Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/w8T3_akT9IJdLctwXlxxZBG86UU.roa
File:                     w8T3_akT9IJdLctwXlxxZBG86UU.roa (raw, json)
Hash identifier:          BfBBgNFO5oKbrSIigcL3DXErfXknm/GJnimSgETjG7I=
Subject key identifier:   C3:C4:F7:FD:A9:13:F4:82:5D:2D:CB:70:5E:5C:71:64:11:BC:E9:45
Certificate issuer:       /CN=6fa32e6581183f2c4897a7652333901f7f5bee73
Certificate serial:       018CC8DEF40D8700DB48E2AB696AEA781CCD
Authority key identifier: 6F:A3:2E:65:81:18:3F:2C:48:97:A7:65:23:33:90:1F:7F:5B:EE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6MuZYEYPyxIl6dlIzOQH39b7nM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/w8T3_akT9IJdLctwXlxxZBG86UU.roa
Signing time:             Tue 02 Jan 2024 06:31:43 +0000
ROA not before:           Tue 02 Jan 2024 06:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211488
IP address blocks:        185.218.107.0/24 maxlen: 24
                          2a10:d1c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/b6MuZYEYPyxIl6dlIzOQH39b7nM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/b6MuZYEYPyxIl6dlIzOQH39b7nM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6MuZYEYPyxIl6dlIzOQH39b7nM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f4:0d:87:00:db:48:e2:ab:69:6a:ea:78:1c:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa32e6581183f2c4897a7652333901f7f5bee73
        Validity
            Not Before: Jan  2 06:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3c4f7fda913f4825d2dcb705e5c716411bce945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:6e:8b:33:12:d7:e8:3b:a7:bd:2e:7a:7d:8c:
                    5f:78:35:24:67:d1:58:56:ef:29:eb:59:16:1d:aa:
                    95:fc:61:ad:55:27:47:ff:c9:76:61:3d:df:1c:5a:
                    ad:93:68:cf:54:ec:d3:06:12:3f:2e:12:8c:82:ff:
                    2d:da:b8:c6:89:63:0e:f5:73:ed:9c:74:3b:ad:75:
                    db:21:1e:34:87:4a:02:2c:78:7c:de:e0:cd:38:38:
                    2f:77:01:d4:a9:f0:39:ed:08:6b:fa:d8:a0:cb:ef:
                    a8:89:e3:29:12:16:7f:71:26:91:da:6c:7c:39:71:
                    0c:0f:a5:b2:ab:51:ca:c2:ce:37:fd:d7:f0:5d:1f:
                    f8:ea:a4:d0:fc:29:e4:f3:59:0d:91:3c:53:78:16:
                    1b:28:c0:76:57:13:4a:0f:44:da:cd:a3:3a:57:09:
                    06:7b:11:d3:1e:7d:96:ae:d4:bb:66:0f:89:b3:89:
                    74:43:09:25:97:2c:71:46:dd:ad:6e:19:fb:42:03:
                    6f:58:54:01:ab:24:80:30:f5:76:d7:08:de:4e:da:
                    36:00:05:e3:60:10:bb:f4:44:f2:e0:36:25:0a:27:
                    80:bd:0d:34:f4:6b:c0:99:79:dc:88:fe:90:1c:76:
                    96:c9:2a:f2:14:3a:8a:57:04:38:8e:bd:2f:42:0f:
                    e6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C4:F7:FD:A9:13:F4:82:5D:2D:CB:70:5E:5C:71:64:11:BC:E9:45
            X509v3 Authority Key Identifier:
                keyid:6F:A3:2E:65:81:18:3F:2C:48:97:A7:65:23:33:90:1F:7F:5B:EE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6MuZYEYPyxIl6dlIzOQH39b7nM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/w8T3_akT9IJdLctwXlxxZBG86UU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/b6MuZYEYPyxIl6dlIzOQH39b7nM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.107.0/24
                IPv6:
                  2a10:d1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:1f:5b:0d:ac:c3:fa:b0:85:f7:66:7f:a3:8a:27:e4:47:ca:
         6b:d9:3a:20:1f:a3:2b:58:56:fe:9d:ed:4c:61:de:b9:1d:bb:
         5f:aa:9c:82:ed:98:f7:38:c6:fe:16:93:43:e1:79:47:be:25:
         6e:b5:3e:18:70:8e:d0:fb:b1:e4:04:af:2b:0c:02:03:fd:32:
         a7:46:42:da:03:6d:df:6e:16:94:a0:b3:85:f2:15:ae:41:c3:
         1e:96:55:d6:61:16:f0:7c:82:13:cc:20:2a:0c:60:32:01:7b:
         3a:e1:be:af:4d:db:00:b9:1e:dc:49:65:13:a5:db:ba:a3:03:
         97:58:fe:ae:1d:e8:15:c2:c0:95:68:89:1d:8f:ef:fd:4c:28:
         ee:58:a3:1d:81:9c:6b:03:c8:ca:36:bc:cf:5c:48:bf:fd:c6:
         27:f9:6e:99:57:54:94:a6:0d:1c:76:e8:3a:af:be:20:9a:b5:
         65:43:e1:ed:ae:97:77:94:34:95:fe:c1:38:63:cc:ed:44:ae:
         eb:cb:92:f7:6c:06:ff:d8:96:e7:c2:3b:2e:58:65:11:d5:29:
         c3:76:d4:ce:c7:a3:02:af:07:02:8b:77:ef:95:0c:c5:a8:18:
         06:5f:11:3b:61:a0:ab:16:63:dd:b0:14:ac:cb:ea:87:f2:88:
         3c:a2:b3:11
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3vQNhwDbSOKraWrqeBzNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTMyZTY1ODExODNmMmM0ODk3YTc2NTIzMzM5MDFmN2Y1
YmVlNzMwHhcNMjQwMTAyMDYzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2M0ZjdmZGE5MTNmNDgyNWQyZGNiNzA1ZTVjNzE2NDExYmNlOTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgG6LMxLX6DunvS56fYxfeDUkZ9FY
Vu8p61kWHaqV/GGtVSdH/8l2YT3fHFqtk2jPVOzTBhI/LhKMgv8t2rjGiWMO9XPt
nHQ7rXXbIR40h0oCLHh83uDNODgvdwHUqfA57Qhr+tigy++oieMpEhZ/cSaR2mx8
OXEMD6Wyq1HKws43/dfwXR/46qTQ/Cnk81kNkTxTeBYbKMB2VxNKD0TazaM6VwkG
exHTHn2WrtS7Zg+Js4l0QwkllyxxRt2tbhn7QgNvWFQBqySAMPV21wjeTto2AAXj
YBC79ETy4DYlCieAvQ009GvAmXnciP6QHHaWySryFDqKVwQ4jr0vQg/mRwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMPE9/2pE/SCXS3LcF5ccWQRvOlFMB8GA1UdIwQY
MBaAFG+jLmWBGD8sSJenZSMzkB9/W+5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZNdVpZRVlQeXhJbDZkbEl6T1FIMzliN25NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi84NWNhOGUtZDc0Yi00YzA1LTgxYjYt
NzcwZjA1NzJjMGU3LzEvdzhUM19ha1Q5SUpkTGN0d1hseHhaQkc4NlVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi84NWNhOGUtZDc0Yi00YzA1LTgxYjYtNzcwZjA1NzJjMGU3
LzEvYjZNdVpZRVlQeXhJbDZkbEl6T1FIMzliN25NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudprMA0E
AgACMAcDBQAqENHAMA0GCSqGSIb3DQEBCwUAA4IBAQBMH1sNrMP6sIX3Zn+jiifk
R8pr2TogH6MrWFb+ne1MYd65HbtfqpyC7Zj3OMb+FpND4XlHviVutT4YcI7Q+7Hk
BK8rDAID/TKnRkLaA23fbhaUoLOF8hWuQcMellXWYRbwfIITzCAqDGAyAXs64b6v
TdsAuR7cSWUTpdu6owOXWP6uHegVwsCVaIkdj+/9TCjuWKMdgZxrA8jKNrzPXEi/
/cYn+W6ZV1SUpg0cdug6r74gmrVlQ+Htrpd3lDSV/sE4Y8ztRK7ry5L3bAb/2Jbn
wjsuWGUR1SnDdtTOx6MCrwcCi3fvlQzFqBgGXxE7YaCrFmPdsBSsy+qH8og8orMR
-----END CERTIFICATE-----
Generated at Sat Nov 23 14:54:48 2024 by rpki-client on console-ams.rpki-client.org