Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b9456e-4e52-4de5-bbd6-60de224cfa4b/1/OXiiA4WNHL6MdKNChARt4rmuK-0.roa
File:                     OXiiA4WNHL6MdKNChARt4rmuK-0.roa (raw, json)
Hash identifier:          0GWB/tCq6m+eoZPZg9HRWcY99yp9/CTw83m/0DH0HiU=
Subject key identifier:   39:78:A2:03:85:8D:1C:BE:8C:74:A3:42:84:04:6D:E2:B9:AE:2B:ED
Certificate issuer:       /CN=1acb8a70f909ae3e1fc1dbd6bdc425e08eec81b9
Certificate serial:       018F47EF8E1089C4A19F525123DBBD1EE3DE
Authority key identifier: 1A:CB:8A:70:F9:09:AE:3E:1F:C1:DB:D6:BD:C4:25:E0:8E:EC:81:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GsuKcPkJrj4fwdvWvcQl4I7sgbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b9456e-4e52-4de5-bbd6-60de224cfa4b/1/OXiiA4WNHL6MdKNChARt4rmuK-0.roa
Signing time:             Sun 05 May 2024 08:47:12 +0000
ROA not before:           Sun 05 May 2024 08:47:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        92.118.21.0/24 maxlen: 24
                          92.118.22.0/24 maxlen: 24
                          92.118.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/b9456e-4e52-4de5-bbd6-60de224cfa4b/1/GsuKcPkJrj4fwdvWvcQl4I7sgbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/b9456e-4e52-4de5-bbd6-60de224cfa4b/1/GsuKcPkJrj4fwdvWvcQl4I7sgbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GsuKcPkJrj4fwdvWvcQl4I7sgbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:47:ef:8e:10:89:c4:a1:9f:52:51:23:db:bd:1e:e3:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb8a70f909ae3e1fc1dbd6bdc425e08eec81b9
        Validity
            Not Before: May  5 08:47:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3978a203858d1cbe8c74a34284046de2b9ae2bed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:52:2f:cc:35:bc:59:d3:40:bc:b3:32:5a:e9:
                    b7:e4:84:ac:f8:e5:87:c7:e3:21:64:da:d3:17:ea:
                    90:35:b7:2e:10:70:5c:87:cc:83:16:5f:fa:7d:0e:
                    61:55:39:dd:98:39:ef:50:49:ee:5f:ce:a4:07:9a:
                    94:1f:77:44:dd:97:9c:c7:b5:dc:f8:3a:bf:e9:dc:
                    78:b6:22:91:30:8e:96:0b:17:87:78:8f:ab:e2:02:
                    b1:01:16:3a:b1:1b:57:3e:13:f8:27:b8:e7:90:e6:
                    90:73:0d:d5:26:ba:09:dc:fd:1c:37:9b:13:31:ac:
                    39:2c:8b:40:8c:b2:0f:8b:c9:d4:3b:5c:42:f7:5c:
                    9d:f7:2e:c2:b5:a4:ab:32:96:3a:73:48:81:b6:9b:
                    5c:b6:3f:96:ec:7d:b5:2d:e0:1f:bd:78:cd:63:ff:
                    3f:b6:34:1d:0d:2c:ac:62:a5:8c:d2:55:c9:b1:55:
                    11:ed:32:db:02:a1:24:bc:50:56:2d:11:b7:3f:9b:
                    5d:20:64:d0:ab:a7:07:24:ce:74:b4:54:1a:24:ed:
                    a0:5c:38:15:73:ed:5f:47:d4:b5:e3:19:44:5d:74:
                    a8:09:63:28:af:a6:59:83:b5:4a:da:bc:10:4a:75:
                    83:0f:59:b8:07:36:71:0c:ab:4d:bf:02:39:23:cb:
                    91:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:78:A2:03:85:8D:1C:BE:8C:74:A3:42:84:04:6D:E2:B9:AE:2B:ED
            X509v3 Authority Key Identifier:
                keyid:1A:CB:8A:70:F9:09:AE:3E:1F:C1:DB:D6:BD:C4:25:E0:8E:EC:81:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GsuKcPkJrj4fwdvWvcQl4I7sgbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b9456e-4e52-4de5-bbd6-60de224cfa4b/1/OXiiA4WNHL6MdKNChARt4rmuK-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b9456e-4e52-4de5-bbd6-60de224cfa4b/1/GsuKcPkJrj4fwdvWvcQl4I7sgbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.21.0-92.118.23.255

    Signature Algorithm: sha256WithRSAEncryption
         35:0d:c8:e1:0d:07:41:cb:a1:90:71:0b:69:04:93:c9:19:9d:
         c4:7a:d7:82:e0:d6:9f:20:dd:1f:3f:62:2c:11:0b:37:42:b1:
         a0:82:d6:46:75:ec:25:ed:a7:18:e3:6b:fa:00:32:e3:80:bd:
         a4:ff:e9:4e:1a:c6:33:bc:c1:29:e5:54:ea:0d:67:9e:2e:87:
         62:02:43:4a:2b:28:63:4a:d7:a6:76:e9:ab:85:25:6e:0e:5f:
         ca:a5:8d:b1:4a:39:1d:18:69:ae:17:f5:c9:76:b7:92:31:3e:
         50:a4:2e:f6:97:64:58:cd:1f:fc:52:68:37:6d:61:22:0a:93:
         86:b8:33:1f:7a:3d:ed:29:c3:a1:ec:b6:22:3f:ce:54:38:e9:
         e2:1a:88:48:10:41:24:e4:f7:bc:b7:d0:76:45:0f:19:db:36:
         7e:5e:27:05:02:d0:26:13:e6:d0:d0:8e:b9:d6:38:9a:57:39:
         4e:45:25:47:fc:93:ee:c0:3a:59:55:47:b8:ca:35:85:42:45:
         4c:50:20:4f:d2:62:fe:bb:8e:4c:ea:f9:de:77:d1:6a:76:f3:
         66:5d:ef:84:29:63:7a:d7:9c:78:d7:a5:ce:28:6a:6d:c2:ef:
         63:36:ea:a3:19:af:e6:f8:0d:8d:d6:8a:fb:39:12:b0:89:47:
         00:85:f6:2b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY9H744QicShn1JRI9u9HuPeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I4YTcwZjkwOWFlM2UxZmMxZGJkNmJkYzQyNWUwOGVl
YzgxYjkwHhcNMjQwNTA1MDg0NzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTc4YTIwMzg1OGQxY2JlOGM3NGEzNDI4NDA0NmRlMmI5YWUyYmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFIvzDW8WdNAvLMyWum35ISs+OWH
x+MhZNrTF+qQNbcuEHBch8yDFl/6fQ5hVTndmDnvUEnuX86kB5qUH3dE3Zecx7Xc
+Dq/6dx4tiKRMI6WCxeHeI+r4gKxARY6sRtXPhP4J7jnkOaQcw3VJroJ3P0cN5sT
Maw5LItAjLIPi8nUO1xC91yd9y7CtaSrMpY6c0iBtptctj+W7H21LeAfvXjNY/8/
tjQdDSysYqWM0lXJsVUR7TLbAqEkvFBWLRG3P5tdIGTQq6cHJM50tFQaJO2gXDgV
c+1fR9S14xlEXXSoCWMor6ZZg7VK2rwQSnWDD1m4BzZxDKtNvwI5I8uRjQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDl4ogOFjRy+jHSjQoQEbeK5rivtMB8GA1UdIwQY
MBaAFBrLinD5Ca4+H8Hb1r3EJeCO7IG5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N1S2NQa0pyajRmd2R2V3ZjUWw0STdzZ2JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iOTQ1NmUtNGU1Mi00ZGU1LWJiZDYt
NjBkZTIyNGNmYTRiLzEvT1hpaUE0V05ITDZNZEtOQ2hBUnQ0cm11Sy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iOTQ1NmUtNGU1Mi00ZGU1LWJiZDYtNjBkZTIyNGNmYTRi
LzEvR3N1S2NQa0pyajRmd2R2V3ZjUWw0STdzZ2JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABcdhUD
BANcdhAwDQYJKoZIhvcNAQELBQADggEBADUNyOENB0HLoZBxC2kEk8kZncR614Lg
1p8g3R8/YiwRCzdCsaCC1kZ17CXtpxjja/oAMuOAvaT/6U4axjO8wSnlVOoNZ54u
h2ICQ0orKGNK16Z26auFJW4OX8qljbFKOR0Yaa4X9cl2t5IxPlCkLvaXZFjNH/xS
aDdtYSIKk4a4Mx96Pe0pw6HstiI/zlQ46eIaiEgQQSTk97y30HZFDxnbNn5eJwUC
0CYT5tDQjrnWOJpXOU5FJUf8k+7AOllVR7jKNYVCRUxQIE/SYv67jkzq+d530Wp2
82Zd74QpY3rXnHjXpc4oam3C72M26qMZr+b4DY3Wivs5ErCJRwCF9is=
-----END CERTIFICATE-----
Generated at Mon Nov 25 00:01:13 2024 by rpki-client on console-fra.rpki-client.org