Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/1-DQKJGmf1LHZieXgIVVpTaeFwGg.roa
File:                     1-DQKJGmf1LHZieXgIVVpTaeFwGg.roa (raw, json)
Hash identifier:          MarwUlNq2x35ThUqEOsQK3fMUPdykVrFMKgfJlw+ANY=
Subject key identifier:   F8:34:0A:24:69:9F:D4:B1:D9:89:E5:E0:21:55:69:4D:A7:85:C0:68
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A76D06953A808432AAE6BB4116D18
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/1-DQKJGmf1LHZieXgIVVpTaeFwGg.roa
Signing time:             Mon 01 Jan 2024 18:30:17 +0000
ROA not before:           Mon 01 Jan 2024 18:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48219
IP address blocks:        37.230.143.0/24 maxlen: 24
                          185.2.35.0/24 maxlen: 24
                          141.101.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:76:d0:69:53:a8:08:43:2a:ae:6b:b4:11:6d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8340a24699fd4b1d989e5e02155694da785c068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fb:d1:cd:2b:b8:d4:92:b9:3d:ce:85:17:25:
                    c1:1b:19:a8:40:fb:e2:59:79:7d:ef:db:f0:47:a9:
                    6c:6f:a3:f5:f7:a1:8e:21:45:33:ae:ab:dc:5c:8e:
                    ed:a8:7d:84:88:1f:76:f3:cc:d9:21:84:a2:7e:03:
                    0b:5e:f7:73:c6:47:11:e8:f9:0f:9a:75:b9:e8:2e:
                    1a:f1:7d:f7:3d:64:55:4e:33:c7:47:b8:50:37:e3:
                    8f:79:51:26:3c:ff:ad:e5:e1:6f:c7:44:7e:8f:65:
                    79:b7:81:cd:8c:73:ac:71:0c:58:05:2b:2e:54:a7:
                    1a:77:91:fa:b8:fc:9c:ab:64:fe:67:eb:d3:ad:5c:
                    56:2c:2b:a0:00:76:31:ea:26:fb:57:f4:34:86:6c:
                    89:2c:cd:1c:c8:2d:c3:79:e2:f6:f8:1e:01:93:e4:
                    b6:06:72:dd:c1:6a:df:ff:e6:eb:59:23:17:d8:0f:
                    07:80:5f:31:13:75:40:97:2f:9a:db:dd:8f:5c:1a:
                    5d:e7:16:7e:79:c1:00:01:c9:d5:dd:f5:4f:71:9d:
                    52:ca:a9:0b:55:0f:9f:dd:dc:78:ce:fb:bc:dd:93:
                    7c:69:dc:93:57:d6:dc:97:de:ae:6f:50:9b:36:02:
                    ed:51:0b:0c:53:fc:6f:1f:ea:b3:35:8e:04:0f:b9:
                    7f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:34:0A:24:69:9F:D4:B1:D9:89:E5:E0:21:55:69:4D:A7:85:C0:68
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/1-DQKJGmf1LHZieXgIVVpTaeFwGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.143.0/24
                  141.101.246.0/24
                  185.2.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:b1:ba:81:17:a2:f0:86:2c:cb:88:74:a1:53:21:2b:39:ac:
         d5:e4:a1:2c:9b:e5:59:7e:3b:ac:4d:dc:3b:7f:ce:c3:09:64:
         18:7b:7e:fd:94:eb:e4:9b:17:6d:a0:ee:d1:5a:8c:93:ee:2b:
         44:f2:a5:72:48:3b:9f:b4:28:f6:62:31:c2:2b:5b:07:48:8b:
         fd:7f:3f:e1:32:a8:67:dd:28:b3:39:66:1c:cb:03:a0:55:d4:
         f0:b4:d2:73:c9:10:c5:a4:6c:c6:0e:93:5f:8d:4a:83:6c:b1:
         20:d1:c7:13:cb:dc:3d:ef:7c:08:a4:2e:bb:0a:22:cc:94:c3:
         81:0c:c3:a0:c2:ed:9f:15:36:01:22:ee:5b:70:84:1c:29:cc:
         e5:b6:0d:08:0e:4b:d0:49:7e:9b:25:03:5c:72:90:c5:0a:33:
         bb:7a:91:ab:4a:4b:d8:d6:bb:4a:eb:b9:45:ba:38:50:18:d9:
         d4:31:bd:00:83:e0:28:da:56:2e:01:e2:0c:9d:79:e0:fe:75:
         48:fe:8b:b6:ee:ea:64:e9:41:39:ed:88:5a:e0:c0:6f:d6:91:
         e0:be:c6:bb:d8:5d:7d:48:f5:3a:eb:0a:5a:6d:d1:f3:5f:22:
         9d:00:b1:e6:d3:d7:92:19:0e:83:65:60:9f:21:34:55:d0:10:
         fb:d6:48:0b
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzGSnbQaVOoCEMqrmu0EW0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODM0MGEyNDY5OWZkNGIxZDk4OWU1ZTAyMTU1Njk0ZGE3ODVjMDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvvRzSu41JK5Pc6FFyXBGxmoQPvi
WXl979vwR6lsb6P196GOIUUzrqvcXI7tqH2EiB9288zZIYSifgMLXvdzxkcR6PkP
mnW56C4a8X33PWRVTjPHR7hQN+OPeVEmPP+t5eFvx0R+j2V5t4HNjHOscQxYBSsu
VKcad5H6uPycq2T+Z+vTrVxWLCugAHYx6ib7V/Q0hmyJLM0cyC3DeeL2+B4Bk+S2
BnLdwWrf/+brWSMX2A8HgF8xE3VAly+a292PXBpd5xZ+ecEAAcnV3fVPcZ1SyqkL
VQ+f3dx4zvu83ZN8adyTV9bcl96ub1CbNgLtUQsMU/xvH+qzNY4ED7l/GQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPg0CiRpn9Sx2Ynl4CFVaU2nhcBoMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvMS1EUUtKR21mMUxIWmllWGdJVlZwVGFlRndHZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODYvNmMwYmY3LTVmMTMtNDRhMi05OTg5LThjOTU4MWQ5NmQ4
Zi8xL1dJWG9oTUw4ZW5YUkxkSGVwSnppTkp4SEJuNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEACXmjwME
AI1l9gMEALkCIzANBgkqhkiG9w0BAQsFAAOCAQEAWLG6gRei8IYsy4h0oVMhKzms
1eShLJvlWX47rE3cO3/OwwlkGHt+/ZTr5JsXbaDu0VqMk+4rRPKlckg7n7Qo9mIx
witbB0iL/X8/4TKoZ90oszlmHMsDoFXU8LTSc8kQxaRsxg6TX41Kg2yxINHHE8vc
Pe98CKQuuwoizJTDgQzDoMLtnxU2ASLuW3CEHCnM5bYNCA5L0El+myUDXHKQxQoz
u3qRq0pL2Na7Suu5Rbo4UBjZ1DG9AIPgKNpWLgHiDJ154P51SP6Ltu7qZOlBOe2I
WuDAb9aR4L7Gu9hdfUj1OusKWm3R818inQCx5tPXkhkOg2VgnyE0VdAQ+9ZICw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:45:12 2024 by rpki-client on console-ams.rpki-client.org