Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1-OWKSJFglonOJCCsgLwugDQzSB0.roa
File:                     1-OWKSJFglonOJCCsgLwugDQzSB0.roa (raw, json)
Hash identifier:          jSwsXvxCrFx3Iz4zVm/DH3SiIsFn1mXF0oaHlNkwn7c=
Subject key identifier:   F8:E5:8A:48:91:60:96:89:CE:24:20:AC:80:BC:2E:80:34:33:48:1D
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018CC8DF13A1D0E2D2CF91869A9480210ADA
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1-OWKSJFglonOJCCsgLwugDQzSB0.roa
Signing time:             Tue 02 Jan 2024 06:31:51 +0000
ROA not before:           Tue 02 Jan 2024 06:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9087
IP address blocks:        185.250.24.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:14:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:13:a1:d0:e2:d2:cf:91:86:9a:94:80:21:0a:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  2 06:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8e58a4891609689ce2420ac80bc2e803433481d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c1:ed:4a:f5:de:53:76:c1:6e:be:d4:96:48:
                    8f:7e:b1:37:9f:d2:bb:59:0b:0b:58:a8:47:23:34:
                    6c:16:d7:ef:1f:c4:bb:9d:16:98:6b:be:bb:7b:62:
                    fd:d3:45:83:4a:a2:da:2f:9f:f1:95:e9:a0:80:4f:
                    a2:1b:b1:53:10:d1:1f:dd:0c:d9:b9:f5:53:50:dc:
                    d0:bd:a4:5d:a1:a7:ec:e7:59:12:74:80:ea:94:27:
                    b3:3d:8a:86:dc:6b:f2:18:cc:b0:ad:a8:51:e0:91:
                    a8:9c:20:3a:c6:ea:fc:15:8d:5a:33:0b:e9:0f:a9:
                    8e:cf:01:23:9c:2c:50:35:8d:e4:38:6f:06:34:4f:
                    50:26:1c:14:04:f3:5a:c4:b6:4b:73:b8:99:f7:21:
                    e4:04:5f:32:10:12:49:a8:61:6a:50:16:8a:cd:65:
                    7e:f2:91:a7:33:6f:52:3a:88:02:41:d1:71:1c:99:
                    b6:ad:42:4b:d5:c8:af:ec:49:4d:73:93:70:03:3b:
                    82:cd:73:2f:59:45:67:42:98:1c:70:d1:45:82:af:
                    fc:4b:aa:c8:24:3b:9c:54:04:a2:fb:56:ba:e3:d6:
                    1f:7e:55:2e:e6:c4:88:22:ac:1d:06:e9:52:4b:17:
                    30:1a:c4:93:f2:de:22:8b:fd:a2:ce:3c:9a:00:d1:
                    a7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:E5:8A:48:91:60:96:89:CE:24:20:AC:80:BC:2E:80:34:33:48:1D
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1-OWKSJFglonOJCCsgLwugDQzSB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:ae:b7:fa:b0:a2:c4:fa:32:80:17:78:04:05:48:93:33:e9:
         e4:dc:61:4b:77:95:ad:63:29:e1:f1:53:86:c4:31:2b:43:ba:
         e5:5f:bd:c1:8c:2f:ce:ae:04:61:e3:8c:67:c7:45:2a:ff:83:
         d5:68:e2:24:25:b7:f5:e5:28:31:b6:41:99:44:5d:ab:35:8c:
         23:39:a3:d1:48:b2:55:a4:9f:3e:1d:8b:9d:2c:83:46:32:ba:
         0f:b3:2e:09:76:d7:75:58:40:85:8c:c4:b6:d6:21:e6:04:6b:
         d0:8e:67:7d:03:04:25:10:1f:d5:1d:2c:b3:ab:fb:bf:b4:5f:
         db:7d:46:da:4e:41:f3:a4:81:55:89:11:e4:d8:b2:c6:fc:a6:
         00:15:1f:b1:0a:c0:a7:2a:63:cb:e5:8f:76:fc:1f:b5:33:a5:
         48:60:26:74:76:44:0a:1c:97:8f:23:95:d1:ec:a1:5f:5f:a8:
         b6:f1:9b:ec:8c:1d:4c:97:a5:30:54:e8:a6:af:05:59:2a:c8:
         37:6a:6d:a5:57:3e:dc:20:3a:a4:85:30:75:f2:1c:a9:72:02:
         07:52:2f:90:33:3e:53:19:41:eb:27:ca:3f:1d:68:d6:65:14:
         0a:d6:7e:cd:0b:2a:20:ff:29:1c:85:2a:5b:f3:e6:c6:6b:1e:
         12:73:c1:78
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3xOh0OLSz5GGmpSAIQraMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMTAyMDYzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGU1OGE0ODkxNjA5Njg5Y2UyNDIwYWM4MGJjMmU4MDM0MzM0ODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58HtSvXeU3bBbr7UlkiPfrE3n9K7
WQsLWKhHIzRsFtfvH8S7nRaYa767e2L900WDSqLaL5/xlemggE+iG7FTENEf3QzZ
ufVTUNzQvaRdoafs51kSdIDqlCezPYqG3GvyGMywrahR4JGonCA6xur8FY1aMwvp
D6mOzwEjnCxQNY3kOG8GNE9QJhwUBPNaxLZLc7iZ9yHkBF8yEBJJqGFqUBaKzWV+
8pGnM29SOogCQdFxHJm2rUJL1civ7ElNc5NwAzuCzXMvWUVnQpgccNFFgq/8S6rI
JDucVASi+1a649YfflUu5sSIIqwdBulSSxcwGsST8t4ii/2izjyaANGnjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjlikiRYJaJziQgrIC8LoA0M0gdMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvMS1PV0tTSkZnbG9uT0pDQ3NnTHd1Z0RRelNCMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvYWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5
Mi8xL05vdjdpbDd1U1FndXBpamZKYVNsMVE4NnFiTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbn6GDAN
BgkqhkiG9w0BAQsFAAOCAQEAra63+rCixPoygBd4BAVIkzPp5NxhS3eVrWMp4fFT
hsQxK0O65V+9wYwvzq4EYeOMZ8dFKv+D1WjiJCW39eUoMbZBmURdqzWMIzmj0Uiy
VaSfPh2LnSyDRjK6D7MuCXbXdVhAhYzEttYh5gRr0I5nfQMEJRAf1R0ss6v7v7Rf
231G2k5B86SBVYkR5NiyxvymABUfsQrApypjy+WPdvwftTOlSGAmdHZEChyXjyOV
0eyhX1+otvGb7IwdTJelMFTopq8FWSrIN2ptpVc+3CA6pIUwdfIcqXICB1IvkDM+
UxlB6yfKPx1o1mUUCtZ+zQsqIP8pHIUqW/PmxmseEnPBeA==
-----END CERTIFICATE-----
Generated at Mon Nov 25 18:10:28 2024 by rpki-client on console-fra.rpki-client.org