Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1gQ3vn4QFiOlFD_5b0r23zzWUew.roa
File:                     1gQ3vn4QFiOlFD_5b0r23zzWUew.roa (raw, json)
Hash identifier:          /haNJNDmqdwf7ESaR3P6+fOq3DqHOaqFv8N0z1nsrQM=
Subject key identifier:   D6:04:37:BE:7E:10:16:23:A5:14:3F:F9:6F:4A:F6:DF:3C:D6:51:EC
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB6707E7B500D413385288287B11AB
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1gQ3vn4QFiOlFD_5b0r23zzWUew.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199785
IP address blocks:        194.28.225.0/24 maxlen: 24
                          194.28.226.0/24 maxlen: 24
                          194.28.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:67:07:e7:b5:00:d4:13:38:52:88:28:7b:11:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d60437be7e101623a5143ff96f4af6df3cd651ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f3:a6:34:3a:82:fb:34:45:14:a1:97:aa:49:
                    6d:3c:d9:9e:ce:a6:b3:76:03:fd:d0:7b:b0:c0:ab:
                    7a:f4:d4:58:62:ff:95:7b:ec:7c:8f:c6:61:29:66:
                    64:4e:16:30:ce:b3:f7:ff:ab:21:c0:30:98:5f:dc:
                    6b:4e:2b:18:e3:46:97:9f:ba:20:46:fe:c3:5b:c8:
                    74:03:bc:f8:a2:8d:75:21:6a:55:39:6e:c5:06:0e:
                    7f:8e:58:ff:d9:c0:8c:c0:09:5a:ff:a3:aa:39:08:
                    7d:6e:5a:a1:a0:e9:da:8d:57:32:b0:e1:a4:7f:ad:
                    ba:5b:a3:5b:ea:cd:e7:13:9b:c9:cc:56:4a:97:3f:
                    f8:17:2a:e1:0d:96:45:8a:e7:b6:19:41:bc:fc:f3:
                    b4:72:b9:cc:d4:7e:9e:52:ce:d6:f4:6e:a4:05:ac:
                    5d:57:0d:b9:4d:27:26:3c:e1:e5:4d:ac:fd:af:73:
                    3c:32:5c:3c:4a:c6:01:ca:da:d9:94:90:56:21:1e:
                    6c:1d:69:28:2d:4b:d1:4a:10:50:f2:da:54:fc:ba:
                    5a:7b:78:13:50:85:d4:e2:8d:6e:89:c3:e0:9b:d0:
                    8f:2c:1e:13:96:73:ad:2c:6a:ad:f8:86:76:c4:77:
                    47:20:57:f1:39:ae:6f:93:b2:45:47:c7:40:2a:04:
                    e8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:04:37:BE:7E:10:16:23:A5:14:3F:F9:6F:4A:F6:DF:3C:D6:51:EC
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1gQ3vn4QFiOlFD_5b0r23zzWUew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.224.0-194.28.226.255

    Signature Algorithm: sha256WithRSAEncryption
         9a:08:cf:dc:e8:20:a1:da:2c:30:5b:00:95:38:4b:77:aa:fc:
         41:d2:21:68:1d:f7:90:3f:f5:fb:3a:ca:7e:b2:20:38:0a:bd:
         03:5f:d7:a7:42:73:0b:a7:2d:d7:ae:24:8b:24:02:d4:79:8a:
         c4:c2:8a:49:75:1b:0f:fb:db:47:ce:03:e3:d3:43:7e:f8:fc:
         46:f1:9c:0a:25:7f:10:85:dd:03:6e:79:97:5c:22:3b:f9:65:
         91:b2:35:ae:da:50:46:13:b4:da:d8:ac:a3:18:34:37:13:53:
         69:53:64:ce:0a:07:02:48:81:57:03:29:8b:93:50:85:ae:69:
         16:50:a2:4c:9c:71:a5:8d:5f:36:74:1c:c5:1f:45:92:71:43:
         3f:ea:f2:d8:c7:36:24:d3:04:60:ff:50:8f:87:35:ec:da:f9:
         d8:81:b6:d3:3f:2b:f2:ff:80:64:51:60:d5:cf:bf:2c:a2:08:
         cd:01:07:23:a6:7d:5a:78:c2:24:13:16:62:32:07:2a:f9:08:
         c0:84:23:5b:8b:f5:28:11:96:21:66:dd:54:bc:32:3b:77:0a:
         ea:f0:ba:87:62:24:87:d8:1f:05:35:b3:6b:e8:fa:20:b7:e0:
         fc:7a:00:9e:cb:68:76:30:62:70:d9:14:bf:40:a1:29:02:0d:
         99:7d:54:cd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC22cH57UA1BM4UogoexGrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjA0MzdiZTdlMTAxNjIzYTUxNDNmZjk2ZjRhZjZkZjNjZDY1MWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/OmNDqC+zRFFKGXqkltPNmezqaz
dgP90HuwwKt69NRYYv+Ve+x8j8ZhKWZkThYwzrP3/6shwDCYX9xrTisY40aXn7og
Rv7DW8h0A7z4oo11IWpVOW7FBg5/jlj/2cCMwAla/6OqOQh9blqhoOnajVcysOGk
f626W6Nb6s3nE5vJzFZKlz/4FyrhDZZFiue2GUG8/PO0crnM1H6eUs7W9G6kBaxd
Vw25TScmPOHlTaz9r3M8Mlw8SsYBytrZlJBWIR5sHWkoLUvRShBQ8tpU/Lpae3gT
UIXU4o1uicPgm9CPLB4TlnOtLGqt+IZ2xHdHIFfxOa5vk7JFR8dAKgToqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNYEN75+EBYjpRQ/+W9K9t881lHsMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvMWdRM3ZuNFFGaU9sRkRfNWIwcjIzenpXVWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAXCHOAD
BADCHOIwDQYJKoZIhvcNAQELBQADggEBAJoIz9zoIKHaLDBbAJU4S3eq/EHSIWgd
95A/9fs6yn6yIDgKvQNf16dCcwunLdeuJIskAtR5isTCikl1Gw/720fOA+PTQ374
/EbxnAolfxCF3QNueZdcIjv5ZZGyNa7aUEYTtNrYrKMYNDcTU2lTZM4KBwJIgVcD
KYuTUIWuaRZQokyccaWNXzZ0HMUfRZJxQz/q8tjHNiTTBGD/UI+HNeza+diBttM/
K/L/gGRRYNXPvyyiCM0BByOmfVp4wiQTFmIyByr5CMCEI1uL9SgRliFm3VS8Mjt3
CurwuodiJIfYHwU1s2vo+iC34Px6AJ7LaHYwYnDZFL9AoSkCDZl9VM0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:31:27 2024 by rpki-client on console-ams.rpki-client.org