Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/0c01c5-157d-40a7-8fcc-5c7723460223/1/ABLd_GhkY3vakEeuFHvoMmFguBA.roa
File:                     ABLd_GhkY3vakEeuFHvoMmFguBA.roa (raw, json)
Hash identifier:          3PTn1zmCH8kuJUSoOyMk4VBESvJfeeNo1ozAN35MB0Q=
Subject key identifier:   00:12:DD:FC:68:64:63:7B:DA:90:47:AE:14:7B:E8:32:61:60:B8:10
Certificate issuer:       /CN=db186422279d9d8b4e68e69b1296e532d4da0c3f
Certificate serial:       018CC94E1FD8594608FDA21F330EDABE12EA
Authority key identifier: DB:18:64:22:27:9D:9D:8B:4E:68:E6:9B:12:96:E5:32:D4:DA:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2xhkIiednYtOaOabEpblMtTaDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/0c01c5-157d-40a7-8fcc-5c7723460223/1/ABLd_GhkY3vakEeuFHvoMmFguBA.roa
Signing time:             Tue 02 Jan 2024 08:33:09 +0000
ROA not before:           Tue 02 Jan 2024 08:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203441
IP address blocks:        185.132.224.0/22 maxlen: 22
                          193.105.103.0/24 maxlen: 24
                          2a03:a660::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/0c01c5-157d-40a7-8fcc-5c7723460223/1/2xhkIiednYtOaOabEpblMtTaDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/0c01c5-157d-40a7-8fcc-5c7723460223/1/2xhkIiednYtOaOabEpblMtTaDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2xhkIiednYtOaOabEpblMtTaDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 17:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:1f:d8:59:46:08:fd:a2:1f:33:0e:da:be:12:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db186422279d9d8b4e68e69b1296e532d4da0c3f
        Validity
            Not Before: Jan  2 08:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0012ddfc6864637bda9047ae147be8326160b810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8b:34:2f:91:9b:4c:e2:c9:2b:bc:4f:12:ea:
                    b2:92:62:b8:df:0d:36:78:7c:f5:b9:70:6a:06:97:
                    1a:d4:9a:55:2e:69:70:ae:f1:15:28:59:54:3c:10:
                    8a:bd:c5:85:f1:8a:93:84:75:1c:fc:c6:91:7d:10:
                    b8:7c:d2:53:1a:82:cc:a1:f6:09:7c:8d:8e:59:3d:
                    81:88:eb:4d:db:2e:bf:ef:dc:59:46:53:8e:c1:56:
                    be:1b:60:01:8e:e4:fb:0b:f4:d9:6f:00:0e:5d:85:
                    6d:0a:c5:d7:1e:9e:40:1e:99:f7:b9:59:5a:50:97:
                    41:d3:8f:b1:e9:d5:90:1b:c3:ee:5a:2a:7a:c0:7b:
                    47:7d:13:4b:f2:85:68:25:e2:85:e8:fc:a5:7a:89:
                    73:76:3e:2c:74:69:d7:59:5d:8c:5b:70:9f:f2:03:
                    4c:72:21:c6:dc:67:a3:10:6c:f6:36:3c:40:3c:20:
                    7a:85:11:54:9c:4d:7e:48:dc:6a:bc:d3:d8:f8:08:
                    a3:c0:6c:e3:ae:5e:40:af:1b:57:bc:40:78:66:0d:
                    06:b5:f6:87:c6:26:50:9d:8c:3b:22:9b:28:a6:6f:
                    14:77:50:78:eb:48:b6:d4:c1:e7:af:d8:07:41:4a:
                    0b:d1:71:b4:f8:04:7d:49:e2:7a:23:b6:ea:87:df:
                    2f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:12:DD:FC:68:64:63:7B:DA:90:47:AE:14:7B:E8:32:61:60:B8:10
            X509v3 Authority Key Identifier:
                keyid:DB:18:64:22:27:9D:9D:8B:4E:68:E6:9B:12:96:E5:32:D4:DA:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2xhkIiednYtOaOabEpblMtTaDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/0c01c5-157d-40a7-8fcc-5c7723460223/1/ABLd_GhkY3vakEeuFHvoMmFguBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/0c01c5-157d-40a7-8fcc-5c7723460223/1/2xhkIiednYtOaOabEpblMtTaDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.132.224.0/22
                  193.105.103.0/24
                IPv6:
                  2a03:a660::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:f3:21:21:b8:5c:0f:0f:15:d6:73:ae:f1:d8:ea:b5:88:4d:
         b6:f8:94:db:98:42:98:35:02:6e:02:af:21:d6:e7:0a:a5:d7:
         8a:55:18:f7:22:d1:ea:94:be:de:79:a1:86:cf:a0:23:a7:2c:
         c3:d5:2a:c3:38:e1:05:a2:3e:47:77:f6:05:d8:a7:1d:d3:6a:
         1a:b3:7f:88:db:eb:61:cf:92:9e:ab:f3:58:0d:47:82:7d:b0:
         b2:a4:53:b7:30:bd:1e:15:8d:c8:bb:07:81:c6:de:a5:7c:68:
         19:27:76:a0:ac:c3:bf:01:3b:6e:3c:ed:f7:6e:3d:f9:3c:ad:
         25:bc:f6:9a:fb:eb:2e:f1:86:27:a6:50:67:61:8d:ec:eb:a2:
         66:89:94:90:da:2b:5f:b1:ed:65:38:f1:b8:d8:fa:99:23:7f:
         3d:50:f3:51:07:96:af:e2:d3:50:f4:31:52:91:a3:d1:df:eb:
         2e:5c:e6:e9:a3:29:8a:e6:50:9b:da:2e:e5:d2:de:8d:25:4a:
         85:b0:de:54:1a:5b:57:f4:f8:53:b5:c0:e6:25:20:4c:35:87:
         19:45:5b:ff:56:9a:77:96:56:eb:af:c4:26:bc:5f:ce:f2:6b:
         b2:75:51:47:1b:e0:23:70:63:90:42:ea:0f:a5:4c:10:64:25:
         77:22:1d:fe
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJTh/YWUYI/aIfMw7avhLqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMTg2NDIyMjc5ZDlkOGI0ZTY4ZTY5YjEyOTZlNTMyZDRk
YTBjM2YwHhcNMjQwMTAyMDgzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDEyZGRmYzY4NjQ2MzdiZGE5MDQ3YWUxNDdiZTgzMjYxNjBiODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoos0L5GbTOLJK7xPEuqykmK43w02
eHz1uXBqBpca1JpVLmlwrvEVKFlUPBCKvcWF8YqThHUc/MaRfRC4fNJTGoLMofYJ
fI2OWT2BiOtN2y6/79xZRlOOwVa+G2ABjuT7C/TZbwAOXYVtCsXXHp5AHpn3uVla
UJdB04+x6dWQG8PuWip6wHtHfRNL8oVoJeKF6Pyleolzdj4sdGnXWV2MW3Cf8gNM
ciHG3GejEGz2NjxAPCB6hRFUnE1+SNxqvNPY+AijwGzjrl5ArxtXvEB4Zg0GtfaH
xiZQnYw7Ipsopm8Ud1B460i21MHnr9gHQUoL0XG0+AR9SeJ6I7bqh98v1wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAAS3fxoZGN72pBHrhR76DJhYLgQMB8GA1UdIwQY
MBaAFNsYZCInnZ2LTmjmmxKW5TLU2gw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnhoa0lpZWRuWXRPYU9hYkVwYmxNdFRhREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8wYzAxYzUtMTU3ZC00MGE3LThmY2Mt
NWM3NzIzNDYwMjIzLzEvQUJMZF9HaGtZM3Zha0VldUZIdm9NbUZndUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8wYzAxYzUtMTU3ZC00MGE3LThmY2MtNWM3NzIzNDYwMjIz
LzEvMnhoa0lpZWRuWXRPYU9hYkVwYmxNdFRhREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuYTgAwQA
wWlnMA0EAgACMAcDBQAqA6ZgMA0GCSqGSIb3DQEBCwUAA4IBAQA18yEhuFwPDxXW
c67x2Oq1iE22+JTbmEKYNQJuAq8h1ucKpdeKVRj3ItHqlL7eeaGGz6AjpyzD1SrD
OOEFoj5Hd/YF2Kcd02oas3+I2+thz5Keq/NYDUeCfbCypFO3ML0eFY3IuweBxt6l
fGgZJ3agrMO/ATtuPO33bj35PK0lvPaa++su8YYnplBnYY3s66JmiZSQ2itfse1l
OPG42PqZI389UPNRB5av4tNQ9DFSkaPR3+suXObpoymK5lCb2i7l0t6NJUqFsN5U
GltX9PhTtcDmJSBMNYcZRVv/Vpp3llbrr8QmvF/O8muydVFHG+AjcGOQQuoPpUwQ
ZCV3Ih3+
-----END CERTIFICATE-----
Generated at Fri Dec 27 20:42:37 2024 by rpki-client on console-fra.rpki-client.org