Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/0aa4d0-05e4-4802-99d8-ecae41446b77/1/AojfL2AhYfgVuAqC0bEQ4Gmk4Rw.roa
File:                     AojfL2AhYfgVuAqC0bEQ4Gmk4Rw.roa (raw, json)
Hash identifier:          OwleWVqLqAKbq+BkX/70VnSgulOa0ZLs0gatevnaZ5Y=
Subject key identifier:   02:88:DF:2F:60:21:61:F8:15:B8:0A:82:D1:B1:10:E0:69:A4:E1:1C
Certificate issuer:       /CN=898825d2f064989b38c781f2a8535189a26928c3
Certificate serial:       018CC8DE7281E24C220E7A04E66CE9D00B25
Authority key identifier: 89:88:25:D2:F0:64:98:9B:38:C7:81:F2:A8:53:51:89:A2:69:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iYgl0vBkmJs4x4HyqFNRiaJpKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/0aa4d0-05e4-4802-99d8-ecae41446b77/1/AojfL2AhYfgVuAqC0bEQ4Gmk4Rw.roa
Signing time:             Tue 02 Jan 2024 06:31:10 +0000
ROA not before:           Tue 02 Jan 2024 06:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28831
IP address blocks:        185.107.148.0/23 maxlen: 23
                          185.107.150.0/23 maxlen: 23
                          62.169.32.0/21 maxlen: 21
                          62.169.42.0/24 maxlen: 24
                          62.169.40.0/21 maxlen: 21
                          62.169.48.0/21 maxlen: 21
                          62.169.49.0/24 maxlen: 24
                          62.169.56.0/21 maxlen: 21
                          62.169.63.0/24 maxlen: 24
                          62.169.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/0aa4d0-05e4-4802-99d8-ecae41446b77/1/iYgl0vBkmJs4x4HyqFNRiaJpKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/0aa4d0-05e4-4802-99d8-ecae41446b77/1/iYgl0vBkmJs4x4HyqFNRiaJpKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iYgl0vBkmJs4x4HyqFNRiaJpKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:72:81:e2:4c:22:0e:7a:04:e6:6c:e9:d0:0b:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=898825d2f064989b38c781f2a8535189a26928c3
        Validity
            Not Before: Jan  2 06:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0288df2f602161f815b80a82d1b110e069a4e11c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:86:2d:7c:05:ce:27:87:5c:1f:e9:a3:67:23:
                    df:27:b2:3f:8a:70:32:c4:15:4c:e1:89:5b:6f:92:
                    dc:f3:85:b4:d8:7a:e6:2d:4b:7b:1d:cd:61:f1:39:
                    63:9e:c4:51:55:80:7d:7c:9e:86:1f:01:e9:2c:8a:
                    7e:93:90:df:98:65:07:e7:de:e2:0e:5a:4c:0a:9f:
                    8d:76:69:7e:64:d6:fb:87:d8:5e:27:55:77:9e:7d:
                    2c:52:8b:ad:00:33:29:fa:4c:fa:be:d4:5c:9e:14:
                    54:c3:32:e6:bb:39:77:1f:e2:dc:12:bf:22:d6:34:
                    57:e3:08:fe:ff:85:a7:af:95:53:92:6d:94:aa:10:
                    b8:0b:98:44:8e:97:b1:29:46:b4:da:a8:cc:99:20:
                    2a:0c:c2:a9:42:3b:4d:16:02:9a:75:c1:b3:7a:a8:
                    5f:20:42:ed:87:46:3b:26:a4:f1:8e:5a:c2:77:ed:
                    a8:51:3e:6a:38:9e:23:2e:9d:d9:c8:51:8e:38:3c:
                    aa:d5:cc:30:01:6b:6c:06:8a:7d:a0:85:20:5c:08:
                    a3:cb:68:42:02:22:46:7c:56:e2:f9:55:8e:a0:25:
                    0d:0b:ce:94:05:86:00:96:19:81:85:8e:ed:05:ef:
                    20:15:c2:5a:42:cb:16:c6:57:84:6d:b8:d3:9b:fc:
                    2f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:88:DF:2F:60:21:61:F8:15:B8:0A:82:D1:B1:10:E0:69:A4:E1:1C
            X509v3 Authority Key Identifier:
                keyid:89:88:25:D2:F0:64:98:9B:38:C7:81:F2:A8:53:51:89:A2:69:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iYgl0vBkmJs4x4HyqFNRiaJpKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0aa4d0-05e4-4802-99d8-ecae41446b77/1/AojfL2AhYfgVuAqC0bEQ4Gmk4Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0aa4d0-05e4-4802-99d8-ecae41446b77/1/iYgl0vBkmJs4x4HyqFNRiaJpKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.32.0/19
                  185.107.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:c4:43:ee:90:e4:85:e5:5b:41:14:5e:f5:8a:e4:b3:7c:a2:
         81:ef:c1:a8:e9:50:cb:c6:f2:65:35:e1:f2:bc:5a:0f:d7:2d:
         fc:d7:3a:9f:07:a0:98:71:c4:2f:14:79:87:54:f4:20:6d:f5:
         b9:fe:ae:92:94:75:05:29:2e:f8:08:7c:03:e3:3b:f7:3f:87:
         75:14:4f:0c:76:a1:44:7c:cf:09:23:ef:e7:ed:b8:c8:22:ea:
         86:31:91:d1:f7:50:df:fb:14:33:48:72:74:b3:dc:ce:02:52:
         70:a6:b4:6d:81:78:f1:ac:77:1f:d9:a3:96:34:7c:6b:e7:84:
         6c:3c:ca:d3:45:90:c0:3f:d9:dd:c6:8b:1f:0b:8a:49:7f:8e:
         0c:1b:b6:c6:f3:0a:e9:a6:38:98:51:ef:d3:63:c2:99:a9:a5:
         d4:fe:f7:e9:9a:2e:75:dc:d8:6f:df:81:95:b9:78:42:e5:a3:
         25:35:0b:27:92:36:b7:83:4e:f4:d5:1a:ec:ed:79:ff:e1:f8:
         2a:bf:2d:0f:a9:2b:eb:93:84:5e:5a:fb:a6:f5:c3:aa:a9:f8:
         47:44:d4:09:28:8e:a2:7d:82:84:d4:d8:82:34:35:a1:a8:1d:
         06:60:23:5b:ec:85:94:38:31:a0:5b:3a:6d:f9:55:c0:62:db:
         9b:1d:30:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3nKB4kwiDnoE5mzp0AslMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ODgyNWQyZjA2NDk4OWIzOGM3ODFmMmE4NTM1MTg5YTI2
OTI4YzMwHhcNMjQwMTAyMDYzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjg4ZGYyZjYwMjE2MWY4MTViODBhODJkMWIxMTBlMDY5YTRlMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4YtfAXOJ4dcH+mjZyPfJ7I/inAy
xBVM4Ylbb5Lc84W02HrmLUt7Hc1h8TljnsRRVYB9fJ6GHwHpLIp+k5DfmGUH597i
DlpMCp+Ndml+ZNb7h9heJ1V3nn0sUoutADMp+kz6vtRcnhRUwzLmuzl3H+LcEr8i
1jRX4wj+/4Wnr5VTkm2UqhC4C5hEjpexKUa02qjMmSAqDMKpQjtNFgKadcGzeqhf
IELth0Y7JqTxjlrCd+2oUT5qOJ4jLp3ZyFGOODyq1cwwAWtsBop9oIUgXAijy2hC
AiJGfFbi+VWOoCUNC86UBYYAlhmBhY7tBe8gFcJaQssWxleEbbjTm/wvBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAKI3y9gIWH4FbgKgtGxEOBppOEcMB8GA1UdIwQY
MBaAFImIJdLwZJibOMeB8qhTUYmiaSjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVlnbDB2QmttSnM0eDRIeXFGTlJpYUpwS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wYWE0ZDAtMDVlNC00ODAyLTk5ZDgt
ZWNhZTQxNDQ2Yjc3LzEvQW9qZkwyQWhZZmdWdUFxQzBiRVE0R21rNFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wYWE0ZDAtMDVlNC00ODAyLTk5ZDgtZWNhZTQxNDQ2Yjc3
LzEvaVlnbDB2QmttSnM0eDRIeXFGTlJpYUpwS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFPqkgAwQC
uWuUMA0GCSqGSIb3DQEBCwUAA4IBAQCrxEPukOSF5VtBFF71iuSzfKKB78Go6VDL
xvJlNeHyvFoP1y381zqfB6CYccQvFHmHVPQgbfW5/q6SlHUFKS74CHwD4zv3P4d1
FE8MdqFEfM8JI+/n7bjIIuqGMZHR91Df+xQzSHJ0s9zOAlJwprRtgXjxrHcf2aOW
NHxr54RsPMrTRZDAP9ndxosfC4pJf44MG7bG8wrppjiYUe/TY8KZqaXU/vfpmi51
3Nhv34GVuXhC5aMlNQsnkja3g0701Rrs7Xn/4fgqvy0PqSvrk4ReWvum9cOqqfhH
RNQJKI6ifYKE1NiCNDWhqB0GYCNb7IWUODGgWzpt+VXAYtubHTDy
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:38 2024 by rpki-client on console-fra.rpki-client.org