Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/OC2ArZeCkW5fCZbVrfhbtoWwUHA.roa
File:                     OC2ArZeCkW5fCZbVrfhbtoWwUHA.roa (raw, json)
Hash identifier:          9or06xxzzKXYd2M5UmA4YrVS1Qdx/q/ATnRIIkT21z8=
Subject key identifier:   38:2D:80:AD:97:82:91:6E:5F:09:96:D5:AD:F8:5B:B6:85:B0:50:70
Certificate issuer:       /CN=f4f7ab4587e69022e5e2bc24107b501d031c3720
Certificate serial:       018CCA29B3D3FFE8BB6EE5DDA599A34756A9
Authority key identifier: F4:F7:AB:45:87:E6:90:22:E5:E2:BC:24:10:7B:50:1D:03:1C:37:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9PerRYfmkCLl4rwkEHtQHQMcNyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/OC2ArZeCkW5fCZbVrfhbtoWwUHA.roa
Signing time:             Tue 02 Jan 2024 12:32:59 +0000
ROA not before:           Tue 02 Jan 2024 12:32:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209738
IP address blocks:        91.226.85.0/24 maxlen: 24
                          91.226.84.0/24 maxlen: 24
                          91.226.84.0/22 maxlen: 24
                          91.226.86.0/24 maxlen: 24
                          91.226.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/9PerRYfmkCLl4rwkEHtQHQMcNyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/9PerRYfmkCLl4rwkEHtQHQMcNyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9PerRYfmkCLl4rwkEHtQHQMcNyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:b3:d3:ff:e8:bb:6e:e5:dd:a5:99:a3:47:56:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4f7ab4587e69022e5e2bc24107b501d031c3720
        Validity
            Not Before: Jan  2 12:32:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=382d80ad9782916e5f0996d5adf85bb685b05070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d8:83:7f:58:5a:08:cc:47:3b:1b:98:4a:cf:
                    52:ef:9a:60:8e:bb:e5:fa:51:16:f3:64:68:1a:9d:
                    b9:09:ff:8f:81:71:d5:03:e1:4b:72:30:83:68:68:
                    45:6f:c5:ad:a6:32:a9:c9:88:74:9b:3e:8a:8d:95:
                    db:57:be:38:85:b3:34:87:7e:06:ce:1e:4c:bf:10:
                    cf:0d:0b:ea:26:a9:fe:35:0c:50:a3:a7:77:5d:71:
                    05:05:1d:8b:99:fd:1c:18:bd:3a:ed:5e:ed:6d:5e:
                    bc:d2:33:8b:87:bc:cb:65:10:c6:31:04:a2:92:6f:
                    6c:c6:a8:95:70:b1:ec:67:f3:06:be:c4:d6:df:52:
                    5d:6c:e1:07:43:d2:a6:77:ea:90:52:f6:f9:45:26:
                    16:f4:65:33:b2:7c:9e:4f:17:fe:c3:8c:86:2c:d5:
                    de:02:34:37:ca:5b:02:4a:30:97:2d:52:70:6e:47:
                    a2:8b:45:6b:60:f2:f0:df:ab:51:33:a1:fe:fe:ef:
                    c4:04:52:a2:55:f8:68:6b:8c:73:d7:8c:46:68:21:
                    d9:3e:87:94:92:86:a3:cc:6b:2a:9e:f3:56:a6:dd:
                    79:94:d2:ae:b9:5a:28:89:52:f6:a9:73:36:d9:ca:
                    76:03:8f:e5:d5:20:85:a7:1a:a4:82:3f:39:6b:0f:
                    dc:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:2D:80:AD:97:82:91:6E:5F:09:96:D5:AD:F8:5B:B6:85:B0:50:70
            X509v3 Authority Key Identifier:
                keyid:F4:F7:AB:45:87:E6:90:22:E5:E2:BC:24:10:7B:50:1D:03:1C:37:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9PerRYfmkCLl4rwkEHtQHQMcNyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/OC2ArZeCkW5fCZbVrfhbtoWwUHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/77f4f0-b833-47b7-a3c7-ef710ec7b2fe/1/9PerRYfmkCLl4rwkEHtQHQMcNyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:c8:4f:56:0d:d2:b6:50:d5:5a:43:57:2e:9b:6d:ba:ce:1e:
         89:38:28:ee:e6:ed:a4:17:5b:fa:de:c0:ab:7d:34:52:87:80:
         b2:d3:29:30:f5:44:87:30:ab:81:c2:13:49:5f:49:5d:93:ea:
         42:3c:a0:c9:83:4b:34:6e:44:ce:94:93:02:1b:e1:bc:99:c6:
         cf:47:0b:43:35:44:70:c7:fc:29:fe:2d:51:ff:98:e9:f6:b2:
         07:a2:8d:08:eb:8d:57:65:d5:83:25:1a:78:74:2f:29:9f:bb:
         5a:e1:7d:35:54:7f:0d:6d:58:83:58:f0:42:9c:bc:cb:49:d9:
         2d:13:69:7c:cd:1b:5c:7a:84:02:14:cc:4b:84:e5:95:0b:91:
         c9:b3:9b:9e:bd:db:d4:3e:26:96:64:a6:fa:02:fd:97:33:59:
         43:21:8f:1e:08:76:81:f7:69:a0:f5:95:4e:72:66:fd:97:d9:
         59:f2:b2:73:86:eb:76:6c:a8:19:f1:f0:ee:d1:0d:5e:bd:f0:
         58:d1:24:7d:f6:1d:53:75:6a:de:bc:6c:40:82:f7:ea:bb:6e:
         d5:52:14:67:4d:12:97:e9:48:62:7d:a2:d5:20:da:0e:96:7a:
         47:8c:96:61:2d:04:c4:1d:70:33:db:d5:7a:56:97:c9:2d:f4:
         d2:29:ec:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKbPT/+i7buXdpZmjR1apMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZjdhYjQ1ODdlNjkwMjJlNWUyYmMyNDEwN2I1MDFkMDMx
YzM3MjAwHhcNMjQwMTAyMTIzMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODJkODBhZDk3ODI5MTZlNWYwOTk2ZDVhZGY4NWJiNjg1YjA1MDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNiDf1haCMxHOxuYSs9S75pgjrvl
+lEW82RoGp25Cf+PgXHVA+FLcjCDaGhFb8WtpjKpyYh0mz6KjZXbV744hbM0h34G
zh5MvxDPDQvqJqn+NQxQo6d3XXEFBR2Lmf0cGL067V7tbV680jOLh7zLZRDGMQSi
km9sxqiVcLHsZ/MGvsTW31JdbOEHQ9Kmd+qQUvb5RSYW9GUzsnyeTxf+w4yGLNXe
AjQ3ylsCSjCXLVJwbkeii0VrYPLw36tRM6H+/u/EBFKiVfhoa4xz14xGaCHZPoeU
koajzGsqnvNWpt15lNKuuVooiVL2qXM22cp2A4/l1SCFpxqkgj85aw/cfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgtgK2XgpFuXwmW1a34W7aFsFBwMB8GA1UdIwQY
MBaAFPT3q0WH5pAi5eK8JBB7UB0DHDcgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVBlclJZZm1rQ0xsNHJ3a0VIdFFIUU1jTnlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83N2Y0ZjAtYjgzMy00N2I3LWEzYzct
ZWY3MTBlYzdiMmZlLzEvT0MyQXJaZUNrVzVmQ1piVnJmaGJ0b1d3VUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83N2Y0ZjAtYjgzMy00N2I3LWEzYzctZWY3MTBlYzdiMmZl
LzEvOVBlclJZZm1rQ0xsNHJ3a0VIdFFIUU1jTnlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+JUMA0G
CSqGSIb3DQEBCwUAA4IBAQB6yE9WDdK2UNVaQ1cum226zh6JOCju5u2kF1v63sCr
fTRSh4Cy0ykw9USHMKuBwhNJX0ldk+pCPKDJg0s0bkTOlJMCG+G8mcbPRwtDNURw
x/wp/i1R/5jp9rIHoo0I641XZdWDJRp4dC8pn7ta4X01VH8NbViDWPBCnLzLSdkt
E2l8zRtceoQCFMxLhOWVC5HJs5uevdvUPiaWZKb6Av2XM1lDIY8eCHaB92mg9ZVO
cmb9l9lZ8rJzhut2bKgZ8fDu0Q1evfBY0SR99h1TdWrevGxAgvfqu27VUhRnTRKX
6UhifaLVINoOlnpHjJZhLQTEHXAz29V6VpfJLfTSKezy
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:07:16 2024 by rpki-client on console-fra.rpki-client.org