Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/oTP3JCCre0XnpwJhFt4oD62GHrA.roa
File:                     oTP3JCCre0XnpwJhFt4oD62GHrA.roa (raw, json)
Hash identifier:          e89AOwfOzQZkv9cUgz0uLP07chn8jZCAR5aQkNhvQNI=
Subject key identifier:   A1:33:F7:24:20:AB:7B:45:E7:A7:02:61:16:DE:28:0F:AD:86:1E:B0
Certificate issuer:       /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial:       018CC34940C3916D9C633F6C051FB758E88F
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/oTP3JCCre0XnpwJhFt4oD62GHrA.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.125.84.0/24 maxlen: 24
                          185.125.85.0/24 maxlen: 24
                          193.0.181.0/24 maxlen: 24
                          185.125.87.0/24 maxlen: 24
                          193.0.182.0/24 maxlen: 24
                          193.0.180.0/24 maxlen: 24
                          185.125.86.0/24 maxlen: 24
                          185.71.229.0/24 maxlen: 24
                          185.71.230.0/24 maxlen: 24
                          185.71.231.0/24 maxlen: 24
                          185.71.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:40:c3:91:6d:9c:63:3f:6c:05:1f:b7:58:e8:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a133f72420ab7b45e7a7026116de280fad861eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:02:e1:9a:98:d6:d2:0d:29:35:ad:ad:b0:b4:
                    da:1d:1a:17:55:6b:6d:82:56:63:7a:bd:46:5c:0b:
                    aa:71:cc:ac:b3:32:76:a8:6e:90:8c:24:15:2f:f7:
                    7f:3e:9a:d8:82:22:15:67:e8:87:0f:69:29:20:8d:
                    1a:81:93:54:d2:40:6a:4c:c1:99:b9:8b:4f:be:6c:
                    38:aa:68:3e:b0:e2:ca:dc:d1:cb:d9:ea:36:47:28:
                    cf:6c:40:fc:21:ba:db:9c:cd:fb:50:97:66:4e:8e:
                    fe:c7:50:40:c5:e0:dc:d0:4f:8e:83:57:27:59:4f:
                    eb:b3:d2:77:b9:41:24:54:4d:36:af:30:86:87:a2:
                    46:aa:2f:36:6f:72:8e:3e:eb:f6:76:94:a1:6c:75:
                    85:f2:ea:7d:ab:93:c5:dd:2d:24:e3:90:23:b9:a3:
                    70:8a:ed:81:10:8e:af:6d:39:eb:a9:2c:08:30:2a:
                    29:de:b3:48:03:50:4d:02:77:b8:e4:48:cb:8b:38:
                    1d:0b:60:ce:64:b7:11:7b:f9:bf:09:a4:33:da:30:
                    7c:9d:32:89:ba:16:95:5a:82:16:0b:bb:4b:4e:27:
                    94:a8:c0:68:05:18:e6:8e:4a:24:22:d6:a1:0a:f8:
                    b4:8c:a0:13:e4:e7:2c:00:2c:1c:bc:59:8e:e9:09:
                    b9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:33:F7:24:20:AB:7B:45:E7:A7:02:61:16:DE:28:0F:AD:86:1E:B0
            X509v3 Authority Key Identifier:
                keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/oTP3JCCre0XnpwJhFt4oD62GHrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.228.0/22
                  185.125.84.0/22
                  193.0.180.0-193.0.182.255

    Signature Algorithm: sha256WithRSAEncryption
         79:7a:ce:3b:b0:3f:5a:e7:f9:8c:7c:cf:88:2d:5c:72:3d:b3:
         55:4f:38:74:9a:da:79:bc:7a:11:b0:d4:ae:67:0f:95:6d:7f:
         f7:8f:81:16:4e:64:84:d9:32:8f:9a:d7:e0:16:6d:ce:a6:2d:
         3d:09:e6:ba:d2:13:a5:3a:20:a2:c5:07:90:2a:2f:f5:cf:75:
         46:1b:15:c0:a3:aa:e6:87:a3:61:64:42:8b:03:17:e1:51:99:
         2d:f4:56:e2:21:32:c8:2d:2e:eb:70:93:7b:f2:c3:e6:24:2a:
         91:43:8a:b7:04:b3:f3:5a:84:f5:8d:24:ef:88:f4:91:d2:62:
         03:79:a6:93:6b:3b:13:cd:ea:d8:33:0d:fd:cf:73:a2:72:b3:
         5b:10:56:a7:9e:6f:6e:02:73:e9:fd:73:1e:05:30:64:c3:ce:
         1c:ce:f3:98:67:3b:3b:65:1c:ed:b5:7e:eb:7f:f4:5c:88:ef:
         2c:35:29:35:d5:71:8d:e9:07:39:54:c0:fb:f5:d3:aa:6c:36:
         82:79:dd:30:1d:2e:77:b0:4d:67:a6:6e:8f:93:4a:37:9a:9d:
         cf:24:45:97:dc:aa:c2:62:8b:d7:60:2c:7f:b1:cc:b1:ba:d5:
         61:48:06:c6:c2:66:be:3e:11:a2:4c:e6:fa:9c:92:3c:6a:54:
         18:34:f4:23
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzDSUDDkW2cYz9sBR+3WOiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjRjN2VjZmEzN2QyNDg3MTUyZmI5YmJiYWI1MGJlNzlk
ZTI2MTkwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTMzZjcyNDIwYWI3YjQ1ZTdhNzAyNjExNmRlMjgwZmFkODYxZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvALhmpjW0g0pNa2tsLTaHRoXVWtt
glZjer1GXAuqccysszJ2qG6QjCQVL/d/PprYgiIVZ+iHD2kpII0agZNU0kBqTMGZ
uYtPvmw4qmg+sOLK3NHL2eo2RyjPbED8IbrbnM37UJdmTo7+x1BAxeDc0E+Og1cn
WU/rs9J3uUEkVE02rzCGh6JGqi82b3KOPuv2dpShbHWF8up9q5PF3S0k45AjuaNw
iu2BEI6vbTnrqSwIMCop3rNIA1BNAne45EjLizgdC2DOZLcRe/m/CaQz2jB8nTKJ
uhaVWoIWC7tLTieUqMBoBRjmjkokItahCvi0jKAT5OcsACwcvFmO6Qm5RQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKEz9yQgq3tF56cCYRbeKA+thh6wMB8GA1UdIwQY
MBaAFD4kx+z6N9JIcVL7m7urUL553iYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMt
NDkzZDc3NGFhMWZmLzEvb1RQM0pDQ3JlMFhucHdKaEZ0NG9ENjJHSHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMtNDkzZDc3NGFhMWZm
LzEvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCuUfkAwQC
uX1UMAwDBALBALQDBADBALYwDQYJKoZIhvcNAQELBQADggEBAHl6zjuwP1rn+Yx8
z4gtXHI9s1VPOHSa2nm8ehGw1K5nD5Vtf/ePgRZOZITZMo+a1+AWbc6mLT0J5rrS
E6U6IKLFB5AqL/XPdUYbFcCjquaHo2FkQosDF+FRmS30VuIhMsgtLutwk3vyw+Yk
KpFDircEs/NahPWNJO+I9JHSYgN5ppNrOxPN6tgzDf3Pc6Jys1sQVqeeb24Cc+n9
cx4FMGTDzhzO85hnOztlHO21fut/9FyI7yw1KTXVcY3pBzlUwPv106psNoJ53TAd
LnewTWembo+TSjeanc8kRZfcqsJii9dgLH+xzLG61WFIBsbCZr4+EaJM5vqckjxq
VBg09CM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:36:14 2024 by rpki-client on console-fra.rpki-client.org