Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/8_Q3urb3_vINrZzt_yStB1q0wYg.roa
File:                     8_Q3urb3_vINrZzt_yStB1q0wYg.roa (raw, json)
Hash identifier:          oYQze0O+6GrQMlGiV0wFPpnrcz3bRioguzvpSyv7sTg=
Subject key identifier:   F3:F4:37:BA:B6:F7:FE:F2:0D:AD:9C:ED:FF:24:AD:07:5A:B4:C1:88
Certificate issuer:       /CN=fc35877cc038bffdb97bb3d6ea216ab52b3a0582
Certificate serial:       018CC348C8BA332735A026FCB08D25E49077
Authority key identifier: FC:35:87:7C:C0:38:BF:FD:B9:7B:B3:D6:EA:21:6A:B5:2B:3A:05:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_DWHfMA4v_25e7PW6iFqtSs6BYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/8_Q3urb3_vINrZzt_yStB1q0wYg.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        185.42.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/_DWHfMA4v_25e7PW6iFqtSs6BYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/_DWHfMA4v_25e7PW6iFqtSs6BYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_DWHfMA4v_25e7PW6iFqtSs6BYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c8:ba:33:27:35:a0:26:fc:b0:8d:25:e4:90:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc35877cc038bffdb97bb3d6ea216ab52b3a0582
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3f437bab6f7fef20dad9cedff24ad075ab4c188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:67:50:c3:8c:ff:7b:16:c4:f5:93:9b:e7:4f:
                    83:1a:d0:3a:0b:29:c5:5f:ec:96:23:da:ca:85:f0:
                    f4:65:df:02:05:47:e8:e8:64:0f:5b:5f:9a:c0:17:
                    54:3e:d9:b5:ef:70:b6:78:83:a2:24:bc:42:bc:f7:
                    fd:c7:2d:56:38:91:75:88:5b:a0:7d:68:07:77:2b:
                    ea:65:1c:8b:e1:60:a4:34:79:31:2d:9f:ae:f2:2e:
                    ef:63:b5:2d:0c:84:72:6b:6b:55:2b:66:60:32:e9:
                    7b:09:74:e4:1a:b0:0f:64:3f:d7:b2:50:10:6e:cb:
                    69:ba:f8:c0:f8:e2:ab:bb:38:ad:a4:b0:da:a8:8e:
                    0e:98:66:3d:43:95:76:82:dd:94:10:65:7e:5e:b9:
                    4c:70:09:17:dd:ad:6b:38:9d:36:e3:8e:fb:f7:bf:
                    88:d8:7f:55:cd:dd:6e:45:b1:cf:2d:c7:3c:ab:34:
                    47:93:18:3d:84:cd:00:a7:c8:97:7a:48:f8:7a:d9:
                    60:17:94:9c:d7:af:18:4b:b1:5a:c4:10:86:7e:3d:
                    1f:4b:09:d9:6b:37:d6:e4:65:16:3c:81:b5:aa:b8:
                    7f:07:dc:8d:83:81:61:97:50:99:1b:e6:4f:b2:b1:
                    a1:a7:e0:ce:2b:9d:90:81:c2:45:26:11:18:2b:0a:
                    d1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F4:37:BA:B6:F7:FE:F2:0D:AD:9C:ED:FF:24:AD:07:5A:B4:C1:88
            X509v3 Authority Key Identifier:
                keyid:FC:35:87:7C:C0:38:BF:FD:B9:7B:B3:D6:EA:21:6A:B5:2B:3A:05:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_DWHfMA4v_25e7PW6iFqtSs6BYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/8_Q3urb3_vINrZzt_yStB1q0wYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/_DWHfMA4v_25e7PW6iFqtSs6BYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:e3:a9:e1:e6:1d:54:43:22:22:ca:73:da:f8:56:e6:0c:0d:
         f5:3b:b1:6b:56:69:15:39:fa:90:72:63:e6:68:97:aa:90:23:
         18:2f:10:b9:dc:de:12:08:93:7b:16:3a:ae:ff:cb:63:9a:dc:
         44:95:79:7b:3a:06:84:9a:a8:6a:77:35:c9:25:b0:f4:ef:7b:
         00:28:a6:ad:e6:47:f5:03:6d:b7:d8:df:59:ae:24:db:96:21:
         72:e0:11:3d:3c:ac:34:29:05:22:d2:37:a0:51:60:1a:b6:8f:
         10:2f:c9:b0:6e:eb:64:94:0a:d8:0f:5c:40:45:20:d9:e2:25:
         13:95:48:89:06:40:54:42:ae:8e:c6:76:2f:0a:ca:4c:a4:48:
         39:81:d7:25:42:f3:e4:93:02:92:cf:f7:be:43:c6:6e:a3:0b:
         e1:94:e4:b4:8f:88:0e:fd:a9:62:90:72:91:4a:42:63:e6:41:
         2a:4c:3c:5d:87:d7:88:ba:cf:8a:8e:e5:d4:72:31:17:af:64:
         2c:a4:2c:bf:a2:4e:8b:c7:64:23:60:52:cb:9f:65:47:6b:1f:
         96:85:9a:9c:8e:1c:b5:ee:fe:b4:24:85:df:bd:4b:65:95:db:
         f3:79:af:0f:68:e2:aa:e0:c1:ef:07:f5:73:93:48:7d:6d:25:
         b6:9d:21:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMi6Myc1oCb8sI0l5JB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMzU4NzdjYzAzOGJmZmRiOTdiYjNkNmVhMjE2YWI1MmIz
YTA1ODIwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2Y0MzdiYWI2ZjdmZWYyMGRhZDljZWRmZjI0YWQwNzVhYjRjMTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGdQw4z/exbE9ZOb50+DGtA6CynF
X+yWI9rKhfD0Zd8CBUfo6GQPW1+awBdUPtm173C2eIOiJLxCvPf9xy1WOJF1iFug
fWgHdyvqZRyL4WCkNHkxLZ+u8i7vY7UtDIRya2tVK2ZgMul7CXTkGrAPZD/XslAQ
bstpuvjA+OKruzitpLDaqI4OmGY9Q5V2gt2UEGV+XrlMcAkX3a1rOJ02447797+I
2H9Vzd1uRbHPLcc8qzRHkxg9hM0Ap8iXekj4etlgF5Sc168YS7FaxBCGfj0fSwnZ
azfW5GUWPIG1qrh/B9yNg4Fhl1CZG+ZPsrGhp+DOK52QgcJFJhEYKwrRuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPP0N7q29/7yDa2c7f8krQdatMGIMB8GA1UdIwQY
MBaAFPw1h3zAOL/9uXuz1uoharUrOgWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0RXSGZNQTR2XzI1ZTdQVzZpRnF0U3M2QllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lODA3MmEtNjAxNy00ZWQ1LWJlZTMt
OGU2NWIzNDdmMjE4LzEvOF9RM3VyYjNfdklOclp6dF95U3RCMXEwd1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lODA3MmEtNjAxNy00ZWQ1LWJlZTMtOGU2NWIzNDdmMjE4
LzEvX0RXSGZNQTR2XzI1ZTdQVzZpRnF0U3M2QllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSo7MA0G
CSqGSIb3DQEBCwUAA4IBAQAD46nh5h1UQyIiynPa+FbmDA31O7FrVmkVOfqQcmPm
aJeqkCMYLxC53N4SCJN7Fjqu/8tjmtxElXl7OgaEmqhqdzXJJbD073sAKKat5kf1
A2232N9ZriTbliFy4BE9PKw0KQUi0jegUWAato8QL8mwbutklArYD1xARSDZ4iUT
lUiJBkBUQq6OxnYvCspMpEg5gdclQvPkkwKSz/e+Q8ZuowvhlOS0j4gO/alikHKR
SkJj5kEqTDxdh9eIus+KjuXUcjEXr2QspCy/ok6Lx2QjYFLLn2VHax+WhZqcjhy1
7v60JIXfvUtlldvzea8PaOKq4MHvB/Vzk0h9bSW2nSGy
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:43:53 2024 by rpki-client on console-fra.rpki-client.org