Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/OAwzAJgXcirLln4EE83zIzfqBGI.roa
File:                     OAwzAJgXcirLln4EE83zIzfqBGI.roa (raw, json)
Hash identifier:          9vhyJnqOoMll2IghKTe9i1ni9kkld9g7tCM/p56Nm9k=
Subject key identifier:   38:0C:33:00:98:17:72:2A:CB:96:7E:04:13:CD:F3:23:37:EA:04:62
Certificate issuer:       /CN=d643aec22f819cf01f2c6363035d97f8e0e38233
Certificate serial:       018F1A7D3F430F887CB3D0EB5DD7FE5E83C1
Authority key identifier: D6:43:AE:C2:2F:81:9C:F0:1F:2C:63:63:03:5D:97:F8:E0:E3:82:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1kOuwi-BnPAfLGNjA12X-ODjgjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/OAwzAJgXcirLln4EE83zIzfqBGI.roa
Signing time:             Fri 26 Apr 2024 12:59:26 +0000
ROA not before:           Fri 26 Apr 2024 12:59:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56851
IP address blocks:        45.94.156.0/22 maxlen: 24
                          176.105.232.0/24 maxlen: 24
                          185.91.72.0/24 maxlen: 24
                          185.91.73.0/24 maxlen: 24
                          185.91.74.0/24 maxlen: 24
                          185.91.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/1kOuwi-BnPAfLGNjA12X-ODjgjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/1kOuwi-BnPAfLGNjA12X-ODjgjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1kOuwi-BnPAfLGNjA12X-ODjgjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1a:7d:3f:43:0f:88:7c:b3:d0:eb:5d:d7:fe:5e:83:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d643aec22f819cf01f2c6363035d97f8e0e38233
        Validity
            Not Before: Apr 26 12:59:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=380c33009817722acb967e0413cdf32337ea0462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a0:66:a5:50:52:8c:4b:7e:26:36:52:1d:28:
                    a7:62:a6:78:2d:b8:ed:35:b7:03:6d:72:e7:c3:e7:
                    7d:eb:03:cd:0c:d5:22:18:e7:07:68:f0:b4:35:ca:
                    61:e0:6d:c9:89:72:db:3f:eb:38:1e:68:b1:d5:7f:
                    74:56:5a:75:a6:7b:6b:54:c6:97:7d:96:eb:9e:54:
                    72:7f:7f:e7:8a:6f:eb:d7:09:63:9b:04:29:98:a4:
                    11:ae:cb:01:67:3f:42:a8:03:e2:c5:c6:43:f3:d8:
                    63:f2:b1:87:25:9e:ef:89:31:b2:0d:b8:50:63:9a:
                    da:3b:64:eb:c1:5f:6a:87:e5:be:55:7f:da:d5:ea:
                    29:91:08:50:ea:92:26:1d:11:77:38:d1:a2:86:43:
                    17:5d:15:ab:e3:6a:bf:10:d4:23:4d:1d:0f:70:ba:
                    d0:ee:de:e4:81:f8:94:7c:c5:2e:e4:f0:9e:b7:53:
                    ca:da:ae:50:cb:39:85:6a:d4:7c:2c:58:15:cf:a4:
                    89:76:e9:b3:b8:3a:73:db:63:97:68:d8:64:c1:37:
                    33:f8:9e:e0:e0:77:40:83:82:88:ef:72:eb:f6:a6:
                    e5:36:6f:0e:dd:13:bc:3e:52:42:bf:03:cb:38:41:
                    80:fd:dd:72:37:d4:97:78:dd:a4:28:08:ab:81:70:
                    c9:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:0C:33:00:98:17:72:2A:CB:96:7E:04:13:CD:F3:23:37:EA:04:62
            X509v3 Authority Key Identifier:
                keyid:D6:43:AE:C2:2F:81:9C:F0:1F:2C:63:63:03:5D:97:F8:E0:E3:82:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1kOuwi-BnPAfLGNjA12X-ODjgjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/OAwzAJgXcirLln4EE83zIzfqBGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/1kOuwi-BnPAfLGNjA12X-ODjgjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.156.0/22
                  176.105.232.0/24
                  185.91.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         df:2f:9d:0f:3d:4a:61:80:4a:ae:02:93:fa:2a:5f:c1:e5:16:
         e1:c8:21:b1:ab:e1:a4:ea:4b:27:4e:37:49:c3:e2:8e:fa:cb:
         74:32:17:ec:bd:38:c0:b8:33:28:45:f0:99:8d:88:07:a6:57:
         6d:21:26:f1:24:d4:d4:dc:69:90:25:ff:f7:b1:bb:d4:f0:8c:
         db:49:36:74:ae:d4:18:ce:15:75:3b:f7:10:dd:14:49:e5:05:
         85:27:3a:a0:1f:8e:65:71:24:e2:fb:b1:64:d2:75:d5:ed:61:
         e0:d9:53:d6:55:c9:11:d5:8a:41:3b:5a:c5:54:ae:32:74:ca:
         03:ba:5f:98:de:a9:74:a9:db:e8:20:4e:db:89:70:c1:82:dd:
         c7:aa:9c:5c:ad:2c:7b:56:32:ff:65:8e:c2:69:1d:d6:c4:4c:
         e7:5e:7d:73:94:5b:13:bc:fe:7b:28:c5:23:4e:96:aa:5a:80:
         e0:6e:9e:4e:0b:08:ea:db:01:25:1d:eb:6a:8a:39:f6:4a:f1:
         55:2c:2f:29:99:2f:97:76:20:b5:22:40:70:db:e6:d0:38:d1:
         1d:dd:f1:a4:69:98:5c:d6:f7:6b:b5:b3:f8:e5:eb:93:8a:e6:
         3c:66:dd:7a:93:ac:83:e9:9e:c7:22:70:ae:dd:b5:34:2e:a3:
         42:1e:6c:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8afT9DD4h8s9DrXdf+XoPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NDNhZWMyMmY4MTljZjAxZjJjNjM2MzAzNWQ5N2Y4ZTBl
MzgyMzMwHhcNMjQwNDI2MTI1OTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBjMzMwMDk4MTc3MjJhY2I5NjdlMDQxM2NkZjMyMzM3ZWEwNDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6BmpVBSjEt+JjZSHSinYqZ4Lbjt
NbcDbXLnw+d96wPNDNUiGOcHaPC0Ncph4G3JiXLbP+s4Hmix1X90Vlp1pntrVMaX
fZbrnlRyf3/nim/r1wljmwQpmKQRrssBZz9CqAPixcZD89hj8rGHJZ7viTGyDbhQ
Y5raO2TrwV9qh+W+VX/a1eopkQhQ6pImHRF3ONGihkMXXRWr42q/ENQjTR0PcLrQ
7t7kgfiUfMUu5PCet1PK2q5QyzmFatR8LFgVz6SJdumzuDpz22OXaNhkwTcz+J7g
4HdAg4KI73Lr9qblNm8O3RO8PlJCvwPLOEGA/d1yN9SXeN2kKAirgXDJjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDgMMwCYF3Iqy5Z+BBPN8yM36gRiMB8GA1UdIwQY
MBaAFNZDrsIvgZzwHyxjYwNdl/jg44IzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWtPdXdpLUJuUEFmTEdOakExMlgtT0RqZ2pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lMjlhNTctNmI3Ni00YTA2LWExMTYt
ZjZmMzIzZmQ5NmUwLzEvT0F3ekFKZ1hjaXJMbG40RUU4M3pJemZxQkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lMjlhNTctNmI3Ni00YTA2LWExMTYtZjZmMzIzZmQ5NmUw
LzEvMWtPdXdpLUJuUEFmTEdOakExMlgtT0RqZ2pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLV6cAwQA
sGnoAwQCuVtIMA0GCSqGSIb3DQEBCwUAA4IBAQDfL50PPUphgEquApP6Kl/B5Rbh
yCGxq+Gk6ksnTjdJw+KO+st0MhfsvTjAuDMoRfCZjYgHpldtISbxJNTU3GmQJf/3
sbvU8IzbSTZ0rtQYzhV1O/cQ3RRJ5QWFJzqgH45lcSTi+7Fk0nXV7WHg2VPWVckR
1YpBO1rFVK4ydMoDul+Y3ql0qdvoIE7biXDBgt3HqpxcrSx7VjL/ZY7CaR3WxEzn
Xn1zlFsTvP57KMUjTpaqWoDgbp5OCwjq2wElHetqijn2SvFVLC8pmS+XdiC1IkBw
2+bQONEd3fGkaZhc1vdrtbP45euTiuY8Zt16k6yD6Z7HInCu3bU0LqNCHmyA
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:43:55 2024 by rpki-client on console-ams.rpki-client.org