Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/OTtsv9RR1QsS-5u0qYRGPEYTOOA.roa
File:                     OTtsv9RR1QsS-5u0qYRGPEYTOOA.roa (raw, json)
Hash identifier:          PhnUiFOaOB+uXJSKF07I2cO6h54Q9N8ffoHvYQnw6Ws=
Subject key identifier:   39:3B:6C:BF:D4:51:D5:0B:12:FB:9B:B4:A9:84:46:3C:46:13:38:E0
Certificate issuer:       /CN=7ba289ebe93351236a5580eb5b70102cf3f11dfc
Certificate serial:       018CCA9A141B1B4E5F5091AD1E04079F7214
Authority key identifier: 7B:A2:89:EB:E9:33:51:23:6A:55:80:EB:5B:70:10:2C:F3:F1:1D:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/OTtsv9RR1QsS-5u0qYRGPEYTOOA.roa
Signing time:             Tue 02 Jan 2024 14:35:44 +0000
ROA not before:           Tue 02 Jan 2024 14:35:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29017
IP address blocks:        185.181.116.0/22 maxlen: 24
                          91.197.228.0/22 maxlen: 24
                          2a0a:cb80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:14:1b:1b:4e:5f:50:91:ad:1e:04:07:9f:72:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba289ebe93351236a5580eb5b70102cf3f11dfc
        Validity
            Not Before: Jan  2 14:35:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=393b6cbfd451d50b12fb9bb4a984463c461338e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:dc:84:19:3f:30:aa:27:7e:75:da:f5:3f:d4:
                    2b:93:7b:b8:b5:ad:74:c8:99:99:84:f0:21:06:3d:
                    b5:ef:2f:e8:61:f1:08:6a:fa:31:3e:29:38:a1:b8:
                    f1:97:7d:3e:07:0c:17:47:3d:8a:96:aa:18:56:2b:
                    35:c7:8a:57:40:9e:85:a8:2b:6f:1b:7a:e3:9d:2a:
                    62:06:f1:0d:a3:62:1a:d2:49:64:f1:a6:9b:b7:bc:
                    24:0e:f6:da:90:44:2e:2a:96:42:61:12:e2:a9:bb:
                    24:c0:07:69:33:d1:ae:0f:a2:f4:fa:56:b6:1b:28:
                    a3:9d:b2:8c:af:0b:95:50:38:6f:c6:6d:52:3f:1b:
                    be:f2:3f:f2:35:86:7a:56:e8:df:c8:d8:7c:6a:13:
                    3a:89:88:11:60:69:31:49:76:18:64:5f:79:27:be:
                    ec:02:54:2d:3c:63:48:0d:cc:f6:61:7f:84:6d:96:
                    0e:ba:5b:a9:b7:d8:0a:2c:ca:09:3a:61:4e:8b:e1:
                    4c:55:c2:85:8b:3c:db:8b:d8:7a:70:01:39:01:f9:
                    12:c2:82:a3:9b:5b:31:04:a8:97:df:0e:a9:4f:37:
                    05:2f:ba:49:4d:57:52:dd:4f:85:bd:30:42:7a:e8:
                    af:de:bb:bf:51:cc:3d:ba:0d:a1:2e:17:c6:5b:a2:
                    b9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:3B:6C:BF:D4:51:D5:0B:12:FB:9B:B4:A9:84:46:3C:46:13:38:E0
            X509v3 Authority Key Identifier:
                keyid:7B:A2:89:EB:E9:33:51:23:6A:55:80:EB:5B:70:10:2C:F3:F1:1D:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/OTtsv9RR1QsS-5u0qYRGPEYTOOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.228.0/22
                  185.181.116.0/22
                IPv6:
                  2a0a:cb80::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:53:62:25:89:2c:d4:1e:8b:ba:b2:64:db:30:da:49:e2:50:
         3c:35:16:d0:b9:4a:f9:c3:79:53:dc:e9:65:8b:1c:86:f3:6b:
         85:f8:fc:ee:01:8d:92:3f:08:a4:05:7f:29:0d:3c:9d:1c:32:
         08:14:07:e7:95:d5:2a:3d:a9:53:f4:f0:6d:e0:50:4c:5d:a5:
         2e:65:b1:1a:fc:b7:b9:42:33:94:4f:b9:ed:1a:4a:80:1a:5a:
         d7:50:78:49:fd:5e:72:8c:b2:0d:e4:e2:ec:de:61:47:97:66:
         25:2c:89:09:34:fa:b3:48:76:06:cd:88:84:35:31:6d:07:34:
         4f:f8:54:07:cb:8e:c3:18:da:81:f2:26:cb:1a:db:7c:1f:0f:
         e7:09:58:fe:39:7a:39:19:9f:74:81:89:ec:99:1b:d5:e3:4b:
         e3:0d:7a:7f:1c:8f:67:19:43:b6:d9:1f:86:94:8f:d4:5c:e5:
         27:8d:53:7a:fc:9c:95:92:f0:a4:0c:8d:3b:62:a3:42:2f:7a:
         fa:c1:98:9d:e0:be:38:71:8b:1c:56:d0:77:5e:88:08:03:6e:
         5d:ba:49:f6:27:47:41:db:c5:06:0f:23:12:a2:69:f4:ab:d2:
         72:8c:56:fc:02:f1:3d:21:0b:51:4b:8a:0e:6a:20:17:23:46:
         20:04:8f:33
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKmhQbG05fUJGtHgQHn3IUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYTI4OWViZTkzMzUxMjM2YTU1ODBlYjViNzAxMDJjZjNm
MTFkZmMwHhcNMjQwMTAyMTQzNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTNiNmNiZmQ0NTFkNTBiMTJmYjliYjRhOTg0NDYzYzQ2MTMzOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9yEGT8wqid+ddr1P9Qrk3u4ta10
yJmZhPAhBj217y/oYfEIavoxPik4objxl30+BwwXRz2KlqoYVis1x4pXQJ6FqCtv
G3rjnSpiBvENo2Ia0klk8aabt7wkDvbakEQuKpZCYRLiqbskwAdpM9GuD6L0+la2
GyijnbKMrwuVUDhvxm1SPxu+8j/yNYZ6VujfyNh8ahM6iYgRYGkxSXYYZF95J77s
AlQtPGNIDcz2YX+EbZYOulupt9gKLMoJOmFOi+FMVcKFizzbi9h6cAE5AfkSwoKj
m1sxBKiX3w6pTzcFL7pJTVdS3U+FvTBCeuiv3ru/Ucw9ug2hLhfGW6K5DQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDk7bL/UUdULEvubtKmERjxGEzjgMB8GA1UdIwQY
MBaAFHuiievpM1EjalWA61twECzz8R38MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZLSjYta3pVU05xVllEclczQVFMUFB4SGZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kZTFlN2MtN2Q3NC00Y2NjLTljNmMt
ZDE2M2I1NDk5ZTY4LzEvT1R0c3Y5UlIxUXNTLTV1MHFZUkdQRVlUT09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kZTFlN2MtN2Q3NC00Y2NjLTljNmMtZDE2M2I1NDk5ZTY4
LzEvZTZLSjYta3pVU05xVllEclczQVFMUFB4SGZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8XkAwQC
ubV0MA0EAgACMAcDBQAqCsuAMA0GCSqGSIb3DQEBCwUAA4IBAQBgU2IliSzUHou6
smTbMNpJ4lA8NRbQuUr5w3lT3OllixyG82uF+PzuAY2SPwikBX8pDTydHDIIFAfn
ldUqPalT9PBt4FBMXaUuZbEa/Le5QjOUT7ntGkqAGlrXUHhJ/V5yjLIN5OLs3mFH
l2YlLIkJNPqzSHYGzYiENTFtBzRP+FQHy47DGNqB8ibLGtt8Hw/nCVj+OXo5GZ90
gYnsmRvV40vjDXp/HI9nGUO22R+GlI/UXOUnjVN6/JyVkvCkDI07YqNCL3r6wZid
4L44cYscVtB3XogIA25dukn2J0dB28UGDyMSomn0q9JyjFb8AvE9IQtRS4oOaiAX
I0YgBI8z
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:11:46 2024 by rpki-client on console-fra.rpki-client.org