Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/d2a9bc-13b1-4b30-b563-209e1f84224e/1/OV_DDDujN202WhAqDfa0rwafbIo.roa
File:                     OV_DDDujN202WhAqDfa0rwafbIo.roa (raw, json)
Hash identifier:          X01oKi3hOCXUBA3nASmnFJEIW67AKGyT1BxjHqKsUL0=
Subject key identifier:   39:5F:C3:0C:3B:A3:37:6D:36:5A:10:2A:0D:F6:B4:AF:06:9F:6C:8A
Certificate issuer:       /CN=b6e0fe0faf6844988af2f744d516edb9c5dfe71c
Certificate serial:       018CC3491336D6E9F4A962BC149865F473BE
Authority key identifier: B6:E0:FE:0F:AF:68:44:98:8A:F2:F7:44:D5:16:ED:B9:C5:DF:E7:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tuD-D69oRJiK8vdE1RbtucXf5xw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/d2a9bc-13b1-4b30-b563-209e1f84224e/1/OV_DDDujN202WhAqDfa0rwafbIo.roa
Signing time:             Mon 01 Jan 2024 04:29:55 +0000
ROA not before:           Mon 01 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41124
IP address blocks:        185.27.69.0/24 maxlen: 24
                          185.27.70.0/24 maxlen: 24
                          185.27.71.0/24 maxlen: 24
                          185.27.68.0/24 maxlen: 24
                          89.107.97.0/24 maxlen: 24
                          89.107.98.0/24 maxlen: 24
                          89.107.96.0/24 maxlen: 24
                          89.107.100.0/24 maxlen: 24
                          89.107.101.0/24 maxlen: 24
                          89.107.102.0/24 maxlen: 24
                          89.107.103.0/24 maxlen: 24
                          89.107.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/d2a9bc-13b1-4b30-b563-209e1f84224e/1/tuD-D69oRJiK8vdE1RbtucXf5xw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/d2a9bc-13b1-4b30-b563-209e1f84224e/1/tuD-D69oRJiK8vdE1RbtucXf5xw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tuD-D69oRJiK8vdE1RbtucXf5xw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:13:36:d6:e9:f4:a9:62:bc:14:98:65:f4:73:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6e0fe0faf6844988af2f744d516edb9c5dfe71c
        Validity
            Not Before: Jan  1 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=395fc30c3ba3376d365a102a0df6b4af069f6c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8b:56:fe:2e:e6:7c:ea:44:95:b2:76:2b:40:
                    f9:88:fe:71:bd:6f:eb:83:3e:35:7f:70:05:13:a2:
                    44:33:17:73:89:f7:17:d3:08:82:d6:e8:73:74:27:
                    78:14:1b:27:45:c7:5b:34:93:01:de:dd:99:b3:7a:
                    33:25:63:3a:11:53:ab:35:56:69:93:82:10:df:2d:
                    c0:de:09:7c:7b:2b:57:18:52:c3:cc:d4:96:a0:5a:
                    c7:ed:64:ff:01:13:b6:79:2f:98:66:1f:73:09:9b:
                    d7:dd:79:a5:cc:00:ba:38:1a:fe:2b:92:9d:41:42:
                    44:01:d6:18:95:e1:71:a4:ee:ae:94:13:7c:e5:85:
                    fb:7e:d3:33:c4:09:0a:04:5f:2e:a9:49:9c:84:68:
                    c0:3d:fc:8e:41:67:c8:da:2a:ff:f2:ff:71:1a:85:
                    69:04:d6:5d:7e:5a:41:0d:01:47:0b:4f:7a:43:9a:
                    b4:34:a1:75:df:da:92:f5:1c:73:c4:c3:d7:e4:ef:
                    81:91:0b:b3:f4:89:6d:3d:af:e3:7d:f0:49:c5:af:
                    d2:d0:35:94:fc:f9:1b:2a:57:33:57:40:6f:3c:54:
                    71:50:8e:8f:ed:2a:08:95:76:d3:7a:fc:af:6c:7d:
                    bc:2b:a2:75:c6:ac:28:3a:1a:af:52:62:f3:35:d0:
                    7a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:5F:C3:0C:3B:A3:37:6D:36:5A:10:2A:0D:F6:B4:AF:06:9F:6C:8A
            X509v3 Authority Key Identifier:
                keyid:B6:E0:FE:0F:AF:68:44:98:8A:F2:F7:44:D5:16:ED:B9:C5:DF:E7:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tuD-D69oRJiK8vdE1RbtucXf5xw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/d2a9bc-13b1-4b30-b563-209e1f84224e/1/OV_DDDujN202WhAqDfa0rwafbIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/d2a9bc-13b1-4b30-b563-209e1f84224e/1/tuD-D69oRJiK8vdE1RbtucXf5xw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.107.96.0/21
                  185.27.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:6a:12:09:ea:86:49:bd:3b:39:9a:ce:b6:2d:c6:4b:6b:f8:
         dc:42:42:d3:b8:d3:af:f3:30:0a:ca:77:c1:04:c2:8a:08:98:
         ac:e2:57:af:1d:25:da:c9:1f:ab:5e:f4:6a:9b:32:23:2a:08:
         51:23:b9:f8:01:ca:6b:00:f7:6b:87:9a:93:1f:5b:de:3a:9a:
         e1:7f:25:60:9c:40:f5:c5:36:72:e1:5d:b1:5c:32:b5:f1:6d:
         28:9d:71:9f:80:f1:3a:8e:96:1c:82:86:68:f3:a5:bc:83:64:
         25:ce:88:6e:69:82:e0:b2:44:42:60:68:9a:d8:ad:b4:ce:85:
         cd:44:fa:6a:9e:5f:60:97:51:76:2b:0a:f8:b7:a2:c6:8e:23:
         7a:55:25:52:1d:c7:61:f8:b4:ee:62:3b:51:30:04:0b:d4:57:
         ef:a1:88:6d:8a:27:1e:17:68:a1:7c:70:78:c7:7e:a1:cc:6e:
         48:2e:6d:d2:40:37:1f:ae:ef:d0:31:aa:8a:55:2f:90:e6:21:
         31:07:2a:5c:5c:8b:c3:b1:dd:7e:ca:5e:cc:c0:2a:2a:b8:d5:
         61:1d:ab:94:e0:05:bf:60:ec:bb:64:e3:e0:e2:28:a9:eb:e8:
         2b:47:99:74:f5:af:7a:b1:17:4b:54:3d:b9:57:ea:9f:19:ae:
         02:84:bd:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSRM21un0qWK8FJhl9HO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZTBmZTBmYWY2ODQ0OTg4YWYyZjc0NGQ1MTZlZGI5YzVk
ZmU3MWMwHhcNMjQwMTAxMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTVmYzMwYzNiYTMzNzZkMzY1YTEwMmEwZGY2YjRhZjA2OWY2YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyItW/i7mfOpElbJ2K0D5iP5xvW/r
gz41f3AFE6JEMxdzifcX0wiC1uhzdCd4FBsnRcdbNJMB3t2Zs3ozJWM6EVOrNVZp
k4IQ3y3A3gl8eytXGFLDzNSWoFrH7WT/ARO2eS+YZh9zCZvX3XmlzAC6OBr+K5Kd
QUJEAdYYleFxpO6ulBN85YX7ftMzxAkKBF8uqUmchGjAPfyOQWfI2ir/8v9xGoVp
BNZdflpBDQFHC096Q5q0NKF139qS9RxzxMPX5O+BkQuz9IltPa/jffBJxa/S0DWU
/PkbKlczV0BvPFRxUI6P7SoIlXbTevyvbH28K6J1xqwoOhqvUmLzNdB6XQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDlfwww7ozdtNloQKg32tK8Gn2yKMB8GA1UdIwQY
MBaAFLbg/g+vaESYivL3RNUW7bnF3+ccMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHVELUQ2OW9SSmlLOHZkRTFSYnR1Y1hmNXh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9kMmE5YmMtMTNiMS00YjMwLWI1NjMt
MjA5ZTFmODQyMjRlLzEvT1ZfREREdWpOMjAyV2hBcURmYTByd2FmYklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9kMmE5YmMtMTNiMS00YjMwLWI1NjMtMjA5ZTFmODQyMjRl
LzEvdHVELUQ2OW9SSmlLOHZkRTFSYnR1Y1hmNXh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDWWtgAwQC
uRtEMA0GCSqGSIb3DQEBCwUAA4IBAQBuahIJ6oZJvTs5ms62LcZLa/jcQkLTuNOv
8zAKynfBBMKKCJis4levHSXayR+rXvRqmzIjKghRI7n4AcprAPdrh5qTH1veOprh
fyVgnED1xTZy4V2xXDK18W0onXGfgPE6jpYcgoZo86W8g2QlzohuaYLgskRCYGia
2K20zoXNRPpqnl9gl1F2Kwr4t6LGjiN6VSVSHcdh+LTuYjtRMAQL1FfvoYhtiice
F2ihfHB4x36hzG5ILm3SQDcfru/QMaqKVS+Q5iExBypcXIvDsd1+yl7MwCoquNVh
HauU4AW/YOy7ZOPg4iip6+grR5l09a96sRdLVD25V+qfGa4ChL2n
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:22:34 2024 by rpki-client on console-ams.rpki-client.org