Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/36CQ79aI825EMcuZzZ7N94nE0B8.roa
File:                     36CQ79aI825EMcuZzZ7N94nE0B8.roa (raw, json)
Hash identifier:          f1lOiBOXrEeR3eoi6Er4pxTqPhOrJSpmXqHzz+j5ws8=
Subject key identifier:   DF:A0:90:EF:D6:88:F3:6E:44:31:CB:99:CD:9E:CD:F7:89:C4:D0:1F
Certificate issuer:       /CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
Certificate serial:       0191E63E50494F374FD3F1C2402BC7A4104D
Authority key identifier: B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/36CQ79aI825EMcuZzZ7N94nE0B8.roa
Signing time:             Thu 12 Sep 2024 12:38:49 +0000
ROA not before:           Thu 12 Sep 2024 12:38:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.100.1.0/24 maxlen: 24
                          185.100.2.0/24 maxlen: 24
                          217.30.89.0/24 maxlen: 24
                          217.30.90.0/24 maxlen: 24
                          2a10:eec0:d::/48 maxlen: 48
                          2a10:eec0:e::/47 maxlen: 47
                          2a10:eec0:10::/44 maxlen: 44
                          2a10:eec0:20::/43 maxlen: 43
                          2a10:eec0:40::/42 maxlen: 42
                          2a10:eec0:80::/41 maxlen: 41
                          2a10:eec0:100::/40 maxlen: 40
                          2a10:eec0:200::/39 maxlen: 39
                          2a10:eec0:400::/38 maxlen: 38
                          2a10:eec0:800::/37 maxlen: 37
                          2a10:eec0:1000::/36 maxlen: 36
                          2a10:eec0:2000::/35 maxlen: 35
                          2a10:eec0:4000::/34 maxlen: 34
                          2a10:eec0:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e6:3e:50:49:4f:37:4f:d3:f1:c2:40:2b:c7:a4:10:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4380b9b8c070457ed54bc45d12dddd244e06d52
        Validity
            Not Before: Sep 12 12:38:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfa090efd688f36e4431cb99cd9ecdf789c4d01f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:07:4a:84:98:30:0e:71:69:c1:87:47:fd:57:
                    cf:51:f5:c8:01:da:c2:c6:16:a0:23:e2:88:af:b2:
                    c3:93:dd:50:79:0f:50:0b:23:cd:e3:6d:56:6f:55:
                    82:1d:d8:14:a9:5c:58:83:29:af:a2:ef:8e:b1:c9:
                    22:ca:53:09:32:df:df:1b:ee:2d:4a:16:52:02:a4:
                    e6:50:4c:d1:55:31:eb:ac:46:0c:a2:72:0a:39:29:
                    cb:c8:8d:71:00:07:ff:3d:8a:44:03:32:32:04:4a:
                    f7:43:3b:d0:fe:32:e7:aa:ad:6b:13:37:ee:27:ca:
                    5d:6d:b2:5e:be:1b:ce:bb:da:4c:55:2a:d2:f4:e8:
                    3d:2f:0e:10:46:43:be:b8:80:7d:47:e6:03:05:08:
                    24:2c:7a:47:d3:e7:90:2e:a9:65:1c:c1:40:8f:36:
                    5e:df:b0:2c:e7:2d:c3:3b:44:43:6e:a0:bf:da:7c:
                    bd:36:54:2c:aa:8b:ad:86:e1:4d:84:ac:2f:6b:7d:
                    3a:57:e6:91:5a:6e:bb:d8:a5:50:3c:e5:b9:6a:35:
                    83:c7:2d:bb:3c:fd:02:7a:45:7c:f9:5a:ae:4e:ab:
                    a2:11:e1:a7:d5:68:4d:b7:5c:b6:6d:12:9a:7b:da:
                    59:ea:bd:35:ad:9e:43:7d:e5:ed:d9:04:78:dd:a4:
                    d5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A0:90:EF:D6:88:F3:6E:44:31:CB:99:CD:9E:CD:F7:89:C4:D0:1F
            X509v3 Authority Key Identifier:
                keyid:B4:38:0B:9B:8C:07:04:57:ED:54:BC:45:D1:2D:DD:D2:44:E0:6D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDgLm4wHBFftVLxF0S3d0kTgbVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/36CQ79aI825EMcuZzZ7N94nE0B8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/bc92e6-c8ee-48f0-ae7f-36ccb5a06195/1/tDgLm4wHBFftVLxF0S3d0kTgbVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.1.0-185.100.2.255
                  217.30.89.0-217.30.90.255
                IPv6:
                  2a10:eec0:d::-2a10:eec0:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         3c:f6:71:93:d2:fe:30:30:ca:7d:c5:21:66:87:ad:6b:b8:73:
         40:fa:ad:cb:ab:d9:37:7b:d2:d3:da:91:c3:4d:ba:63:08:6e:
         a9:bf:7f:13:8b:f5:c5:bc:7d:c1:20:c3:a1:e5:0a:d4:81:6a:
         f1:8c:6b:d9:1d:10:e0:30:af:8e:42:c8:9f:8e:8f:dc:a0:1f:
         73:ef:01:ca:e1:84:72:11:81:f2:cd:e1:af:c6:1e:70:0e:fe:
         45:48:91:21:8b:43:71:d1:23:25:8d:e7:92:43:85:ac:57:81:
         cc:35:05:a1:ea:90:f2:66:e5:c1:d4:f1:c2:bc:be:ae:e6:94:
         cb:84:fa:20:41:b0:28:47:73:33:e5:cf:f9:af:0f:42:24:30:
         12:8c:47:39:07:3e:bb:09:a1:f8:a9:4f:12:a2:b0:06:10:8f:
         89:50:a8:54:f2:6b:cd:b7:34:65:22:4e:4e:71:98:cd:24:6f:
         d2:85:4d:56:f5:85:1d:83:7f:52:27:05:c2:c3:d6:05:48:8e:
         71:d5:8c:5f:b5:5b:f9:1d:78:87:1d:ad:91:02:51:73:88:bd:
         66:0d:d9:66:04:a5:08:30:37:01:48:a3:b6:b8:6a:44:80:16:
         ab:a8:97:2f:1c:0c:d9:c3:e4:38:70:d2:5c:b4:f7:0b:11:48:
         ae:d3:f7:c1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZHmPlBJTzdP0/HCQCvHpBBNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzgwYjliOGMwNzA0NTdlZDU0YmM0NWQxMmRkZGQyNDRl
MDZkNTIwHhcNMjQwOTEyMTIzODQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmEwOTBlZmQ2ODhmMzZlNDQzMWNiOTljZDllY2RmNzg5YzRkMDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5QdKhJgwDnFpwYdH/VfPUfXIAdrC
xhagI+KIr7LDk91QeQ9QCyPN421Wb1WCHdgUqVxYgymvou+OsckiylMJMt/fG+4t
ShZSAqTmUEzRVTHrrEYMonIKOSnLyI1xAAf/PYpEAzIyBEr3QzvQ/jLnqq1rEzfu
J8pdbbJevhvOu9pMVSrS9Og9Lw4QRkO+uIB9R+YDBQgkLHpH0+eQLqllHMFAjzZe
37As5y3DO0RDbqC/2ny9NlQsqouthuFNhKwva306V+aRWm672KVQPOW5ajWDxy27
PP0CekV8+VquTquiEeGn1WhNt1y2bRKae9pZ6r01rZ5DfeXt2QR43aTV6QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFN+gkO/WiPNuRDHLmc2ezfeJxNAfMB8GA1UdIwQY
MBaAFLQ4C5uMBwRX7VS8RdEt3dJE4G1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2Yt
MzZjY2I1YTA2MTk1LzEvMzZDUTc5YUk4MjVFTWN1WnpaN045NG5FMEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9iYzkyZTYtYzhlZS00OGYwLWFlN2YtMzZjY2I1YTA2MTk1
LzEvdERnTG00d0hCRmZ0Vkx4RjBTM2Qwa1RnYlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAiBAIAATAcMAwDBAC5ZAED
BAC5ZAIwDAMEANkeWQMEANkeWjAYBAIAAjASMBADBwAqEO7AAA0DBQAqEO7AMA0G
CSqGSIb3DQEBCwUAA4IBAQA89nGT0v4wMMp9xSFmh61ruHNA+q3Lq9k3e9LT2pHD
TbpjCG6pv38Ti/XFvH3BIMOh5QrUgWrxjGvZHRDgMK+OQsifjo/coB9z7wHK4YRy
EYHyzeGvxh5wDv5FSJEhi0Nx0SMljeeSQ4WsV4HMNQWh6pDyZuXB1PHCvL6u5pTL
hPogQbAoR3Mz5c/5rw9CJDASjEc5Bz67CaH4qU8SorAGEI+JUKhU8mvNtzRlIk5O
cZjNJG/ShU1W9YUdg39SJwXCw9YFSI5x1YxftVv5HXiHHa2RAlFziL1mDdlmBKUI
MDcBSKO2uGpEgBarqJcvHAzZw+Q4cNJctPcLEUiu0/fB
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:53:51 2024 by rpki-client on console-fra.rpki-client.org