Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/eMOGEjSlEnqiNE8gzpvVBR2O-io.roa
File:                     eMOGEjSlEnqiNE8gzpvVBR2O-io.roa (raw, json)
Hash identifier:          3/Yci/DhNLSQO1c1ue99w9jNWLGiGolYouMnJ2oo7oQ=
Subject key identifier:   78:C3:86:12:34:A5:12:7A:A2:34:4F:20:CE:9B:D5:05:1D:8E:FA:2A
Certificate issuer:       /CN=0324db1dcf0c2429e121516ae2792fc3253fd3ba
Certificate serial:       018CC26D2583B0E4392D7DEC3722A0F88B1A
Authority key identifier: 03:24:DB:1D:CF:0C:24:29:E1:21:51:6A:E2:79:2F:C3:25:3F:D3:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AyTbHc8MJCnhIVFq4nkvwyU_07o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/eMOGEjSlEnqiNE8gzpvVBR2O-io.roa
Signing time:             Mon 01 Jan 2024 00:29:42 +0000
ROA not before:           Mon 01 Jan 2024 00:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29486
IP address blocks:        178.21.128.0/21 maxlen: 21
                          31.24.128.0/21 maxlen: 21
                          81.27.32.0/20 maxlen: 20
                          2a00:1c90::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/AyTbHc8MJCnhIVFq4nkvwyU_07o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/AyTbHc8MJCnhIVFq4nkvwyU_07o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AyTbHc8MJCnhIVFq4nkvwyU_07o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:25:83:b0:e4:39:2d:7d:ec:37:22:a0:f8:8b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0324db1dcf0c2429e121516ae2792fc3253fd3ba
        Validity
            Not Before: Jan  1 00:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78c3861234a5127aa2344f20ce9bd5051d8efa2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7e:31:6e:fa:4b:61:95:7b:38:19:9f:1e:2c:
                    ed:a8:c2:65:42:5a:d2:44:b9:7e:2f:4a:96:8c:a6:
                    cc:e3:38:f5:a2:f7:f3:c9:9c:11:ab:4c:6b:b1:17:
                    66:7b:c1:7f:98:13:71:d9:b3:17:81:0a:fe:57:3f:
                    78:cb:64:08:e4:c2:c7:f8:10:13:8b:64:01:54:bb:
                    e5:ac:58:9e:53:22:0d:0b:4a:c7:62:53:23:46:0d:
                    23:55:45:46:ec:6b:f2:62:56:08:a9:2a:d2:30:97:
                    e5:ff:be:ae:66:c2:9f:41:7b:98:82:2f:b5:10:c7:
                    e8:24:09:b6:2c:41:22:0c:47:28:45:0b:96:8e:37:
                    dc:ff:65:46:16:4b:29:7b:91:59:24:d4:aa:45:7a:
                    29:50:36:34:35:72:f8:54:7e:7a:a2:37:76:d6:ce:
                    7e:60:e3:a3:c9:38:24:0c:dc:6f:b4:2e:53:b3:78:
                    cc:91:b5:fb:99:db:2b:71:84:18:4d:b5:20:dd:e3:
                    bb:04:b6:15:c5:e9:f0:19:94:35:83:64:7f:e8:15:
                    b8:a3:40:52:24:87:29:c5:0c:97:bc:76:02:94:df:
                    86:1c:43:f5:1c:48:f6:8d:3b:ee:24:b2:f6:5a:9e:
                    4a:78:4e:a0:5a:4e:59:f5:d3:6d:d9:f1:75:6b:7c:
                    d9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:C3:86:12:34:A5:12:7A:A2:34:4F:20:CE:9B:D5:05:1D:8E:FA:2A
            X509v3 Authority Key Identifier:
                keyid:03:24:DB:1D:CF:0C:24:29:E1:21:51:6A:E2:79:2F:C3:25:3F:D3:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyTbHc8MJCnhIVFq4nkvwyU_07o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/eMOGEjSlEnqiNE8gzpvVBR2O-io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/AyTbHc8MJCnhIVFq4nkvwyU_07o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.128.0/21
                  81.27.32.0/20
                  178.21.128.0/21
                IPv6:
                  2a00:1c90::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:51:f4:dd:0e:87:68:c4:8e:35:fb:cb:8e:bd:ce:0a:95:60:
         c5:dc:19:96:f7:bd:5e:db:da:c6:c6:a1:2e:8d:89:75:34:e3:
         76:49:28:e6:d8:0b:75:59:86:11:4e:f9:56:6d:62:74:35:c5:
         9e:e2:3f:4b:1f:b3:e0:b5:1c:85:cb:2d:31:9a:bf:ff:d2:d4:
         fd:e7:6d:3d:a2:e8:d3:3a:cc:d0:51:0c:95:4a:f7:d2:71:88:
         64:ee:10:a9:7c:a2:d0:86:27:61:c8:7d:a8:0d:a8:cf:0b:b8:
         1c:a2:3c:6c:4d:88:2b:b5:bd:7f:d1:d6:e6:f0:ed:e9:dd:36:
         94:bb:02:9e:51:12:ea:30:b7:2d:9d:15:9d:09:ad:35:4a:1d:
         1a:d5:f0:cb:bb:cc:08:be:a9:51:34:c8:4c:8c:46:c6:ec:3d:
         7d:60:dc:dc:d5:19:b5:de:eb:08:c6:4a:63:ee:86:e6:11:8a:
         79:52:25:e8:b2:c8:bc:46:b4:a7:66:6a:2e:c2:72:e3:9b:3b:
         d4:24:93:bf:88:13:a7:41:39:e9:f4:d5:ce:6b:51:52:f6:ca:
         e2:74:4d:65:6f:04:d6:07:24:e6:b2:cc:cd:d6:b9:f8:04:1c:
         0e:45:70:93:a3:9f:db:2c:f3:55:78:72:d9:7a:21:9f:06:ab:
         e3:2b:13:26
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzCbSWDsOQ5LX3sNyKg+IsaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMjRkYjFkY2YwYzI0MjllMTIxNTE2YWUyNzkyZmMzMjUz
ZmQzYmEwHhcNMjQwMTAxMDAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGMzODYxMjM0YTUxMjdhYTIzNDRmMjBjZTliZDUwNTFkOGVmYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi34xbvpLYZV7OBmfHiztqMJlQlrS
RLl+L0qWjKbM4zj1ovfzyZwRq0xrsRdme8F/mBNx2bMXgQr+Vz94y2QI5MLH+BAT
i2QBVLvlrFieUyINC0rHYlMjRg0jVUVG7GvyYlYIqSrSMJfl/76uZsKfQXuYgi+1
EMfoJAm2LEEiDEcoRQuWjjfc/2VGFkspe5FZJNSqRXopUDY0NXL4VH56ojd21s5+
YOOjyTgkDNxvtC5Ts3jMkbX7mdsrcYQYTbUg3eO7BLYVxenwGZQ1g2R/6BW4o0BS
JIcpxQyXvHYClN+GHEP1HEj2jTvuJLL2Wp5KeE6gWk5Z9dNt2fF1a3zZNwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHjDhhI0pRJ6ojRPIM6b1QUdjvoqMB8GA1UdIwQY
MBaAFAMk2x3PDCQp4SFRauJ5L8MlP9O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXlUYkhjOE1KQ25oSVZGcTRua3Z3eVVfMDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85MGY5NDItNjUxMS00MDU0LTk0YmUt
NGQyYzRkYTcyMWQ0LzEvZU1PR0VqU2xFbnFpTkU4Z3pwdlZCUjJPLWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85MGY5NDItNjUxMS00MDU0LTk0YmUtNGQyYzRkYTcyMWQ0
LzEvQXlUYkhjOE1KQ25oSVZGcTRua3Z3eVVfMDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDHxiAAwQE
URsgAwQDshWAMA0EAgACMAcDBQAqAByQMA0GCSqGSIb3DQEBCwUAA4IBAQB9UfTd
DodoxI41+8uOvc4KlWDF3BmW971e29rGxqEujYl1NON2SSjm2At1WYYRTvlWbWJ0
NcWe4j9LH7PgtRyFyy0xmr//0tT95209oujTOszQUQyVSvfScYhk7hCpfKLQhidh
yH2oDajPC7gcojxsTYgrtb1/0dbm8O3p3TaUuwKeURLqMLctnRWdCa01Sh0a1fDL
u8wIvqlRNMhMjEbG7D19YNzc1Rm13usIxkpj7obmEYp5UiXossi8RrSnZmouwnLj
mzvUJJO/iBOnQTnp9NXOa1FS9sridE1lbwTWByTmsszN1rn4BBwORXCTo5/bLPNV
eHLZeiGfBqvjKxMm
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:50:18 2024 by rpki-client on console-fra.rpki-client.org