Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/eb2361-8d34-4ff4-b3d1-1fb38435af77/1/oHDG3ql9huSDQQpItY7KNmojymE.roa
File:                     oHDG3ql9huSDQQpItY7KNmojymE.roa (raw, json)
Hash identifier:          8FCfGSfv0WMuJ3QNazOngY2x96DrMYtArh6g+ZuOFRQ=
Subject key identifier:   A0:70:C6:DE:A9:7D:86:E4:83:41:0A:48:B5:8E:CA:36:6A:23:CA:61
Certificate issuer:       /CN=cb1d15194278a29aad57ca375f99588b976ef829
Certificate serial:       018CC64AD19E140026AFBDA2CCF54E841C9F
Authority key identifier: CB:1D:15:19:42:78:A2:9A:AD:57:CA:37:5F:99:58:8B:97:6E:F8:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yx0VGUJ4opqtV8o3X5lYi5du-Ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/eb2361-8d34-4ff4-b3d1-1fb38435af77/1/oHDG3ql9huSDQQpItY7KNmojymE.roa
Signing time:             Mon 01 Jan 2024 18:30:41 +0000
ROA not before:           Mon 01 Jan 2024 18:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1930
IP address blocks:        192.86.138.0/24 maxlen: 24
                          192.92.142.0/24 maxlen: 24
                          192.82.127.0/24 maxlen: 24
                          192.88.17.0/24 maxlen: 24
                          192.88.251.0/24 maxlen: 24
                          192.88.252.0/24 maxlen: 24
                          192.88.253.0/24 maxlen: 24
                          192.88.250.0/24 maxlen: 24
                          192.88.254.0/24 maxlen: 24
                          192.135.187.0/24 maxlen: 24
                          192.68.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/eb2361-8d34-4ff4-b3d1-1fb38435af77/1/yx0VGUJ4opqtV8o3X5lYi5du-Ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/eb2361-8d34-4ff4-b3d1-1fb38435af77/1/yx0VGUJ4opqtV8o3X5lYi5du-Ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yx0VGUJ4opqtV8o3X5lYi5du-Ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d1:9e:14:00:26:af:bd:a2:cc:f5:4e:84:1c:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb1d15194278a29aad57ca375f99588b976ef829
        Validity
            Not Before: Jan  1 18:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a070c6dea97d86e483410a48b58eca366a23ca61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:92:96:d1:47:c7:be:68:18:5a:fa:a4:24:0d:
                    9f:a0:32:c6:6d:4d:46:5b:25:a8:5f:22:10:0d:b1:
                    12:95:98:f8:07:d3:1c:28:cb:e7:ba:f5:29:d9:94:
                    c3:d5:2c:99:e9:92:b2:f3:8b:8f:7f:7c:f2:4b:61:
                    28:8a:d4:5c:3a:50:37:aa:d4:e4:09:de:19:ca:9c:
                    66:8d:0a:54:f3:7b:e2:c6:9f:8b:e1:1c:75:85:60:
                    91:80:37:e2:ff:99:47:d9:31:9a:6d:81:df:14:b7:
                    f3:e6:80:bb:7d:ef:7d:c7:f6:8d:a6:af:05:42:f3:
                    84:17:26:ea:82:c8:6a:37:80:4d:fe:bc:a2:4f:a3:
                    b4:90:f6:b2:b3:44:eb:8c:e0:0e:b0:40:da:8b:93:
                    d3:4a:32:ba:80:3d:23:ff:76:22:ee:44:12:34:a1:
                    7c:b7:4a:25:2e:77:82:a2:79:83:d9:11:35:f4:78:
                    e0:aa:93:d8:82:0b:24:68:97:42:f5:4c:80:b2:2a:
                    85:98:9c:30:4c:af:28:0d:03:15:d8:01:eb:66:fd:
                    5e:b7:10:80:02:2d:7c:83:e2:11:56:3b:57:da:e6:
                    15:ef:2d:36:de:1f:d1:61:0d:54:b1:47:a0:75:7e:
                    7a:b1:df:51:da:66:76:7a:26:e6:bd:ab:66:f1:8c:
                    79:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:70:C6:DE:A9:7D:86:E4:83:41:0A:48:B5:8E:CA:36:6A:23:CA:61
            X509v3 Authority Key Identifier:
                keyid:CB:1D:15:19:42:78:A2:9A:AD:57:CA:37:5F:99:58:8B:97:6E:F8:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yx0VGUJ4opqtV8o3X5lYi5du-Ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/eb2361-8d34-4ff4-b3d1-1fb38435af77/1/oHDG3ql9huSDQQpItY7KNmojymE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/eb2361-8d34-4ff4-b3d1-1fb38435af77/1/yx0VGUJ4opqtV8o3X5lYi5du-Ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.68.209.0/24
                  192.82.127.0/24
                  192.86.138.0/24
                  192.88.17.0/24
                  192.88.250.0-192.88.254.255
                  192.92.142.0/24
                  192.135.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:d5:4d:b7:1a:ea:7c:1d:37:d4:9e:5f:d0:10:40:36:c8:66:
         92:4a:ef:c4:c1:0c:cb:db:03:db:37:c2:cc:d0:e9:4e:fa:a9:
         e7:30:06:5d:47:55:9d:99:d0:1d:fe:c6:e9:4c:12:bc:68:d8:
         79:73:85:c5:86:67:08:87:07:46:ec:00:6c:68:d5:7b:dc:12:
         33:0e:b3:e1:ed:7e:c6:77:fe:6e:a5:ac:7c:34:e9:6e:f0:4e:
         a8:03:a1:8d:fb:aa:61:36:a8:fc:4e:8c:2c:b4:94:2c:3d:c4:
         8a:fb:80:58:a1:93:c4:6d:ae:b1:77:f0:84:3d:c4:fc:6e:55:
         33:a7:d5:e2:48:fb:e2:38:54:8a:9b:ce:66:15:8d:17:08:20:
         38:08:51:ed:0d:ba:92:87:91:e6:7d:91:c7:95:e3:c6:1a:f2:
         16:8e:27:77:35:27:02:db:b9:55:1e:20:8a:f9:5a:74:18:38:
         54:46:df:f5:61:fc:b8:2b:53:ee:05:66:c0:a8:d5:51:02:c2:
         d8:b5:3b:70:e0:ac:4a:54:ea:0b:b6:3d:09:93:9d:8a:67:c1:
         f9:1b:32:04:34:5e:a5:7c:73:a0:92:76:bd:a8:bf:57:09:b0:
         af:6c:61:fd:e5:da:d2:5a:79:2b:be:6c:5c:da:4f:c2:de:ab:
         62:a4:cd:7f
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzGStGeFAAmr72izPVOhByfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMWQxNTE5NDI3OGEyOWFhZDU3Y2EzNzVmOTk1ODhiOTc2
ZWY4MjkwHhcNMjQwMTAxMTgzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDcwYzZkZWE5N2Q4NmU0ODM0MTBhNDhiNThlY2EzNjZhMjNjYTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpKW0UfHvmgYWvqkJA2foDLGbU1G
WyWoXyIQDbESlZj4B9McKMvnuvUp2ZTD1SyZ6ZKy84uPf3zyS2EoitRcOlA3qtTk
Cd4ZypxmjQpU83vixp+L4Rx1hWCRgDfi/5lH2TGabYHfFLfz5oC7fe99x/aNpq8F
QvOEFybqgshqN4BN/ryiT6O0kPays0TrjOAOsEDai5PTSjK6gD0j/3Yi7kQSNKF8
t0olLneConmD2RE19HjgqpPYggskaJdC9UyAsiqFmJwwTK8oDQMV2AHrZv1etxCA
Ai18g+IRVjtX2uYV7y023h/RYQ1UsUegdX56sd9R2mZ2eibmvatm8Yx5dwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKBwxt6pfYbkg0EKSLWOyjZqI8phMB8GA1UdIwQY
MBaAFMsdFRlCeKKarVfKN1+ZWIuXbvgpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXgwVkdVSjRvcHF0VjhvM1g1bFlpNWR1LUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9lYjIzNjEtOGQzNC00ZmY0LWIzZDEt
MWZiMzg0MzVhZjc3LzEvb0hERzNxbDlodVNEUVFwSXRZN0tObW9qeW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9lYjIzNjEtOGQzNC00ZmY0LWIzZDEtMWZiMzg0MzVhZjc3
LzEveXgwVkdVSjRvcHF0VjhvM1g1bFlpNWR1LUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAwETRAwQA
wFJ/AwQAwFaKAwQAwFgRMAwDBAHAWPoDBADAWP4DBADAXI4DBADAh7swDQYJKoZI
hvcNAQELBQADggEBAF3VTbca6nwdN9SeX9AQQDbIZpJK78TBDMvbA9s3wszQ6U76
qecwBl1HVZ2Z0B3+xulMErxo2HlzhcWGZwiHB0bsAGxo1XvcEjMOs+HtfsZ3/m6l
rHw06W7wTqgDoY37qmE2qPxOjCy0lCw9xIr7gFihk8RtrrF38IQ9xPxuVTOn1eJI
++I4VIqbzmYVjRcIIDgIUe0NupKHkeZ9kceV48Ya8haOJ3c1JwLbuVUeIIr5WnQY
OFRG3/Vh/LgrU+4FZsCo1VECwti1O3DgrEpU6gu2PQmTnYpnwfkbMgQ0XqV8c6CS
dr2ov1cJsK9sYf3l2tJaeSu+bFzaT8Leq2KkzX8=
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:26:55 2024 by rpki-client on console-fra.rpki-client.org