Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/O_QmbB9P_CpJg9ebxgeDAfpMNWU.roa
File:                     O_QmbB9P_CpJg9ebxgeDAfpMNWU.roa (raw, json)
Hash identifier:          pvF4Jz8WJs2+NzQMogCJLHpy3gSmHfrVDNfYU5RdVOE=
Subject key identifier:   3B:F4:26:6C:1F:4F:FC:2A:49:83:D7:9B:C6:07:83:01:FA:4C:35:65
Certificate issuer:       /CN=6efa8c0fe62ec54accbde35c60bd8ad4b9014ff7
Certificate serial:       018CC86F30C9110449FA7C6C738FF9AB232C
Authority key identifier: 6E:FA:8C:0F:E6:2E:C5:4A:CC:BD:E3:5C:60:BD:8A:D4:B9:01:4F:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bvqMD-YuxUrMveNcYL2K1LkBT_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/O_QmbB9P_CpJg9ebxgeDAfpMNWU.roa
Signing time:             Tue 02 Jan 2024 04:29:39 +0000
ROA not before:           Tue 02 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63399
IP address blocks:        185.91.9.0/24 maxlen: 24
                          185.91.8.0/24 maxlen: 24
                          2a05:e580:500::/40 maxlen: 40
                          2a05:e580:900::/40 maxlen: 40
                          2a05:e580:100::/40 maxlen: 40
                          2a05:e580:b00::/40 maxlen: 40
                          2a05:e580:200::/40 maxlen: 40
                          2a05:e580:d00::/40 maxlen: 40
                          2a05:e580:a00::/40 maxlen: 40
                          2a05:e580:400::/40 maxlen: 40
                          2a05:e580:700::/40 maxlen: 40
                          2a05:e580:600::/40 maxlen: 40
                          2a05:e580:300::/40 maxlen: 40
                          2a05:e580:800::/40 maxlen: 40
                          2a05:e580:c00::/40 maxlen: 40
                          2a05:e580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/bvqMD-YuxUrMveNcYL2K1LkBT_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/bvqMD-YuxUrMveNcYL2K1LkBT_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bvqMD-YuxUrMveNcYL2K1LkBT_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:30:c9:11:04:49:fa:7c:6c:73:8f:f9:ab:23:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6efa8c0fe62ec54accbde35c60bd8ad4b9014ff7
        Validity
            Not Before: Jan  2 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bf4266c1f4ffc2a4983d79bc6078301fa4c3565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:e0:a5:84:27:74:cc:33:19:03:98:60:b0:d7:
                    10:d4:cb:4e:3e:d6:58:b7:04:1b:e9:ee:d4:c2:59:
                    90:c7:6b:91:ab:c8:a0:f7:09:df:71:3c:a3:17:5c:
                    99:aa:d3:c4:b5:a1:e3:65:b5:8d:90:61:68:5d:fa:
                    fc:64:ac:db:ba:61:ea:7b:6c:a4:b7:aa:97:9d:0d:
                    b5:80:f1:a2:c4:16:99:47:24:54:7b:e3:1c:75:6c:
                    8d:35:dd:3b:56:22:fb:ec:78:7e:94:5d:9c:c6:04:
                    06:c6:2d:81:d9:45:1b:75:22:4b:23:41:d9:17:24:
                    85:cf:b3:fd:ea:fd:9b:93:04:3b:fb:f6:6b:6b:de:
                    ec:ad:63:31:62:25:dc:22:fd:61:f8:a1:74:d7:50:
                    01:dc:d4:d8:49:34:86:e1:e5:0f:e2:7f:55:06:f5:
                    32:6b:a3:18:2b:b5:ed:3f:95:15:51:e0:bc:aa:90:
                    71:5e:5d:ad:7b:c7:e4:34:cb:ac:19:06:de:fc:c1:
                    e8:92:66:2e:ea:4a:78:ae:85:3c:1a:6e:6d:aa:2a:
                    b3:ec:96:4d:be:ed:9d:32:f5:1e:0f:49:34:e9:8b:
                    1f:54:9e:f6:06:92:4f:9d:5b:c4:3d:31:9c:24:9f:
                    c3:08:2b:56:b9:44:9b:c9:78:85:d4:11:c4:bb:4d:
                    3d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:F4:26:6C:1F:4F:FC:2A:49:83:D7:9B:C6:07:83:01:FA:4C:35:65
            X509v3 Authority Key Identifier:
                keyid:6E:FA:8C:0F:E6:2E:C5:4A:CC:BD:E3:5C:60:BD:8A:D4:B9:01:4F:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bvqMD-YuxUrMveNcYL2K1LkBT_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/O_QmbB9P_CpJg9ebxgeDAfpMNWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/6c7b22-b65f-4f37-a40e-a9917cc15e0a/1/bvqMD-YuxUrMveNcYL2K1LkBT_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.8.0/23
                IPv6:
                  2a05:e580::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:f6:24:6c:3d:6f:6a:9a:d8:78:16:23:88:f6:ef:89:08:79:
         6d:b2:6f:a2:a3:b2:c6:32:9f:45:1d:f8:2c:55:5d:53:90:fd:
         49:a9:e8:72:4a:b3:33:28:13:3d:08:7f:fb:66:6c:d9:5b:90:
         b2:84:41:4c:52:6c:23:c9:fb:e9:22:fd:f1:46:55:89:a6:90:
         75:0f:8d:73:d9:23:24:8e:79:3b:19:a2:c4:1e:26:a3:84:4f:
         33:06:e0:8b:85:b0:9a:a8:bd:75:e6:15:4a:e9:2e:1f:24:ee:
         91:78:96:17:86:c5:2e:77:30:81:f2:7b:b8:75:ac:9d:a6:5a:
         0d:86:2f:77:2d:a1:e6:7b:f8:2b:38:b6:c6:ac:1a:36:ab:c6:
         e4:22:72:29:88:a1:ff:3b:c1:60:ac:56:a6:c4:84:48:d5:b9:
         a5:f1:f1:71:5f:8c:63:4f:5c:33:e6:68:63:87:26:6c:96:e3:
         a2:0c:3c:c1:a7:79:10:8f:55:54:ec:80:40:d0:1f:86:c2:88:
         72:69:3d:b5:76:b9:c8:62:59:98:bd:25:0a:19:36:c6:9c:3e:
         55:85:f7:92:85:60:b5:b1:a1:29:10:b1:df:a3:4c:f4:a5:52:
         f7:ef:ff:f2:ba:41:19:9f:e9:ec:45:91:a3:8d:64:69:cd:f6:
         34:17:1a:87
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbzDJEQRJ+nxsc4/5qyMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZmE4YzBmZTYyZWM1NGFjY2JkZTM1YzYwYmQ4YWQ0Yjkw
MTRmZjcwHhcNMjQwMTAyMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmY0MjY2YzFmNGZmYzJhNDk4M2Q3OWJjNjA3ODMwMWZhNGMzNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+OClhCd0zDMZA5hgsNcQ1MtOPtZY
twQb6e7UwlmQx2uRq8ig9wnfcTyjF1yZqtPEtaHjZbWNkGFoXfr8ZKzbumHqe2yk
t6qXnQ21gPGixBaZRyRUe+McdWyNNd07ViL77Hh+lF2cxgQGxi2B2UUbdSJLI0HZ
FySFz7P96v2bkwQ7+/Zra97srWMxYiXcIv1h+KF011AB3NTYSTSG4eUP4n9VBvUy
a6MYK7XtP5UVUeC8qpBxXl2te8fkNMusGQbe/MHokmYu6kp4roU8Gm5tqiqz7JZN
vu2dMvUeD0k06YsfVJ72BpJPnVvEPTGcJJ/DCCtWuUSbyXiF1BHEu009YwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDv0JmwfT/wqSYPXm8YHgwH6TDVlMB8GA1UdIwQY
MBaAFG76jA/mLsVKzL3jXGC9itS5AU/3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnZxTUQtWXV4VXJNdmVOY1lMMksxTGtCVF9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82YzdiMjItYjY1Zi00ZjM3LWE0MGUt
YTk5MTdjYzE1ZTBhLzEvT19RbWJCOVBfQ3BKZzllYnhnZURBZnBNTldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82YzdiMjItYjY1Zi00ZjM3LWE0MGUtYTk5MTdjYzE1ZTBh
LzEvYnZxTUQtWXV4VXJNdmVOY1lMMksxTGtCVF9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuVsIMA0E
AgACMAcDBQMqBeWAMA0GCSqGSIb3DQEBCwUAA4IBAQBP9iRsPW9qmth4FiOI9u+J
CHltsm+io7LGMp9FHfgsVV1TkP1JqehySrMzKBM9CH/7ZmzZW5CyhEFMUmwjyfvp
Iv3xRlWJppB1D41z2SMkjnk7GaLEHiajhE8zBuCLhbCaqL115hVK6S4fJO6ReJYX
hsUudzCB8nu4daydploNhi93LaHme/grOLbGrBo2q8bkInIpiKH/O8FgrFamxIRI
1bml8fFxX4xjT1wz5mhjhyZsluOiDDzBp3kQj1VU7IBA0B+GwohyaT21drnIYlmY
vSUKGTbGnD5VhfeShWC1saEpELHfo0z0pVL37//yukEZn+nsRZGjjWRpzfY0FxqH
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:45:13 2024 by rpki-client on console-ams.rpki-client.org