Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/03c430-fb04-40ea-85d1-c92c6165de18/1/3NQp6-R4W1KQd43RrrqtXuc8mk4.roa
File:                     3NQp6-R4W1KQd43RrrqtXuc8mk4.roa (raw, json)
Hash identifier:          c4IINX/3iT78kDBABlVR4lAuxSg0twbz/aKQNsMYXhk=
Subject key identifier:   DC:D4:29:EB:E4:78:5B:52:90:77:8D:D1:AE:BA:AD:5E:E7:3C:9A:4E
Certificate issuer:       /CN=d3860a9b36585fb8aa051fc37fcc6a0773990cbf
Certificate serial:       018CC64B6084AA4A4133AE9CFEC1AB962053
Authority key identifier: D3:86:0A:9B:36:58:5F:B8:AA:05:1F:C3:7F:CC:6A:07:73:99:0C:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04YKmzZYX7iqBR_Df8xqB3OZDL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/03c430-fb04-40ea-85d1-c92c6165de18/1/3NQp6-R4W1KQd43RrrqtXuc8mk4.roa
Signing time:             Mon 01 Jan 2024 18:31:17 +0000
ROA not before:           Mon 01 Jan 2024 18:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62303
IP address blocks:        185.235.81.0/24 maxlen: 24
                          185.235.83.0/24 maxlen: 24
                          185.235.82.0/24 maxlen: 24
                          2a0d:4d00:83::/48 maxlen: 48
                          2a0d:4d00:81::/48 maxlen: 48
                          2a0d:4d00:82::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/03c430-fb04-40ea-85d1-c92c6165de18/1/04YKmzZYX7iqBR_Df8xqB3OZDL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/03c430-fb04-40ea-85d1-c92c6165de18/1/04YKmzZYX7iqBR_Df8xqB3OZDL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04YKmzZYX7iqBR_Df8xqB3OZDL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:60:84:aa:4a:41:33:ae:9c:fe:c1:ab:96:20:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3860a9b36585fb8aa051fc37fcc6a0773990cbf
        Validity
            Not Before: Jan  1 18:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcd429ebe4785b5290778dd1aebaad5ee73c9a4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b7:e6:7b:af:d7:f2:19:1a:a2:3f:d6:38:6f:
                    84:66:9c:c1:a8:99:9a:3e:a3:d9:d3:de:4b:21:97:
                    7d:0f:d6:4a:0d:60:54:7b:d2:27:d8:4a:12:50:2b:
                    88:e7:09:bd:d5:ed:69:34:e7:6a:7f:72:c8:7a:b9:
                    62:3b:cd:1f:0a:90:b0:e6:8b:63:38:c5:02:e3:eb:
                    c7:0c:b8:23:d0:84:6e:44:82:ca:bf:e3:09:52:58:
                    18:5a:7a:45:83:be:e3:c7:97:8e:26:3f:c3:18:12:
                    39:2e:5b:bc:fc:4a:48:c9:87:ba:f6:99:4f:09:8e:
                    49:e5:33:71:d4:6d:e7:f8:38:d1:65:9a:98:be:a0:
                    67:6f:8b:8d:41:5b:13:77:17:9f:56:e0:c2:e8:3f:
                    11:f7:60:67:ef:2d:77:05:38:a9:61:85:a1:1b:db:
                    66:2e:7e:14:36:16:84:96:4e:0d:90:21:43:78:9b:
                    3e:a7:dd:ec:04:aa:ac:86:6e:4b:78:ba:a9:7d:67:
                    87:df:49:8e:3d:a0:ba:e8:2c:ef:88:8f:9d:a3:c0:
                    34:b4:5f:d2:b4:db:82:80:f1:98:1e:9e:a7:e9:5e:
                    8b:47:db:5d:ab:b2:03:52:c8:19:9f:fc:78:4e:59:
                    9f:30:e2:47:c7:8e:9d:13:41:81:71:6f:d4:bb:50:
                    7e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:D4:29:EB:E4:78:5B:52:90:77:8D:D1:AE:BA:AD:5E:E7:3C:9A:4E
            X509v3 Authority Key Identifier:
                keyid:D3:86:0A:9B:36:58:5F:B8:AA:05:1F:C3:7F:CC:6A:07:73:99:0C:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04YKmzZYX7iqBR_Df8xqB3OZDL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/03c430-fb04-40ea-85d1-c92c6165de18/1/3NQp6-R4W1KQd43RrrqtXuc8mk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/03c430-fb04-40ea-85d1-c92c6165de18/1/04YKmzZYX7iqBR_Df8xqB3OZDL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.81.0-185.235.83.255
                IPv6:
                  2a0d:4d00:81::-2a0d:4d00:83:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a1:43:c7:7a:f3:ed:68:40:92:76:94:e7:78:d2:25:c5:0b:93:
         95:4e:98:3b:e4:72:26:a4:e5:f7:ac:97:b9:1d:a9:9b:40:de:
         81:bb:8f:7c:bb:e1:f5:a1:43:95:8e:bc:32:04:31:90:37:6b:
         78:3e:a3:05:cf:a5:ed:62:67:12:78:ba:dc:09:a0:f1:3c:9a:
         52:ea:b4:55:61:d0:cc:2c:fb:bb:28:1b:9b:ab:a5:b2:d1:7d:
         fc:b2:11:9e:0e:89:23:b8:db:b3:d7:49:01:5f:07:c4:b7:50:
         3a:32:14:b0:9b:d2:98:40:a2:9e:a8:ea:b6:16:46:72:b3:31:
         2b:00:a5:c6:51:4c:57:98:3d:bf:43:40:3c:4c:27:ab:88:6b:
         e8:42:14:f1:67:cf:4a:b3:18:53:1a:11:5f:c5:e0:6b:47:fb:
         98:73:68:d4:8c:e2:24:93:89:c0:36:e7:70:0e:e9:26:ee:a9:
         1a:cb:ce:bd:93:49:b2:1b:c6:51:77:f0:30:6a:df:a6:0d:cc:
         68:cb:7e:a8:fc:66:64:1f:dd:a2:da:eb:d3:2f:b8:ef:fe:a3:
         7a:09:95:97:2c:eb:e7:b6:0d:9e:14:01:dc:8c:59:7a:70:3e:
         c9:ce:5d:e7:3b:f0:c3:4e:8a:0e:81:9f:46:e2:af:58:c8:1f:
         32:7c:74:20
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzGS2CEqkpBM66c/sGrliBTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzODYwYTliMzY1ODVmYjhhYTA1MWZjMzdmY2M2YTA3NzM5
OTBjYmYwHhcNMjQwMTAxMTgzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Q0MjllYmU0Nzg1YjUyOTA3NzhkZDFhZWJhYWQ1ZWU3M2M5YTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLfme6/X8hkaoj/WOG+EZpzBqJma
PqPZ095LIZd9D9ZKDWBUe9In2EoSUCuI5wm91e1pNOdqf3LIerliO80fCpCw5otj
OMUC4+vHDLgj0IRuRILKv+MJUlgYWnpFg77jx5eOJj/DGBI5Llu8/EpIyYe69plP
CY5J5TNx1G3n+DjRZZqYvqBnb4uNQVsTdxefVuDC6D8R92Bn7y13BTipYYWhG9tm
Ln4UNhaElk4NkCFDeJs+p93sBKqshm5LeLqpfWeH30mOPaC66CzviI+do8A0tF/S
tNuCgPGYHp6n6V6LR9tdq7IDUsgZn/x4TlmfMOJHx46dE0GBcW/Uu1B+6QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNzUKevkeFtSkHeN0a66rV7nPJpOMB8GA1UdIwQY
MBaAFNOGCps2WF+4qgUfw3/MagdzmQy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDRZS216WllYN2lxQlJfRGY4eHFCM09aREw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8wM2M0MzAtZmIwNC00MGVhLTg1ZDEt
YzkyYzYxNjVkZTE4LzEvM05RcDYtUjRXMUtRZDQzUnJycXRYdWM4bWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8wM2M0MzAtZmIwNC00MGVhLTg1ZDEtYzkyYzYxNjVkZTE4
LzEvMDRZS216WllYN2lxQlJfRGY4eHFCM09aREw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAUBAIAATAOMAwDBAC561ED
BAK561AwGgQCAAIwFDASAwcAKg1NAACBAwcCKg1NAACAMA0GCSqGSIb3DQEBCwUA
A4IBAQChQ8d68+1oQJJ2lOd40iXFC5OVTpg75HImpOX3rJe5HambQN6Bu498u+H1
oUOVjrwyBDGQN2t4PqMFz6XtYmcSeLrcCaDxPJpS6rRVYdDMLPu7KBubq6Wy0X38
shGeDokjuNuz10kBXwfEt1A6MhSwm9KYQKKeqOq2FkZyszErAKXGUUxXmD2/Q0A8
TCeriGvoQhTxZ89KsxhTGhFfxeBrR/uYc2jUjOIkk4nANudwDukm7qkay869k0my
G8ZRd/Awat+mDcxoy36o/GZkH92i2uvTL7jv/qN6CZWXLOvntg2eFAHcjFl6cD7J
zl3nO/DDTooOgZ9G4q9YyB8yfHQg
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:40:48 2024 by rpki-client on console-ams.rpki-client.org