Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/DdSiKc3lYNCxjCxCbUWfSAB9P1I.roa
File:                     DdSiKc3lYNCxjCxCbUWfSAB9P1I.roa (raw, json)
Hash identifier:          tBeWqTvz3zRDL9oV8mIg8hjrXVuNN4OWX6jdvmCeA44=
Subject key identifier:   0D:D4:A2:29:CD:E5:60:D0:B1:8C:2C:42:6D:45:9F:48:00:7D:3F:52
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       018CC72662D0D065B878E0B1AF5CEDA75304
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/DdSiKc3lYNCxjCxCbUWfSAB9P1I.roa
Signing time:             Mon 01 Jan 2024 22:30:30 +0000
ROA not before:           Mon 01 Jan 2024 22:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        185.200.204.0/24 maxlen: 24
                          185.200.204.0/23 maxlen: 23
                          185.200.206.0/23 maxlen: 23
                          185.200.206.0/24 maxlen: 24
                          185.200.205.0/24 maxlen: 24
                          185.200.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:62:d0:d0:65:b8:78:e0:b1:af:5c:ed:a7:53:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Jan  1 22:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dd4a229cde560d0b18c2c426d459f48007d3f52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e2:fa:c6:f8:a0:fb:3e:58:92:6e:e1:2f:c9:
                    67:07:b1:ee:6a:43:2f:cd:d0:41:3f:e2:e7:e9:9f:
                    29:2e:dd:b0:e5:ce:41:f7:db:d8:01:9b:2f:68:32:
                    ab:7d:e8:04:f6:0d:3b:fd:8f:8a:d1:72:37:18:37:
                    b6:e3:a8:3d:77:67:2c:5e:fc:5f:5a:8e:84:54:fb:
                    02:ba:cf:9c:84:39:27:a0:fc:87:8b:4d:37:0d:a9:
                    bf:5d:02:c7:aa:28:9b:29:66:21:cb:6b:28:ed:e3:
                    6f:b4:d1:59:ca:51:a6:cf:53:00:20:11:04:a3:7f:
                    f5:4e:93:6f:4a:fd:c2:9d:fc:03:4e:b8:58:f6:2d:
                    a6:ad:ed:0f:d2:33:fc:99:66:f9:d5:1c:9a:b6:87:
                    d5:c9:ed:d2:bf:18:3b:4a:ed:f5:74:05:f8:79:97:
                    fb:3b:2b:ba:96:01:f0:3b:41:44:5f:85:67:83:94:
                    38:91:29:43:f3:49:1d:fd:29:ff:71:04:f5:56:23:
                    29:f0:f8:2c:02:51:8f:c5:76:f1:86:cd:58:10:51:
                    7a:c1:11:0d:50:0c:e1:7b:bb:a1:cf:95:f4:35:7b:
                    74:69:36:db:6f:aa:57:6d:b2:b7:6f:75:5e:f2:b1:
                    df:de:a1:7e:9a:82:45:92:69:5d:80:40:d0:08:7d:
                    90:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D4:A2:29:CD:E5:60:D0:B1:8C:2C:42:6D:45:9F:48:00:7D:3F:52
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/DdSiKc3lYNCxjCxCbUWfSAB9P1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:da:36:19:bd:07:88:71:bc:be:85:4b:15:39:c1:12:c6:4d:
         71:c6:58:27:91:31:32:35:c3:5c:a8:70:65:38:c0:e2:84:f8:
         89:a6:d2:46:43:c7:c2:9d:88:3b:fd:54:a0:23:d8:20:3f:bc:
         a1:9a:8c:20:65:4f:11:ac:02:7e:17:fe:52:a6:4e:bc:a8:4f:
         3b:c9:fa:a6:cf:d7:32:96:c0:a9:b1:ab:39:c8:db:c1:29:86:
         85:49:ca:6a:fe:17:d5:ca:77:5d:47:67:e5:ec:bf:de:fe:e2:
         cf:96:b2:61:0a:83:ab:8a:a4:5f:ba:d8:84:4d:3e:6b:12:47:
         54:b5:92:98:c7:4a:e7:84:9d:0d:38:c4:9a:f2:ba:bb:b8:05:
         01:60:e9:fd:43:b1:63:b4:67:0f:c3:a5:93:4b:e0:65:2b:6e:
         9d:6f:6b:4e:4e:df:b2:87:5d:c7:eb:81:93:9a:3b:5f:93:de:
         9a:e5:0d:2a:1a:d3:49:f2:b6:74:a1:b9:0f:5a:b4:dc:2c:bc:
         f3:d0:85:d5:ec:1e:b8:d9:a7:36:21:56:f1:f9:7b:2b:76:35:
         d3:74:9d:d6:2f:11:30:44:ab:53:33:13:af:00:19:6f:f6:8a:
         bc:0d:63:f8:85:5b:b5:31:93:3d:ac:ec:35:54:b5:67:6b:7e:
         49:28:f7:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJmLQ0GW4eOCxr1ztp1MEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjQwMTAxMjIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGQ0YTIyOWNkZTU2MGQwYjE4YzJjNDI2ZDQ1OWY0ODAwN2QzZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreL6xvig+z5Ykm7hL8lnB7HuakMv
zdBBP+Ln6Z8pLt2w5c5B99vYAZsvaDKrfegE9g07/Y+K0XI3GDe246g9d2csXvxf
Wo6EVPsCus+chDknoPyHi003Dam/XQLHqiibKWYhy2so7eNvtNFZylGmz1MAIBEE
o3/1TpNvSv3CnfwDTrhY9i2mre0P0jP8mWb51RyatofVye3Svxg7Su31dAX4eZf7
Oyu6lgHwO0FEX4Vng5Q4kSlD80kd/Sn/cQT1ViMp8PgsAlGPxXbxhs1YEFF6wREN
UAzhe7uhz5X0NXt0aTbbb6pXbbK3b3Ve8rHf3qF+moJFkmldgEDQCH2QnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3UoinN5WDQsYwsQm1Fn0gAfT9SMB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEvRGRTaUtjM2xZTkN4akN4Q2JVV2ZTQUI5UDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucjMMA0G
CSqGSIb3DQEBCwUAA4IBAQBr2jYZvQeIcby+hUsVOcESxk1xxlgnkTEyNcNcqHBl
OMDihPiJptJGQ8fCnYg7/VSgI9ggP7yhmowgZU8RrAJ+F/5Spk68qE87yfqmz9cy
lsCpsas5yNvBKYaFScpq/hfVynddR2fl7L/e/uLPlrJhCoOriqRfutiETT5rEkdU
tZKYx0rnhJ0NOMSa8rq7uAUBYOn9Q7FjtGcPw6WTS+BlK26db2tOTt+yh13H64GT
mjtfk96a5Q0qGtNJ8rZ0obkPWrTcLLzz0IXV7B642ac2IVbx+XsrdjXTdJ3WLxEw
RKtTMxOvABlv9oq8DWP4hVu1MZM9rOw1VLVna35JKPcR
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:13:39 2024 by rpki-client on console-fra.rpki-client.org