Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/0QDRaJbpTIb-C4KaPbRku14K_T0.roa
File:                     0QDRaJbpTIb-C4KaPbRku14K_T0.roa (raw, json)
Hash identifier:          f1UMut3ZjkM7CLPyqsOW1jU1P7SrXCbM0X2h5tOnpp0=
Subject key identifier:   D1:00:D1:68:96:E9:4C:86:FE:0B:82:9A:3D:B4:64:BB:5E:0A:FD:3D
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC42460F6BEB47CB911159C724A61E305
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/0QDRaJbpTIb-C4KaPbRku14K_T0.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59538
IP address blocks:        185.0.34.0/24 maxlen: 24
                          2a0f:7800::/31 maxlen: 48
                          2a0f:7800:600::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:60:f6:be:b4:7c:b9:11:15:9c:72:4a:61:e3:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d100d16896e94c86fe0b829a3db464bb5e0afd3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a3:68:c7:e0:45:54:7f:ff:f8:80:be:47:47:
                    0a:d3:04:29:04:02:f9:07:83:9c:a9:09:02:76:7f:
                    84:1c:c0:8b:ce:50:ff:f2:64:da:2d:3a:af:50:a1:
                    0e:39:c3:14:0b:c2:5d:e1:5b:90:12:2f:3c:0a:b5:
                    fb:16:03:de:eb:6a:92:5a:f7:0d:56:83:1c:42:7e:
                    0e:dd:a7:54:54:c5:f9:e5:de:39:fe:cc:0e:bf:15:
                    ad:3b:be:ff:17:18:a3:6b:18:1c:2e:8d:c4:ab:6b:
                    5e:32:e7:f3:e5:97:ac:a5:dc:0d:63:46:42:5b:3c:
                    f1:b7:85:df:2f:78:c1:8b:3e:a3:14:85:14:ed:fb:
                    bc:fc:2e:32:2e:62:7f:69:9b:44:b3:e9:d7:7b:d7:
                    6f:4d:da:ae:e2:fa:77:07:52:23:9f:8e:6f:8a:99:
                    46:90:7b:e3:fd:63:70:ed:b5:1f:8e:93:f7:1e:e9:
                    db:e7:2f:d7:0a:75:d5:36:b6:f1:13:e1:b1:6a:1b:
                    03:3c:bd:72:f3:14:7f:86:b1:3b:42:4a:ef:17:86:
                    ab:8d:67:90:ba:13:8f:0b:bd:8d:3b:49:49:91:5c:
                    27:34:69:07:12:f4:93:e0:47:35:53:45:47:71:cb:
                    9a:f7:f8:e4:e7:b1:5d:84:9d:f6:82:6b:b8:1e:ec:
                    90:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:00:D1:68:96:E9:4C:86:FE:0B:82:9A:3D:B4:64:BB:5E:0A:FD:3D
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/0QDRaJbpTIb-C4KaPbRku14K_T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.0.34.0/24
                IPv6:
                  2a0f:7800::/31

    Signature Algorithm: sha256WithRSAEncryption
         3a:85:1a:1f:7d:1e:e3:e3:9d:19:d2:01:3d:a8:96:b4:17:02:
         23:50:92:2b:7e:00:d7:09:03:19:22:5e:33:57:fc:f2:e1:81:
         bf:94:08:ae:1d:ca:51:60:f4:ec:e5:7c:f9:a2:b1:70:83:1c:
         e1:c4:78:bc:70:84:28:3b:15:f1:61:37:be:c8:5c:cb:b2:de:
         27:71:36:38:d8:b5:5b:4e:a4:ed:80:70:41:50:44:70:d1:47:
         8c:6d:c1:57:1d:bf:d1:33:99:05:3b:9c:19:cd:a2:a4:02:02:
         32:98:4e:9f:ed:ea:b6:8d:25:08:d0:4a:00:fc:f2:5f:3d:7d:
         e4:8d:ac:26:51:cf:1a:a8:5c:34:bd:39:45:d0:8e:a2:38:63:
         a6:69:49:52:ca:f4:ab:80:82:5c:5f:ac:06:cc:07:22:ca:94:
         e5:c9:e2:54:89:0f:c9:14:ea:25:91:82:d5:2e:3e:12:37:ac:
         8c:42:f2:8a:3e:e3:de:59:6e:d3:19:24:19:ca:6b:6a:6d:0a:
         e2:de:01:80:d1:fb:ac:e2:8f:98:93:b2:6c:d6:5d:4d:15:6b:
         5b:c6:c1:f2:c4:af:be:ef:92:1d:bf:3c:55:92:7d:43:da:e9:
         f8:f6:4c:15:12:ea:27:85:9f:79:ef:fe:61:29:16:43:a1:c9:
         ef:ea:6a:30
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJGD2vrR8uREVnHJKYeMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTAwZDE2ODk2ZTk0Yzg2ZmUwYjgyOWEzZGI0NjRiYjVlMGFmZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKNox+BFVH//+IC+R0cK0wQpBAL5
B4OcqQkCdn+EHMCLzlD/8mTaLTqvUKEOOcMUC8Jd4VuQEi88CrX7FgPe62qSWvcN
VoMcQn4O3adUVMX55d45/swOvxWtO77/FxijaxgcLo3Eq2teMufz5ZespdwNY0ZC
Wzzxt4XfL3jBiz6jFIUU7fu8/C4yLmJ/aZtEs+nXe9dvTdqu4vp3B1Ijn45viplG
kHvj/WNw7bUfjpP3Hunb5y/XCnXVNrbxE+GxahsDPL1y8xR/hrE7QkrvF4arjWeQ
uhOPC72NO0lJkVwnNGkHEvST4Ec1U0VHccua9/jk57FdhJ32gmu4HuyQqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNEA0WiW6UyG/guCmj20ZLteCv09MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvMFFEUmFKYnBUSWItQzRLYVBiUmt1MTRLX1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuQAiMA0E
AgACMAcDBQEqD3gAMA0GCSqGSIb3DQEBCwUAA4IBAQA6hRoffR7j450Z0gE9qJa0
FwIjUJIrfgDXCQMZIl4zV/zy4YG/lAiuHcpRYPTs5Xz5orFwgxzhxHi8cIQoOxXx
YTe+yFzLst4ncTY42LVbTqTtgHBBUERw0UeMbcFXHb/RM5kFO5wZzaKkAgIymE6f
7eq2jSUI0EoA/PJfPX3kjawmUc8aqFw0vTlF0I6iOGOmaUlSyvSrgIJcX6wGzAci
ypTlyeJUiQ/JFOolkYLVLj4SN6yMQvKKPuPeWW7TGSQZymtqbQri3gGA0fus4o+Y
k7Js1l1NFWtbxsHyxK++75IdvzxVkn1D2un49kwVEuonhZ957/5hKRZDocnv6mow
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:23:51 2024 by rpki-client on console-ams.rpki-client.org