Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/1-ZDgT-gF4KDx05lRCarMeH5Ata4.roa
File:                     1-ZDgT-gF4KDx05lRCarMeH5Ata4.roa (raw, json)
Hash identifier:          qNudejNB/2nxjDwatLOLSkWe7j0U0dy2K0RuVN1zePI=
Subject key identifier:   F9:90:E0:4F:E8:05:E0:A0:F1:D3:99:51:09:AA:CC:78:7E:40:B5:AE
Certificate issuer:       /CN=dcae4b0471a61872c404142e1f90f5074f0d6f15
Certificate serial:       018CCA2BBFB85FC4F3482F155FA73E08DE87
Authority key identifier: DC:AE:4B:04:71:A6:18:72:C4:04:14:2E:1F:90:F5:07:4F:0D:6F:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/1-ZDgT-gF4KDx05lRCarMeH5Ata4.roa
Signing time:             Tue 02 Jan 2024 12:35:13 +0000
ROA not before:           Tue 02 Jan 2024 12:35:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205197
IP address blocks:        185.223.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:bf:b8:5f:c4:f3:48:2f:15:5f:a7:3e:08:de:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcae4b0471a61872c404142e1f90f5074f0d6f15
        Validity
            Not Before: Jan  2 12:35:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f990e04fe805e0a0f1d3995109aacc787e40b5ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:71:8a:da:be:00:4b:cd:33:4c:32:74:2e:eb:
                    0c:df:e0:46:15:a3:cc:e1:82:14:cb:5e:e6:c2:f1:
                    81:53:8e:4b:c6:e2:aa:d6:39:66:f0:3d:4a:85:46:
                    2e:89:2d:88:5d:d7:14:17:9e:ff:00:09:38:d7:96:
                    c5:30:d2:75:c8:12:d6:c3:c7:c0:b0:ce:c9:43:62:
                    87:88:4f:a1:40:83:8e:8e:93:7d:2a:e2:05:83:7a:
                    ca:27:84:64:7d:12:1c:ef:6a:74:db:c8:c0:42:81:
                    ef:f9:31:c0:4d:59:58:60:18:ba:47:17:0a:c0:3a:
                    43:e5:f5:7a:41:8d:4d:7b:4e:6b:a3:87:0d:6b:a5:
                    c6:c5:6f:5c:af:29:a0:32:94:8f:56:d7:57:73:e3:
                    5c:ee:e9:fa:31:5d:36:7e:7b:24:a8:1b:b2:90:42:
                    98:82:a2:08:90:4c:ab:46:3c:8f:35:e5:c7:c5:78:
                    09:05:f3:26:91:ef:2a:19:3b:2d:9e:8c:83:06:0a:
                    cf:8d:96:32:32:6b:2f:f2:66:f4:73:a5:7d:9f:14:
                    f0:fe:89:c7:06:5a:5b:fb:14:ee:69:3b:b1:85:6f:
                    6c:f1:2a:60:29:22:f7:87:44:14:7a:ca:7a:83:b1:
                    26:8a:14:f0:de:c3:fe:f5:9b:5d:3a:fa:cf:b2:44:
                    94:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:90:E0:4F:E8:05:E0:A0:F1:D3:99:51:09:AA:CC:78:7E:40:B5:AE
            X509v3 Authority Key Identifier:
                keyid:DC:AE:4B:04:71:A6:18:72:C4:04:14:2E:1F:90:F5:07:4F:0D:6F:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/1-ZDgT-gF4KDx05lRCarMeH5Ata4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d5:78:51:a7:9b:4d:73:81:74:a1:aa:0f:be:10:35:89:fc:27:
         fe:85:d2:df:e6:c8:f5:d8:e2:22:de:d0:07:bf:83:4a:34:6f:
         5c:e6:57:af:47:32:db:ec:28:71:14:07:ed:7d:c5:92:f3:3d:
         2d:f6:3f:0a:30:90:e5:e6:41:d4:be:56:7c:4e:15:a8:26:df:
         73:99:3c:e9:9f:b5:7e:16:e8:25:78:cb:98:40:e8:72:37:6a:
         ff:9b:6f:ad:5e:c4:11:75:0c:04:58:e6:57:19:ca:49:d6:6a:
         00:54:ee:74:9c:72:d6:f3:fa:ac:e4:01:14:12:0f:52:51:a8:
         c5:be:9d:b1:b8:d0:2d:8d:0e:da:bf:2d:6d:cb:9b:78:32:b0:
         0c:ae:d3:e5:e9:c5:9d:fa:5c:0d:23:c3:f8:a5:fb:6f:95:95:
         85:d0:01:fe:e3:20:4b:d1:4c:aa:da:7c:5b:d3:ee:a3:fb:d0:
         aa:c5:19:d1:f7:e5:0e:1b:1c:6d:bd:0b:ed:fd:f9:f2:ab:8f:
         31:4a:89:95:94:da:2c:86:b7:8d:da:cf:e9:ec:ac:7d:00:1a:
         93:6f:28:06:e7:5a:a6:7e:51:43:b3:1c:bf:6a:89:da:88:b1:
         f4:8f:8c:24:78:03:12:42:c9:bd:39:ef:c0:87:c9:5b:bf:f5:
         85:f4:2d:98
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKK7+4X8TzSC8VX6c+CN6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYWU0YjA0NzFhNjE4NzJjNDA0MTQyZTFmOTBmNTA3NGYw
ZDZmMTUwHhcNMjQwMTAyMTIzNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTkwZTA0ZmU4MDVlMGEwZjFkMzk5NTEwOWFhY2M3ODdlNDBiNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3GK2r4AS80zTDJ0LusM3+BGFaPM
4YIUy17mwvGBU45LxuKq1jlm8D1KhUYuiS2IXdcUF57/AAk415bFMNJ1yBLWw8fA
sM7JQ2KHiE+hQIOOjpN9KuIFg3rKJ4RkfRIc72p028jAQoHv+THATVlYYBi6RxcK
wDpD5fV6QY1Ne05ro4cNa6XGxW9crymgMpSPVtdXc+Nc7un6MV02fnskqBuykEKY
gqIIkEyrRjyPNeXHxXgJBfMmke8qGTstnoyDBgrPjZYyMmsv8mb0c6V9nxTw/onH
Blpb+xTuaTuxhW9s8SpgKSL3h0QUesp6g7EmihTw3sP+9ZtdOvrPskSUhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmQ4E/oBeCg8dOZUQmqzHh+QLWuMB8GA1UdIwQY
MBaAFNyuSwRxphhyxAQULh+Q9QdPDW8VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0s1TEJIR21HSExFQkJRdUg1RDFCMDhOYnhVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi82N2Y5YTctYTZlOC00MjZlLWJhYzQt
NGI2OGIxNWQzMDFhLzEvMS1aRGdULWdGNEtEeDA1bFJDYXJNZUg1QXRhNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTIvNjdmOWE3LWE2ZTgtNDI2ZS1iYWM0LTRiNjhiMTVkMzAx
YS8xLzNLNUxCSEdtR0hMRUJCUXVINUQxQjA4TmJ4VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArnfWDAN
BgkqhkiG9w0BAQsFAAOCAQEA1XhRp5tNc4F0oaoPvhA1ifwn/oXS3+bI9djiIt7Q
B7+DSjRvXOZXr0cy2+wocRQH7X3FkvM9LfY/CjCQ5eZB1L5WfE4VqCbfc5k86Z+1
fhboJXjLmEDocjdq/5tvrV7EEXUMBFjmVxnKSdZqAFTudJxy1vP6rOQBFBIPUlGo
xb6dsbjQLY0O2r8tbcubeDKwDK7T5enFnfpcDSPD+KX7b5WVhdAB/uMgS9FMqtp8
W9Puo/vQqsUZ0fflDhscbb0L7f358quPMUqJlZTaLIa3jdrP6eysfQAak28oBuda
pn5RQ7Mcv2qJ2oix9I+MJHgDEkLJvTnvwIfJW7/1hfQtmA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:41:50 2024 by rpki-client on console-fra.rpki-client.org