Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/fQixw7Tu4ZsqCOwssTsTfunP9C4.roa
File:                     fQixw7Tu4ZsqCOwssTsTfunP9C4.roa (raw, json)
Hash identifier:          l4sLlzPJg9A/m9dizR+hjOkm7C2RxyDB0d6l/PiN5kw=
Subject key identifier:   7D:08:B1:C3:B4:EE:E1:9B:2A:08:EC:2C:B1:3B:13:7E:E9:CF:F4:2E
Certificate issuer:       /CN=776405e0283743cf52180d5b13812dfba3ded7fc
Certificate serial:       018CC34941DB06093A88F5B4116929981F12
Authority key identifier: 77:64:05:E0:28:37:43:CF:52:18:0D:5B:13:81:2D:FB:A3:DE:D7:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/fQixw7Tu4ZsqCOwssTsTfunP9C4.roa
Signing time:             Mon 01 Jan 2024 04:30:07 +0000
ROA not before:           Mon 01 Jan 2024 04:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12637
IP address blocks:        185.146.252.0/22 maxlen: 24
                          212.44.96.0/19 maxlen: 24
                          2a02:ea::/32 maxlen: 48
                          2a02:eb::/32 maxlen: 48
                          2a02:e9::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:41:db:06:09:3a:88:f5:b4:11:69:29:98:1f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=776405e0283743cf52180d5b13812dfba3ded7fc
        Validity
            Not Before: Jan  1 04:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d08b1c3b4eee19b2a08ec2cb13b137ee9cff42e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:12:77:b5:fa:44:7a:4d:bc:53:19:64:54:44:
                    89:ea:78:87:6d:57:40:31:a8:32:2b:b4:2e:6c:b6:
                    34:82:32:78:a8:27:b0:d3:4b:26:13:7b:76:c3:46:
                    b9:9a:41:91:8f:e0:74:a4:64:d9:4c:77:2f:18:b7:
                    2d:7b:ee:62:61:68:f6:bc:49:5d:54:df:3f:b3:9e:
                    6e:c8:d3:69:d8:4b:12:1f:2d:ef:72:70:1f:b3:ef:
                    e5:7e:b2:d6:50:a0:b2:ee:77:1d:f5:c6:72:d1:5d:
                    6c:e4:85:ee:e9:8b:90:d5:ed:10:f2:27:36:19:cd:
                    b3:25:18:60:02:c4:94:53:4d:07:10:93:08:0d:26:
                    c3:35:88:3b:74:8d:be:8c:0e:39:7b:91:29:cc:53:
                    aa:24:ff:cf:cf:a8:01:91:17:ea:a3:ef:d5:8d:0d:
                    cb:8c:2f:f5:23:d1:35:a6:6a:bf:a2:e3:9d:53:65:
                    e1:94:92:0e:22:ac:cb:c1:a6:1c:02:d9:c6:d2:50:
                    d8:a2:7a:ae:24:50:ab:79:e7:02:e6:6b:e5:bf:71:
                    3f:95:0c:a8:fa:cc:77:ba:28:0c:98:59:09:da:af:
                    4f:c3:8e:be:5d:b2:12:ed:be:f6:11:c7:8a:b8:34:
                    00:e4:e3:93:de:90:e7:56:54:cc:16:bd:65:16:00:
                    c0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:08:B1:C3:B4:EE:E1:9B:2A:08:EC:2C:B1:3B:13:7E:E9:CF:F4:2E
            X509v3 Authority Key Identifier:
                keyid:77:64:05:E0:28:37:43:CF:52:18:0D:5B:13:81:2D:FB:A3:DE:D7:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/fQixw7Tu4ZsqCOwssTsTfunP9C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/363586-9b80-457b-bdf0-6ca52e029cbe/1/d2QF4Cg3Q89SGA1bE4Et-6Pe1_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.252.0/22
                  212.44.96.0/19
                IPv6:
                  2a02:e9::-2a02:eb:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         86:e1:68:23:66:c7:64:59:7d:aa:5d:40:2f:b0:78:46:8f:f2:
         44:b0:41:7a:e0:4e:e2:47:4f:2d:54:2b:14:ce:6e:6c:cd:c6:
         36:1e:6f:c9:14:45:31:39:71:a9:d0:a6:ee:71:87:5d:9c:12:
         db:5a:f4:5f:57:d8:8f:3c:ba:84:c3:b1:ce:44:0d:c3:8e:04:
         f7:94:ad:df:4b:56:da:19:99:54:fc:47:4e:17:d4:3e:ab:4a:
         a0:ba:6b:82:7b:6f:e4:44:b2:e1:34:66:f8:ad:c7:75:b9:23:
         88:3e:6a:23:ee:6e:a6:c6:36:ea:f5:f2:c0:28:63:bf:af:8c:
         61:27:12:f0:eb:2e:bf:a9:e0:fd:d8:a1:db:50:69:a8:c1:2b:
         d0:f0:1d:c9:a6:8a:fb:66:b2:ad:78:49:7c:78:27:35:c9:b1:
         8c:55:45:cf:02:78:4a:4b:98:97:42:6c:e5:36:3e:6a:c8:31:
         d3:2c:10:f5:a3:a4:6d:2f:06:8b:d2:5f:ca:fd:cb:93:d5:35:
         e6:d3:d8:88:3c:c3:c8:d0:4d:7c:86:0c:00:30:c3:0e:e8:3d:
         79:d1:42:37:3c:2b:8d:5b:40:99:73:80:b9:90:b6:7d:a9:72:
         f7:d7:02:d9:6e:c4:6b:72:ce:22:1e:4a:36:82:8e:19:d1:63:
         5e:e7:eb:93
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzDSUHbBgk6iPW0EWkpmB8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NjQwNWUwMjgzNzQzY2Y1MjE4MGQ1YjEzODEyZGZiYTNk
ZWQ3ZmMwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDA4YjFjM2I0ZWVlMTliMmEwOGVjMmNiMTNiMTM3ZWU5Y2ZmNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxJ3tfpEek28UxlkVESJ6niHbVdA
MagyK7QubLY0gjJ4qCew00smE3t2w0a5mkGRj+B0pGTZTHcvGLcte+5iYWj2vEld
VN8/s55uyNNp2EsSHy3vcnAfs+/lfrLWUKCy7ncd9cZy0V1s5IXu6YuQ1e0Q8ic2
Gc2zJRhgAsSUU00HEJMIDSbDNYg7dI2+jA45e5EpzFOqJP/Pz6gBkRfqo+/VjQ3L
jC/1I9E1pmq/ouOdU2XhlJIOIqzLwaYcAtnG0lDYonquJFCreecC5mvlv3E/lQyo
+sx3uigMmFkJ2q9Pw46+XbIS7b72EceKuDQA5OOT3pDnVlTMFr1lFgDA5wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFH0IscO07uGbKgjsLLE7E37pz/QuMB8GA1UdIwQY
MBaAFHdkBeAoN0PPUhgNWxOBLfuj3tf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDJRRjRDZzNRODlTR0ExYkU0RXQtNlBlMV93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8zNjM1ODYtOWI4MC00NTdiLWJkZjAt
NmNhNTJlMDI5Y2JlLzEvZlFpeHc3VHU0WnNxQ093c3NUc1RmdW5QOUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8zNjM1ODYtOWI4MC00NTdiLWJkZjAtNmNhNTJlMDI5Y2Jl
LzEvZDJRRjRDZzNRODlTR0ExYkU0RXQtNlBlMV93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQCuZL8AwQF
1CxgMBYEAgACMBAwDgMFACoCAOkDBQIqAgDoMA0GCSqGSIb3DQEBCwUAA4IBAQCG
4WgjZsdkWX2qXUAvsHhGj/JEsEF64E7iR08tVCsUzm5szcY2Hm/JFEUxOXGp0Kbu
cYddnBLbWvRfV9iPPLqEw7HORA3DjgT3lK3fS1baGZlU/EdOF9Q+q0qgumuCe2/k
RLLhNGb4rcd1uSOIPmoj7m6mxjbq9fLAKGO/r4xhJxLw6y6/qeD92KHbUGmowSvQ
8B3Jpor7ZrKteEl8eCc1ybGMVUXPAnhKS5iXQmzlNj5qyDHTLBD1o6RtLwaL0l/K
/cuT1TXm09iIPMPI0E18hgwAMMMO6D150UI3PCuNW0CZc4C5kLZ9qXL31wLZbsRr
cs4iHko2go4Z0WNe5+uT
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:34:25 2024 by rpki-client on console-ams.rpki-client.org