Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/061716-09c6-4838-b1cb-3e86d2c29969/1/OHWDENxiwHUHcGpgbk08K1UT8-o.roa
File:                     OHWDENxiwHUHcGpgbk08K1UT8-o.roa (raw, json)
Hash identifier:          X1tpsVlJz+V4XoCcuFZ23Xvt78PJPBqwL75tsKfUzro=
Subject key identifier:   38:75:83:10:DC:62:C0:75:07:70:6A:60:6E:4D:3C:2B:55:13:F3:EA
Certificate issuer:       /CN=02df81268829301f3d69eb96f8ac617fa25256a1
Certificate serial:       018CC6B9091744861C9000477F5FBECEB1D4
Authority key identifier: 02:DF:81:26:88:29:30:1F:3D:69:EB:96:F8:AC:61:7F:A2:52:56:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/At-BJogpMB89aeuW-Kxhf6JSVqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/061716-09c6-4838-b1cb-3e86d2c29969/1/OHWDENxiwHUHcGpgbk08K1UT8-o.roa
Signing time:             Mon 01 Jan 2024 20:31:04 +0000
ROA not before:           Mon 01 Jan 2024 20:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47638
IP address blocks:        91.229.174.0/23 maxlen: 24
                          91.237.197.0/24 maxlen: 24
                          185.59.204.0/22 maxlen: 24
                          23.90.64.0/22 maxlen: 24
                          2a02:6da0::/32 maxlen: 32
                          2001:67c:248c::/48 maxlen: 48
                          2a02:6da0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/061716-09c6-4838-b1cb-3e86d2c29969/1/At-BJogpMB89aeuW-Kxhf6JSVqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/061716-09c6-4838-b1cb-3e86d2c29969/1/At-BJogpMB89aeuW-Kxhf6JSVqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/At-BJogpMB89aeuW-Kxhf6JSVqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:09:17:44:86:1c:90:00:47:7f:5f:be:ce:b1:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02df81268829301f3d69eb96f8ac617fa25256a1
        Validity
            Not Before: Jan  1 20:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38758310dc62c07507706a606e4d3c2b5513f3ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:2e:92:c9:ea:7b:af:5e:a7:45:3b:df:c0:7d:
                    5b:96:66:d7:15:35:7d:a4:01:16:89:f1:39:87:c4:
                    0c:e2:b2:04:a0:bc:20:24:6e:e6:34:bd:e6:74:c0:
                    d8:f9:e2:dd:1d:9b:bb:02:f7:27:77:f1:e1:23:52:
                    e9:cc:da:6c:ee:b3:a8:a0:10:70:b4:16:4a:58:d6:
                    3b:46:89:3d:83:52:db:64:64:13:95:e2:d1:80:f0:
                    7a:a9:f5:f4:f5:8a:34:48:10:4d:64:d6:8e:73:21:
                    55:90:de:6d:17:29:77:36:d8:b6:5e:da:b0:0a:0f:
                    73:29:12:76:d7:b3:0e:5c:05:6e:09:d8:27:65:6f:
                    2d:b6:09:29:df:cf:d7:b4:f5:70:fb:78:c2:61:00:
                    f8:36:f4:99:72:25:79:4d:bd:1e:1e:f0:47:aa:f4:
                    15:84:55:77:d7:35:30:e1:2c:74:19:76:84:aa:ae:
                    3f:e2:6f:c9:e0:77:4a:6b:76:33:83:5b:71:db:c0:
                    f1:33:6f:5b:94:d8:86:b8:4f:b7:d9:34:8b:6b:b4:
                    53:38:28:28:36:47:06:a9:6d:7a:ff:ad:3e:49:b3:
                    b1:33:a8:12:dd:69:32:a1:f2:a3:c2:5a:df:74:87:
                    87:19:08:d8:5f:15:26:e0:05:9f:5b:9e:0a:af:bf:
                    b9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:75:83:10:DC:62:C0:75:07:70:6A:60:6E:4D:3C:2B:55:13:F3:EA
            X509v3 Authority Key Identifier:
                keyid:02:DF:81:26:88:29:30:1F:3D:69:EB:96:F8:AC:61:7F:A2:52:56:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/At-BJogpMB89aeuW-Kxhf6JSVqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/061716-09c6-4838-b1cb-3e86d2c29969/1/OHWDENxiwHUHcGpgbk08K1UT8-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/061716-09c6-4838-b1cb-3e86d2c29969/1/At-BJogpMB89aeuW-Kxhf6JSVqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.90.64.0/22
                  91.229.174.0/23
                  91.237.197.0/24
                  185.59.204.0/22
                IPv6:
                  2001:67c:248c::/48
                  2a02:6da0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:2c:ee:54:10:5c:79:36:91:c8:bb:4b:41:d2:84:ee:2e:65:
         a2:57:b2:16:bc:84:2f:5f:07:3b:05:93:82:90:f5:ef:0f:20:
         fa:e0:90:fd:3e:78:54:cf:56:df:2d:6f:73:90:89:5b:47:f0:
         85:f9:ee:de:ff:70:4a:6f:52:8b:41:7e:4c:79:bb:03:a4:4d:
         9e:c9:9d:f6:a2:d3:b9:1f:ee:5a:58:36:5d:b7:7c:27:4e:84:
         76:e4:93:2d:fe:63:3a:6d:61:db:1f:76:12:bd:f0:ba:10:ea:
         98:84:cb:19:64:17:f6:e1:c5:06:1f:2d:08:1a:49:20:a4:28:
         f9:2e:12:8e:1f:f3:cc:b7:44:8a:26:79:e8:64:48:94:5b:71:
         45:af:f1:88:7e:cc:b1:b5:bb:a6:68:fd:b3:02:01:a9:ae:44:
         e4:b0:2e:2e:fc:10:04:05:56:cc:a2:4a:b0:0a:cf:cf:55:43:
         75:b3:58:82:9a:06:55:60:8d:92:56:41:b7:79:5a:5d:0b:c6:
         9f:ee:75:ac:80:f4:c8:5a:b2:c3:0c:2a:95:f2:2d:d9:31:52:
         c9:f3:94:a5:48:ee:22:d7:7c:7e:c9:6e:32:2e:03:c7:ea:61:
         7c:59:20:50:69:06:85:e0:ac:78:0c:d9:3c:3c:cb:07:33:84:
         e7:7f:f2:68
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzGuQkXRIYckABHf1++zrHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZGY4MTI2ODgyOTMwMWYzZDY5ZWI5NmY4YWM2MTdmYTI1
MjU2YTEwHhcNMjQwMTAxMjAzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODc1ODMxMGRjNjJjMDc1MDc3MDZhNjA2ZTRkM2MyYjU1MTNmM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9i6Syep7r16nRTvfwH1blmbXFTV9
pAEWifE5h8QM4rIEoLwgJG7mNL3mdMDY+eLdHZu7Avcnd/HhI1LpzNps7rOooBBw
tBZKWNY7Rok9g1LbZGQTleLRgPB6qfX09Yo0SBBNZNaOcyFVkN5tFyl3Nti2Xtqw
Cg9zKRJ217MOXAVuCdgnZW8ttgkp38/XtPVw+3jCYQD4NvSZciV5Tb0eHvBHqvQV
hFV31zUw4Sx0GXaEqq4/4m/J4HdKa3Yzg1tx28DxM29blNiGuE+32TSLa7RTOCgo
NkcGqW16/60+SbOxM6gS3WkyofKjwlrfdIeHGQjYXxUm4AWfW54Kr7+5cwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDh1gxDcYsB1B3BqYG5NPCtVE/PqMB8GA1UdIwQY
MBaAFALfgSaIKTAfPWnrlvisYX+iUlahMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXQtQkpvZ3BNQjg5YWV1Vy1LeGhmNkpTVnFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8wNjE3MTYtMDljNi00ODM4LWIxY2It
M2U4NmQyYzI5OTY5LzEvT0hXREVOeGl3SFVIY0dwZ2JrMDhLMVVUOC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8wNjE3MTYtMDljNi00ODM4LWIxY2ItM2U4NmQyYzI5OTY5
LzEvQXQtQkpvZ3BNQjg5YWV1Vy1LeGhmNkpTVnFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQCF1pAAwQB
W+WuAwQAW+3FAwQCuTvMMBYEAgACMBADBwAgAQZ8JIwDBQMqAm2gMA0GCSqGSIb3
DQEBCwUAA4IBAQB9LO5UEFx5NpHIu0tB0oTuLmWiV7IWvIQvXwc7BZOCkPXvDyD6
4JD9PnhUz1bfLW9zkIlbR/CF+e7e/3BKb1KLQX5MebsDpE2eyZ32otO5H+5aWDZd
t3wnToR25JMt/mM6bWHbH3YSvfC6EOqYhMsZZBf24cUGHy0IGkkgpCj5LhKOH/PM
t0SKJnnoZEiUW3FFr/GIfsyxtbumaP2zAgGprkTksC4u/BAEBVbMokqwCs/PVUN1
s1iCmgZVYI2SVkG3eVpdC8af7nWsgPTIWrLDDCqV8i3ZMVLJ85SlSO4i13x+yW4y
LgPH6mF8WSBQaQaF4Kx4DNk8PMsHM4Tnf/Jo
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:08:54 2024 by rpki-client on console-ams.rpki-client.org