Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/8dcUAJBEI4EdZcebSVubzmUmjhI.roa
File:                     8dcUAJBEI4EdZcebSVubzmUmjhI.roa (raw, json)
Hash identifier:          ta7g3N1JsUy/JalAj4imwUUBKAmWAeLk66m0SxyHudg=
Subject key identifier:   F1:D7:14:00:90:44:23:81:1D:65:C7:9B:49:5B:9B:CE:65:26:8E:12
Certificate issuer:       /CN=34ddcbc8f61b260fd3f3e78b6b86877cb95fd83e
Certificate serial:       018CC3B69F45C7083145ED038C105B51F5B0
Authority key identifier: 34:DD:CB:C8:F6:1B:26:0F:D3:F3:E7:8B:6B:86:87:7C:B9:5F:D8:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NN3LyPYbJg_T8-eLa4aHfLlf2D4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/8dcUAJBEI4EdZcebSVubzmUmjhI.roa
Signing time:             Mon 01 Jan 2024 06:29:34 +0000
ROA not before:           Mon 01 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206936
IP address blocks:        185.160.240.0/23 maxlen: 23
                          185.160.240.0/22 maxlen: 22
                          185.160.243.0/24 maxlen: 24
                          2a0a:8500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/NN3LyPYbJg_T8-eLa4aHfLlf2D4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/NN3LyPYbJg_T8-eLa4aHfLlf2D4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NN3LyPYbJg_T8-eLa4aHfLlf2D4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 21:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9f:45:c7:08:31:45:ed:03:8c:10:5b:51:f5:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34ddcbc8f61b260fd3f3e78b6b86877cb95fd83e
        Validity
            Not Before: Jan  1 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1d71400904423811d65c79b495b9bce65268e12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3a:21:8e:82:a0:2e:72:6a:78:22:8b:62:66:
                    2c:f9:c2:6d:82:1f:e0:1d:b9:94:e1:4e:e7:54:f5:
                    8a:98:b5:dd:81:d1:68:b3:80:45:ac:b2:c6:8d:7a:
                    04:7e:91:e8:3a:a5:99:b2:7f:2e:83:c3:8f:49:22:
                    b9:4e:c9:94:23:56:bc:69:80:02:de:bf:9f:ab:db:
                    56:15:15:e1:cb:e3:d9:6c:27:da:90:27:c2:e7:07:
                    21:99:2c:7d:b8:a7:3b:1f:40:e1:5b:db:29:ea:ae:
                    ec:7e:b5:39:61:b9:0b:53:bc:6b:3d:75:5c:1a:a1:
                    2e:a4:8c:69:5b:3d:12:72:aa:ac:d2:a9:ae:93:a3:
                    a2:8e:e0:8d:ea:43:6b:b4:a2:71:63:42:f3:9c:58:
                    ee:4e:97:07:4b:69:4f:ac:7d:1d:82:26:f7:46:2f:
                    6a:cd:ee:ae:57:69:00:4e:8f:ab:71:d3:24:3e:48:
                    4b:8d:cc:d7:e6:22:1d:fe:36:a7:79:d7:9d:07:a8:
                    08:02:cb:17:d9:ac:e3:55:7a:de:80:03:82:9e:93:
                    82:be:ca:af:d6:3d:ae:54:61:da:6b:cb:56:75:8c:
                    18:bb:f5:3d:8c:74:67:45:b5:b8:81:98:f2:d4:e9:
                    eb:d0:c2:52:39:16:91:df:01:41:57:b2:29:f2:93:
                    94:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D7:14:00:90:44:23:81:1D:65:C7:9B:49:5B:9B:CE:65:26:8E:12
            X509v3 Authority Key Identifier:
                keyid:34:DD:CB:C8:F6:1B:26:0F:D3:F3:E7:8B:6B:86:87:7C:B9:5F:D8:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NN3LyPYbJg_T8-eLa4aHfLlf2D4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/8dcUAJBEI4EdZcebSVubzmUmjhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/6508a1-4412-40c7-8a72-52cd6e89aa8d/1/NN3LyPYbJg_T8-eLa4aHfLlf2D4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.240.0/22
                IPv6:
                  2a0a:8500::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:a9:87:74:38:99:ab:50:ab:f7:0d:17:6f:42:31:a9:e8:ce:
         48:b6:91:ae:74:c8:ad:6d:60:75:32:00:2a:96:bc:70:7a:7a:
         cf:b0:e2:d2:d0:43:f2:a1:a7:a0:08:f2:cd:4f:6f:9f:82:a9:
         51:9b:66:35:cc:21:00:e1:e9:f0:27:db:8f:75:83:c3:ad:e9:
         9a:e0:58:5d:e8:28:60:fa:39:bf:9d:c0:e5:38:4d:2a:90:40:
         6a:33:7b:a7:8f:ac:af:00:af:2f:ed:db:95:de:72:75:c9:d5:
         58:46:b1:b4:84:f0:e7:df:7e:28:aa:2d:e5:1c:e8:ba:b7:62:
         ef:e9:26:7d:54:76:92:ae:3c:04:47:cb:2d:af:e8:02:6b:a6:
         d9:45:bd:1a:56:7c:84:31:e6:46:10:7f:3a:33:b3:18:aa:a9:
         b7:23:bd:99:dd:b3:2c:51:dc:5d:35:85:00:d5:a6:55:bd:0f:
         89:1d:c9:f6:7c:4b:9e:c5:97:89:f2:21:ce:ef:e9:a1:37:b4:
         b9:fd:42:e9:4d:6d:59:b5:7b:fb:d7:39:80:3b:6c:7a:14:df:
         8a:69:0b:fe:db:e8:c6:36:e0:9b:c6:f2:5f:d3:b5:0d:a9:4e:
         20:2a:37:4d:6f:2d:d3:9c:8d:35:0b:60:51:da:5e:6c:92:b2:
         f9:4b:a2:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtp9FxwgxRe0DjBBbUfWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZGRjYmM4ZjYxYjI2MGZkM2YzZTc4YjZiODY4NzdjYjk1
ZmQ4M2UwHhcNMjQwMTAxMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ3MTQwMDkwNDQyMzgxMWQ2NWM3OWI0OTViOWJjZTY1MjY4ZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTohjoKgLnJqeCKLYmYs+cJtgh/g
HbmU4U7nVPWKmLXdgdFos4BFrLLGjXoEfpHoOqWZsn8ug8OPSSK5TsmUI1a8aYAC
3r+fq9tWFRXhy+PZbCfakCfC5wchmSx9uKc7H0DhW9sp6q7sfrU5YbkLU7xrPXVc
GqEupIxpWz0Scqqs0qmuk6OijuCN6kNrtKJxY0LznFjuTpcHS2lPrH0dgib3Ri9q
ze6uV2kATo+rcdMkPkhLjczX5iId/janededB6gIAssX2azjVXregAOCnpOCvsqv
1j2uVGHaa8tWdYwYu/U9jHRnRbW4gZjy1Onr0MJSORaR3wFBV7Ip8pOUiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPHXFACQRCOBHWXHm0lbm85lJo4SMB8GA1UdIwQY
MBaAFDTdy8j2GyYP0/Pni2uGh3y5X9g+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk4zTHlQWWJKZ19UOC1lTGE0YUhmTGxmMkQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC82NTA4YTEtNDQxMi00MGM3LThhNzIt
NTJjZDZlODlhYThkLzEvOGRjVUFKQkVJNEVkWmNlYlNWdWJ6bVVtamhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC82NTA4YTEtNDQxMi00MGM3LThhNzItNTJjZDZlODlhYThk
LzEvTk4zTHlQWWJKZ19UOC1lTGE0YUhmTGxmMkQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaDwMA0E
AgACMAcDBQMqCoUAMA0GCSqGSIb3DQEBCwUAA4IBAQB3qYd0OJmrUKv3DRdvQjGp
6M5ItpGudMitbWB1MgAqlrxwenrPsOLS0EPyoaegCPLNT2+fgqlRm2Y1zCEA4enw
J9uPdYPDrema4Fhd6Chg+jm/ncDlOE0qkEBqM3unj6yvAK8v7duV3nJ1ydVYRrG0
hPDn334oqi3lHOi6t2Lv6SZ9VHaSrjwER8str+gCa6bZRb0aVnyEMeZGEH86M7MY
qqm3I72Z3bMsUdxdNYUA1aZVvQ+JHcn2fEuexZeJ8iHO7+mhN7S5/ULpTW1ZtXv7
1zmAO2x6FN+KaQv+2+jGNuCbxvJf07UNqU4gKjdNby3TnI01C2BR2l5skrL5S6J3
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:08:40 2024 by rpki-client on console-ams.rpki-client.org