Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/oapjgekOqiByr2q-v2wpbgLNhKA.roa
File:                     oapjgekOqiByr2q-v2wpbgLNhKA.roa (raw, json)
Hash identifier:          kPZsOxeUKVHmnVkKNEmKuVSu5qQigMqC+CkbQugGuJw=
Subject key identifier:   A1:AA:63:81:E9:0E:AA:20:72:AF:6A:BE:BF:6C:29:6E:02:CD:84:A0
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018F967B28B7EF7079DD6B629001FBF9CF37
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/oapjgekOqiByr2q-v2wpbgLNhKA.roa
Signing time:             Mon 20 May 2024 14:50:04 +0000
ROA not before:           Mon 20 May 2024 14:50:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216068
IP address blocks:        147.45.176.0/24 maxlen: 24
                          147.45.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:40:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:96:7b:28:b7:ef:70:79:dd:6b:62:90:01:fb:f9:cf:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: May 20 14:50:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1aa6381e90eaa2072af6abebf6c296e02cd84a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7a:3a:07:4d:6d:fd:36:74:40:f8:20:9c:41:
                    4d:13:d0:16:15:95:8d:8c:c0:63:66:b7:3d:d1:b1:
                    e8:ee:5d:77:5a:5d:f7:ee:68:4b:0b:de:e4:ee:d6:
                    45:ba:65:d6:17:2a:d9:70:f1:a8:7e:3a:cc:34:e4:
                    a7:03:b3:52:f5:31:d3:4d:dc:00:c7:f8:82:ab:8f:
                    4e:90:86:96:0f:01:f5:d3:66:6d:b7:60:26:3a:5b:
                    a0:7e:89:e4:c7:07:e5:1d:7a:63:a5:d7:e7:a9:cb:
                    3d:1d:95:6e:ae:4b:b3:db:84:7a:de:f8:23:dd:71:
                    12:2b:c5:8e:e0:5e:03:ca:7e:62:f1:23:71:7a:dc:
                    54:be:14:70:83:e8:15:e4:5d:fc:bd:de:75:f8:09:
                    d9:b2:68:d4:0d:7f:b9:34:7a:80:16:59:eb:33:84:
                    46:ab:66:51:29:9e:a7:44:06:6a:6a:d2:eb:cd:c3:
                    8f:33:c7:75:bc:69:b5:78:3a:20:63:1b:f8:2a:74:
                    32:77:74:e3:75:19:f0:c4:35:15:39:8c:e7:49:fe:
                    cc:a1:71:e9:44:a9:51:d4:99:50:c4:42:26:cc:04:
                    5c:66:3d:85:49:ce:c1:01:ad:86:e6:64:5b:6c:a7:
                    7d:5d:0d:67:c6:17:95:04:47:a2:ed:6b:c8:8a:be:
                    eb:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:AA:63:81:E9:0E:AA:20:72:AF:6A:BE:BF:6C:29:6E:02:CD:84:A0
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/oapjgekOqiByr2q-v2wpbgLNhKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.176.0/24
                  147.45.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:b3:77:34:78:e0:34:12:a8:05:4c:5e:70:ff:30:22:be:74:
         39:60:ac:87:be:8c:80:9e:79:8e:d2:82:af:a9:ca:39:5c:ad:
         91:ce:ef:f4:09:b9:f8:d3:9a:69:4f:fd:5a:36:38:bc:35:9a:
         7b:8a:14:82:ca:76:ba:4b:27:50:86:e8:b9:97:e0:e0:49:fc:
         f8:72:5b:f2:3d:95:ac:d1:0a:9d:18:40:e0:35:7d:e0:59:0f:
         4f:0e:85:38:62:0a:30:95:8b:6e:3b:0a:05:4a:e4:22:7a:b9:
         b9:25:f2:06:37:ce:0a:90:0a:03:17:6a:92:b0:28:1b:5a:48:
         d9:49:a2:30:4f:5e:45:b5:92:cc:98:8b:58:4c:1b:b9:04:52:
         18:1f:f3:08:ff:ae:5b:a4:40:1b:b9:22:ee:6a:93:2c:85:47:
         38:ea:77:fe:87:29:82:2c:22:92:39:61:dd:60:dd:2e:16:fe:
         0d:ea:36:5a:5a:39:e9:56:75:c6:50:21:44:a3:a2:aa:fb:59:
         a5:2e:07:26:5b:fc:68:07:b5:bb:21:62:8d:cb:9e:7d:49:9a:
         94:c6:8b:28:99:2e:3d:a0:43:44:04:1f:e8:92:49:da:f0:c7:
         74:5b:60:45:f5:74:51:ec:f8:10:32:4a:a4:d2:4e:a4:78:eb:
         ee:6f:ea:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+Weyi373B53WtikAH7+c83MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNTIwMTQ1MDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWFhNjM4MWU5MGVhYTIwNzJhZjZhYmViZjZjMjk2ZTAyY2Q4NGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13o6B01t/TZ0QPggnEFNE9AWFZWN
jMBjZrc90bHo7l13Wl337mhLC97k7tZFumXWFyrZcPGofjrMNOSnA7NS9THTTdwA
x/iCq49OkIaWDwH102Ztt2AmOlugfonkxwflHXpjpdfnqcs9HZVurkuz24R63vgj
3XESK8WO4F4Dyn5i8SNxetxUvhRwg+gV5F38vd51+AnZsmjUDX+5NHqAFlnrM4RG
q2ZRKZ6nRAZqatLrzcOPM8d1vGm1eDogYxv4KnQyd3TjdRnwxDUVOYznSf7MoXHp
RKlR1JlQxEImzARcZj2FSc7BAa2G5mRbbKd9XQ1nxheVBEei7WvIir7r9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKGqY4HpDqogcq9qvr9sKW4CzYSgMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvb2Fwamdla09xaUJ5cjJxLXYyd3BiZ0xOaEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAky2wAwQA
ky28MA0GCSqGSIb3DQEBCwUAA4IBAQCTs3c0eOA0EqgFTF5w/zAivnQ5YKyHvoyA
nnmO0oKvqco5XK2Rzu/0Cbn405ppT/1aNji8NZp7ihSCyna6SydQhui5l+DgSfz4
clvyPZWs0QqdGEDgNX3gWQ9PDoU4YgowlYtuOwoFSuQierm5JfIGN84KkAoDF2qS
sCgbWkjZSaIwT15FtZLMmItYTBu5BFIYH/MI/65bpEAbuSLuapMshUc46nf+hymC
LCKSOWHdYN0uFv4N6jZaWjnpVnXGUCFEo6Kq+1mlLgcmW/xoB7W7IWKNy559SZqU
xosomS49oENEBB/okkna8Md0W2BF9XRR7PgQMkqk0k6keOvub+rr
-----END CERTIFICATE-----
Generated at Sun Jun 16 19:35:16 2024 by rpki-client on console-fra.rpki-client.org