Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/D1F85OXcnQWe-4SPgGlRSB8pSjc.roa
File:                     D1F85OXcnQWe-4SPgGlRSB8pSjc.roa (raw, json)
Hash identifier:          jTRvaJCVPCpP7cTJ6nit0f0leDT0Nlau14d2MzHNOpk=
Subject key identifier:   0F:51:7C:E4:E5:DC:9D:05:9E:FB:84:8F:80:69:51:48:1F:29:4A:37
Certificate issuer:       /CN=a3e2161d7f01fa6fd0842c211080633f3ed36ba5
Certificate serial:       018CC8013FDD5F04DAA3B787E9BFCC136529
Authority key identifier: A3:E2:16:1D:7F:01:FA:6F:D0:84:2C:21:10:80:63:3F:3E:D3:6B:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/D1F85OXcnQWe-4SPgGlRSB8pSjc.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        185.131.48.0/24 maxlen: 24
                          185.131.49.0/24 maxlen: 24
                          185.131.51.0/24 maxlen: 24
                          185.131.50.0/24 maxlen: 24
                          185.241.137.0/24 maxlen: 24
                          185.241.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3f:dd:5f:04:da:a3:b7:87:e9:bf:cc:13:65:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3e2161d7f01fa6fd0842c211080633f3ed36ba5
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f517ce4e5dc9d059efb848f806951481f294a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fa:8b:d4:c2:d5:e0:44:19:51:6f:85:fc:8a:
                    ca:84:0e:25:ff:5a:a2:1e:73:c9:af:ba:95:25:65:
                    74:7f:d0:d4:d8:73:17:fd:e1:f9:40:41:84:5d:d6:
                    89:10:01:67:c5:8b:73:0c:80:f0:b7:6a:66:e9:b3:
                    e4:61:16:e1:45:a2:0f:a9:11:75:22:ed:c0:cc:6b:
                    c6:7f:87:22:09:cd:68:35:c7:28:9b:91:27:b9:de:
                    c7:e4:f7:d6:6a:e3:9e:b9:9a:ff:d0:43:32:21:e3:
                    73:ed:c7:04:6e:ef:1f:a6:c0:7a:02:a1:3b:be:ac:
                    55:ef:b7:23:d0:fc:3a:bd:b3:31:6c:48:1b:86:32:
                    78:e5:24:13:e6:27:f3:a3:c7:92:ff:5d:00:3a:b7:
                    a5:a7:b9:a0:eb:06:69:2d:66:44:4d:ed:3c:83:1a:
                    f7:d3:e6:d5:76:38:88:86:75:c3:8a:f8:80:1e:a5:
                    0e:a1:18:97:87:7c:42:b1:fa:be:6b:d3:e0:b3:93:
                    3e:98:a0:a0:d0:11:da:5c:9b:f4:41:24:f0:ef:cc:
                    5d:92:0c:11:0b:11:26:02:52:16:5d:78:51:83:17:
                    10:fe:33:2c:8c:f4:45:be:24:f5:8c:d5:df:df:4e:
                    ae:08:d7:37:92:33:df:1e:3f:b8:b7:5d:9d:01:b0:
                    6c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:51:7C:E4:E5:DC:9D:05:9E:FB:84:8F:80:69:51:48:1F:29:4A:37
            X509v3 Authority Key Identifier:
                keyid:A3:E2:16:1D:7F:01:FA:6F:D0:84:2C:21:10:80:63:3F:3E:D3:6B:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/D1F85OXcnQWe-4SPgGlRSB8pSjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.48.0/22
                  185.241.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:4b:54:09:bb:93:ce:de:97:55:af:e0:52:c8:44:5f:8c:cb:
         2d:06:b2:79:a0:22:3e:1b:8e:cd:98:24:cc:cd:90:09:55:ef:
         d8:15:79:d6:e2:80:81:69:b5:7c:05:08:ba:65:d8:24:6d:fe:
         5b:52:86:99:2d:9c:70:55:3a:06:8c:48:70:84:3b:bd:62:92:
         92:c3:46:a0:3a:df:4c:14:79:99:c9:05:b5:94:57:1b:49:1c:
         d3:c3:7f:ad:61:b9:a3:bf:6d:c7:a8:7a:bc:a8:6f:04:71:d2:
         1c:a6:19:3e:52:82:d0:c5:a2:f5:1c:27:21:92:fd:50:9f:fd:
         d2:2e:d2:70:51:ab:05:2d:17:c3:7e:9c:c5:7d:d0:fe:8a:ab:
         1c:a3:ab:c4:3e:69:b2:1c:99:c6:6c:a1:f4:13:ca:cc:b0:99:
         89:fa:2c:f2:61:b4:1c:98:29:55:20:80:16:4d:9a:e9:30:e4:
         dd:6f:b8:18:db:51:0c:a6:89:66:e8:0e:59:f6:aa:5a:24:6e:
         15:6a:60:83:4e:e6:2a:c3:52:99:cc:42:c8:2a:4a:f7:c2:97:
         da:5b:29:27:06:ef:94:fb:4f:ff:b0:a6:7e:c8:26:87:2a:7a:
         7a:d2:87:f3:35:93:ba:bf:9d:fb:8a:5c:d2:70:46:1e:e9:aa:
         0e:90:e9:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAT/dXwTao7eH6b/ME2UpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZTIxNjFkN2YwMWZhNmZkMDg0MmMyMTEwODA2MzNmM2Vk
MzZiYTUwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjUxN2NlNGU1ZGM5ZDA1OWVmYjg0OGY4MDY5NTE0ODFmMjk0YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfqL1MLV4EQZUW+F/IrKhA4l/1qi
HnPJr7qVJWV0f9DU2HMX/eH5QEGEXdaJEAFnxYtzDIDwt2pm6bPkYRbhRaIPqRF1
Iu3AzGvGf4ciCc1oNccom5Enud7H5PfWauOeuZr/0EMyIeNz7ccEbu8fpsB6AqE7
vqxV77cj0Pw6vbMxbEgbhjJ45SQT5ifzo8eS/10AOrelp7mg6wZpLWZETe08gxr3
0+bVdjiIhnXDiviAHqUOoRiXh3xCsfq+a9Pgs5M+mKCg0BHaXJv0QSTw78xdkgwR
CxEmAlIWXXhRgxcQ/jMsjPRFviT1jNXf306uCNc3kjPfHj+4t12dAbBsxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA9RfOTl3J0FnvuEj4BpUUgfKUo3MB8GA1UdIwQY
MBaAFKPiFh1/Afpv0IQsIRCAYz8+02ulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvby1JV0hYOEItbV9RaEN3aEVJQmpQejdUYTZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82YTY0ZWEtOWYxZS00YjQzLWJmMmEt
N2UwMzQwZWM5NjY3LzEvRDFGODVPWGNuUVdlLTRTUGdHbFJTQjhwU2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82YTY0ZWEtOWYxZS00YjQzLWJmMmEtN2UwMzQwZWM5NjY3
LzEvby1JV0hYOEItbV9RaEN3aEVJQmpQejdUYTZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYMwAwQB
ufGIMA0GCSqGSIb3DQEBCwUAA4IBAQAdS1QJu5PO3pdVr+BSyERfjMstBrJ5oCI+
G47NmCTMzZAJVe/YFXnW4oCBabV8BQi6Zdgkbf5bUoaZLZxwVToGjEhwhDu9YpKS
w0agOt9MFHmZyQW1lFcbSRzTw3+tYbmjv23HqHq8qG8EcdIcphk+UoLQxaL1HCch
kv1Qn/3SLtJwUasFLRfDfpzFfdD+iqsco6vEPmmyHJnGbKH0E8rMsJmJ+izyYbQc
mClVIIAWTZrpMOTdb7gY21EMpolm6A5Z9qpaJG4VamCDTuYqw1KZzELIKkr3wpfa
WyknBu+U+0//sKZ+yCaHKnp60ofzNZO6v537ilzScEYe6aoOkOmB
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:19:52 2024 by rpki-client on console-ams.rpki-client.org