Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/bDD8e_UIsjE3n4AHobtMBZ0C0u0.roa
File:                     bDD8e_UIsjE3n4AHobtMBZ0C0u0.roa (raw, json)
Hash identifier:          KEkQrRly42jdz+c6HjCQ9WYKkHJyyCXMi4Bbji0BErI=
Subject key identifier:   6C:30:FC:7B:F5:08:B2:31:37:9F:80:07:A1:BB:4C:05:9D:02:D2:ED
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F73DC4CF2950E88ADEBA1D040F49
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/bDD8e_UIsjE3n4AHobtMBZ0C0u0.roa
Signing time:             Mon 01 Jan 2024 08:30:05 +0000
ROA not before:           Mon 01 Jan 2024 08:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209711
IP address blocks:        185.86.155.0/24 maxlen: 24
                          185.184.26.0/24 maxlen: 24
                          185.184.25.0/24 maxlen: 24
                          185.98.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f7:3d:c4:cf:29:50:e8:8a:de:ba:1d:04:0f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c30fc7bf508b231379f8007a1bb4c059d02d2ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c9:55:0a:9d:90:5f:17:c6:f5:18:cc:58:8b:
                    a0:f9:71:a2:ca:4d:83:7c:0d:10:ac:12:98:2b:47:
                    95:bc:f3:23:c5:6e:c2:e1:b5:d0:f5:58:e5:93:f5:
                    e5:b0:7a:3e:f2:fd:a1:d0:c6:d1:d1:58:a5:f1:ba:
                    d5:13:3a:8f:08:25:97:80:40:ce:63:87:41:0a:7a:
                    56:f9:50:60:d9:7e:06:bb:10:0d:fb:a4:3f:12:c8:
                    4d:f8:cc:77:10:7f:59:72:f2:c0:12:50:86:f4:20:
                    20:ea:e9:df:1d:f4:7d:e6:7a:06:09:35:44:2a:a6:
                    1d:ab:25:cd:0d:b8:30:9e:75:8c:c4:cd:9f:20:bc:
                    e6:a6:df:e0:c3:b8:f7:1c:29:b4:63:19:e3:f1:65:
                    65:21:d0:a8:9f:24:d1:38:a2:02:41:b6:23:77:3c:
                    91:41:00:f4:34:57:60:63:4c:08:e1:57:29:26:c5:
                    b7:bd:8a:a1:1f:78:2e:0a:06:83:eb:13:8a:9b:c6:
                    ea:30:e7:22:bf:af:47:3e:d7:84:d8:c9:7f:a9:c9:
                    25:d6:e6:c6:38:32:c8:35:27:40:69:5a:91:03:22:
                    24:f6:b8:94:2d:04:83:55:2d:68:07:ab:8c:51:da:
                    56:f0:63:aa:af:94:8e:15:74:50:33:d3:ee:06:06:
                    07:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:30:FC:7B:F5:08:B2:31:37:9F:80:07:A1:BB:4C:05:9D:02:D2:ED
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/bDD8e_UIsjE3n4AHobtMBZ0C0u0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.155.0/24
                  185.98.62.0/24
                  185.184.25.0-185.184.26.255

    Signature Algorithm: sha256WithRSAEncryption
         0e:f7:72:95:79:5c:a4:f1:85:73:47:82:7d:66:0e:3b:4c:84:
         59:b2:f6:6f:d3:b7:cd:04:c9:d4:eb:6e:90:ab:04:e8:db:42:
         5a:0a:c6:87:6d:13:54:15:56:d6:96:fa:94:f0:1a:50:cd:04:
         68:14:c3:36:f2:75:dd:52:96:08:86:51:8a:c9:87:6a:f2:3e:
         89:fe:68:8b:28:13:70:d7:d6:e4:75:20:c0:7b:03:d1:f6:24:
         a2:aa:fd:fc:6b:6d:f4:fb:b6:9b:99:4a:71:97:c0:f9:10:46:
         50:1b:c8:ca:eb:13:ce:04:f7:7c:17:bd:64:02:7c:09:91:5e:
         38:59:eb:2c:03:8f:50:1a:3d:b8:a5:e6:4c:6c:c6:cc:50:fb:
         19:1d:b7:55:75:d6:10:75:8b:6d:6f:6e:15:ab:b5:90:89:3d:
         41:f4:dd:41:ea:8c:fc:f5:98:5d:6c:f8:bd:76:37:9e:fd:0c:
         1d:bd:65:ee:61:03:e9:aa:ed:61:9c:52:91:57:62:5f:45:0c:
         3d:f4:9e:26:f8:7d:93:98:c1:2b:9d:4e:fd:1e:0e:ab:c8:f6:
         b2:73:d0:de:bf:ab:15:28:e9:0a:e6:12:7d:c6:eb:4a:ee:cd:
         47:e7:01:31:6c:08:84:82:1f:5a:62:a7:b4:12:d0:a1:25:e4:
         24:fb:3f:7c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzEJPc9xM8pUOiK3rodBA9JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzMwZmM3YmY1MDhiMjMxMzc5ZjgwMDdhMWJiNGMwNTlkMDJkMmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnslVCp2QXxfG9RjMWIug+XGiyk2D
fA0QrBKYK0eVvPMjxW7C4bXQ9Vjlk/XlsHo+8v2h0MbR0Vil8brVEzqPCCWXgEDO
Y4dBCnpW+VBg2X4GuxAN+6Q/EshN+Mx3EH9ZcvLAElCG9CAg6unfHfR95noGCTVE
KqYdqyXNDbgwnnWMxM2fILzmpt/gw7j3HCm0Yxnj8WVlIdConyTROKICQbYjdzyR
QQD0NFdgY0wI4VcpJsW3vYqhH3guCgaD6xOKm8bqMOciv69HPteE2Ml/qckl1ubG
ODLINSdAaVqRAyIk9riULQSDVS1oB6uMUdpW8GOqr5SOFXRQM9PuBgYHXQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFGww/Hv1CLIxN5+AB6G7TAWdAtLtMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvYkREOGVfVUlzakUzbjRBSG9idE1CWjBDMHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAuVabAwQA
uWI+MAwDBAC5uBkDBAC5uBowDQYJKoZIhvcNAQELBQADggEBAA73cpV5XKTxhXNH
gn1mDjtMhFmy9m/Tt80EydTrbpCrBOjbQloKxodtE1QVVtaW+pTwGlDNBGgUwzby
dd1SlgiGUYrJh2ryPon+aIsoE3DX1uR1IMB7A9H2JKKq/fxrbfT7tpuZSnGXwPkQ
RlAbyMrrE84E93wXvWQCfAmRXjhZ6ywDj1AaPbil5kxsxsxQ+xkdt1V11hB1i21v
bhWrtZCJPUH03UHqjPz1mF1s+L12N579DB29Ze5hA+mq7WGcUpFXYl9FDD30nib4
fZOYwSudTv0eDqvI9rJz0N6/qxUo6QrmEn3G60ruzUfnATFsCISCH1pip7QS0KEl
5CT7P3w=
-----END CERTIFICATE-----
Generated at Mon Nov 25 21:56:23 2024 by rpki-client on console-ams.rpki-client.org