Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/08900f-b361-47ad-893f-7351f869b42b/1/sS0fxhlxEWRjsQnEqbS6yWekaY0.roa
File:                     sS0fxhlxEWRjsQnEqbS6yWekaY0.roa (raw, json)
Hash identifier:          k3UwApZeg9rkiGbd9RxIU7LsmtmI1sA6qY1pt+k7ypo=
Subject key identifier:   B1:2D:1F:C6:19:71:11:64:63:B1:09:C4:A9:B4:BA:C9:67:A4:69:8D
Certificate issuer:       /CN=6090cdd31d3a71da1ce4a4bd85f1987e3ca4eafa
Certificate serial:       018CC94E4F8576F67FCC1E9711C84318A70A
Authority key identifier: 60:90:CD:D3:1D:3A:71:DA:1C:E4:A4:BD:85:F1:98:7E:3C:A4:EA:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YJDN0x06cdoc5KS9hfGYfjyk6vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/08900f-b361-47ad-893f-7351f869b42b/1/sS0fxhlxEWRjsQnEqbS6yWekaY0.roa
Signing time:             Tue 02 Jan 2024 08:33:21 +0000
ROA not before:           Tue 02 Jan 2024 08:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50289
IP address blocks:        88.84.193.0/24 maxlen: 24
                          88.84.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/08900f-b361-47ad-893f-7351f869b42b/1/YJDN0x06cdoc5KS9hfGYfjyk6vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/08900f-b361-47ad-893f-7351f869b42b/1/YJDN0x06cdoc5KS9hfGYfjyk6vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YJDN0x06cdoc5KS9hfGYfjyk6vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:4f:85:76:f6:7f:cc:1e:97:11:c8:43:18:a7:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6090cdd31d3a71da1ce4a4bd85f1987e3ca4eafa
        Validity
            Not Before: Jan  2 08:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b12d1fc61971116463b109c4a9b4bac967a4698d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:80:6c:4c:54:07:f7:e2:9c:36:f7:2a:0f:77:
                    d4:af:a5:f9:d0:7b:df:20:58:ee:c7:d4:81:5e:94:
                    cd:be:c6:a5:35:eb:7d:af:8f:b2:9b:9b:2c:fc:d4:
                    6b:96:68:82:15:12:2d:fc:02:8c:31:7c:01:2a:12:
                    ae:08:9f:c4:7c:ae:85:10:bf:cf:90:7e:ba:8e:fe:
                    df:9b:b6:33:84:bd:66:67:6d:4c:1b:6d:8d:71:8a:
                    f6:fa:50:64:e3:7c:41:ae:f9:96:a3:17:83:89:4a:
                    7d:43:b5:e2:8b:ce:35:32:a4:1f:07:11:d3:d5:17:
                    06:d3:4b:25:29:c2:75:ee:e5:f5:91:d1:1f:10:e0:
                    61:01:1b:d0:97:8b:b0:bd:71:cf:cf:45:8a:18:ca:
                    39:f9:bc:ef:8d:75:95:a3:0c:10:6d:e5:7b:05:4b:
                    53:85:d0:65:71:a7:4f:53:c8:60:d1:2b:d1:f7:dc:
                    78:10:57:e5:7b:e5:2b:dc:65:24:8a:63:1b:7d:d9:
                    41:f1:90:26:d0:fb:42:3c:2c:db:a1:97:39:a5:f9:
                    bf:80:48:00:44:19:3b:86:a1:f0:32:3d:fd:11:19:
                    97:84:f2:e4:84:c7:fa:b1:1a:74:2a:51:39:06:5f:
                    33:33:f5:10:e4:41:16:db:8d:ae:fc:5b:46:12:75:
                    ca:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:2D:1F:C6:19:71:11:64:63:B1:09:C4:A9:B4:BA:C9:67:A4:69:8D
            X509v3 Authority Key Identifier:
                keyid:60:90:CD:D3:1D:3A:71:DA:1C:E4:A4:BD:85:F1:98:7E:3C:A4:EA:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YJDN0x06cdoc5KS9hfGYfjyk6vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/08900f-b361-47ad-893f-7351f869b42b/1/sS0fxhlxEWRjsQnEqbS6yWekaY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/08900f-b361-47ad-893f-7351f869b42b/1/YJDN0x06cdoc5KS9hfGYfjyk6vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.193.0/24
                  88.84.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:e6:f9:9e:ab:8f:75:04:64:87:d0:28:65:0e:3c:04:50:88:
         00:10:cc:43:4a:35:71:b0:61:44:48:ea:5b:34:0c:bf:46:4f:
         f3:a3:7b:33:94:28:2f:fd:50:42:0d:4b:34:4d:b5:9b:60:ac:
         bf:48:77:d8:88:d5:2d:90:c0:66:a4:7f:82:f8:dd:4f:76:ff:
         71:a9:cf:1f:3d:95:d2:d5:91:ff:c9:ab:fc:e4:c8:31:e2:52:
         24:b4:f3:79:89:12:66:c9:38:fe:98:db:1d:e6:77:43:6e:35:
         73:ec:ad:e2:19:7c:e5:f8:4e:72:9b:fa:ad:ec:50:f3:ee:b4:
         9b:95:6f:40:af:36:a2:d9:0f:69:59:e9:69:ed:3f:e0:0c:e9:
         34:7a:43:3e:20:34:9f:25:fe:c2:1c:3f:de:a8:40:a6:51:92:
         c0:39:dd:50:64:ca:81:40:36:03:43:96:2f:89:99:78:e4:25:
         7e:7f:da:ef:d0:99:5a:1b:0c:2d:f8:6c:f3:04:d1:99:e0:36:
         39:6a:d2:5c:e0:31:e0:95:ba:a6:98:38:82:c9:34:88:29:92:
         26:49:52:1b:c9:e1:10:99:6c:d7:17:8d:05:91:d1:9a:ff:8b:
         de:3b:e4:e1:c0:d2:ac:a8:d8:c8:36:ca:4b:cf:ba:b7:74:bb:
         68:21:72:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTk+FdvZ/zB6XEchDGKcKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOTBjZGQzMWQzYTcxZGExY2U0YTRiZDg1ZjE5ODdlM2Nh
NGVhZmEwHhcNMjQwMTAyMDgzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTJkMWZjNjE5NzExMTY0NjNiMTA5YzRhOWI0YmFjOTY3YTQ2OThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoBsTFQH9+KcNvcqD3fUr6X50Hvf
IFjux9SBXpTNvsalNet9r4+ym5ss/NRrlmiCFRIt/AKMMXwBKhKuCJ/EfK6FEL/P
kH66jv7fm7YzhL1mZ21MG22NcYr2+lBk43xBrvmWoxeDiUp9Q7Xii841MqQfBxHT
1RcG00slKcJ17uX1kdEfEOBhARvQl4uwvXHPz0WKGMo5+bzvjXWVowwQbeV7BUtT
hdBlcadPU8hg0SvR99x4EFfle+Ur3GUkimMbfdlB8ZAm0PtCPCzboZc5pfm/gEgA
RBk7hqHwMj39ERmXhPLkhMf6sRp0KlE5Bl8zM/UQ5EEW242u/FtGEnXK8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLEtH8YZcRFkY7EJxKm0uslnpGmNMB8GA1UdIwQY
MBaAFGCQzdMdOnHaHOSkvYXxmH48pOr6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUpETjB4MDZjZG9jNUtTOWhmR1lmanlrNnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8wODkwMGYtYjM2MS00N2FkLTg5M2Yt
NzM1MWY4NjliNDJiLzEvc1MwZnhobHhFV1Jqc1FuRXFiUzZ5V2VrYVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8wODkwMGYtYjM2MS00N2FkLTg5M2YtNzM1MWY4NjliNDJi
LzEvWUpETjB4MDZjZG9jNUtTOWhmR1lmanlrNnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWFTBAwQA
WFTQMA0GCSqGSIb3DQEBCwUAA4IBAQB85vmeq491BGSH0ChlDjwEUIgAEMxDSjVx
sGFESOpbNAy/Rk/zo3szlCgv/VBCDUs0TbWbYKy/SHfYiNUtkMBmpH+C+N1Pdv9x
qc8fPZXS1ZH/yav85Mgx4lIktPN5iRJmyTj+mNsd5ndDbjVz7K3iGXzl+E5ym/qt
7FDz7rSblW9Arzai2Q9pWelp7T/gDOk0ekM+IDSfJf7CHD/eqECmUZLAOd1QZMqB
QDYDQ5YviZl45CV+f9rv0JlaGwwt+GzzBNGZ4DY5atJc4DHglbqmmDiCyTSIKZIm
SVIbyeEQmWzXF40FkdGa/4veO+ThwNKsqNjINspLz7q3dLtoIXLv
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:35:11 2024 by rpki-client on console-ams.rpki-client.org