Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/DNHfqH0b9VdF4hoVInKm7hfv6Wg.roa
File:                     DNHfqH0b9VdF4hoVInKm7hfv6Wg.roa (raw, json)
Hash identifier:          8VpVPqU/wWlwo2NPwvbaq4kpa/k25AkPPfIeEkeY+bc=
Subject key identifier:   0C:D1:DF:A8:7D:1B:F5:57:45:E2:1A:15:22:72:A6:EE:17:EF:E9:68
Certificate issuer:       /CN=7ce68daf5f089456c0e1d02245393531ac5b8fcb
Certificate serial:       018CC7958ECB8F237C68E0B81AB445D8BDC0
Authority key identifier: 7C:E6:8D:AF:5F:08:94:56:C0:E1:D0:22:45:39:35:31:AC:5B:8F:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fOaNr18IlFbA4dAiRTk1Maxbj8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/DNHfqH0b9VdF4hoVInKm7hfv6Wg.roa
Signing time:             Tue 02 Jan 2024 00:31:56 +0000
ROA not before:           Tue 02 Jan 2024 00:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8068
IP address blocks:        94.245.84.0/24 maxlen: 24
                          2a01:111:202d::/48 maxlen: 48
                          2a01:111:202e::/48 maxlen: 48
                          2a01:111:2003::/48 maxlen: 48
                          2a01:111:202c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/fOaNr18IlFbA4dAiRTk1Maxbj8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/fOaNr18IlFbA4dAiRTk1Maxbj8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fOaNr18IlFbA4dAiRTk1Maxbj8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8e:cb:8f:23:7c:68:e0:b8:1a:b4:45:d8:bd:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ce68daf5f089456c0e1d02245393531ac5b8fcb
        Validity
            Not Before: Jan  2 00:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cd1dfa87d1bf55745e21a152272a6ee17efe968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:cd:1d:b5:c4:9a:cf:7d:0b:73:6e:7e:ca:e3:
                    05:52:78:72:37:30:9c:43:62:b2:87:5e:55:87:b7:
                    35:2a:ce:09:cd:e2:b6:44:9b:5d:53:19:c7:d7:f6:
                    e4:37:a0:69:94:b9:ed:58:79:88:c0:52:25:e9:cf:
                    a3:3c:bc:94:00:fc:db:00:5d:b3:75:22:4d:dd:b0:
                    91:37:41:a1:a8:e8:68:0d:a3:9e:77:44:41:f9:7e:
                    c2:ea:d8:c6:93:55:f4:df:11:10:78:72:db:b0:fb:
                    fc:e0:05:d9:93:cc:96:f1:d2:30:1c:1f:94:7e:b1:
                    1c:dc:91:85:09:a2:cf:21:2f:93:7e:50:53:58:dc:
                    bd:02:61:8e:2a:af:5e:5b:5c:a9:59:ef:a9:28:c7:
                    d7:98:55:c2:c7:95:d6:01:7b:e9:08:ad:f5:44:3f:
                    bc:44:6b:bf:82:d5:12:89:57:89:10:2e:33:43:d0:
                    82:54:9f:ab:1e:ea:93:fd:ab:6a:7c:3f:35:6f:0c:
                    a7:f7:0d:2e:7c:ee:49:5c:15:2e:29:a1:db:9d:8c:
                    f1:e2:19:78:c2:25:6f:50:b9:46:f0:87:9f:ca:7c:
                    05:35:cb:56:e3:07:b3:12:44:f7:e6:fb:26:76:bc:
                    12:21:c3:fd:c7:0d:0b:71:8a:db:c6:41:a0:c3:ae:
                    e9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D1:DF:A8:7D:1B:F5:57:45:E2:1A:15:22:72:A6:EE:17:EF:E9:68
            X509v3 Authority Key Identifier:
                keyid:7C:E6:8D:AF:5F:08:94:56:C0:E1:D0:22:45:39:35:31:AC:5B:8F:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fOaNr18IlFbA4dAiRTk1Maxbj8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/DNHfqH0b9VdF4hoVInKm7hfv6Wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/fOaNr18IlFbA4dAiRTk1Maxbj8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.245.84.0/24
                IPv6:
                  2a01:111:2003::/48
                  2a01:111:202c::-2a01:111:202e:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         39:ec:60:8d:5a:8a:6d:60:37:af:d6:53:10:f0:5d:21:4d:9d:
         0f:68:0d:af:31:05:32:fe:e9:9d:6c:e9:df:eb:96:43:c3:56:
         a2:8b:aa:2c:a9:45:0d:6e:f0:95:5d:81:fe:f6:e8:ad:1f:69:
         9e:f8:51:3f:49:57:df:ae:ec:f4:3d:ab:d3:f7:5c:86:fb:0a:
         c7:86:d5:86:b9:3b:8f:a5:64:b1:b7:93:c1:77:52:d3:97:c3:
         2a:ea:70:c6:f4:d0:f6:1a:be:84:74:3f:63:dc:8f:71:d0:8e:
         5f:d9:23:c8:b4:8f:9f:06:a5:ce:06:06:cf:de:99:6e:a6:d5:
         07:65:49:85:da:7c:bd:28:60:d8:ae:42:5b:3f:1c:48:f5:6f:
         50:99:72:29:da:ed:20:12:e0:dd:68:14:e5:80:7b:3a:55:db:
         9a:c0:ad:2b:ba:ff:ab:ff:04:0c:43:5b:ec:1a:85:ef:b6:2b:
         a5:0f:5e:e8:7f:7c:92:95:c7:55:e2:ce:9d:14:96:d9:1d:f4:
         a4:bf:63:c4:68:27:57:6f:77:29:95:ff:75:73:47:59:f9:a0:
         7e:05:15:25:f4:18:52:90:cd:30:d4:a1:79:96:ae:de:51:bf:
         01:14:65:01:b4:de:e8:ca:d5:b8:8e:6b:9a:cd:b0:3f:5a:23:
         43:7b:13:0a
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYzHlY7LjyN8aOC4GrRF2L3AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZTY4ZGFmNWYwODk0NTZjMGUxZDAyMjQ1MzkzNTMxYWM1
YjhmY2IwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2QxZGZhODdkMWJmNTU3NDVlMjFhMTUyMjcyYTZlZTE3ZWZlOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlc0dtcSaz30Lc25+yuMFUnhyNzCc
Q2Kyh15Vh7c1Ks4JzeK2RJtdUxnH1/bkN6BplLntWHmIwFIl6c+jPLyUAPzbAF2z
dSJN3bCRN0GhqOhoDaOed0RB+X7C6tjGk1X03xEQeHLbsPv84AXZk8yW8dIwHB+U
frEc3JGFCaLPIS+TflBTWNy9AmGOKq9eW1ypWe+pKMfXmFXCx5XWAXvpCK31RD+8
RGu/gtUSiVeJEC4zQ9CCVJ+rHuqT/atqfD81bwyn9w0ufO5JXBUuKaHbnYzx4hl4
wiVvULlG8IefynwFNctW4wezEkT35vsmdrwSIcP9xw0LcYrbxkGgw67p0wIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFAzR36h9G/VXReIaFSJypu4X7+loMB8GA1UdIwQY
MBaAFHzmja9fCJRWwOHQIkU5NTGsW4/LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk9hTnIxOElsRmJBNGRBaVJUazFNYXhiajhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lYzBiODktMWU2OC00NWEwLThiOTMt
MTNhMDZhMjY5YWE4LzEvRE5IZnFIMGI5VmRGNGhvVkluS203aGZ2NldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lYzBiODktMWU2OC00NWEwLThiOTMtMTNhMDZhMjY5YWE4
LzEvZk9hTnIxOElsRmJBNGRBaVJUazFNYXhiajhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAMBAIAATAGAwQAXvVUMCME
AgACMB0DBwAqAQERIAMwEgMHAioBAREgLAMHACoBAREgLjANBgkqhkiG9w0BAQsF
AAOCAQEAOexgjVqKbWA3r9ZTEPBdIU2dD2gNrzEFMv7pnWzp3+uWQ8NWoouqLKlF
DW7wlV2B/vborR9pnvhRP0lX367s9D2r0/dchvsKx4bVhrk7j6VksbeTwXdS05fD
KupwxvTQ9hq+hHQ/Y9yPcdCOX9kjyLSPnwalzgYGz96ZbqbVB2VJhdp8vShg2K5C
Wz8cSPVvUJlyKdrtIBLg3WgU5YB7OlXbmsCtK7r/q/8EDENb7BqF77YrpQ9e6H98
kpXHVeLOnRSW2R30pL9jxGgnV293KZX/dXNHWfmgfgUVJfQYUpDNMNSheZau3lG/
ARRlAbTe6MrVuI5rms2wP1ojQ3sTCg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 19:52:41 2024 by rpki-client on console-ams.rpki-client.org