Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/1f3c4d-59e4-4937-bc14-6c88bfa7b55c/1/O8jIpfEeh9pPw6a36hUfliGDnmE.roa
File:                     O8jIpfEeh9pPw6a36hUfliGDnmE.roa (raw, json)
Hash identifier:          9I1lUpfvNjlhfJMDxxhfR8Jo1qp5PJWUXDecPmoU2/E=
Subject key identifier:   3B:C8:C8:A5:F1:1E:87:DA:4F:C3:A6:B7:EA:15:1F:96:21:83:9E:61
Certificate issuer:       /CN=c8f258ce203e04a33f4e90651153b259cffa3e88
Certificate serial:       018CC8DEAF16F62A10230F10715CA0DC8C10
Authority key identifier: C8:F2:58:CE:20:3E:04:A3:3F:4E:90:65:11:53:B2:59:CF:FA:3E:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yPJYziA-BKM_TpBlEVOyWc_6Pog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/1f3c4d-59e4-4937-bc14-6c88bfa7b55c/1/O8jIpfEeh9pPw6a36hUfliGDnmE.roa
Signing time:             Tue 02 Jan 2024 06:31:26 +0000
ROA not before:           Tue 02 Jan 2024 06:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202701
IP address blocks:        194.5.100.0/22 maxlen: 24
                          185.156.204.0/22 maxlen: 24
                          2a07:a106::/32 maxlen: 32
                          2a07:a104::/32 maxlen: 32
                          2a0c:e840::/29 maxlen: 29
                          2a07:a105::/32 maxlen: 32
                          2a07:a107::/32 maxlen: 32
                          2a07:a100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/1f3c4d-59e4-4937-bc14-6c88bfa7b55c/1/yPJYziA-BKM_TpBlEVOyWc_6Pog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/1f3c4d-59e4-4937-bc14-6c88bfa7b55c/1/yPJYziA-BKM_TpBlEVOyWc_6Pog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yPJYziA-BKM_TpBlEVOyWc_6Pog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:af:16:f6:2a:10:23:0f:10:71:5c:a0:dc:8c:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8f258ce203e04a33f4e90651153b259cffa3e88
        Validity
            Not Before: Jan  2 06:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bc8c8a5f11e87da4fc3a6b7ea151f9621839e61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f2:fc:c8:3a:a6:7e:d4:d1:99:68:10:cc:71:
                    1c:d7:f7:8f:dd:ff:f9:62:50:6a:c1:f5:11:95:e1:
                    be:1b:83:ea:05:3e:cd:1b:7c:ab:50:b2:fb:2e:3d:
                    cd:fe:49:d9:bf:eb:96:9b:87:58:e1:b0:2e:6d:a0:
                    1a:f7:03:f8:22:d5:2d:9d:85:2f:95:4a:b3:8d:6a:
                    14:d7:d6:df:11:40:80:6f:c3:35:7a:54:77:db:36:
                    6f:c6:00:ef:a8:97:b3:21:a0:a2:69:49:15:b9:8f:
                    fb:11:3b:2d:85:4f:14:bb:f2:4d:ad:b0:eb:ab:d7:
                    34:a6:f8:e3:1f:3d:20:90:eb:1b:e7:82:67:e8:15:
                    b5:71:80:2f:b7:bf:33:68:20:f9:bd:a3:0a:f9:0d:
                    0f:a3:68:de:85:f8:b5:08:85:2d:f4:f3:5b:58:e6:
                    23:5e:6a:59:3c:e2:33:69:40:8e:5d:c9:ab:89:56:
                    59:fd:72:b3:4a:a2:2d:8d:a6:49:f1:02:30:8d:3a:
                    14:b6:d7:b0:c4:5c:d1:a2:f9:5d:8e:a5:22:89:09:
                    bc:3b:02:8a:ad:ac:4e:c7:80:57:62:0a:c3:e5:dd:
                    68:df:e2:64:92:f8:ce:d3:2c:98:50:c4:1f:c4:59:
                    33:78:53:26:50:dd:88:e5:13:ee:cf:48:8d:bb:79:
                    2a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C8:C8:A5:F1:1E:87:DA:4F:C3:A6:B7:EA:15:1F:96:21:83:9E:61
            X509v3 Authority Key Identifier:
                keyid:C8:F2:58:CE:20:3E:04:A3:3F:4E:90:65:11:53:B2:59:CF:FA:3E:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yPJYziA-BKM_TpBlEVOyWc_6Pog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/1f3c4d-59e4-4937-bc14-6c88bfa7b55c/1/O8jIpfEeh9pPw6a36hUfliGDnmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/1f3c4d-59e4-4937-bc14-6c88bfa7b55c/1/yPJYziA-BKM_TpBlEVOyWc_6Pog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.204.0/22
                  194.5.100.0/22
                IPv6:
                  2a07:a100::/29
                  2a0c:e840::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:76:10:71:dd:bf:a8:58:8d:be:5a:46:6f:23:16:92:a1:81:
         96:8f:40:f8:b4:78:c3:b3:2a:06:d2:2e:89:d1:4a:7c:68:96:
         bc:d4:14:05:8a:f4:19:6e:47:5e:41:41:b8:19:f4:8c:f5:e6:
         0a:0b:de:df:e0:66:c6:fa:17:2a:26:b2:9e:29:3d:40:35:09:
         88:aa:df:3f:80:ac:1d:b2:d5:30:0b:16:dc:94:3d:a9:c2:39:
         b2:2d:2a:68:84:2c:e1:61:3a:8e:58:ea:3f:26:8c:65:30:55:
         70:c0:2e:08:45:60:ec:ff:7e:83:93:ee:0b:66:79:08:55:f9:
         1e:b8:52:9c:97:0a:83:27:28:e4:8f:c8:a1:0b:63:09:9a:66:
         e2:3f:84:d5:d3:d8:e4:ad:1b:38:72:2c:da:68:df:4a:f8:ad:
         f8:33:c9:8c:a0:58:f7:96:f7:71:aa:33:52:1a:46:0d:2c:2f:
         cd:c5:f3:f0:89:af:1d:a1:42:6f:e3:2d:d9:72:75:2f:9d:bc:
         8f:7d:f7:32:1f:c9:f6:65:e1:08:df:f3:f0:6f:d2:c7:46:c2:
         c6:40:54:75:4b:de:ad:63:51:e6:52:a7:72:72:8e:10:8c:57:
         ad:94:f5:f5:1c:10:0f:65:4d:33:9e:ca:fb:1f:4c:05:56:96:
         df:fe:90:cd
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzI3q8W9ioQIw8QcVyg3IwQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZjI1OGNlMjAzZTA0YTMzZjRlOTA2NTExNTNiMjU5Y2Zm
YTNlODgwHhcNMjQwMTAyMDYzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmM4YzhhNWYxMWU4N2RhNGZjM2E2YjdlYTE1MWY5NjIxODM5ZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfL8yDqmftTRmWgQzHEc1/eP3f/5
YlBqwfURleG+G4PqBT7NG3yrULL7Lj3N/knZv+uWm4dY4bAubaAa9wP4ItUtnYUv
lUqzjWoU19bfEUCAb8M1elR32zZvxgDvqJezIaCiaUkVuY/7ETsthU8Uu/JNrbDr
q9c0pvjjHz0gkOsb54Jn6BW1cYAvt78zaCD5vaMK+Q0Po2jehfi1CIUt9PNbWOYj
XmpZPOIzaUCOXcmriVZZ/XKzSqItjaZJ8QIwjToUttewxFzRovldjqUiiQm8OwKK
raxOx4BXYgrD5d1o3+JkkvjO0yyYUMQfxFkzeFMmUN2I5RPuz0iNu3kqKwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFDvIyKXxHofaT8Omt+oVH5Yhg55hMB8GA1UdIwQY
MBaAFMjyWM4gPgSjP06QZRFTslnP+j6IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVBKWXppQS1CS01fVHBCbEVWT3lXY182UG9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8xZjNjNGQtNTllNC00OTM3LWJjMTQt
NmM4OGJmYTdiNTVjLzEvTzhqSXBmRWVoOXBQdzZhMzZoVWZsaUdEbm1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8xZjNjNGQtNTllNC00OTM3LWJjMTQtNmM4OGJmYTdiNTVj
LzEveVBKWXppQS1CS01fVHBCbEVWT3lXY182UG9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCuZzMAwQC
wgVkMBQEAgACMA4DBQMqB6EAAwUDKgzoQDANBgkqhkiG9w0BAQsFAAOCAQEABXYQ
cd2/qFiNvlpGbyMWkqGBlo9A+LR4w7MqBtIuidFKfGiWvNQUBYr0GW5HXkFBuBn0
jPXmCgve3+BmxvoXKiaynik9QDUJiKrfP4CsHbLVMAsW3JQ9qcI5si0qaIQs4WE6
jljqPyaMZTBVcMAuCEVg7P9+g5PuC2Z5CFX5HrhSnJcKgyco5I/IoQtjCZpm4j+E
1dPY5K0bOHIs2mjfSvit+DPJjKBY95b3caozUhpGDSwvzcXz8ImvHaFCb+Mt2XJ1
L528j333Mh/J9mXhCN/z8G/Sx0bCxkBUdUverWNR5lKncnKOEIxXrZT19RwQD2VN
M57K+x9MBVaW3/6QzQ==
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:46:20 2024 by rpki-client on console-fra.rpki-client.org