Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e116b6-3c6d-485f-afcd-a41e620ba3eb/1/DGOE8mQqEucnyQcMiYjeM-SNgRc.roa
File:                     DGOE8mQqEucnyQcMiYjeM-SNgRc.roa (raw, json)
Hash identifier:          yyjBgV1n7kVe8qeTLhROeFsY2QAzyLNUnYM8Bg3GG18=
Subject key identifier:   0C:63:84:F2:64:2A:12:E7:27:C9:07:0C:89:88:DE:33:E4:8D:81:17
Certificate issuer:       /CN=dcd246e1830567ab115231db775f2879d99af0a0
Certificate serial:       0191137733E3214FF4BECCFF154AF5B2A57D
Authority key identifier: DC:D2:46:E1:83:05:67:AB:11:52:31:DB:77:5F:28:79:D9:9A:F0:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3NJG4YMFZ6sRUjHbd18oedma8KA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e116b6-3c6d-485f-afcd-a41e620ba3eb/1/DGOE8mQqEucnyQcMiYjeM-SNgRc.roa
Signing time:             Fri 02 Aug 2024 14:21:04 +0000
ROA not before:           Fri 02 Aug 2024 14:21:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42314
IP address blocks:        85.114.96.0/24 maxlen: 24
                          85.114.104.0/24 maxlen: 24
                          85.114.106.0/24 maxlen: 24
                          85.114.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e116b6-3c6d-485f-afcd-a41e620ba3eb/1/3NJG4YMFZ6sRUjHbd18oedma8KA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e116b6-3c6d-485f-afcd-a41e620ba3eb/1/3NJG4YMFZ6sRUjHbd18oedma8KA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3NJG4YMFZ6sRUjHbd18oedma8KA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:13:77:33:e3:21:4f:f4:be:cc:ff:15:4a:f5:b2:a5:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcd246e1830567ab115231db775f2879d99af0a0
        Validity
            Not Before: Aug  2 14:21:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c6384f2642a12e727c9070c8988de33e48d8117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8b:7b:c5:e6:9c:6c:eb:93:97:c5:60:64:c2:
                    c8:ea:6a:d4:da:52:f3:33:fe:aa:e2:e3:96:62:a6:
                    45:14:a5:a2:cd:e9:19:30:67:42:5f:7a:29:77:2d:
                    2d:df:34:38:07:dc:4a:65:e3:10:ba:a4:cb:09:11:
                    bd:fc:23:c2:5a:a9:8c:63:ec:9c:d0:d2:65:5d:2b:
                    98:36:85:2a:f6:61:56:b5:37:aa:b2:29:ae:18:6a:
                    0f:57:80:6c:c3:0b:e7:4b:3e:0d:e0:56:84:b5:5c:
                    1d:0d:46:df:bb:e2:2e:5c:dc:8c:ea:15:ba:7f:12:
                    86:85:51:92:c4:ae:98:38:e7:81:cb:3a:67:2d:c9:
                    70:10:e9:84:bd:f8:27:a1:25:c3:d1:ba:77:54:dc:
                    17:1c:83:cc:d7:25:e7:8f:e4:ec:e8:4d:de:9d:7e:
                    1a:18:b6:3d:86:b3:1b:fb:16:44:c2:08:25:6f:fe:
                    d6:c3:e3:c7:0b:67:68:bf:90:ed:be:87:e5:b1:67:
                    98:f8:a9:94:0e:b3:1e:44:b9:f1:7a:d2:4a:a9:ea:
                    f2:f3:af:ac:1e:dc:97:b7:f6:83:dc:82:b7:bf:16:
                    18:6a:c8:22:07:57:73:17:a9:f4:a1:3d:89:7e:fd:
                    9b:b3:6a:d7:c2:19:0b:01:99:0c:36:18:f6:88:0a:
                    d1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:63:84:F2:64:2A:12:E7:27:C9:07:0C:89:88:DE:33:E4:8D:81:17
            X509v3 Authority Key Identifier:
                keyid:DC:D2:46:E1:83:05:67:AB:11:52:31:DB:77:5F:28:79:D9:9A:F0:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3NJG4YMFZ6sRUjHbd18oedma8KA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e116b6-3c6d-485f-afcd-a41e620ba3eb/1/DGOE8mQqEucnyQcMiYjeM-SNgRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e116b6-3c6d-485f-afcd-a41e620ba3eb/1/3NJG4YMFZ6sRUjHbd18oedma8KA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.114.96.0/24
                  85.114.104.0/24
                  85.114.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:39:c1:56:68:5a:3b:19:ed:fa:c9:22:3e:dd:43:cf:b3:3c:
         78:c8:24:c7:3d:cd:8e:9f:e0:7a:25:5e:19:cf:60:fd:ff:9c:
         1e:ae:df:98:55:2f:2d:44:7c:1e:12:00:38:cc:25:f9:2c:22:
         cd:e3:dc:40:ba:d0:16:51:76:dc:75:6e:03:da:34:40:4f:a5:
         4f:f9:f9:2a:4a:a7:9b:99:a1:4f:17:61:0f:57:ec:ab:72:3d:
         e8:bb:61:08:d2:7f:dc:25:93:8d:52:e4:8a:a7:5a:25:f7:47:
         8e:89:dc:8e:44:f3:4d:93:92:7f:fa:67:bf:9c:c8:5a:71:69:
         e8:07:86:71:ca:ba:44:6b:d0:64:25:b8:78:7b:02:4b:b6:04:
         c4:b7:d7:e9:c6:77:b7:6c:19:1d:94:de:3a:6e:9f:24:51:62:
         cd:66:1f:21:9b:44:c7:04:9d:3d:eb:06:10:90:65:cb:4d:9e:
         d7:e8:3d:e3:ee:32:9e:2d:7d:b3:21:2e:83:30:ec:d0:29:f8:
         65:bf:8b:a7:e7:56:65:d8:c6:c0:36:be:77:a5:6a:3a:93:0b:
         f6:f0:da:95:5b:1c:29:b5:8e:45:57:a4:49:f9:cb:29:67:72:
         ae:a5:a9:0e:47:1d:62:87:d4:00:2c:b1:6e:01:1a:9b:ec:17:
         2b:af:14:54
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZETdzPjIU/0vsz/FUr1sqV9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZDI0NmUxODMwNTY3YWIxMTUyMzFkYjc3NWYyODc5ZDk5
YWYwYTAwHhcNMjQwODAyMTQyMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzYzODRmMjY0MmExMmU3MjdjOTA3MGM4OTg4ZGUzM2U0OGQ4MTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4t7xeacbOuTl8VgZMLI6mrU2lLz
M/6q4uOWYqZFFKWizekZMGdCX3opdy0t3zQ4B9xKZeMQuqTLCRG9/CPCWqmMY+yc
0NJlXSuYNoUq9mFWtTeqsimuGGoPV4BswwvnSz4N4FaEtVwdDUbfu+IuXNyM6hW6
fxKGhVGSxK6YOOeByzpnLclwEOmEvfgnoSXD0bp3VNwXHIPM1yXnj+Ts6E3enX4a
GLY9hrMb+xZEwgglb/7Ww+PHC2dov5DtvoflsWeY+KmUDrMeRLnxetJKqery86+s
HtyXt/aD3IK3vxYYasgiB1dzF6n0oT2Jfv2bs2rXwhkLAZkMNhj2iArR/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAxjhPJkKhLnJ8kHDImI3jPkjYEXMB8GA1UdIwQY
MBaAFNzSRuGDBWerEVIx23dfKHnZmvCgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM05KRzRZTUZaNnNSVWpIYmQxOG9lZG1hOEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lMTE2YjYtM2M2ZC00ODVmLWFmY2Qt
YTQxZTYyMGJhM2ViLzEvREdPRThtUXFFdWNueVFjTWlZamVNLVNOZ1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lMTE2YjYtM2M2ZC00ODVmLWFmY2QtYTQxZTYyMGJhM2Vi
LzEvM05KRzRZTUZaNnNSVWpIYmQxOG9lZG1hOEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVXJgAwQA
VXJoAwQBVXJqMA0GCSqGSIb3DQEBCwUAA4IBAQAjOcFWaFo7Ge36ySI+3UPPszx4
yCTHPc2On+B6JV4Zz2D9/5wert+YVS8tRHweEgA4zCX5LCLN49xAutAWUXbcdW4D
2jRAT6VP+fkqSqebmaFPF2EPV+yrcj3ou2EI0n/cJZONUuSKp1ol90eOidyORPNN
k5J/+me/nMhacWnoB4ZxyrpEa9BkJbh4ewJLtgTEt9fpxne3bBkdlN46bp8kUWLN
Zh8hm0THBJ096wYQkGXLTZ7X6D3j7jKeLX2zIS6DMOzQKfhlv4un51Zl2MbANr53
pWo6kwv28NqVWxwptY5FV6RJ+cspZ3KupakORx1ih9QALLFuARqb7BcrrxRU
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:01:20 2024 by rpki-client on console-fra.rpki-client.org