Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/OG8L4yd0LzOMp6o0XUtlSWrcsp4.roa
File:                     OG8L4yd0LzOMp6o0XUtlSWrcsp4.roa (raw, json)
Hash identifier:          Biv6V1jcJV2BNpdTs8w89i5mI6F0lipZootlGh5QXZI=
Subject key identifier:   38:6F:0B:E3:27:74:2F:33:8C:A7:AA:34:5D:4B:65:49:6A:DC:B2:9E
Certificate issuer:       /CN=1a3e970ed62771343a096ffb2efc26abb7ed68af
Certificate serial:       018CC5DC411748931252D3C6F0628FB33D08
Authority key identifier: 1A:3E:97:0E:D6:27:71:34:3A:09:6F:FB:2E:FC:26:AB:B7:ED:68:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/OG8L4yd0LzOMp6o0XUtlSWrcsp4.roa
Signing time:             Mon 01 Jan 2024 16:29:55 +0000
ROA not before:           Mon 01 Jan 2024 16:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39771
IP address blocks:        195.42.0.0/19 maxlen: 19
                          195.42.32.0/20 maxlen: 20
                          194.4.72.0/21 maxlen: 21
                          195.42.48.0/21 maxlen: 21
                          195.42.56.0/22 maxlen: 22
                          194.4.80.0/20 maxlen: 20
                          195.42.60.0/23 maxlen: 23
                          195.42.62.0/23 maxlen: 23
                          194.4.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:41:17:48:93:12:52:d3:c6:f0:62:8f:b3:3d:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a3e970ed62771343a096ffb2efc26abb7ed68af
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=386f0be327742f338ca7aa345d4b65496adcb29e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:af:87:93:c2:84:0e:84:e9:0d:a6:1b:36:80:
                    ba:cf:1f:e8:54:3b:72:c2:d6:4c:05:12:cb:62:bd:
                    34:67:8e:48:43:a4:f6:18:2c:c7:81:91:79:0f:df:
                    82:91:31:30:a3:18:ea:d7:63:f7:e4:93:83:f3:60:
                    eb:df:d7:35:ee:41:5f:a3:a5:e0:de:14:9b:fc:53:
                    3e:37:25:e5:fe:c6:d0:a6:72:6a:19:82:ad:f0:de:
                    1b:eb:2d:82:c4:29:ea:e4:38:97:6d:d9:41:43:c9:
                    74:91:0f:06:21:52:93:98:27:cd:3d:e5:9c:9a:e8:
                    c8:51:d0:25:9e:c0:48:5f:73:0e:14:6b:c9:07:f5:
                    6f:d4:72:1a:4b:c3:e3:68:22:70:d9:a5:24:0f:30:
                    df:d8:09:50:6e:93:93:d4:fc:41:37:39:3c:2d:85:
                    98:82:fb:02:42:e7:40:de:80:61:10:ea:ee:51:92:
                    de:16:13:e2:8f:21:07:59:fc:59:69:ae:3f:3b:0d:
                    af:31:39:0d:1b:d8:64:8f:c2:f9:f7:d8:d8:42:2a:
                    82:60:04:fc:99:af:1b:eb:54:c2:d0:a6:9e:63:ca:
                    2a:91:e9:8e:38:e8:e9:2f:c9:35:e1:dd:2f:d6:32:
                    d0:4c:fe:13:fa:38:5c:bb:50:49:1e:d4:fd:ce:62:
                    f3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6F:0B:E3:27:74:2F:33:8C:A7:AA:34:5D:4B:65:49:6A:DC:B2:9E
            X509v3 Authority Key Identifier:
                keyid:1A:3E:97:0E:D6:27:71:34:3A:09:6F:FB:2E:FC:26:AB:B7:ED:68:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/OG8L4yd0LzOMp6o0XUtlSWrcsp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.72.0-194.4.99.255
                  195.42.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d6:1c:f2:27:f3:83:c4:de:ab:e3:76:2d:41:4d:ab:45:b8:0f:
         7e:2a:b2:76:d7:4e:b1:f9:ca:c9:70:fa:3f:4e:2d:31:54:12:
         cd:8a:c1:7e:35:a5:2d:68:6f:5c:59:21:7e:cc:73:87:9a:38:
         1e:9e:2c:21:76:26:c3:89:0c:5f:20:9c:ed:28:c8:e0:92:73:
         bb:f6:fc:43:e6:de:9a:29:9f:e6:b6:89:3e:d1:58:cd:6a:a6:
         25:ce:73:32:3d:69:60:b9:58:eb:32:82:d3:d2:6c:7e:80:a6:
         f0:11:75:6c:f0:ca:7c:66:c0:fe:58:97:91:fb:66:64:8a:27:
         9a:33:7a:90:35:9d:10:ed:2f:50:c5:a7:d4:86:d0:ea:48:93:
         9d:f3:50:8d:48:46:51:ba:38:7c:84:77:8f:ee:ed:01:57:18:
         40:61:ff:3f:c0:cb:7b:4b:25:bf:0d:85:3d:92:5c:f0:1c:79:
         b9:81:78:2f:a6:b6:f5:28:b9:84:05:55:bb:34:6d:3a:57:16:
         71:8b:23:1f:23:e5:3a:bf:4c:73:27:47:3e:3e:a7:35:10:1a:
         d2:63:f9:df:17:96:62:d1:a0:7f:db:5d:31:a0:81:b3:18:54:
         f9:1b:d5:9d:41:e8:a1:d9:43:22:9f:97:62:b7:83:4a:11:ea:
         72:83:c5:30
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzF3EEXSJMSUtPG8GKPsz0IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhM2U5NzBlZDYyNzcxMzQzYTA5NmZmYjJlZmMyNmFiYjdl
ZDY4YWYwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZmMGJlMzI3NzQyZjMzOGNhN2FhMzQ1ZDRiNjU0OTZhZGNiMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjq+Hk8KEDoTpDaYbNoC6zx/oVDty
wtZMBRLLYr00Z45IQ6T2GCzHgZF5D9+CkTEwoxjq12P35JOD82Dr39c17kFfo6Xg
3hSb/FM+NyXl/sbQpnJqGYKt8N4b6y2CxCnq5DiXbdlBQ8l0kQ8GIVKTmCfNPeWc
mujIUdAlnsBIX3MOFGvJB/Vv1HIaS8PjaCJw2aUkDzDf2AlQbpOT1PxBNzk8LYWY
gvsCQudA3oBhEOruUZLeFhPijyEHWfxZaa4/Ow2vMTkNG9hkj8L599jYQiqCYAT8
ma8b61TC0KaeY8oqkemOOOjpL8k14d0v1jLQTP4T+jhcu1BJHtT9zmLzzQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDhvC+MndC8zjKeqNF1LZUlq3LKeMB8GA1UdIwQY
MBaAFBo+lw7WJ3E0Oglv+y78Jqu37WivMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2o2WER0WW5jVFE2Q1dfN0x2d21xN2Z0YUs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8wZjcwOTItZTNhNC00NzBiLTg1YTUt
ZDQ4OTA5NGM2NjA0LzEvT0c4TDR5ZDBMek9NcDZvMFhVdGxTV3Jjc3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8wZjcwOTItZTNhNC00NzBiLTg1YTUtZDQ4OTA5NGM2NjA0
LzEvR2o2WER0WW5jVFE2Q1dfN0x2d21xN2Z0YUs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAPCBEgD
BALCBGADBAbDKgAwDQYJKoZIhvcNAQELBQADggEBANYc8ifzg8Teq+N2LUFNq0W4
D34qsnbXTrH5yslw+j9OLTFUEs2KwX41pS1ob1xZIX7Mc4eaOB6eLCF2JsOJDF8g
nO0oyOCSc7v2/EPm3popn+a2iT7RWM1qpiXOczI9aWC5WOsygtPSbH6ApvARdWzw
ynxmwP5Yl5H7ZmSKJ5ozepA1nRDtL1DFp9SG0OpIk53zUI1IRlG6OHyEd4/u7QFX
GEBh/z/Ay3tLJb8NhT2SXPAcebmBeC+mtvUouYQFVbs0bTpXFnGLIx8j5Tq/THMn
Rz4+pzUQGtJj+d8XlmLRoH/bXTGggbMYVPkb1Z1B6KHZQyKfl2K3g0oR6nKDxTA=
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:15:00 2024 by rpki-client on console-fra.rpki-client.org