ac:fd:68:34:
                    ca:ef:92:ff:bd:ca:da:b6:03:98:1d:bb:82:95:8e:
                    1b:df:16:16:92:59:8d:e1:6b:c1:cf:01:72:22:66:
                    cd:4a:93:b8:e4:a4:cd:f3:99:ad:e5:82:a9:4f:23:
                    4a:d1:40:8a:b0:68:0f:f9:c0:f4:19:29:e1:e2:98:
                    61:16:1f:38:a9:6b:ab:27:01:00:c0:5d:85:a4:f8:
                    4f:14:d3:12:33:7f:9c:47:29:90:df:d3:f8:fb:ac:
                    4f:d6:c5:cb:9f:35:0d:27:d4:78:45:15:9e:95:ce:
                    69:66:0a:55:ba:5c:b9:9c:df:96:6c:b1:5c:75:c8:
                    32:24:b6:cd:25:d3:ce:17:84:8f:9e:0a:b5:bf:af:
                    97:2a:25:39:7a:9f:d8:50:03:eb:d3:2b:82:0a:ba:
                    ab:38:f6:51:f3:fa:7f:ea:9f:52:19:96:56:d8:53:
                    61:aa:d7:6a:56:b0:0f:69:a9:cf:bf:0e:98:98:28:
                    56:2f:a1:a8:40:5b:74:c4:c4:25:47:1e:4d:6d:09:
                    6a:48:37:2a:59:f7:e4:f7:21:93:c2:43:6e:6f:4e:
                    91:6f:9c:b8:d3:29:2c:05:90:af:95:41:57:47:69:
                    8b:87:4e:5e:2a:92:f2:47:03:55:d1:cb:45:ef:07:
                    81:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:15:6D:90:C7:AB:A2:A9:01:6E:AD:72:E6:B0:14:07:F0:B3:49:D8
            X509v3 Authority Key Identifier:
                keyid:AC:EB:99:74:89:99:AB:8E:02:18:F7:C8:DB:DC:C5:69:8D:66:9D:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rOuZdImZq44CGPfI29zFaY1mnTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f60134-6d6d-4dc1-92a9-659ae821991c/1/dRVtkMeroqkBbq1y5rAUB_CzSdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f60134-6d6d-4dc1-92a9-659ae821991c/1/rOuZdImZq44CGPfI29zFaY1mnTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b6:68:4b:ff:1d:24:ec:b5:54:ed:ae:e3:b0:68:19:43:94:
         89:d1:43:ec:fa:05:02:d3:f3:05:31:f3:9f:8f:b7:db:70:55:
         19:b0:9f:67:8f:6c:05:f6:1a:0a:bf:9e:5a:0c:68:e6:94:1e:
         03:3c:36:1f:92:53:e4:f1:99:75:75:2c:d7:bf:72:85:d6:55:
         af:23:ec:92:b1:0b:4b:cd:42:94:72:91:1a:9e:26:7f:d2:db:
         2f:d3:08:35:5f:ee:c1:f8:0b:8a:85:93:65:c3:a7:65:94:c3:
         bb:30:a7:a4:7d:9b:c8:b9:af:8d:de:7a:54:a6:53:0a:35:a1:
         78:17:e9:5b:3d:96:01:d1:52:be:1f:56:9c:cb:4c:7d:59:ce:
         c7:8d:82:d3:6d:13:d0:c0:0a:64:ae:3a:5a:51:33:d4:68:d9:
         d1:43:04:0f:99:f4:8d:4f:af:6b:3b:09:c1:c2:81:69:84:ab:
         84:69:e3:40:d1:92:75:17:2d:2e:c6:6d:fa:ac:a0:95:89:fc:
         31:1c:26:08:7d:b7:bd:08:55:6e:b1:20:1b:6d:2d:a6:8a:e4:
         fe:ab:02:77:27:80:40:d5:ee:42:8f:69:84:e0:9a:5c:0b:5b:
         19:85:c3:f0:96:ad:48:d5:27:73:0e:8f:41:23:7a:3a:5d:06:
         3f:36:4c:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRVNX3hIr+m/OmbWACOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZWI5OTc0ODk5OWFiOGUwMjE4ZjdjOGRiZGNjNTY5OGQ2
NjlkMzkwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTE1NmQ5MGM3YWJhMmE5MDE2ZWFkNzJlNmIwMTQwN2YwYjM0OWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI17nQyxg1FEJ6z9aDTK75L/vcra
tgOYHbuClY4b3xYWklmN4WvBzwFyImbNSpO45KTN85mt5YKpTyNK0UCKsGgP+cD0
GSnh4phhFh84qWurJwEAwF2FpPhPFNMSM3+cRymQ39P4+6xP1sXLnzUNJ9R4RRWe
lc5pZgpVuly5nN+WbLFcdcgyJLbNJdPOF4SPngq1v6+XKiU5ep/YUAPr0yuCCrqr
OPZR8/p/6p9SGZZW2FNhqtdqVrAPaanPvw6YmChWL6GoQFt0xMQlRx5NbQlqSDcq
Wffk9yGTwkNub06Rb5y40yksBZCvlUFXR2mLh05eKpLyRwNV0ctF7weBtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUVbZDHq6KpAW6tcuawFAfws0nYMB8GA1UdIwQY
MBaAFKzrmXSJmauOAhj3yNvcxWmNZp05MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck91WmRJbVpxNDRDR1BmSTI5ekZhWTFtblRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mNjAxMzQtNmQ2ZC00ZGMxLTkyYTkt
NjU5YWU4MjE5OTFjLzEvZFJWdGtNZXJvcWtCYnExeTVyQVVCX0N6U2RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mNjAxMzQtNmQ2ZC00ZGMxLTkyYTktNjU5YWU4MjE5OTFj
LzEvck91WmRJbVpxNDRDR1BmSTI5ekZhWTFtblRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudtyMA0G
CSqGSIb3DQEBCwUAA4IBAQCFtmhL/x0k7LVU7a7jsGgZQ5SJ0UPs+gUC0/MFMfOf
j7fbcFUZsJ9nj2wF9hoKv55aDGjmlB4DPDYfklPk8Zl1dSzXv3KF1lWvI+ySsQtL
zUKUcpEaniZ/0tsv0wg1X+7B+AuKhZNlw6dllMO7MKekfZvIua+N3npUplMKNaF4
F+lbPZYB0VK+H1acy0x9Wc7HjYLTbRPQwApkrjpaUTPUaNnRQwQPmfSNT69rOwnB
woFphKuEaeNA0ZJ1Fy0uxm36rKCVifwxHCYIfbe9CFVusSAbbS2miuT+qwJ3J4BA
1e5Cj2mE4JpcC1sZhcPwlq1I1SdzDo9BI3o6XQY/Nky8
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:18:13 2024 by rpki-client on console-fra.rpki-client.org