Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/fda8c9-6efa-4954-a5c3-630bd73ce267/1/8UJiVLk4LmsC4txwJvRye6eafjg.roa
File:                     8UJiVLk4LmsC4txwJvRye6eafjg.roa (raw, json)
Hash identifier:          dUuon/BXVympV6pVQpsPNHeOSwo+3x5ZhwoU3Mh6PhM=
Subject key identifier:   F1:42:62:54:B9:38:2E:6B:02:E2:DC:70:26:F4:72:7B:A7:9A:7E:38
Certificate issuer:       /CN=7e080bab55bf3473188c20c7366a6cb044c7195c
Certificate serial:       018CC5DC34A9F26DE3A7C00CB950BB4EEBFD
Authority key identifier: 7E:08:0B:AB:55:BF:34:73:18:8C:20:C7:36:6A:6C:B0:44:C7:19:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fggLq1W_NHMYjCDHNmpssETHGVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/fda8c9-6efa-4954-a5c3-630bd73ce267/1/8UJiVLk4LmsC4txwJvRye6eafjg.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39563
IP address blocks:        185.231.16.0/24 maxlen: 24
                          185.231.17.0/24 maxlen: 24
                          185.231.18.0/24 maxlen: 24
                          185.231.19.0/24 maxlen: 24
                          185.80.8.0/22 maxlen: 24
                          85.8.131.0/24 maxlen: 24
                          2a0c:3900::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/fda8c9-6efa-4954-a5c3-630bd73ce267/1/fggLq1W_NHMYjCDHNmpssETHGVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/fda8c9-6efa-4954-a5c3-630bd73ce267/1/fggLq1W_NHMYjCDHNmpssETHGVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fggLq1W_NHMYjCDHNmpssETHGVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:34:a9:f2:6d:e3:a7:c0:0c:b9:50:bb:4e:eb:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e080bab55bf3473188c20c7366a6cb044c7195c
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1426254b9382e6b02e2dc7026f4727ba79a7e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:28:83:42:ec:13:e7:10:db:10:7d:6b:01:ca:
                    9d:4e:a3:99:14:85:42:9c:7f:82:d4:d8:a3:29:59:
                    f7:fc:11:ce:23:87:e3:0e:d2:7c:ce:8e:20:f4:33:
                    d2:c6:3b:08:a7:8b:cd:29:27:21:d7:42:d5:e9:5c:
                    3b:77:65:0d:ee:8a:c7:88:55:c8:5d:29:89:e0:cf:
                    b6:c4:20:3f:db:be:7f:2a:8b:97:cd:bd:d9:62:f1:
                    f1:c7:dd:14:79:c3:7b:9f:c2:36:04:58:bb:9f:f4:
                    89:e8:d4:f4:c2:59:5c:bf:be:5d:97:3c:12:d6:e8:
                    9e:dd:9a:b5:ca:3a:60:04:3a:d4:7f:48:fe:a0:41:
                    5c:8c:be:59:bf:4a:3b:61:92:61:78:b2:d1:1f:ec:
                    76:27:1e:2a:90:29:76:e4:6e:4d:79:86:d5:3b:36:
                    02:3d:61:12:ce:ea:ff:5e:c5:67:1a:de:66:88:b2:
                    56:06:11:ce:e0:ec:95:b6:0b:2a:29:20:fc:22:02:
                    a6:39:01:48:bf:0a:f2:e5:98:41:d7:16:be:2d:ba:
                    89:d6:98:b4:01:50:2d:94:57:4a:2e:66:81:d6:6e:
                    89:19:58:07:70:ff:85:52:ed:52:89:07:d2:d5:68:
                    cf:60:5f:0d:de:2f:a9:6a:46:56:e0:9f:dc:13:95:
                    56:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:42:62:54:B9:38:2E:6B:02:E2:DC:70:26:F4:72:7B:A7:9A:7E:38
            X509v3 Authority Key Identifier:
                keyid:7E:08:0B:AB:55:BF:34:73:18:8C:20:C7:36:6A:6C:B0:44:C7:19:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fggLq1W_NHMYjCDHNmpssETHGVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/fda8c9-6efa-4954-a5c3-630bd73ce267/1/8UJiVLk4LmsC4txwJvRye6eafjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/fda8c9-6efa-4954-a5c3-630bd73ce267/1/fggLq1W_NHMYjCDHNmpssETHGVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.8.131.0/24
                  185.80.8.0/22
                  185.231.16.0/22
                IPv6:
                  2a0c:3900::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:92:8b:2e:df:d9:0e:93:06:8f:e6:c8:28:49:7a:82:ad:e5:
         21:bb:51:52:4b:d5:2d:5c:de:c4:69:1e:51:f4:25:50:d2:91:
         bc:f3:c9:66:a0:9c:1f:c1:27:7e:7e:0e:c4:26:6b:3f:ac:38:
         91:36:11:55:ef:0d:b0:31:c4:f0:50:a8:aa:a6:bc:4c:ae:0d:
         ef:40:70:6c:2b:72:34:30:7e:1d:aa:03:73:50:b5:2a:86:9d:
         43:8f:30:95:4b:92:bb:d9:dc:c5:c2:a2:fe:29:88:0f:1c:ab:
         43:d1:08:56:4b:8f:15:a8:64:c0:86:e0:1f:38:39:0c:f1:4e:
         ee:90:e2:2c:d1:80:aa:b1:a9:d3:31:5a:be:01:67:b4:f6:ee:
         28:e3:27:6f:1f:1a:ef:d9:fa:f9:70:62:a2:f5:64:a1:e8:1c:
         8c:b5:dc:e5:c8:c0:21:e2:b7:e4:37:94:f2:4d:61:96:81:fd:
         00:ed:81:9e:0f:8a:ca:45:31:32:d0:8d:20:6d:0f:a9:89:0a:
         7a:fe:47:d1:49:6d:b3:ed:6c:2a:b7:c5:f8:b5:cb:a7:7d:80:
         b7:21:a1:0d:4e:ab:60:fc:ca:14:13:e1:24:64:71:2d:f8:35:
         b1:cb:72:c2:03:6d:60:9b:b3:b0:52:30:fa:87:02:14:d1:f8:
         98:b0:46:dd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzF3DSp8m3jp8AMuVC7Tuv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMDgwYmFiNTViZjM0NzMxODhjMjBjNzM2NmE2Y2IwNDRj
NzE5NWMwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTQyNjI1NGI5MzgyZTZiMDJlMmRjNzAyNmY0NzI3YmE3OWE3ZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyiDQuwT5xDbEH1rAcqdTqOZFIVC
nH+C1NijKVn3/BHOI4fjDtJ8zo4g9DPSxjsIp4vNKSch10LV6Vw7d2UN7orHiFXI
XSmJ4M+2xCA/275/KouXzb3ZYvHxx90UecN7n8I2BFi7n/SJ6NT0wllcv75dlzwS
1uie3Zq1yjpgBDrUf0j+oEFcjL5Zv0o7YZJheLLRH+x2Jx4qkCl25G5NeYbVOzYC
PWESzur/XsVnGt5miLJWBhHO4OyVtgsqKSD8IgKmOQFIvwry5ZhB1xa+LbqJ1pi0
AVAtlFdKLmaB1m6JGVgHcP+FUu1SiQfS1WjPYF8N3i+pakZW4J/cE5VWbQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFPFCYlS5OC5rAuLccCb0cnunmn44MB8GA1UdIwQY
MBaAFH4IC6tVvzRzGIwgxzZqbLBExxlcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmdnTHExV19OSE1ZakNESE5tcHNzRVRIR1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9mZGE4YzktNmVmYS00OTU0LWE1YzMt
NjMwYmQ3M2NlMjY3LzEvOFVKaVZMazRMbXNDNHR4d0p2UnllNmVhZmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9mZGE4YzktNmVmYS00OTU0LWE1YzMtNjMwYmQ3M2NlMjY3
LzEvZmdnTHExV19OSE1ZakNESE5tcHNzRVRIR1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAVQiDAwQC
uVAIAwQCuecQMA0EAgACMAcDBQMqDDkAMA0GCSqGSIb3DQEBCwUAA4IBAQACkosu
39kOkwaP5sgoSXqCreUhu1FSS9UtXN7EaR5R9CVQ0pG888lmoJwfwSd+fg7EJms/
rDiRNhFV7w2wMcTwUKiqprxMrg3vQHBsK3I0MH4dqgNzULUqhp1DjzCVS5K72dzF
wqL+KYgPHKtD0QhWS48VqGTAhuAfODkM8U7ukOIs0YCqsanTMVq+AWe09u4o4ydv
Hxrv2fr5cGKi9WSh6ByMtdzlyMAh4rfkN5TyTWGWgf0A7YGeD4rKRTEy0I0gbQ+p
iQp6/kfRSW2z7Wwqt8X4tcunfYC3IaENTqtg/MoUE+EkZHEt+DWxy3LCA21gm7Ow
UjD6hwIU0fiYsEbd
-----END CERTIFICATE-----
Generated at Sat Nov 23 17:39:40 2024 by rpki-client on console-fra.rpki-client.org