Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/FXTXwcoQ-Md17dfa5PWqXBuFILs.roa
File:                     FXTXwcoQ-Md17dfa5PWqXBuFILs.roa (raw, json)
Hash identifier:          t9CkFLdGXdNdUifk8k1JFfZtYvbAdu7nB3VJYcygwmo=
Subject key identifier:   15:74:D7:C1:CA:10:F8:C7:75:ED:D7:DA:E4:F5:AA:5C:1B:85:20:BB
Certificate issuer:       /CN=7976d7d0bbcc08516523d5df24e6882b72ca5693
Certificate serial:       018CC4249110ADCFB0CF70B477D80922B81A
Authority key identifier: 79:76:D7:D0:BB:CC:08:51:65:23:D5:DF:24:E6:88:2B:72:CA:56:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXbX0LvMCFFlI9XfJOaIK3LKVpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/FXTXwcoQ-Md17dfa5PWqXBuFILs.roa
Signing time:             Mon 01 Jan 2024 08:29:39 +0000
ROA not before:           Mon 01 Jan 2024 08:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57567
IP address blocks:        185.86.44.0/24 maxlen: 24
                          185.86.44.0/23 maxlen: 23
                          185.86.47.0/24 maxlen: 24
                          185.86.46.0/24 maxlen: 24
                          185.86.46.0/23 maxlen: 23
                          185.86.45.0/24 maxlen: 24
                          103.39.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/eXbX0LvMCFFlI9XfJOaIK3LKVpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/eXbX0LvMCFFlI9XfJOaIK3LKVpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXbX0LvMCFFlI9XfJOaIK3LKVpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:91:10:ad:cf:b0:cf:70:b4:77:d8:09:22:b8:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7976d7d0bbcc08516523d5df24e6882b72ca5693
        Validity
            Not Before: Jan  1 08:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1574d7c1ca10f8c775edd7dae4f5aa5c1b8520bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c2:38:89:fe:f5:5e:f6:fa:27:9c:76:3b:d9:
                    ec:b1:b1:bd:2d:b1:21:86:8a:a6:1a:05:0b:ba:6f:
                    20:fb:32:b6:04:60:49:df:3e:0f:d9:0b:44:66:da:
                    1e:95:a9:fb:38:7a:8a:84:3e:79:a0:a6:33:61:be:
                    d9:af:0c:6a:3d:78:d6:00:67:eb:9f:e6:8d:63:7a:
                    ea:70:63:87:53:0c:11:91:a1:57:23:68:a4:ea:ee:
                    4c:26:d6:fc:3b:2b:31:81:fa:ae:93:a2:8f:07:69:
                    12:15:32:59:53:8a:08:22:79:46:f7:6c:40:cb:cf:
                    63:a9:2a:c5:18:0b:c1:2a:34:3f:98:30:2a:fe:4a:
                    90:18:bf:d6:fa:b5:3d:09:b0:97:0c:97:8d:31:5d:
                    3d:30:97:77:ed:f9:d7:9d:7e:f0:82:86:44:9b:70:
                    3d:49:c0:45:c2:75:47:f7:0c:5b:06:c6:f2:67:7e:
                    21:42:07:ce:58:2e:ed:56:ee:1b:c7:43:e5:0a:1d:
                    44:20:91:75:bb:45:31:a3:a8:6b:7d:fc:db:93:ed:
                    aa:4c:a7:0c:77:d0:85:48:88:ee:1c:ff:51:a0:9e:
                    40:09:fc:e6:1c:e2:ce:f5:dd:ec:ae:93:41:b1:da:
                    ae:70:72:5d:26:94:48:c9:d6:ad:46:59:46:aa:71:
                    18:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:74:D7:C1:CA:10:F8:C7:75:ED:D7:DA:E4:F5:AA:5C:1B:85:20:BB
            X509v3 Authority Key Identifier:
                keyid:79:76:D7:D0:BB:CC:08:51:65:23:D5:DF:24:E6:88:2B:72:CA:56:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXbX0LvMCFFlI9XfJOaIK3LKVpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/FXTXwcoQ-Md17dfa5PWqXBuFILs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/eXbX0LvMCFFlI9XfJOaIK3LKVpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.39.41.0/24
                  185.86.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:57:47:74:63:2c:f3:97:68:eb:86:b3:69:5f:7f:fa:79:a1:
         5c:0d:b0:6d:4c:d3:65:e5:2c:92:be:2b:9b:d2:81:aa:26:b4:
         b1:73:00:fc:69:01:74:00:d9:10:90:16:d9:57:79:df:e6:c2:
         88:f6:8d:78:49:37:c4:4e:c2:5a:05:4b:a2:86:bd:e6:3f:0f:
         80:bd:5b:cd:ac:b7:d7:78:6f:9f:66:9e:19:11:6b:50:93:5f:
         ba:19:f6:65:52:1b:62:d5:de:0b:36:13:77:2f:8c:f1:3c:d8:
         8b:dd:48:a6:36:92:5a:1a:20:95:07:5c:1e:07:18:a0:d7:e9:
         14:43:fd:f8:5d:ef:2b:f1:1e:55:e5:0d:ad:8d:05:5b:41:8e:
         89:ef:b1:99:54:29:16:ee:2f:94:c4:49:20:be:3e:37:49:6c:
         ca:38:f4:e1:08:13:36:82:89:03:18:30:2c:a6:35:b3:33:fe:
         9d:3c:a9:8d:52:39:15:ca:8b:48:c6:68:09:8e:95:ce:20:30:
         01:88:81:f1:66:b1:ba:40:37:6c:14:79:14:d4:ec:8c:14:45:
         b5:95:0b:7b:a1:b5:cc:36:5e:3d:ba:c3:d9:10:cc:30:29:6b:
         41:2e:69:40:13:f3:2d:78:dc:0b:40:4a:b7:e7:d0:bc:6d:02:
         fc:a6:8e:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJJEQrc+wz3C0d9gJIrgaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NzZkN2QwYmJjYzA4NTE2NTIzZDVkZjI0ZTY4ODJiNzJj
YTU2OTMwHhcNMjQwMTAxMDgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc0ZDdjMWNhMTBmOGM3NzVlZGQ3ZGFlNGY1YWE1YzFiODUyMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMI4if71Xvb6J5x2O9nssbG9LbEh
hoqmGgULum8g+zK2BGBJ3z4P2QtEZtoelan7OHqKhD55oKYzYb7ZrwxqPXjWAGfr
n+aNY3rqcGOHUwwRkaFXI2ik6u5MJtb8Oysxgfquk6KPB2kSFTJZU4oIInlG92xA
y89jqSrFGAvBKjQ/mDAq/kqQGL/W+rU9CbCXDJeNMV09MJd37fnXnX7wgoZEm3A9
ScBFwnVH9wxbBsbyZ34hQgfOWC7tVu4bx0PlCh1EIJF1u0Uxo6hrffzbk+2qTKcM
d9CFSIjuHP9RoJ5ACfzmHOLO9d3srpNBsdqucHJdJpRIydatRllGqnEYhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBV018HKEPjHde3X2uT1qlwbhSC7MB8GA1UdIwQY
MBaAFHl219C7zAhRZSPV3yTmiCtyylaTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhiWDBMdk1DRkZsSTlYZkpPYUlLM0xLVnBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kZDY5NDMtNmZjZS00MzA5LTg3MTMt
ODU0MTgyY2IwNmE2LzEvRlhUWHdjb1EtTWQxN2RmYTVQV3FYQnVGSUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kZDY5NDMtNmZjZS00MzA5LTg3MTMtODU0MTgyY2IwNmE2
LzEvZVhiWDBMdk1DRkZsSTlYZkpPYUlLM0xLVnBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZycpAwQC
uVYsMA0GCSqGSIb3DQEBCwUAA4IBAQCVV0d0Yyzzl2jrhrNpX3/6eaFcDbBtTNNl
5SySviub0oGqJrSxcwD8aQF0ANkQkBbZV3nf5sKI9o14STfETsJaBUuihr3mPw+A
vVvNrLfXeG+fZp4ZEWtQk1+6GfZlUhti1d4LNhN3L4zxPNiL3UimNpJaGiCVB1we
Bxig1+kUQ/34Xe8r8R5V5Q2tjQVbQY6J77GZVCkW7i+UxEkgvj43SWzKOPThCBM2
gokDGDAspjWzM/6dPKmNUjkVyotIxmgJjpXOIDABiIHxZrG6QDdsFHkU1OyMFEW1
lQt7obXMNl49usPZEMwwKWtBLmlAE/MteNwLQEq359C8bQL8po61
-----END CERTIFICATE-----
Generated at Sat Nov 23 16:19:58 2024 by rpki-client on console-fra.rpki-client.org