Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/DmQM-gHCvLXgPEdA-k1kCgUAvIQ.roa
File:                     DmQM-gHCvLXgPEdA-k1kCgUAvIQ.roa (raw, json)
Hash identifier:          2kMMc98x3ZrC6W1/fzpcbla5ZTaYWoTsRqYpe2C5xC4=
Subject key identifier:   0E:64:0C:FA:01:C2:BC:B5:E0:3C:47:40:FA:4D:64:0A:05:00:BC:84
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       018CC56EF3A5853492B648B0BABCFCC9F1F2
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/DmQM-gHCvLXgPEdA-k1kCgUAvIQ.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50013
IP address blocks:        109.160.50.0/24 maxlen: 24
                          109.160.49.0/24 maxlen: 24
                          109.160.48.0/24 maxlen: 24
                          109.160.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f3:a5:85:34:92:b6:48:b0:ba:bc:fc:c9:f1:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e640cfa01c2bcb5e03c4740fa4d640a0500bc84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:4d:15:4d:da:39:97:f3:ef:ad:8d:2d:52:df:
                    d1:5b:74:77:9d:22:dd:48:9b:5c:a3:66:2c:33:0f:
                    47:e2:84:46:16:a7:66:c1:ec:7d:49:17:a4:88:4e:
                    a8:cb:6b:dc:5e:1c:a4:67:f9:a2:4a:cf:ed:a2:4e:
                    bd:fd:e8:4d:75:b5:7b:bc:c8:11:62:fc:42:57:b5:
                    53:b0:f9:8c:77:8c:e8:14:d3:b8:ec:6c:44:b0:7c:
                    76:27:d6:f6:e5:b0:e4:b4:f5:46:3f:07:c8:e8:5a:
                    e0:c9:7b:18:42:58:df:3f:a9:1f:36:41:7c:53:d1:
                    bf:20:5b:30:6f:e7:6b:d4:4e:9e:a3:ac:d4:79:1c:
                    23:7d:a8:04:bd:0a:7a:95:e9:25:01:79:72:63:e8:
                    50:26:02:72:01:41:e5:8c:d3:82:09:7d:81:5f:9e:
                    de:51:27:f5:3a:08:84:3d:e5:08:a1:36:cd:d6:ab:
                    cc:52:ee:05:f8:ef:bb:99:99:f9:e9:e1:81:6e:07:
                    ee:b5:a5:55:b1:c2:58:af:d0:1e:b5:cd:82:1d:5b:
                    89:6c:18:76:72:b1:ea:b8:8c:97:4f:7d:41:dc:14:
                    c4:0e:6a:d1:d1:36:f3:42:6e:d1:5b:54:c3:9a:3e:
                    12:eb:fc:55:b1:30:95:ec:3b:f1:72:77:59:bc:5b:
                    ab:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:64:0C:FA:01:C2:BC:B5:E0:3C:47:40:FA:4D:64:0A:05:00:BC:84
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/DmQM-gHCvLXgPEdA-k1kCgUAvIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.160.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:04:39:6d:ea:6a:8a:fc:99:50:5a:f1:3d:f4:8e:bf:ef:c6:
         4a:b3:e4:89:15:0e:9e:4f:93:97:76:66:2b:12:ec:3e:c5:b6:
         6c:a6:e5:03:76:cc:6c:0a:0b:7f:02:38:46:9e:6a:c3:80:43:
         56:4e:2e:95:5a:e1:fe:92:7f:49:3a:79:8e:ce:63:65:94:23:
         76:98:6e:1e:6e:e6:0e:ab:6f:3d:c5:96:0f:9b:08:67:c9:a9:
         1c:fe:62:78:be:e2:28:12:2e:84:41:65:a6:7d:7d:7e:15:6a:
         84:7a:53:1d:8c:b0:e8:89:18:f0:bf:ae:88:86:7f:5d:03:56:
         64:95:0d:d2:0f:cf:a9:be:44:1d:10:28:c7:29:e1:bd:71:8c:
         6e:7c:ce:90:a4:ea:39:a3:55:0a:1c:d3:87:2b:34:79:75:2f:
         ce:56:fb:0d:51:92:96:ed:56:a8:af:b0:95:2d:fe:bd:95:65:
         7c:f6:61:d1:8b:d8:48:a9:4b:57:79:ae:80:16:9c:3e:7f:8f:
         ff:f4:8c:7f:a8:90:9b:a0:54:c8:a0:b4:8d:cf:31:7a:3a:64:
         ac:3c:ef:b7:d2:85:81:df:f1:44:5e:f8:ad:24:0a:16:4c:b1:
         0a:31:a8:94:c1:90:bf:0b:3c:4c:0c:63:83:51:89:e8:55:05:
         d1:87:74:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvOlhTSStkiwurz8yfHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTY0MGNmYTAxYzJiY2I1ZTAzYzQ3NDBmYTRkNjQwYTA1MDBiYzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi00VTdo5l/PvrY0tUt/RW3R3nSLd
SJtco2YsMw9H4oRGFqdmwex9SRekiE6oy2vcXhykZ/miSs/tok69/ehNdbV7vMgR
YvxCV7VTsPmMd4zoFNO47GxEsHx2J9b25bDktPVGPwfI6FrgyXsYQljfP6kfNkF8
U9G/IFswb+dr1E6eo6zUeRwjfagEvQp6leklAXlyY+hQJgJyAUHljNOCCX2BX57e
USf1OgiEPeUIoTbN1qvMUu4F+O+7mZn56eGBbgfutaVVscJYr9Aetc2CHVuJbBh2
crHquIyXT31B3BTEDmrR0TbzQm7RW1TDmj4S6/xVsTCV7DvxcndZvFurEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5kDPoBwry14DxHQPpNZAoFALyEMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvRG1RTS1nSEN2TFhnUEVkQS1rMWtDZ1VBdklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbaAwMA0G
CSqGSIb3DQEBCwUAA4IBAQBoBDlt6mqK/JlQWvE99I6/78ZKs+SJFQ6eT5OXdmYr
Euw+xbZspuUDdsxsCgt/AjhGnmrDgENWTi6VWuH+kn9JOnmOzmNllCN2mG4ebuYO
q289xZYPmwhnyakc/mJ4vuIoEi6EQWWmfX1+FWqEelMdjLDoiRjwv66Ihn9dA1Zk
lQ3SD8+pvkQdECjHKeG9cYxufM6QpOo5o1UKHNOHKzR5dS/OVvsNUZKW7Vaor7CV
Lf69lWV89mHRi9hIqUtXea6AFpw+f4//9Ix/qJCboFTIoLSNzzF6OmSsPO+30oWB
3/FEXvitJAoWTLEKMaiUwZC/CzxMDGODUYnoVQXRh3TA
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:18:39 2024 by rpki-client on console-fra.rpki-client.org