Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/MhbiPLYXmAoOS4OTadCfah7MC9c.roa
File:                     MhbiPLYXmAoOS4OTadCfah7MC9c.roa (raw, json)
Hash identifier:          dPx/VJsqPg0mLZiFBN5erCZXjNMhA45aLGUa2+fdeMU=
Subject key identifier:   32:16:E2:3C:B6:17:98:0A:0E:4B:83:93:69:D0:9F:6A:1E:CC:0B:D7
Certificate issuer:       /CN=1bfc7738cd0fd0e0447f9d749ce6a39047fdcbac
Certificate serial:       018CC8DCD2EE442F2564040B03763B4ABDA5
Authority key identifier: 1B:FC:77:38:CD:0F:D0:E0:44:7F:9D:74:9C:E6:A3:90:47:FD:CB:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G_x3OM0P0OBEf510nOajkEf9y6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/MhbiPLYXmAoOS4OTadCfah7MC9c.roa
Signing time:             Tue 02 Jan 2024 06:29:24 +0000
ROA not before:           Tue 02 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56911
IP address blocks:        185.243.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/G_x3OM0P0OBEf510nOajkEf9y6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/G_x3OM0P0OBEf510nOajkEf9y6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G_x3OM0P0OBEf510nOajkEf9y6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d2:ee:44:2f:25:64:04:0b:03:76:3b:4a:bd:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bfc7738cd0fd0e0447f9d749ce6a39047fdcbac
        Validity
            Not Before: Jan  2 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3216e23cb617980a0e4b839369d09f6a1ecc0bd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:80:11:50:cc:14:18:c6:9e:85:64:22:d1:1f:
                    00:d3:34:51:db:be:73:82:45:0b:d6:68:19:27:8d:
                    56:29:00:17:d8:81:cc:00:83:ea:57:b8:ed:98:2c:
                    34:b7:e6:db:28:06:37:6b:4d:ec:10:a0:68:b8:a2:
                    e4:9f:ae:c2:21:cb:45:b4:a3:90:63:a1:a7:54:d1:
                    eb:34:f6:b1:47:54:ee:10:ed:f5:f3:13:17:df:7b:
                    30:c4:e9:e6:8d:ab:de:12:38:53:02:4d:9e:63:ce:
                    17:3b:3e:cc:86:76:21:24:ae:d8:63:f3:87:12:b5:
                    94:d0:4f:9c:33:2a:ca:f8:78:bb:be:e6:10:95:10:
                    eb:8e:f4:07:b8:58:8a:aa:8a:42:d0:54:4d:04:61:
                    ed:e2:b6:48:18:07:1a:8b:5d:69:1c:47:60:d7:31:
                    90:7e:b9:74:f0:b4:91:1c:72:a9:d0:f1:f4:78:95:
                    86:cb:13:bc:57:bf:8a:d1:0e:90:54:d3:22:ed:ab:
                    3f:62:d1:75:13:1f:fe:52:0d:66:79:04:cb:43:97:
                    95:cb:5c:1b:f3:40:88:c3:ff:24:68:0b:85:dd:7a:
                    85:e4:5d:c1:15:90:56:00:e5:48:50:78:65:6a:16:
                    e8:c9:2e:9c:21:57:eb:26:ec:bd:3b:11:5e:61:b5:
                    68:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:16:E2:3C:B6:17:98:0A:0E:4B:83:93:69:D0:9F:6A:1E:CC:0B:D7
            X509v3 Authority Key Identifier:
                keyid:1B:FC:77:38:CD:0F:D0:E0:44:7F:9D:74:9C:E6:A3:90:47:FD:CB:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G_x3OM0P0OBEf510nOajkEf9y6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/MhbiPLYXmAoOS4OTadCfah7MC9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/G_x3OM0P0OBEf510nOajkEf9y6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:e4:dd:e7:ef:ca:69:0f:be:81:dc:c9:97:16:79:20:7f:42:
         1e:31:44:95:ff:68:f0:9d:02:ce:a3:7e:b9:63:d3:60:b0:31:
         b6:a4:bc:21:e2:e8:dd:c3:7d:00:26:53:d7:ea:a0:be:eb:da:
         98:a5:b5:d3:20:99:7f:3e:68:f4:c8:b0:00:44:8a:72:2b:c7:
         f7:32:1d:57:cd:22:7d:73:2b:9c:e7:28:74:46:4b:98:b6:25:
         be:ce:58:0c:6c:b4:40:3b:69:ea:96:3b:9b:cb:65:bd:2c:55:
         8d:d6:e9:4e:0d:4b:a4:53:ec:38:cc:d3:2e:de:c3:78:4b:9f:
         0a:8d:19:ec:27:db:11:a7:ef:db:7d:85:e8:d1:f9:fe:15:29:
         66:d6:35:41:cc:44:8d:a6:e6:55:6b:ef:f8:37:3a:ac:8d:06:
         b8:cc:f5:c1:fe:fd:3f:ee:41:42:8f:ef:15:72:ab:0f:48:37:
         4f:c6:eb:84:1f:74:52:db:5b:10:4c:75:90:a6:6e:95:64:fe:
         b6:d3:33:c6:89:50:02:15:6f:48:3d:99:5c:2f:a0:cc:33:48:
         b5:5c:37:3e:0b:ce:e8:24:6d:32:a0:15:f1:a2:4d:cf:4b:c3:
         6f:52:46:e3:51:a3:ba:31:80:94:11:81:b9:cb:19:f0:b7:c3:
         94:57:07:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3NLuRC8lZAQLA3Y7Sr2lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZmM3NzM4Y2QwZmQwZTA0NDdmOWQ3NDljZTZhMzkwNDdm
ZGNiYWMwHhcNMjQwMTAyMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjE2ZTIzY2I2MTc5ODBhMGU0YjgzOTM2OWQwOWY2YTFlY2MwYmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoARUMwUGMaehWQi0R8A0zRR275z
gkUL1mgZJ41WKQAX2IHMAIPqV7jtmCw0t+bbKAY3a03sEKBouKLkn67CIctFtKOQ
Y6GnVNHrNPaxR1TuEO318xMX33swxOnmjaveEjhTAk2eY84XOz7MhnYhJK7YY/OH
ErWU0E+cMyrK+Hi7vuYQlRDrjvQHuFiKqopC0FRNBGHt4rZIGAcai11pHEdg1zGQ
frl08LSRHHKp0PH0eJWGyxO8V7+K0Q6QVNMi7as/YtF1Ex/+Ug1meQTLQ5eVy1wb
80CIw/8kaAuF3XqF5F3BFZBWAOVIUHhlahboyS6cIVfrJuy9OxFeYbVowQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIW4jy2F5gKDkuDk2nQn2oezAvXMB8GA1UdIwQY
MBaAFBv8dzjND9DgRH+ddJzmo5BH/cusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR194M09NMFAwT0JFZjUxMG5PYWprRWY5eTZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS83MDhiNGQtYTYzZi00MzlkLTljY2Ut
MTQ4YWJmZjkxOWFkLzEvTWhiaVBMWVhtQW9PUzRPVGFkQ2ZhaDdNQzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS83MDhiNGQtYTYzZi00MzlkLTljY2UtMTQ4YWJmZjkxOWFk
LzEvR194M09NMFAwT0JFZjUxMG5PYWprRWY5eTZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufNLMA0G
CSqGSIb3DQEBCwUAA4IBAQCV5N3n78ppD76B3MmXFnkgf0IeMUSV/2jwnQLOo365
Y9NgsDG2pLwh4ujdw30AJlPX6qC+69qYpbXTIJl/Pmj0yLAARIpyK8f3Mh1XzSJ9
cyuc5yh0RkuYtiW+zlgMbLRAO2nqljuby2W9LFWN1ulODUukU+w4zNMu3sN4S58K
jRnsJ9sRp+/bfYXo0fn+FSlm1jVBzESNpuZVa+/4NzqsjQa4zPXB/v0/7kFCj+8V
cqsPSDdPxuuEH3RS21sQTHWQpm6VZP620zPGiVACFW9IPZlcL6DMM0i1XDc+C87o
JG0yoBXxok3PS8NvUkbjUaO6MYCUEYG5yxnwt8OUVwft
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:52:05 2024 by rpki-client on console-fra.rpki-client.org