Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/fQuRmOcvLIMQ9CbI9OaQA7wOmDk.roa
File:                     fQuRmOcvLIMQ9CbI9OaQA7wOmDk.roa (raw, json)
Hash identifier:          RVxtwKpPpjkjtK1v/UPtn8EAs50T0kt7fEfsORH1u5k=
Subject key identifier:   7D:0B:91:98:E7:2F:2C:83:10:F4:26:C8:F4:E6:90:03:BC:0E:98:39
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A539DD49D65BA0902A6E77A894516
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/fQuRmOcvLIMQ9CbI9OaQA7wOmDk.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205591
IP address blocks:        185.133.208.0/24 maxlen: 24
                          2a06:e881:2102::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:53:9d:d4:9d:65:ba:09:02:a6:e7:7a:89:45:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d0b9198e72f2c8310f426c8f4e69003bc0e9839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:98:4e:c9:df:e6:f7:3c:32:98:ee:5e:a4:5d:
                    e6:b7:dc:93:90:89:a8:c8:63:e9:89:3f:da:b4:b5:
                    a5:2e:88:65:65:ce:0b:b8:c0:59:fc:c3:64:66:ac:
                    80:5d:0e:82:26:59:61:a0:76:bb:c8:22:23:72:a5:
                    2d:37:c9:b6:ae:07:18:d5:52:ba:72:22:5a:11:95:
                    ba:36:ca:7d:ed:51:1c:83:3c:5e:fe:3f:05:08:e4:
                    83:32:20:0a:f0:43:ae:82:60:91:4c:73:47:69:5a:
                    cb:7d:a1:5b:45:ab:c9:a0:75:5c:cf:50:cc:7e:dd:
                    14:cc:68:f2:23:aa:fa:68:0f:2a:ca:1f:3c:20:e2:
                    93:b4:f4:09:f5:99:cf:3c:6d:de:c5:59:e4:da:3c:
                    45:ff:9a:5f:8a:ad:52:d2:08:ee:a0:a0:73:1f:10:
                    55:15:c6:ec:bf:db:8f:95:11:94:8b:55:46:3b:98:
                    e3:ea:78:86:b1:5e:72:60:73:e6:e3:fb:75:4b:02:
                    a1:bd:12:b6:77:b4:b8:72:f5:18:80:e9:c8:74:83:
                    1f:72:59:57:09:14:12:20:47:15:a1:13:8d:3c:7b:
                    cb:05:39:4c:5e:69:d9:4b:cf:82:98:75:ab:67:28:
                    6d:f2:18:34:ad:85:4c:ed:da:d2:0e:cd:02:f8:6d:
                    a5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:0B:91:98:E7:2F:2C:83:10:F4:26:C8:F4:E6:90:03:BC:0E:98:39
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/fQuRmOcvLIMQ9CbI9OaQA7wOmDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.208.0/24
                IPv6:
                  2a06:e881:2102::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:1d:fd:a4:5b:88:0d:51:de:9c:0a:be:13:ce:5c:8a:d9:e6:
         f5:de:01:6f:72:cc:bf:20:64:65:c9:3a:e4:a8:dd:32:b1:cc:
         6e:b3:a9:72:cc:37:d4:ba:8a:39:04:b2:05:67:d5:d0:31:f8:
         9c:3c:08:d8:af:8c:57:7d:a8:2e:d2:b3:a1:0e:4b:21:57:17:
         ef:d4:6f:d5:be:9d:d5:10:87:f1:4b:06:20:d2:f6:49:5c:39:
         6c:25:f1:34:6c:43:12:3f:68:f4:58:8a:84:1e:05:99:e6:1e:
         fd:6b:b9:48:87:a2:7a:b4:7e:6a:d7:87:88:69:d6:1f:a7:0f:
         b8:e7:63:f8:e4:f7:b7:9a:1e:61:59:b2:ed:20:a3:5a:a7:04:
         e5:ac:e5:3f:21:01:cf:18:6e:10:2c:6f:98:0b:b8:7f:f4:d2:
         5a:6c:ae:8a:04:3c:7f:3f:ba:5e:f0:89:96:52:13:5f:c3:ae:
         a1:97:fb:6e:b4:4d:c7:2b:78:b9:f5:7c:57:83:36:d9:23:de:
         3a:c8:60:00:54:37:e1:39:31:ed:ba:7a:32:48:d6:50:87:5f:
         bc:83:5c:bc:7f:8d:9e:60:3f:42:6b:53:4d:43:de:b5:ca:85:
         c8:65:39:ef:ad:a3:20:e4:fa:f8:9a:e6:10:a7:cf:c0:74:b9:
         56:c2:4e:11
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKlOd1J1lugkCpud6iUUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDBiOTE5OGU3MmYyYzgzMTBmNDI2YzhmNGU2OTAwM2JjMGU5ODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhphOyd/m9zwymO5epF3mt9yTkImo
yGPpiT/atLWlLohlZc4LuMBZ/MNkZqyAXQ6CJllhoHa7yCIjcqUtN8m2rgcY1VK6
ciJaEZW6Nsp97VEcgzxe/j8FCOSDMiAK8EOugmCRTHNHaVrLfaFbRavJoHVcz1DM
ft0UzGjyI6r6aA8qyh88IOKTtPQJ9ZnPPG3exVnk2jxF/5pfiq1S0gjuoKBzHxBV
Fcbsv9uPlRGUi1VGO5jj6niGsV5yYHPm4/t1SwKhvRK2d7S4cvUYgOnIdIMfcllX
CRQSIEcVoRONPHvLBTlMXmnZS8+CmHWrZyht8hg0rYVM7drSDs0C+G2lnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH0LkZjnLyyDEPQmyPTmkAO8Dpg5MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvZlF1Um1PY3ZMSU1ROUNiSTlPYVFBN3dPbURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYXQMA8E
AgACMAkDBwAqBuiBIQIwDQYJKoZIhvcNAQELBQADggEBAGwd/aRbiA1R3pwKvhPO
XIrZ5vXeAW9yzL8gZGXJOuSo3TKxzG6zqXLMN9S6ijkEsgVn1dAx+Jw8CNivjFd9
qC7Ss6EOSyFXF+/Ub9W+ndUQh/FLBiDS9klcOWwl8TRsQxI/aPRYioQeBZnmHv1r
uUiHonq0fmrXh4hp1h+nD7jnY/jk97eaHmFZsu0go1qnBOWs5T8hAc8YbhAsb5gL
uH/00lpsrooEPH8/ul7wiZZSE1/DrqGX+260TccreLn1fFeDNtkj3jrIYABUN+E5
Me26ejJI1lCHX7yDXLx/jZ5gP0JrU01D3rXKhchlOe+toyDk+via5hCnz8B0uVbC
ThE=
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:56:01 2024 by rpki-client on console-ams.rpki-client.org