Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/1fXlcBdfF3HOB3xveN9ziKdLyN8.roa
File:                     1fXlcBdfF3HOB3xveN9ziKdLyN8.roa (raw, json)
Hash identifier:          L/o65DzVM/0L8tZIB6fhDPXabfwX3dSSHOCU5okMXgA=
Subject key identifier:   D5:F5:E5:70:17:5F:17:71:CE:07:7C:6F:78:DF:73:88:A7:4B:C8:DF
Certificate issuer:       /CN=80df0cbdd5571e580ea57e18a440ca2bea4806f8
Certificate serial:       018CC6B8E395F9A1B439F22683E847E33B54
Authority key identifier: 80:DF:0C:BD:D5:57:1E:58:0E:A5:7E:18:A4:40:CA:2B:EA:48:06:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gN8MvdVXHlgOpX4YpEDKK-pIBvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/1fXlcBdfF3HOB3xveN9ziKdLyN8.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205871
IP address blocks:        185.179.58.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/gN8MvdVXHlgOpX4YpEDKK-pIBvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/gN8MvdVXHlgOpX4YpEDKK-pIBvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gN8MvdVXHlgOpX4YpEDKK-pIBvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e3:95:f9:a1:b4:39:f2:26:83:e8:47:e3:3b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80df0cbdd5571e580ea57e18a440ca2bea4806f8
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5f5e570175f1771ce077c6f78df7388a74bc8df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:12:86:83:3f:8a:39:94:1c:21:1a:ef:f2:d7:
                    0a:95:0d:ef:21:dc:a2:b6:cf:14:8d:cf:0d:67:65:
                    65:ba:2e:55:b6:76:5f:a6:41:c2:5a:22:6b:69:64:
                    c9:2b:d9:12:a5:16:51:ae:f4:5b:7c:71:ec:e4:7a:
                    71:7f:a7:bf:e6:b2:8a:7e:39:15:bb:6f:12:7f:8b:
                    44:45:61:0b:ce:0b:29:a3:5c:f6:62:18:5d:e6:ae:
                    13:75:9c:2d:ce:34:a9:1b:5c:eb:09:9f:9f:c7:c0:
                    85:99:16:fa:ed:f3:10:0d:a7:03:5f:01:16:d8:33:
                    49:72:87:0c:d2:65:84:13:aa:3f:1b:ee:4b:42:ba:
                    9f:b7:62:a3:47:5e:68:fa:c6:2c:91:db:45:bf:24:
                    7f:66:ac:db:65:92:96:5b:d0:95:19:20:c1:b9:cd:
                    95:10:79:76:08:d9:3f:23:ee:26:82:f5:cf:fa:2b:
                    db:ac:e1:29:30:5d:3a:53:e6:65:cd:0a:f0:12:28:
                    12:7d:b6:8d:25:50:56:ac:02:6b:c3:1f:e7:46:03:
                    0e:90:82:d7:63:3b:e4:bc:0d:f5:8f:bd:d2:b7:20:
                    e1:e2:a3:24:3f:83:75:d1:fd:12:e3:08:90:85:3e:
                    78:62:73:3a:58:19:d4:65:23:ca:7a:24:6a:fb:cf:
                    a1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F5:E5:70:17:5F:17:71:CE:07:7C:6F:78:DF:73:88:A7:4B:C8:DF
            X509v3 Authority Key Identifier:
                keyid:80:DF:0C:BD:D5:57:1E:58:0E:A5:7E:18:A4:40:CA:2B:EA:48:06:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gN8MvdVXHlgOpX4YpEDKK-pIBvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/1fXlcBdfF3HOB3xveN9ziKdLyN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/gN8MvdVXHlgOpX4YpEDKK-pIBvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:bd:9d:ee:b9:82:77:5d:0e:2b:02:8a:c1:39:32:56:28:00:
         33:70:b8:54:94:04:b1:27:ea:13:43:83:e5:54:44:61:89:44:
         f2:8b:6f:7f:30:0d:18:c1:32:1e:9a:3b:a7:c1:d6:41:45:13:
         dc:97:a0:3e:87:10:e1:19:bd:cb:a0:5c:6e:65:9d:27:27:de:
         a0:89:d4:27:53:16:26:2c:ee:0e:86:1d:27:8e:99:2c:b9:8e:
         51:22:1e:3a:f5:c9:0f:a6:a6:3a:3b:48:26:c6:e8:e8:a9:47:
         a9:f5:99:9a:9d:12:48:25:2f:42:56:48:9f:2f:98:c0:c8:d0:
         aa:45:1b:be:f6:42:e3:50:ce:3b:42:31:9d:b2:b8:b1:2f:0d:
         3a:dc:54:a9:13:8b:8f:36:a0:88:5e:d1:b4:8a:e5:e4:e8:b1:
         06:f6:c8:e4:29:09:bb:41:92:52:29:37:62:af:5f:1e:ea:b3:
         d4:ee:d3:7a:66:66:61:a5:40:d6:d0:1d:78:f9:c8:2c:74:c6:
         01:19:4b:5f:6e:00:d7:5e:54:c1:05:c9:4d:00:b8:9e:e6:09:
         c0:16:27:f6:d4:6b:39:f4:b9:ae:b0:c1:17:df:2b:ab:c0:32:
         91:8b:85:67:0c:7e:20:3f:d8:27:24:b7:2b:57:4d:78:f5:63:
         80:29:3f:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuOOV+aG0OfImg+hH4ztUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZGYwY2JkZDU1NzFlNTgwZWE1N2UxOGE0NDBjYTJiZWE0
ODA2ZjgwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWY1ZTU3MDE3NWYxNzcxY2UwNzdjNmY3OGRmNzM4OGE3NGJjOGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixKGgz+KOZQcIRrv8tcKlQ3vIdyi
ts8Ujc8NZ2Vlui5VtnZfpkHCWiJraWTJK9kSpRZRrvRbfHHs5Hpxf6e/5rKKfjkV
u28Sf4tERWELzgspo1z2Yhhd5q4TdZwtzjSpG1zrCZ+fx8CFmRb67fMQDacDXwEW
2DNJcocM0mWEE6o/G+5LQrqft2KjR15o+sYskdtFvyR/ZqzbZZKWW9CVGSDBuc2V
EHl2CNk/I+4mgvXP+ivbrOEpMF06U+ZlzQrwEigSfbaNJVBWrAJrwx/nRgMOkILX
YzvkvA31j73StyDh4qMkP4N10f0S4wiQhT54YnM6WBnUZSPKeiRq+8+hxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNX15XAXXxdxzgd8b3jfc4inS8jfMB8GA1UdIwQY
MBaAFIDfDL3VVx5YDqV+GKRAyivqSAb4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ044TXZkVlhIbGdPcFg0WXBFREtLLXBJQnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85MjkxZTEtNTdjYS00YzI5LTllOTMt
YmQ3NWVmOWI1Nzk4LzEvMWZYbGNCZGZGM0hPQjN4dmVOOXppS2RMeU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85MjkxZTEtNTdjYS00YzI5LTllOTMtYmQ3NWVmOWI1Nzk4
LzEvZ044TXZkVlhIbGdPcFg0WXBFREtLLXBJQnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubM6MA0G
CSqGSIb3DQEBCwUAA4IBAQBtvZ3uuYJ3XQ4rAorBOTJWKAAzcLhUlASxJ+oTQ4Pl
VERhiUTyi29/MA0YwTIemjunwdZBRRPcl6A+hxDhGb3LoFxuZZ0nJ96gidQnUxYm
LO4Ohh0njpksuY5RIh469ckPpqY6O0gmxujoqUep9ZmanRJIJS9CVkifL5jAyNCq
RRu+9kLjUM47QjGdsrixLw063FSpE4uPNqCIXtG0iuXk6LEG9sjkKQm7QZJSKTdi
r18e6rPU7tN6ZmZhpUDW0B14+cgsdMYBGUtfbgDXXlTBBclNALie5gnAFif21Gs5
9LmusMEX3yurwDKRi4VnDH4gP9gnJLcrV0149WOAKT+Y
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:42:20 2024 by rpki-client on console-fra.rpki-client.org