Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/b366bb-7220-45f3-b46d-d63a5111fbf7/1/0U3Nl6tzLRNKsvqbISPDEoqxE58.roa
File:                     0U3Nl6tzLRNKsvqbISPDEoqxE58.roa (raw, json)
Hash identifier:          acuU16DMJ62oyVl+WmrVztgIju2QVtykRGoBxA7i5vA=
Subject key identifier:   D1:4D:CD:97:AB:73:2D:13:4A:B2:FA:9B:21:23:C3:12:8A:B1:13:9F
Certificate issuer:       /CN=02c4913823a319feba2270e1ba2ca09e435bd55b
Certificate serial:       018CCA2A4D099C0266F1B3E370D1BC9E06F5
Authority key identifier: 02:C4:91:38:23:A3:19:FE:BA:22:70:E1:BA:2C:A0:9E:43:5B:D5:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AsSROCOjGf66InDhuiygnkNb1Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/b366bb-7220-45f3-b46d-d63a5111fbf7/1/0U3Nl6tzLRNKsvqbISPDEoqxE58.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48904
IP address blocks:        185.204.8.0/23 maxlen: 23
                          185.204.10.0/23 maxlen: 23
                          217.72.16.0/21 maxlen: 21
                          217.72.24.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/b366bb-7220-45f3-b46d-d63a5111fbf7/1/AsSROCOjGf66InDhuiygnkNb1Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/b366bb-7220-45f3-b46d-d63a5111fbf7/1/AsSROCOjGf66InDhuiygnkNb1Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AsSROCOjGf66InDhuiygnkNb1Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4d:09:9c:02:66:f1:b3:e3:70:d1:bc:9e:06:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02c4913823a319feba2270e1ba2ca09e435bd55b
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d14dcd97ab732d134ab2fa9b2123c3128ab1139f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8a:32:eb:c3:a5:61:a4:0d:65:93:34:fa:03:
                    fd:2b:ea:56:6b:bb:72:fe:99:86:16:a4:9a:98:63:
                    d9:d4:e7:6d:30:f2:81:54:42:0e:c8:20:54:ad:21:
                    90:47:6b:13:dc:c2:70:52:f1:66:08:c2:ef:93:73:
                    e5:5f:74:02:eb:00:48:00:b5:ca:1b:d8:bf:08:7a:
                    18:20:15:2c:be:bf:4b:2a:8f:c5:d3:07:5d:b0:39:
                    d6:4c:d7:72:0a:77:8d:c7:3d:31:81:c8:ed:54:a9:
                    cb:74:fb:52:04:e5:f7:87:8e:26:3d:53:6c:92:13:
                    a1:59:c7:fc:a6:88:fc:48:dc:3a:02:85:b9:a2:ff:
                    d5:d9:68:0b:f1:d9:22:71:cd:9c:85:f7:00:76:eb:
                    52:15:0c:26:84:3e:99:62:a5:63:48:7b:26:50:c3:
                    de:31:dd:7d:19:60:dc:ad:53:a5:d5:14:d6:6a:b2:
                    f6:d0:8e:1b:cd:53:c9:b5:b2:44:9c:ec:f1:61:91:
                    f2:73:30:46:ce:c7:90:71:75:3a:a1:c3:f1:cc:65:
                    af:3e:ec:cd:54:d7:39:bb:ca:b8:8d:bd:31:11:4d:
                    a0:4d:19:3d:99:84:34:d9:8d:bb:1f:7b:68:80:68:
                    b8:b8:27:c8:c1:fd:9e:75:15:6a:c3:d1:18:18:bd:
                    6e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:4D:CD:97:AB:73:2D:13:4A:B2:FA:9B:21:23:C3:12:8A:B1:13:9F
            X509v3 Authority Key Identifier:
                keyid:02:C4:91:38:23:A3:19:FE:BA:22:70:E1:BA:2C:A0:9E:43:5B:D5:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AsSROCOjGf66InDhuiygnkNb1Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/b366bb-7220-45f3-b46d-d63a5111fbf7/1/0U3Nl6tzLRNKsvqbISPDEoqxE58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/b366bb-7220-45f3-b46d-d63a5111fbf7/1/AsSROCOjGf66InDhuiygnkNb1Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.8.0/22
                  217.72.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         34:06:6a:ac:c5:ae:88:d8:0a:16:0a:c3:76:73:97:34:ac:12:
         37:6e:9a:0c:d4:ae:82:17:a5:5d:3b:98:ef:20:d4:8a:f6:e5:
         ec:71:9d:bc:e5:ed:95:d9:84:d9:46:7e:c9:4f:b3:52:95:1c:
         0d:ea:17:a7:c8:18:63:8c:19:04:ed:92:09:85:dd:57:2c:89:
         fc:e4:32:92:75:85:26:01:3f:01:28:36:fb:f6:16:02:cf:88:
         c6:95:f8:51:96:ad:7d:11:f1:8c:00:7a:0c:d3:23:e8:2d:cc:
         37:6c:9c:c5:ae:5a:1b:58:0a:bc:a9:cd:fc:e2:69:a4:fc:50:
         96:bf:73:63:00:bc:3b:38:5d:a0:f1:32:8c:e5:2c:5a:7d:90:
         b9:9b:9a:ea:5c:84:2d:54:79:9b:3b:70:f7:e5:06:b0:ce:7e:
         0f:5c:3e:c6:cb:39:20:59:5b:16:29:8b:d0:39:b7:21:ed:5a:
         2e:00:df:a3:04:b2:67:32:da:42:4f:fc:95:b0:11:51:d2:df:
         57:c7:fd:23:3a:2b:e7:c7:72:e6:06:e1:3f:5d:36:4c:d6:63:
         2f:fa:e2:f5:cc:97:2d:d5:b9:62:21:f9:37:a2:06:ae:cc:a2:
         a0:08:fb:d6:dc:43:64:14:0d:f1:b4:93:c5:be:c8:af:b5:b3:
         79:9b:a9:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKk0JnAJm8bPjcNG8ngb1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYzQ5MTM4MjNhMzE5ZmViYTIyNzBlMWJhMmNhMDllNDM1
YmQ1NWIwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTRkY2Q5N2FiNzMyZDEzNGFiMmZhOWIyMTIzYzMxMjhhYjExMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYoy68OlYaQNZZM0+gP9K+pWa7ty
/pmGFqSamGPZ1OdtMPKBVEIOyCBUrSGQR2sT3MJwUvFmCMLvk3PlX3QC6wBIALXK
G9i/CHoYIBUsvr9LKo/F0wddsDnWTNdyCneNxz0xgcjtVKnLdPtSBOX3h44mPVNs
khOhWcf8poj8SNw6AoW5ov/V2WgL8dkicc2chfcAdutSFQwmhD6ZYqVjSHsmUMPe
Md19GWDcrVOl1RTWarL20I4bzVPJtbJEnOzxYZHyczBGzseQcXU6ocPxzGWvPuzN
VNc5u8q4jb0xEU2gTRk9mYQ02Y27H3togGi4uCfIwf2edRVqw9EYGL1uxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNFNzZercy0TSrL6myEjwxKKsROfMB8GA1UdIwQY
MBaAFALEkTgjoxn+uiJw4bosoJ5DW9VbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXNTUk9DT2pHZjY2SW5EaHVpeWdua05iMVZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9iMzY2YmItNzIyMC00NWYzLWI0NmQt
ZDYzYTUxMTFmYmY3LzEvMFUzTmw2dHpMUk5Lc3ZxYklTUERFb3F4RTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9iMzY2YmItNzIyMC00NWYzLWI0NmQtZDYzYTUxMTFmYmY3
LzEvQXNTUk9DT2pHZjY2SW5EaHVpeWdua05iMVZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCucwIAwQE
2UgQMA0GCSqGSIb3DQEBCwUAA4IBAQA0Bmqsxa6I2AoWCsN2c5c0rBI3bpoM1K6C
F6VdO5jvINSK9uXscZ285e2V2YTZRn7JT7NSlRwN6henyBhjjBkE7ZIJhd1XLIn8
5DKSdYUmAT8BKDb79hYCz4jGlfhRlq19EfGMAHoM0yPoLcw3bJzFrlobWAq8qc38
4mmk/FCWv3NjALw7OF2g8TKM5SxafZC5m5rqXIQtVHmbO3D35Qawzn4PXD7Gyzkg
WVsWKYvQObch7VouAN+jBLJnMtpCT/yVsBFR0t9Xx/0jOivnx3LmBuE/XTZM1mMv
+uL1zJct1bliIfk3ogauzKKgCPvW3ENkFA3xtJPFvsivtbN5m6kX
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:54:47 2024 by rpki-client on console-ams.rpki-client.org