Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/o88G7XO5unr_QVUy0P8TKeDk-Ys.roa
File:                     o88G7XO5unr_QVUy0P8TKeDk-Ys.roa (raw, json)
Hash identifier:          Hx22DXVr9WvQOI77k3Os7et6+pYy26N+AwF4Bt1FjVY=
Subject key identifier:   A3:CF:06:ED:73:B9:BA:7A:FF:41:55:32:D0:FF:13:29:E0:E4:F9:8B
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018CC8DF8AA5ACBECCFB65842E4A00EBF095
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/o88G7XO5unr_QVUy0P8TKeDk-Ys.roa
Signing time:             Tue 02 Jan 2024 06:32:22 +0000
ROA not before:           Tue 02 Jan 2024 06:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207326
IP address blocks:        31.210.42.0/24 maxlen: 24
                          78.135.67.0/24 maxlen: 24
                          31.210.55.0/24 maxlen: 24
                          78.135.83.0/24 maxlen: 24
                          78.135.82.0/24 maxlen: 24
                          78.135.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8a:a5:ac:be:cc:fb:65:84:2e:4a:00:eb:f0:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 06:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3cf06ed73b9ba7aff415532d0ff1329e0e4f98b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ba:b0:80:9e:fe:60:a7:72:de:78:cf:33:80:
                    37:74:70:47:59:e6:4b:d0:a2:b0:9d:2e:80:7b:c6:
                    0c:81:cf:02:33:91:02:ca:c0:00:53:62:e3:1d:a0:
                    56:73:8c:8d:c9:ed:bc:90:4e:0a:54:6a:f0:62:77:
                    14:f6:4a:0d:08:4c:9e:84:6a:2a:8b:e4:f7:14:1d:
                    5a:a8:58:0d:a8:9d:76:c1:a2:d0:c0:ab:f3:ea:0c:
                    0f:1b:8f:53:e1:03:0d:90:21:6f:28:d7:77:f9:91:
                    18:c2:da:42:06:fb:62:ee:a1:43:67:f9:99:84:ea:
                    a8:bb:70:ca:af:71:51:62:bc:cb:eb:0c:73:a6:f4:
                    3c:fc:97:ea:e0:bd:d6:e1:41:f4:84:7d:d7:85:43:
                    4a:45:cc:0f:a4:a9:92:9f:54:6e:d8:69:c4:d6:f2:
                    0e:34:b1:17:bb:7b:a5:78:06:27:6e:68:1c:1e:8f:
                    c8:cf:46:2c:9a:ba:7f:7a:ab:f6:34:23:02:61:74:
                    83:51:ff:ed:e6:94:05:86:4d:1e:a6:05:e8:78:99:
                    df:3a:43:a8:f4:5b:44:a0:9f:75:d7:31:46:8d:97:
                    65:68:d7:83:81:8b:33:7e:84:43:92:8c:1e:b5:9c:
                    1e:1a:6f:64:ef:84:d5:88:33:88:ab:7b:c7:aa:23:
                    e6:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CF:06:ED:73:B9:BA:7A:FF:41:55:32:D0:FF:13:29:E0:E4:F9:8B
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/o88G7XO5unr_QVUy0P8TKeDk-Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.210.42.0/24
                  31.210.55.0/24
                  78.135.67.0/24
                  78.135.81.0-78.135.83.255

    Signature Algorithm: sha256WithRSAEncryption
         52:51:7f:14:28:32:b3:2f:cb:ad:87:06:f5:ad:3a:65:c7:2f:
         b2:60:41:8f:1e:51:0e:6e:26:59:b1:64:c9:ae:55:d2:bf:cf:
         5e:32:72:c8:6a:ee:07:6c:ac:1f:ba:72:f1:05:2d:5d:51:3e:
         f0:ec:7e:e8:1f:01:2b:50:ee:8a:f0:07:6f:7b:e2:86:4c:a6:
         83:da:dd:84:e9:21:26:ab:28:fa:f3:b5:80:95:a3:60:de:d4:
         77:63:17:ad:bf:fa:98:ee:68:60:e2:e2:17:4a:7d:d5:af:5b:
         5c:18:5b:0d:36:8d:f8:bc:b2:5a:93:e8:3b:a2:c9:cd:49:bb:
         27:0d:fe:a1:a4:dd:56:53:aa:72:3c:04:2b:2f:5b:4b:9f:86:
         55:39:99:e6:ec:dd:51:bd:48:89:c5:84:47:92:88:0b:f0:c9:
         c7:a9:9c:fc:f7:89:9e:3d:89:db:26:64:29:34:81:a0:96:03:
         16:b9:4d:62:a4:bd:af:0b:c0:9c:56:aa:37:5a:36:76:04:9a:
         05:2b:eb:e4:60:7f:7d:f7:3e:f8:4d:fc:e4:01:78:14:1b:2b:
         5f:1a:8a:55:5a:40:83:57:ec:f4:93:40:48:21:64:bb:9a:ae:
         3b:4e:c7:0c:8a:38:29:47:69:c2:8a:f0:da:85:ae:bc:9d:09:
         29:65:a6:53
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzI34qlrL7M+2WELkoA6/CVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwMTAyMDYzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NmMDZlZDczYjliYTdhZmY0MTU1MzJkMGZmMTMyOWUwZTRmOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubqwgJ7+YKdy3njPM4A3dHBHWeZL
0KKwnS6Ae8YMgc8CM5ECysAAU2LjHaBWc4yNye28kE4KVGrwYncU9koNCEyehGoq
i+T3FB1aqFgNqJ12waLQwKvz6gwPG49T4QMNkCFvKNd3+ZEYwtpCBvti7qFDZ/mZ
hOqou3DKr3FRYrzL6wxzpvQ8/Jfq4L3W4UH0hH3XhUNKRcwPpKmSn1Ru2GnE1vIO
NLEXu3uleAYnbmgcHo/Iz0Ysmrp/eqv2NCMCYXSDUf/t5pQFhk0epgXoeJnfOkOo
9FtEoJ911zFGjZdlaNeDgYszfoRDkowetZweGm9k74TViDOIq3vHqiPmcwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFKPPBu1zubp6/0FVMtD/Eyng5PmLMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvbzg4RzdYTzV1bnJfUVZVeTBQOFRLZURrLVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAH9IqAwQA
H9I3AwQATodDMAwDBABOh1EDBAJOh1AwDQYJKoZIhvcNAQELBQADggEBAFJRfxQo
MrMvy62HBvWtOmXHL7JgQY8eUQ5uJlmxZMmuVdK/z14ycshq7gdsrB+6cvEFLV1R
PvDsfugfAStQ7orwB2974oZMpoPa3YTpISarKPrztYCVo2De1HdjF62/+pjuaGDi
4hdKfdWvW1wYWw02jfi8slqT6Duiyc1JuycN/qGk3VZTqnI8BCsvW0ufhlU5mebs
3VG9SInFhEeSiAvwycepnPz3iZ49idsmZCk0gaCWAxa5TWKkva8LwJxWqjdaNnYE
mgUr6+Rgf333PvhN/OQBeBQbK18ailVaQINX7PSTQEghZLuarjtOxwyKOClHacKK
8NqFrrydCSllplM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:11:44 2024 by rpki-client on console-ams.rpki-client.org