Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/4d7f6e-c6df-41d7-8ffd-5089b602bfc2/1/3a7T9zhtOn8QNa9yW0yke32cD4g.roa
File:                     3a7T9zhtOn8QNa9yW0yke32cD4g.roa (raw, json)
Hash identifier:          ThkIrtYIV99e0slpzRpAaq6sYuVHy94zueMMVSgVsFU=
Subject key identifier:   DD:AE:D3:F7:38:6D:3A:7F:10:35:AF:72:5B:4C:A4:7B:7D:9C:0F:88
Certificate issuer:       /CN=e98dc5e78258e426739bd88c2d4c200aadf3bf13
Certificate serial:       018CC5DD0112FF64A8491E93FE55EC116A6A
Authority key identifier: E9:8D:C5:E7:82:58:E4:26:73:9B:D8:8C:2D:4C:20:0A:AD:F3:BF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Y3F54JY5CZzm9iMLUwgCq3zvxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/4d7f6e-c6df-41d7-8ffd-5089b602bfc2/1/3a7T9zhtOn8QNa9yW0yke32cD4g.roa
Signing time:             Mon 01 Jan 2024 16:30:44 +0000
ROA not before:           Mon 01 Jan 2024 16:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.2.0/24 maxlen: 24
                          2001:7f8:81::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/4d7f6e-c6df-41d7-8ffd-5089b602bfc2/1/6Y3F54JY5CZzm9iMLUwgCq3zvxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/4d7f6e-c6df-41d7-8ffd-5089b602bfc2/1/6Y3F54JY5CZzm9iMLUwgCq3zvxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Y3F54JY5CZzm9iMLUwgCq3zvxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:01:12:ff:64:a8:49:1e:93:fe:55:ec:11:6a:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e98dc5e78258e426739bd88c2d4c200aadf3bf13
        Validity
            Not Before: Jan  1 16:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddaed3f7386d3a7f1035af725b4ca47b7d9c0f88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:2d:1e:bb:bc:92:20:31:dd:66:09:de:a5:bb:
                    40:ad:23:61:c3:fc:38:93:9d:53:55:db:df:88:ed:
                    0b:af:a1:67:d8:e0:02:1d:43:63:55:3a:37:bd:27:
                    82:88:56:1a:f2:1b:a9:ed:dd:20:a6:d8:40:30:2e:
                    00:cc:a2:f8:4b:97:9d:0d:db:4f:b8:91:a4:68:64:
                    65:22:22:e7:bf:17:8a:db:12:76:2e:06:ab:bf:c0:
                    3c:c4:e0:c1:34:28:7f:5e:ea:3c:16:8f:a5:b9:27:
                    4c:ef:4d:9e:a9:04:27:20:bb:ce:2b:7a:5c:5a:81:
                    53:51:94:e4:a7:7d:2f:ca:52:de:14:e4:14:e8:e8:
                    6d:ff:45:d2:17:dc:19:a1:c6:72:3a:d6:40:9c:35:
                    95:54:4e:1b:a1:fa:28:1c:5d:db:d3:cc:4f:0a:9c:
                    23:0c:51:81:ce:ab:43:c4:9a:33:6b:d3:ce:1b:22:
                    81:56:fa:cb:17:89:f7:4e:37:d6:af:99:d9:0b:d6:
                    15:7d:ae:1e:de:74:b7:be:83:99:f5:d7:86:4b:88:
                    19:42:20:3f:05:d0:ee:92:5a:92:be:97:c7:bf:fd:
                    20:ca:85:be:31:b5:1a:9d:72:6a:cc:b4:63:5d:71:
                    45:0c:c8:22:62:25:66:d8:10:9f:f0:7b:4d:a7:30:
                    80:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:AE:D3:F7:38:6D:3A:7F:10:35:AF:72:5B:4C:A4:7B:7D:9C:0F:88
            X509v3 Authority Key Identifier:
                keyid:E9:8D:C5:E7:82:58:E4:26:73:9B:D8:8C:2D:4C:20:0A:AD:F3:BF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Y3F54JY5CZzm9iMLUwgCq3zvxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/4d7f6e-c6df-41d7-8ffd-5089b602bfc2/1/3a7T9zhtOn8QNa9yW0yke32cD4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/4d7f6e-c6df-41d7-8ffd-5089b602bfc2/1/6Y3F54JY5CZzm9iMLUwgCq3zvxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.2.0/24
                IPv6:
                  2001:7f8:81::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:ac:98:ef:de:c5:df:be:17:a4:ab:49:20:64:52:68:7f:9b:
         3c:85:58:84:20:e1:6f:7b:cd:50:b0:28:34:1b:25:d1:19:0a:
         66:4d:97:9f:15:db:6a:4d:a3:5d:74:ca:30:fa:8d:b9:38:24:
         a5:8e:b6:1d:8d:b1:52:7f:0a:b2:13:15:72:76:85:87:2e:47:
         c5:df:b3:3d:fa:6d:dc:ee:a9:d4:96:f0:f4:4d:6f:8b:9c:28:
         e8:2b:2c:c5:9e:a9:79:02:ce:34:73:f5:86:87:09:c7:d5:de:
         11:7d:46:7e:09:14:6b:84:76:cf:d0:26:b4:cd:5c:f6:e4:cb:
         b9:4f:9e:66:f2:27:79:71:6f:51:02:90:c2:21:93:35:bb:5a:
         cd:6a:0d:0b:30:d6:89:2a:b7:9b:06:1f:2b:4d:56:2e:18:15:
         17:f7:ff:13:3c:4c:3e:f6:14:e8:4d:82:05:74:c3:7f:96:10:
         56:9b:8b:bb:e8:ee:7e:93:d6:ad:bc:a9:b8:5a:d7:09:41:0d:
         51:96:c7:d4:c7:4e:2f:af:63:04:9e:2a:72:99:b6:47:d9:f9:
         21:1a:b0:41:58:99:9d:de:02:5e:d7:84:6c:40:67:86:46:5e:
         c9:8c:28:1c:a5:1a:ac:43:f8:03:50:21:06:95:0a:54:9e:ab:
         0d:1b:8b:0c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3QES/2SoSR6T/lXsEWpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5OGRjNWU3ODI1OGU0MjY3MzliZDg4YzJkNGMyMDBhYWRm
M2JmMTMwHhcNMjQwMTAxMTYzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGFlZDNmNzM4NmQzYTdmMTAzNWFmNzI1YjRjYTQ3YjdkOWMwZjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuS0eu7ySIDHdZgnepbtArSNhw/w4
k51TVdvfiO0Lr6Fn2OACHUNjVTo3vSeCiFYa8hup7d0gpthAMC4AzKL4S5edDdtP
uJGkaGRlIiLnvxeK2xJ2Lgarv8A8xODBNCh/Xuo8Fo+luSdM702eqQQnILvOK3pc
WoFTUZTkp30vylLeFOQU6Oht/0XSF9wZocZyOtZAnDWVVE4bofooHF3b08xPCpwj
DFGBzqtDxJoza9POGyKBVvrLF4n3TjfWr5nZC9YVfa4e3nS3voOZ9deGS4gZQiA/
BdDuklqSvpfHv/0gyoW+MbUanXJqzLRjXXFFDMgiYiVm2BCf8HtNpzCAoQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN2u0/c4bTp/EDWvcltMpHt9nA+IMB8GA1UdIwQY
MBaAFOmNxeeCWOQmc5vYjC1MIAqt878TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlkzRjU0Slk1Q1p6bTlpTUxVd2dDcTN6dnhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80ZDdmNmUtYzZkZi00MWQ3LThmZmQt
NTA4OWI2MDJiZmMyLzEvM2E3VDl6aHRPbjhRTmE5eVcweWtlMzJjRDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80ZDdmNmUtYzZkZi00MWQ3LThmZmQtNTA4OWI2MDJiZmMy
LzEvNlkzRjU0Slk1Q1p6bTlpTUxVd2dDcTN6dnhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQECMA8E
AgACMAkDBwAgAQf4AIEwDQYJKoZIhvcNAQELBQADggEBAG2smO/exd++F6SrSSBk
Umh/mzyFWIQg4W97zVCwKDQbJdEZCmZNl58V22pNo110yjD6jbk4JKWOth2NsVJ/
CrITFXJ2hYcuR8Xfsz36bdzuqdSW8PRNb4ucKOgrLMWeqXkCzjRz9YaHCcfV3hF9
Rn4JFGuEds/QJrTNXPbky7lPnmbyJ3lxb1ECkMIhkzW7Ws1qDQsw1okqt5sGHytN
Vi4YFRf3/xM8TD72FOhNggV0w3+WEFabi7vo7n6T1q28qbha1wlBDVGWx9THTi+v
YwSeKnKZtkfZ+SEasEFYmZ3eAl7XhGxAZ4ZGXsmMKBylGqxD+ANQIQaVClSeqw0b
iww=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:10:11 2024 by rpki-client on console-ams.rpki-client.org