Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/tE_QdmM4PQ4J5vmHtjGlbRDxmC4.roa
File:                     tE_QdmM4PQ4J5vmHtjGlbRDxmC4.roa (raw, json)
Hash identifier:          fGLofq8CtG8Ve5LfMF5mwBVhEiti2I02JqYJ2kOU0fI=
Subject key identifier:   B4:4F:D0:76:63:38:3D:0E:09:E6:F9:87:B6:31:A5:6D:10:F1:98:2E
Certificate issuer:       /CN=97bcbee44f4cef091985e546a6854f9ccb2ada8a
Certificate serial:       018CC50131E64E1F82769CD1834B37E387BE
Authority key identifier: 97:BC:BE:E4:4F:4C:EF:09:19:85:E5:46:A6:85:4F:9C:CB:2A:DA:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/tE_QdmM4PQ4J5vmHtjGlbRDxmC4.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20546
IP address blocks:        185.85.0.0/24 maxlen: 24
                          185.85.1.0/24 maxlen: 24
                          185.85.2.0/24 maxlen: 24
                          185.85.3.192/27 maxlen: 27
                          185.85.3.0/24 maxlen: 24
                          2a05:a942::/32 maxlen: 32
                          2a05:a946::/32 maxlen: 32
                          2a05:a947::/32 maxlen: 32
                          2a05:a941::/32 maxlen: 32
                          2a05:a944::/32 maxlen: 32
                          2a05:a944::/48 maxlen: 48
                          2a05:a940::/32 maxlen: 32
                          2a05:a943::/32 maxlen: 32
                          2a05:a945::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:31:e6:4e:1f:82:76:9c:d1:83:4b:37:e3:87:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97bcbee44f4cef091985e546a6854f9ccb2ada8a
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b44fd07663383d0e09e6f987b631a56d10f1982e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7a:8e:d2:23:ea:7c:b8:01:5b:6a:7f:f4:66:
                    f3:d0:cb:44:22:85:85:5c:13:84:4b:b7:b3:50:e5:
                    6e:3d:6a:9c:04:42:fc:f0:9a:15:39:ba:05:53:cc:
                    9e:0f:73:67:e9:96:48:b1:3a:f0:09:d3:56:2e:d6:
                    b4:d9:8d:b4:9c:9a:39:fd:45:e3:64:8d:32:97:db:
                    c2:68:d5:cb:b2:a2:aa:8e:f9:ee:69:22:b3:ef:9d:
                    ff:d7:65:d2:e7:42:97:be:05:94:67:c7:19:56:f2:
                    01:9a:02:0f:9d:28:b6:97:92:4a:bc:30:66:2b:59:
                    6c:46:86:6b:3b:03:40:fc:ee:31:08:eb:e8:5a:aa:
                    6f:df:73:37:ff:d5:b7:16:7e:bc:0a:d9:49:bf:ad:
                    17:b1:42:e4:7f:46:aa:57:44:28:4d:f2:da:7c:70:
                    e8:4d:e7:bc:c2:ea:a8:de:cb:0c:ed:17:8d:37:e8:
                    36:16:ce:6f:df:97:f7:45:0a:ce:37:42:33:37:5e:
                    c4:1a:03:d0:c5:9a:c1:e2:f9:fe:9b:c9:15:e5:64:
                    b6:d9:25:b5:d3:6b:fc:c0:a6:2e:33:3a:2e:3a:4b:
                    ed:d2:84:57:90:e8:19:4d:ab:d3:74:bb:08:4b:6d:
                    44:29:02:12:7a:9f:c9:94:d7:c3:78:9f:24:82:c3:
                    48:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:4F:D0:76:63:38:3D:0E:09:E6:F9:87:B6:31:A5:6D:10:F1:98:2E
            X509v3 Authority Key Identifier:
                keyid:97:BC:BE:E4:4F:4C:EF:09:19:85:E5:46:A6:85:4F:9C:CB:2A:DA:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l7y-5E9M7wkZheVGpoVPnMsq2oo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/tE_QdmM4PQ4J5vmHtjGlbRDxmC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/0b2eef-75e9-43b2-9088-8303ad1371dd/1/l7y-5E9M7wkZheVGpoVPnMsq2oo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.0.0/22
                IPv6:
                  2a05:a940::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:13:ee:f5:2f:4c:d3:13:e8:f9:8a:03:d2:5d:62:74:3a:78:
         6d:f7:11:e8:d1:83:58:35:4b:78:ab:6c:83:61:6a:3d:a0:58:
         57:cb:20:bc:58:e8:90:62:e3:3f:f4:af:f1:83:76:a4:7c:5f:
         1f:b2:de:eb:54:3e:20:fb:3c:3e:8e:26:f9:44:98:93:64:25:
         15:87:b6:82:fa:1d:a1:bc:18:b3:34:35:02:4e:e1:a4:78:88:
         0c:c7:ba:a7:5f:8e:70:d1:9f:e7:19:15:1e:ce:43:bb:92:d8:
         51:02:13:df:1e:c4:8d:f5:e5:ac:34:58:c2:e0:83:1d:fc:95:
         20:a0:6f:49:87:31:b1:1e:bf:01:6e:40:12:b3:d2:e0:96:b6:
         77:8e:f9:85:c6:ce:97:b0:35:bf:d9:e3:41:a3:37:3e:c4:ff:
         26:d1:ec:77:ae:c8:5b:3e:9e:5e:37:5c:a7:41:ba:9c:fd:aa:
         10:6c:40:9f:74:20:b6:42:27:cd:60:f5:c5:41:c4:f7:5d:99:
         b5:2a:2c:27:e2:0e:cf:84:d2:91:1a:07:05:4c:33:4e:6c:6c:
         04:f6:ab:e0:a5:6d:35:98:35:f0:9e:e7:3a:4e:1c:e8:65:f4:
         85:09:d0:b3:5b:ac:d9:58:34:01:de:83:49:54:ca:d9:08:73:
         5e:ff:d7:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFATHmTh+CdpzRg0s344e+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YmNiZWU0NGY0Y2VmMDkxOTg1ZTU0NmE2ODU0ZjljY2Iy
YWRhOGEwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDRmZDA3NjYzMzgzZDBlMDllNmY5ODdiNjMxYTU2ZDEwZjE5ODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnqO0iPqfLgBW2p/9Gbz0MtEIoWF
XBOES7ezUOVuPWqcBEL88JoVOboFU8yeD3Nn6ZZIsTrwCdNWLta02Y20nJo5/UXj
ZI0yl9vCaNXLsqKqjvnuaSKz753/12XS50KXvgWUZ8cZVvIBmgIPnSi2l5JKvDBm
K1lsRoZrOwNA/O4xCOvoWqpv33M3/9W3Fn68CtlJv60XsULkf0aqV0QoTfLafHDo
Tee8wuqo3ssM7ReNN+g2Fs5v35f3RQrON0IzN17EGgPQxZrB4vn+m8kV5WS22SW1
02v8wKYuMzouOkvt0oRXkOgZTavTdLsIS21EKQISep/JlNfDeJ8kgsNI9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLRP0HZjOD0OCeb5h7YxpW0Q8ZguMB8GA1UdIwQY
MBaAFJe8vuRPTO8JGYXlRqaFT5zLKtqKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDd5LTVFOU03d2taaGVWR3BvVlBuTXNxMm9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8wYjJlZWYtNzVlOS00M2IyLTkwODgt
ODMwM2FkMTM3MWRkLzEvdEVfUWRtTTRQUTRKNXZtSHRqR2xiUkR4bUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8wYjJlZWYtNzVlOS00M2IyLTkwODgtODMwM2FkMTM3MWRk
LzEvbDd5LTVFOU03d2taaGVWR3BvVlBuTXNxMm9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVUAMA0E
AgACMAcDBQMqBalAMA0GCSqGSIb3DQEBCwUAA4IBAQAUE+71L0zTE+j5igPSXWJ0
Onht9xHo0YNYNUt4q2yDYWo9oFhXyyC8WOiQYuM/9K/xg3akfF8fst7rVD4g+zw+
jib5RJiTZCUVh7aC+h2hvBizNDUCTuGkeIgMx7qnX45w0Z/nGRUezkO7kthRAhPf
HsSN9eWsNFjC4IMd/JUgoG9JhzGxHr8BbkASs9LglrZ3jvmFxs6XsDW/2eNBozc+
xP8m0ex3rshbPp5eN1ynQbqc/aoQbECfdCC2QifNYPXFQcT3XZm1Kiwn4g7PhNKR
GgcFTDNObGwE9qvgpW01mDXwnuc6ThzoZfSFCdCzW6zZWDQB3oNJVMrZCHNe/9fv
-----END CERTIFICATE-----
Generated at Sat Nov 23 13:15:52 2024 by rpki-client on console-fra.rpki-client.org