Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OW8VC1lqPEzgwb0BwtpnT4MQcGk.roa
File:                     OW8VC1lqPEzgwb0BwtpnT4MQcGk.roa (raw, json)
Hash identifier:          JFjmeLxucN/5iJNbBMsE/LNECGuyanlcAg2+DF3IzJY=
Subject key identifier:   39:6F:15:0B:59:6A:3C:4C:E0:C1:BD:01:C2:DA:67:4F:83:10:70:69
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014D1AF782FDF819130FBE423BD9D6
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OW8VC1lqPEzgwb0BwtpnT4MQcGk.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51699
IP address blocks:        194.28.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4d:1a:f7:82:fd:f8:19:13:0f:be:42:3b:d9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=396f150b596a3c4ce0c1bd01c2da674f83107069
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fb:f5:51:11:c0:ba:6f:c6:a0:89:65:28:da:
                    62:dc:82:a8:32:b0:3d:17:3b:30:4a:8d:81:15:5e:
                    b7:0a:a6:7d:d8:a2:d5:6a:98:0c:80:35:7f:50:0b:
                    de:e8:55:a7:2b:b9:f3:d1:86:70:0f:1f:83:46:ec:
                    dd:3c:bf:90:be:c7:34:4e:b2:e1:21:de:6f:ea:cc:
                    63:3a:1e:c2:15:10:9e:c8:fc:eb:a1:67:41:b9:06:
                    d2:f1:69:d2:cd:4d:a4:b0:6e:a3:a3:80:db:77:1e:
                    f7:6d:78:f7:58:f2:0e:81:db:ae:55:47:0e:5a:06:
                    48:52:c4:b4:6e:38:26:fd:58:8e:c2:bd:86:f2:c6:
                    7c:85:a2:86:48:a9:dd:71:8f:75:e7:ec:29:85:ca:
                    6a:f2:3b:69:78:a8:dd:89:85:95:d4:f5:f4:a0:36:
                    39:ab:5a:ef:19:22:a8:60:4f:d3:b9:ae:85:c9:cf:
                    67:be:d5:72:eb:89:73:5a:e6:a8:be:99:b6:1c:c3:
                    6f:2f:c8:e1:43:53:74:52:6b:d1:20:9f:20:36:0a:
                    34:1f:c8:94:51:de:a5:86:db:1c:f6:fa:43:8e:89:
                    7e:11:72:61:80:b1:4f:e8:95:dd:76:5e:4e:14:91:
                    7e:43:f1:47:a4:a5:e7:8c:8d:d3:38:af:a4:1e:4d:
                    2f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6F:15:0B:59:6A:3C:4C:E0:C1:BD:01:C2:DA:67:4F:83:10:70:69
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OW8VC1lqPEzgwb0BwtpnT4MQcGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:20:17:a2:95:7a:25:df:6f:92:b7:b5:76:00:cd:34:24:c4:
         f2:ca:b6:3a:da:f2:aa:4e:fb:06:90:ea:0a:d5:bb:65:cc:61:
         f4:cc:94:a0:19:be:e8:1d:31:6e:9a:d0:3b:8a:9b:23:04:3a:
         ee:9c:b2:33:94:87:6b:4b:71:dd:0f:c0:b1:cf:40:90:f7:e4:
         0d:04:b2:05:87:7b:b8:3a:a6:8e:67:01:35:de:8f:1c:cd:37:
         35:31:0b:c8:db:59:fa:65:c2:be:ae:4f:10:58:ba:bf:c2:22:
         be:2a:e1:8f:e5:74:05:fa:9c:b6:70:5c:78:1e:dc:0d:37:4b:
         b8:4e:e5:c6:29:62:05:18:98:35:65:2a:aa:73:2b:20:ab:19:
         94:a3:c8:d3:5c:d3:71:83:c7:3c:5f:c6:73:fa:31:d3:ae:c5:
         e3:0c:07:d5:f4:62:fb:a2:75:a8:8f:df:88:26:9e:b4:9d:ab:
         63:80:05:a4:da:53:79:13:4e:b0:df:12:ad:e5:a4:e6:08:aa:
         81:b9:1d:d4:2a:72:32:33:8f:53:2d:77:19:ea:46:09:21:12:
         dc:59:c0:79:5f:da:ba:c1:98:07:8a:80:c8:e8:45:cd:19:f4:
         dd:8a:0b:68:41:9f:0d:f1:e1:6a:59:88:fe:8d:d8:ed:ce:5e:
         c1:71:ba:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAU0a94L9+BkTD75CO9nWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZmMTUwYjU5NmEzYzRjZTBjMWJkMDFjMmRhNjc0ZjgzMTA3MDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvv1URHAum/GoIllKNpi3IKoMrA9
FzswSo2BFV63CqZ92KLVapgMgDV/UAve6FWnK7nz0YZwDx+DRuzdPL+Qvsc0TrLh
Id5v6sxjOh7CFRCeyPzroWdBuQbS8WnSzU2ksG6jo4Dbdx73bXj3WPIOgduuVUcO
WgZIUsS0bjgm/ViOwr2G8sZ8haKGSKndcY915+wphcpq8jtpeKjdiYWV1PX0oDY5
q1rvGSKoYE/Tua6Fyc9nvtVy64lzWuaovpm2HMNvL8jhQ1N0UmvRIJ8gNgo0H8iU
Ud6lhtsc9vpDjol+EXJhgLFP6JXddl5OFJF+Q/FHpKXnjI3TOK+kHk0vCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlvFQtZajxM4MG9AcLaZ0+DEHBpMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvT1c4VkMxbHFQRXpnd2IwQnd0cG5UNE1RY0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhxgMA0G
CSqGSIb3DQEBCwUAA4IBAQBoIBeilXol32+St7V2AM00JMTyyrY62vKqTvsGkOoK
1btlzGH0zJSgGb7oHTFumtA7ipsjBDrunLIzlIdrS3HdD8Cxz0CQ9+QNBLIFh3u4
OqaOZwE13o8czTc1MQvI21n6ZcK+rk8QWLq/wiK+KuGP5XQF+py2cFx4HtwNN0u4
TuXGKWIFGJg1ZSqqcysgqxmUo8jTXNNxg8c8X8Zz+jHTrsXjDAfV9GL7onWoj9+I
Jp60natjgAWk2lN5E06w3xKt5aTmCKqBuR3UKnIyM49TLXcZ6kYJIRLcWcB5X9q6
wZgHioDI6EXNGfTdigtoQZ8N8eFqWYj+jdjtzl7Bcbp6
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:46:17 2024 by rpki-client on console-ams.rpki-client.org