Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/PPq0BciMc_64jxO4CSkS9LUVvB8.roa
File:                     PPq0BciMc_64jxO4CSkS9LUVvB8.roa (raw, json)
Hash identifier:          8F6zlbgIL3yvFi22XCy/8jqGj1GD6c6UasDvGsfTAjs=
Subject key identifier:   3C:FA:B4:05:C8:8C:73:FE:B8:8F:13:B8:09:29:12:F4:B5:15:BC:1F
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       01932E64AD568C81E3A6CC911FC29ED18E15
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/PPq0BciMc_64jxO4CSkS9LUVvB8.roa
Signing time:             Fri 15 Nov 2024 05:56:09 +0000
ROA not before:           Fri 15 Nov 2024 05:56:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35372
IP address blocks:        109.122.248.0/24 maxlen: 24
                          185.239.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2e:64:ad:56:8c:81:e3:a6:cc:91:1f:c2:9e:d1:8e:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Nov 15 05:56:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cfab405c88c73feb88f13b8092912f4b515bc1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b8:96:3a:28:7e:04:40:f0:bf:d5:d3:84:42:
                    ef:5c:00:23:de:0e:f7:3b:bb:3c:38:87:72:d0:80:
                    6f:64:dd:e9:53:38:c6:ef:2c:b6:1a:c1:57:91:74:
                    14:f1:78:59:1a:f7:b3:82:75:26:4b:51:08:aa:33:
                    ea:60:1d:e5:07:1e:62:df:bc:d8:b4:87:7d:66:0c:
                    b9:c3:e2:8a:2e:3c:77:a5:08:e0:75:d1:2f:80:24:
                    8a:a0:07:04:02:29:31:92:61:bd:9f:30:02:90:d7:
                    b2:93:12:2f:89:54:aa:44:ef:7e:4d:ac:25:52:f5:
                    e1:10:a3:13:d3:6e:67:d0:cc:4a:e8:93:2d:cd:c1:
                    28:91:ad:aa:c3:94:94:38:1b:e6:73:7f:9b:2a:ea:
                    32:d3:bf:7f:36:78:ef:7f:e8:4c:9f:58:f4:df:e1:
                    03:58:fe:b5:b3:02:ca:65:aa:07:7e:19:65:dc:c8:
                    b1:cd:12:0d:62:9c:dc:48:28:d5:c7:25:29:fa:4e:
                    ce:4c:4a:65:ed:68:38:4d:66:03:34:dc:a8:50:17:
                    43:c0:2e:31:b1:9c:ab:12:85:1a:e3:e6:e3:eb:d6:
                    be:fd:30:88:17:c6:1f:b2:5d:fb:4f:97:19:ee:5d:
                    6a:d3:4d:89:8c:e1:f2:b0:c0:5b:51:58:7a:93:44:
                    88:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:FA:B4:05:C8:8C:73:FE:B8:8F:13:B8:09:29:12:F4:B5:15:BC:1F
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/PPq0BciMc_64jxO4CSkS9LUVvB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.248.0/24
                  185.239.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:b6:06:94:33:39:35:2c:ca:0c:3e:62:96:db:ba:64:c8:75:
         79:c2:5e:75:3a:8b:92:e2:64:51:88:7b:2a:8d:0c:0c:bb:ce:
         0d:8e:ab:fc:34:d6:bb:25:28:1b:90:3e:8b:19:93:68:c2:c9:
         e8:c2:f2:73:0d:2d:15:d4:19:09:57:5e:62:ff:fc:bd:a3:d2:
         86:d0:71:5d:06:43:4d:01:1d:43:f2:ea:8a:a2:3c:a8:99:7c:
         25:ca:63:bb:8b:49:75:f1:96:fa:a0:12:48:c5:15:e8:56:29:
         a4:ce:65:42:03:4e:8a:54:ff:c8:3c:2b:95:24:38:85:49:d4:
         8a:b5:64:50:55:99:80:67:56:b9:86:72:95:1f:09:68:54:71:
         ed:8a:ee:ab:67:73:f4:f8:9e:b5:78:93:d1:4e:6c:c7:b2:31:
         5a:62:3e:1f:d2:30:79:bd:62:68:ee:16:d7:0f:77:03:b3:ba:
         13:1c:ec:a1:d1:0c:f4:29:9e:10:c7:e5:f5:f4:0f:6e:0f:f3:
         cd:bc:1c:e3:f9:f8:51:e6:f4:78:31:fa:ae:b6:84:e0:cd:5b:
         f3:9b:99:19:a2:f2:8e:9d:ec:10:d5:96:2f:22:e2:32:c9:e0:
         6b:87:83:ce:5d:ee:69:b2:98:ec:a2:77:75:12:0c:25:7b:c6:
         52:f3:eb:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMuZK1WjIHjpsyRH8Ke0Y4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQxMTE1MDU1NjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2ZhYjQwNWM4OGM3M2ZlYjg4ZjEzYjgwOTI5MTJmNGI1MTViYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LiWOih+BEDwv9XThELvXAAj3g73
O7s8OIdy0IBvZN3pUzjG7yy2GsFXkXQU8XhZGvezgnUmS1EIqjPqYB3lBx5i37zY
tId9Zgy5w+KKLjx3pQjgddEvgCSKoAcEAikxkmG9nzACkNeykxIviVSqRO9+Tawl
UvXhEKMT025n0MxK6JMtzcEoka2qw5SUOBvmc3+bKuoy079/Nnjvf+hMn1j03+ED
WP61swLKZaoHfhll3MixzRINYpzcSCjVxyUp+k7OTEpl7Wg4TWYDNNyoUBdDwC4x
sZyrEoUa4+bj69a+/TCIF8Yfsl37T5cZ7l1q002JjOHysMBbUVh6k0SIYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDz6tAXIjHP+uI8TuAkpEvS1FbwfMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvUFBxMEJjaU1jXzY0anhPNENTa1M5TFVWdkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXr4AwQA
ue8BMA0GCSqGSIb3DQEBCwUAA4IBAQBjtgaUMzk1LMoMPmKW27pkyHV5wl51OouS
4mRRiHsqjQwMu84Njqv8NNa7JSgbkD6LGZNowsnowvJzDS0V1BkJV15i//y9o9KG
0HFdBkNNAR1D8uqKojyomXwlymO7i0l18Zb6oBJIxRXoVimkzmVCA06KVP/IPCuV
JDiFSdSKtWRQVZmAZ1a5hnKVHwloVHHtiu6rZ3P0+J61eJPRTmzHsjFaYj4f0jB5
vWJo7hbXD3cDs7oTHOyh0Qz0KZ4Qx+X19A9uD/PNvBzj+fhR5vR4MfqutoTgzVvz
m5kZovKOnewQ1ZYvIuIyyeBrh4POXe5pspjsond1Egwle8ZS8+uz
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:49:34 2024 by rpki-client on console-ams.rpki-client.org