Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/1f9ced-6bc2-486b-a4b6-09bdeb6afabd/1/meh0LuGBb0m9EsMcFFLK03GRUC8.roa
File:                     meh0LuGBb0m9EsMcFFLK03GRUC8.roa (raw, json)
Hash identifier:          El/IcNkav/Ja+ZNg49+Mw+5al/Ar6FDMcW1Yv6/ukqk=
Subject key identifier:   99:E8:74:2E:E1:81:6F:49:BD:12:C3:1C:14:52:CA:D3:71:91:50:2F
Certificate issuer:       /CN=1a001d77025f052af7d0e62e1701016b9e22e002
Certificate serial:       018CCA2A0EFDDA2FDC1435C936FCAFEF7016
Authority key identifier: 1A:00:1D:77:02:5F:05:2A:F7:D0:E6:2E:17:01:01:6B:9E:22:E0:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GgAddwJfBSr30OYuFwEBa54i4AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/1f9ced-6bc2-486b-a4b6-09bdeb6afabd/1/meh0LuGBb0m9EsMcFFLK03GRUC8.roa
Signing time:             Tue 02 Jan 2024 12:33:23 +0000
ROA not before:           Tue 02 Jan 2024 12:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205451
IP address blocks:        185.218.44.0/22 maxlen: 22
                          2a0c:8b00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/1f9ced-6bc2-486b-a4b6-09bdeb6afabd/1/GgAddwJfBSr30OYuFwEBa54i4AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/1f9ced-6bc2-486b-a4b6-09bdeb6afabd/1/GgAddwJfBSr30OYuFwEBa54i4AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GgAddwJfBSr30OYuFwEBa54i4AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0e:fd:da:2f:dc:14:35:c9:36:fc:af:ef:70:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a001d77025f052af7d0e62e1701016b9e22e002
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99e8742ee1816f49bd12c31c1452cad37191502f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e7:4e:c8:5b:25:1e:d4:ac:95:49:a9:2d:2e:
                    bd:84:32:50:5d:a6:39:4e:0d:5c:a7:84:a4:d7:5e:
                    63:ce:f6:aa:3b:70:61:f7:2c:a9:ef:2d:36:f1:d0:
                    4d:a7:6c:3a:d5:63:21:60:e2:a2:a4:a3:5c:12:bf:
                    df:f4:23:db:28:54:55:0d:b0:4f:28:93:b5:9b:13:
                    42:c4:ae:1e:0b:c0:7f:91:12:f2:87:1d:f0:67:82:
                    b6:32:51:72:f0:18:85:a6:b2:15:49:ad:23:a7:89:
                    4c:72:03:f5:c7:a1:12:88:bd:ea:f7:3c:a1:68:e5:
                    b7:f6:b9:12:82:fb:49:5d:dd:a4:d3:f5:b6:c7:e0:
                    fc:50:fb:a3:5a:df:ec:fd:a1:3c:fa:50:81:5f:7c:
                    8d:3a:54:d5:7c:17:8f:cd:6d:66:b9:16:07:0f:c0:
                    26:3f:07:1d:92:56:69:3f:22:dc:05:87:4a:ee:7b:
                    18:83:ce:42:80:cd:87:96:49:1e:68:45:ec:d5:11:
                    74:0a:42:63:e8:c4:24:33:7d:6b:2e:b8:80:af:44:
                    fd:b4:34:5f:27:44:32:db:e5:d5:91:a2:29:04:9c:
                    c4:60:ca:a4:fa:1f:0d:8b:73:b3:82:e4:14:19:72:
                    86:e1:a8:ab:be:4c:f2:2c:5b:a0:be:83:3e:d7:c3:
                    c2:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:E8:74:2E:E1:81:6F:49:BD:12:C3:1C:14:52:CA:D3:71:91:50:2F
            X509v3 Authority Key Identifier:
                keyid:1A:00:1D:77:02:5F:05:2A:F7:D0:E6:2E:17:01:01:6B:9E:22:E0:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GgAddwJfBSr30OYuFwEBa54i4AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/1f9ced-6bc2-486b-a4b6-09bdeb6afabd/1/meh0LuGBb0m9EsMcFFLK03GRUC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/1f9ced-6bc2-486b-a4b6-09bdeb6afabd/1/GgAddwJfBSr30OYuFwEBa54i4AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.44.0/22
                IPv6:
                  2a0c:8b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:b9:8e:07:54:ca:34:40:d8:26:70:eb:e6:ac:1d:4e:c8:06:
         e4:99:85:41:c7:56:c2:bb:c1:56:38:ef:63:43:6a:c5:cb:42:
         fa:b2:c8:54:ea:0f:33:fd:77:6c:06:84:ad:19:91:26:8f:6f:
         d4:58:a5:df:1b:d9:eb:b2:1c:ba:d1:87:71:84:aa:87:77:ab:
         73:09:20:9c:f6:eb:1e:9f:f2:aa:c7:fc:8f:98:74:9d:d4:96:
         68:5f:b5:b7:41:48:7d:30:51:e4:2d:e3:27:7d:5b:9b:18:73:
         45:60:52:0c:e7:20:59:0a:b2:c5:d5:55:ed:19:cb:73:a7:d0:
         10:30:61:59:b9:2f:32:96:23:88:e1:bf:04:60:b0:1e:bd:a7:
         04:36:a2:ec:6d:90:e4:19:cc:0e:01:f2:79:b5:ae:57:0a:ca:
         e5:e7:06:9c:2b:6c:6b:32:4d:98:e2:ad:fd:0e:da:5e:f9:88:
         a1:d7:39:e7:f5:fe:40:30:ab:7f:5c:d2:8e:9f:7e:bb:49:7b:
         d8:a7:1d:13:bd:ca:65:a6:90:91:d8:07:a5:80:63:f7:3b:c9:
         03:d1:16:4c:2f:94:e2:95:19:c4:38:ef:df:cd:56:88:b1:e6:
         c5:31:6b:bf:85:50:ce:d2:85:88:3d:49:00:f1:f5:ae:b4:6a:
         e6:10:57:67
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKg792i/cFDXJNvyv73AWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMDAxZDc3MDI1ZjA1MmFmN2QwZTYyZTE3MDEwMTZiOWUy
MmUwMDIwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWU4NzQyZWUxODE2ZjQ5YmQxMmMzMWMxNDUyY2FkMzcxOTE1MDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkedOyFslHtSslUmpLS69hDJQXaY5
Tg1cp4Sk115jzvaqO3Bh9yyp7y028dBNp2w61WMhYOKipKNcEr/f9CPbKFRVDbBP
KJO1mxNCxK4eC8B/kRLyhx3wZ4K2MlFy8BiFprIVSa0jp4lMcgP1x6ESiL3q9zyh
aOW39rkSgvtJXd2k0/W2x+D8UPujWt/s/aE8+lCBX3yNOlTVfBePzW1muRYHD8Am
PwcdklZpPyLcBYdK7nsYg85CgM2HlkkeaEXs1RF0CkJj6MQkM31rLriAr0T9tDRf
J0Qy2+XVkaIpBJzEYMqk+h8Ni3OzguQUGXKG4airvkzyLFugvoM+18PCTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJnodC7hgW9JvRLDHBRSytNxkVAvMB8GA1UdIwQY
MBaAFBoAHXcCXwUq99DmLhcBAWueIuACMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2dBZGR3SmZCU3IzME9ZdUZ3RUJhNTRpNEFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8xZjljZWQtNmJjMi00ODZiLWE0YjYt
MDliZGViNmFmYWJkLzEvbWVoMEx1R0JiMG05RXNNY0ZGTEswM0dSVUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8xZjljZWQtNmJjMi00ODZiLWE0YjYtMDliZGViNmFmYWJk
LzEvR2dBZGR3SmZCU3IzME9ZdUZ3RUJhNTRpNEFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudosMA0E
AgACMAcDBQAqDIsAMA0GCSqGSIb3DQEBCwUAA4IBAQALuY4HVMo0QNgmcOvmrB1O
yAbkmYVBx1bCu8FWOO9jQ2rFy0L6sshU6g8z/XdsBoStGZEmj2/UWKXfG9nrshy6
0YdxhKqHd6tzCSCc9usen/Kqx/yPmHSd1JZoX7W3QUh9MFHkLeMnfVubGHNFYFIM
5yBZCrLF1VXtGctzp9AQMGFZuS8yliOI4b8EYLAevacENqLsbZDkGcwOAfJ5ta5X
Csrl5wacK2xrMk2Y4q39Dtpe+Yih1znn9f5AMKt/XNKOn367SXvYpx0TvcplppCR
2AelgGP3O8kD0RZML5TilRnEOO/fzVaIsebFMWu/hVDO0oWIPUkA8fWutGrmEFdn
-----END CERTIFICATE-----
Generated at Sat Nov 23 20:57:09 2024 by rpki-client on console-ams.rpki-client.org