Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/3Ufhxv-mkVX644a0bVfon065Uic.roa
File:                     3Ufhxv-mkVX644a0bVfon065Uic.roa (raw, json)
Hash identifier:          rXzqA3tq4H6G/lApyCy/VDMkaYnmmNQrAu1e6s9Yy3s=
Subject key identifier:   DD:47:E1:C6:FF:A6:91:55:FA:E3:86:B4:6D:57:E8:9F:4E:B9:52:27
Certificate issuer:       /CN=406e906f82b3d5155659dae4d086769ef12a8214
Certificate serial:       018CC9BCC26FABCC02E2D8196A50E04D2693
Authority key identifier: 40:6E:90:6F:82:B3:D5:15:56:59:DA:E4:D0:86:76:9E:F1:2A:82:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/3Ufhxv-mkVX644a0bVfon065Uic.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206372
IP address blocks:        185.175.36.0/22 maxlen: 24
                          2a0b:cd00::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c2:6f:ab:cc:02:e2:d8:19:6a:50:e0:4d:26:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=406e906f82b3d5155659dae4d086769ef12a8214
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd47e1c6ffa69155fae386b46d57e89f4eb95227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:11:bb:ba:1f:36:85:d7:dd:fd:cb:70:38:72:
                    89:ed:29:d0:5d:80:c7:fb:01:6e:69:a4:0d:32:26:
                    5a:a7:7a:92:01:f2:d9:a2:e0:ce:54:09:97:e3:cc:
                    ad:67:6a:49:ba:8c:d0:8c:1d:62:62:87:37:e9:a7:
                    b1:8a:5a:0a:00:3c:f7:5b:02:1e:d4:9e:84:49:4e:
                    c2:a0:e4:83:cc:53:01:ca:c4:0c:f5:3e:c0:20:fb:
                    57:ed:9c:80:16:0f:5e:89:59:7e:7c:de:7e:76:91:
                    75:54:5d:eb:83:6e:e5:45:f7:62:85:71:6a:63:34:
                    f6:a6:5d:00:ff:84:27:a5:5b:c5:9b:c0:1f:84:3b:
                    9a:55:b6:85:8f:a3:77:12:59:1b:c0:0b:e8:9e:b8:
                    7d:4d:7b:4d:4e:9c:2e:8a:71:c1:8c:59:da:f0:65:
                    57:82:40:2e:28:56:23:1b:14:46:ea:75:1b:96:0e:
                    c5:01:b3:b3:f5:d6:08:c9:79:6d:c5:5e:e5:cc:b2:
                    a9:cc:15:17:f3:e9:4f:e3:47:c9:be:cd:31:15:e3:
                    35:3b:fc:18:47:d9:31:ea:44:8e:42:81:cb:ce:6e:
                    e7:6a:f1:4a:81:69:e9:c2:c4:08:27:71:3d:4e:13:
                    d5:56:c4:32:a6:95:80:d9:fe:1a:b3:cd:01:43:14:
                    79:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:47:E1:C6:FF:A6:91:55:FA:E3:86:B4:6D:57:E8:9F:4E:B9:52:27
            X509v3 Authority Key Identifier:
                keyid:40:6E:90:6F:82:B3:D5:15:56:59:DA:E4:D0:86:76:9E:F1:2A:82:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/3Ufhxv-mkVX644a0bVfon065Uic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.36.0/22
                IPv6:
                  2a0b:cd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:ea:ba:04:c3:bd:12:f8:b2:fb:ec:42:aa:30:4a:e7:b3:9b:
         fd:c2:4c:45:71:c6:41:74:dd:f7:92:71:c1:8c:9f:c5:b8:e0:
         81:45:be:d8:d5:e4:24:65:ad:fd:33:00:c4:51:5b:04:f3:b7:
         cc:83:d4:b0:a5:0a:84:3f:2d:80:1b:73:59:09:bb:17:5e:52:
         8b:3c:41:de:06:f2:db:c1:4d:81:21:6b:f7:43:ac:d6:05:a5:
         f7:5c:e5:0c:ee:46:9d:b3:1f:d4:ae:27:22:62:7c:26:23:92:
         4f:bb:33:e9:b6:d3:95:66:a5:ac:19:24:8c:a8:6d:04:ce:cc:
         fb:2c:87:ca:a4:79:40:87:34:57:8c:70:6d:b8:55:09:7c:f5:
         95:7a:f6:c1:02:25:15:36:3b:bb:b0:cb:cd:a8:b8:5a:02:4a:
         3b:06:57:61:90:7d:56:14:12:0b:90:b3:b8:a8:3d:d6:51:b1:
         7e:b3:38:c3:62:bf:ae:43:89:67:a1:c1:49:f8:44:4c:18:81:
         b4:b9:55:a8:e5:14:10:d0:89:3c:6b:f0:d3:28:f8:a6:6d:38:
         f2:5f:70:1a:60:62:0b:da:5a:b9:1c:d5:9e:e1:33:7d:e0:14:
         f4:dd:71:b7:10:3c:c8:2a:79:bb:61:f8:23:5d:25:1c:dc:30:
         03:c4:10:c4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvMJvq8wC4tgZalDgTSaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNmU5MDZmODJiM2Q1MTU1NjU5ZGFlNGQwODY3NjllZjEy
YTgyMTQwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQ3ZTFjNmZmYTY5MTU1ZmFlMzg2YjQ2ZDU3ZTg5ZjRlYjk1MjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBG7uh82hdfd/ctwOHKJ7SnQXYDH
+wFuaaQNMiZap3qSAfLZouDOVAmX48ytZ2pJuozQjB1iYoc36aexiloKADz3WwIe
1J6ESU7CoOSDzFMBysQM9T7AIPtX7ZyAFg9eiVl+fN5+dpF1VF3rg27lRfdihXFq
YzT2pl0A/4QnpVvFm8AfhDuaVbaFj6N3ElkbwAvonrh9TXtNTpwuinHBjFna8GVX
gkAuKFYjGxRG6nUblg7FAbOz9dYIyXltxV7lzLKpzBUX8+lP40fJvs0xFeM1O/wY
R9kx6kSOQoHLzm7navFKgWnpwsQIJ3E9ThPVVsQyppWA2f4as80BQxR5SwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN1H4cb/ppFV+uOGtG1X6J9OuVInMB8GA1UdIwQY
MBaAFEBukG+Cs9UVVlna5NCGdp7xKoIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUc2UWI0S3oxUlZXV2RyazBJWjJudkVxZ2hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hYzEyNGMtNWJkMy00YjE1LWIwODgt
YTE4YTA1MTI3NzZjLzEvM1VmaHh2LW1rVlg2NDRhMGJWZm9uMDY1VWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hYzEyNGMtNWJkMy00YjE1LWIwODgtYTE4YTA1MTI3NzZj
LzEvUUc2UWI0S3oxUlZXV2RyazBJWjJudkVxZ2hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCua8kMA0E
AgACMAcDBQMqC80AMA0GCSqGSIb3DQEBCwUAA4IBAQCR6roEw70S+LL77EKqMErn
s5v9wkxFccZBdN33knHBjJ/FuOCBRb7Y1eQkZa39MwDEUVsE87fMg9SwpQqEPy2A
G3NZCbsXXlKLPEHeBvLbwU2BIWv3Q6zWBaX3XOUM7kadsx/UriciYnwmI5JPuzPp
ttOVZqWsGSSMqG0Ezsz7LIfKpHlAhzRXjHBtuFUJfPWVevbBAiUVNju7sMvNqLha
Ako7BldhkH1WFBILkLO4qD3WUbF+szjDYr+uQ4lnocFJ+ERMGIG0uVWo5RQQ0Ik8
a/DTKPimbTjyX3AaYGIL2lq5HNWe4TN94BT03XG3EDzIKnm7YfgjXSUc3DADxBDE
-----END CERTIFICATE-----