Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/3b14DR1J9u8tpc8Fn7bytJ5P0_M.roa
File:                     3b14DR1J9u8tpc8Fn7bytJ5P0_M.roa (raw, json)
Hash identifier:          h5hPwqu0mfSalpodW6J/oz+2ZrLRL5DP0X5TxMWOzck=
Subject key identifier:   DD:BD:78:0D:1D:49:F6:EF:2D:A5:CF:05:9F:B6:F2:B4:9E:4F:D3:F3
Certificate issuer:       /CN=0a0214a1bf1d3afd2dd66b23a9973106b5d316ca
Certificate serial:       018CC4255457CE6C1240B3A68A66001AB23D
Authority key identifier: 0A:02:14:A1:BF:1D:3A:FD:2D:D6:6B:23:A9:97:31:06:B5:D3:16:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CgIUob8dOv0t1msjqZcxBrXTFso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/3b14DR1J9u8tpc8Fn7bytJ5P0_M.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60601
IP address blocks:        185.11.216.0/24 maxlen: 24
                          2a03:69c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/CgIUob8dOv0t1msjqZcxBrXTFso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/CgIUob8dOv0t1msjqZcxBrXTFso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CgIUob8dOv0t1msjqZcxBrXTFso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:54:57:ce:6c:12:40:b3:a6:8a:66:00:1a:b2:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a0214a1bf1d3afd2dd66b23a9973106b5d316ca
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddbd780d1d49f6ef2da5cf059fb6f2b49e4fd3f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d3:1c:2b:b8:eb:19:73:42:a0:07:5a:5d:d4:
                    c8:07:a1:8d:39:59:8a:cf:35:b8:a1:02:d2:6c:1f:
                    41:24:c1:ee:75:a8:73:ba:43:ff:51:31:86:38:5c:
                    63:19:f8:fb:03:a1:45:d2:db:bb:05:41:41:0b:a4:
                    40:3a:44:92:39:80:bf:56:07:cc:03:87:cd:d0:41:
                    22:83:f1:7d:d3:17:5b:84:47:50:21:8a:2d:34:f1:
                    e5:57:29:b2:32:15:b7:75:75:f5:28:f6:94:ec:00:
                    78:ed:90:3b:91:f0:fe:b8:0c:70:99:2b:9c:99:78:
                    5f:ef:86:f8:2f:e5:4e:f8:57:f9:1b:45:64:54:7c:
                    2d:7c:82:45:cf:8c:96:72:cb:9f:9e:ae:fa:25:aa:
                    8f:09:73:0f:7b:98:ad:5c:2e:e9:4d:90:62:08:97:
                    f7:0e:65:ad:96:a4:c8:46:49:de:fc:6c:8c:cd:7b:
                    0f:eb:75:5f:c2:0c:03:86:3f:6f:0a:71:c0:90:e2:
                    19:d3:df:57:e0:4f:a3:07:55:f0:fa:f5:f6:73:d7:
                    16:41:54:e2:09:02:51:ff:1e:51:6b:cf:df:d1:3c:
                    cd:e8:6d:79:d9:e8:ef:26:a4:1a:67:04:14:69:10:
                    78:46:56:03:05:9d:88:9c:77:e8:7a:ba:dc:19:79:
                    d0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:BD:78:0D:1D:49:F6:EF:2D:A5:CF:05:9F:B6:F2:B4:9E:4F:D3:F3
            X509v3 Authority Key Identifier:
                keyid:0A:02:14:A1:BF:1D:3A:FD:2D:D6:6B:23:A9:97:31:06:B5:D3:16:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CgIUob8dOv0t1msjqZcxBrXTFso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/3b14DR1J9u8tpc8Fn7bytJ5P0_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/04ecc0-663c-460e-920d-332ee5425c7a/1/CgIUob8dOv0t1msjqZcxBrXTFso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.216.0/24
                IPv6:
                  2a03:69c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:eb:7d:12:89:45:f5:86:50:51:2a:62:9d:5a:21:ff:25:d3:
         ff:d0:71:2e:dc:56:95:3f:5b:e0:90:1f:34:95:ca:63:cf:67:
         f8:bc:7e:4f:39:86:b4:0e:1f:72:bf:44:60:4d:af:8d:3f:3e:
         02:23:ea:04:f2:55:9e:43:4c:46:a3:66:02:c9:31:c6:e0:c9:
         df:dc:a4:da:5b:e8:98:89:89:40:80:95:59:87:ff:93:74:a4:
         56:97:f1:b2:bf:d5:90:48:51:b2:45:2e:b0:a4:94:c5:d0:95:
         22:4d:2d:4a:36:ae:74:5d:2c:b3:e8:3d:ad:12:7c:d3:38:b5:
         5c:11:20:04:ba:ed:15:2f:28:66:31:b2:5d:74:05:57:ae:01:
         3d:27:e5:b3:2b:f1:49:02:01:f5:4e:23:89:21:e3:40:42:8e:
         96:cc:b2:78:16:6e:75:6e:47:9a:8a:b6:6c:70:95:7e:ca:59:
         46:0d:8b:d3:52:d7:2f:ac:95:1b:6b:73:ca:43:4e:1b:ef:0b:
         71:45:ba:d2:bb:ab:0d:9f:2b:ca:a2:11:0f:a1:5d:d3:11:3d:
         91:64:c9:85:81:29:37:e3:c7:bf:9d:e6:34:c5:23:db:85:3e:
         d1:1e:69:dd:3d:87:7c:68:b0:c2:1a:74:95:4e:e6:60:bf:d1:
         bb:5a:4b:07
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJVRXzmwSQLOmimYAGrI9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMDIxNGExYmYxZDNhZmQyZGQ2NmIyM2E5OTczMTA2YjVk
MzE2Y2EwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGJkNzgwZDFkNDlmNmVmMmRhNWNmMDU5ZmI2ZjJiNDllNGZkM2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NMcK7jrGXNCoAdaXdTIB6GNOVmK
zzW4oQLSbB9BJMHudahzukP/UTGGOFxjGfj7A6FF0tu7BUFBC6RAOkSSOYC/VgfM
A4fN0EEig/F90xdbhEdQIYotNPHlVymyMhW3dXX1KPaU7AB47ZA7kfD+uAxwmSuc
mXhf74b4L+VO+Ff5G0VkVHwtfIJFz4yWcsufnq76JaqPCXMPe5itXC7pTZBiCJf3
DmWtlqTIRkne/GyMzXsP63VfwgwDhj9vCnHAkOIZ099X4E+jB1Xw+vX2c9cWQVTi
CQJR/x5Ra8/f0TzN6G152ejvJqQaZwQUaRB4RlYDBZ2InHfoerrcGXnQXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN29eA0dSfbvLaXPBZ+28rSeT9PzMB8GA1UdIwQY
MBaAFAoCFKG/HTr9LdZrI6mXMQa10xbKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2dJVW9iOGRPdjB0MW1zanFaY3hCclhURnNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8wNGVjYzAtNjYzYy00NjBlLTkyMGQt
MzMyZWU1NDI1YzdhLzEvM2IxNERSMUo5dTh0cGM4Rm43Ynl0SjVQMF9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8wNGVjYzAtNjYzYy00NjBlLTkyMGQtMzMyZWU1NDI1Yzdh
LzEvQ2dJVW9iOGRPdjB0MW1zanFaY3hCclhURnNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQvYMA8E
AgACMAkDBwAqA2nAAAAwDQYJKoZIhvcNAQELBQADggEBAAfrfRKJRfWGUFEqYp1a
If8l0//QcS7cVpU/W+CQHzSVymPPZ/i8fk85hrQOH3K/RGBNr40/PgIj6gTyVZ5D
TEajZgLJMcbgyd/cpNpb6JiJiUCAlVmH/5N0pFaX8bK/1ZBIUbJFLrCklMXQlSJN
LUo2rnRdLLPoPa0SfNM4tVwRIAS67RUvKGYxsl10BVeuAT0n5bMr8UkCAfVOI4kh
40BCjpbMsngWbnVuR5qKtmxwlX7KWUYNi9NS1y+slRtrc8pDThvvC3FFutK7qw2f
K8qiEQ+hXdMRPZFkyYWBKTfjx7+d5jTFI9uFPtEead09h3xosMIadJVO5mC/0bta
Swc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:58:18 2024 by rpki-client on console-ams.rpki-client.org