Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/OPLcHr0Vwh4PoID1apVr719SLgk.roa
File:                     OPLcHr0Vwh4PoID1apVr719SLgk.roa (raw, json)
Hash identifier:          Q1Rx6h36rw3ewrKCJKHMn56TNIeMJcr3afyHhxiB5vs=
Subject key identifier:   38:F2:DC:1E:BD:15:C2:1E:0F:A0:80:F5:6A:95:6B:EF:5F:52:2E:09
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       018CC64A03F36B45EF4438343145F98005D9
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/OPLcHr0Vwh4PoID1apVr719SLgk.roa
Signing time:             Mon 01 Jan 2024 18:29:48 +0000
ROA not before:           Mon 01 Jan 2024 18:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8915
IP address blocks:        95.140.144.0/23 maxlen: 24
                          95.140.150.0/24 maxlen: 24
                          80.90.176.0/23 maxlen: 24
                          2a00:1818::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:03:f3:6b:45:ef:44:38:34:31:45:f9:80:05:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Jan  1 18:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38f2dc1ebd15c21e0fa080f56a956bef5f522e09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c1:dd:6d:52:31:73:7d:a7:fb:7d:28:c1:4e:
                    14:74:dc:d6:f8:64:5f:18:f2:5b:4e:d6:3d:49:65:
                    4f:99:74:5c:e8:0d:67:62:21:d2:93:57:d5:e8:08:
                    d1:20:05:52:1c:98:2a:8e:5a:c8:35:4d:59:01:1c:
                    75:1e:39:de:92:0a:f6:c1:b3:0d:9f:5b:eb:42:93:
                    00:9d:f9:97:47:06:62:fd:5e:85:3d:7f:a8:13:3f:
                    7c:97:97:f1:c2:70:84:9c:d0:99:2b:24:60:29:31:
                    b2:4c:7e:fa:90:64:12:9f:ce:d9:56:d3:9c:66:c5:
                    52:04:1e:aa:73:c5:06:53:9d:6c:1d:0d:bd:21:51:
                    26:1b:6f:80:9e:ed:26:74:96:09:ff:2f:af:a9:85:
                    a7:f5:e1:d6:c2:eb:27:9c:3d:ed:01:d9:d3:85:ac:
                    09:52:43:5b:59:36:7b:06:b3:7b:85:65:0d:cb:a3:
                    e4:d3:b7:3c:b4:75:d1:d1:4b:a6:40:f2:5f:4e:fc:
                    d9:55:ce:fb:24:79:89:ab:9b:66:90:70:4f:3b:4b:
                    2a:3e:88:d8:31:fd:82:7c:b8:a5:ca:8f:4d:19:40:
                    59:69:42:63:25:5a:8a:22:11:e9:a4:8f:a4:01:e1:
                    7f:74:c7:08:49:4c:a7:52:1d:84:42:fc:33:be:f6:
                    df:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F2:DC:1E:BD:15:C2:1E:0F:A0:80:F5:6A:95:6B:EF:5F:52:2E:09
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/OPLcHr0Vwh4PoID1apVr719SLgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.90.176.0/23
                  95.140.144.0/23
                  95.140.150.0/24
                IPv6:
                  2a00:1818::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:e1:d8:ba:4c:52:d3:fa:cb:ff:1c:c2:ca:ce:9f:60:68:8e:
         06:51:3e:47:e5:a6:6f:3e:9c:c7:1a:63:25:8e:67:10:e6:1d:
         b2:da:ea:c0:89:28:e3:fd:a7:df:77:10:ec:a2:53:e7:e0:de:
         2d:d3:d4:cd:ee:8b:58:e8:ef:3e:f9:f6:97:2c:a1:3e:07:23:
         4e:a7:6f:a9:cc:54:d1:65:a4:70:ce:43:d5:7f:32:e5:03:60:
         87:ac:e5:df:71:8b:89:a7:07:b8:09:98:56:8c:f8:51:f9:b4:
         2b:b1:0a:ad:03:ae:dc:d5:0e:c0:08:16:13:be:5a:f0:b2:03:
         22:2b:61:1f:c0:4b:9b:6c:52:d3:ff:82:ce:2d:ed:7f:7e:ef:
         39:0d:f4:ec:75:ce:a2:9d:3b:6c:ce:be:b5:a9:88:0a:e5:4e:
         4a:9b:96:26:fd:bd:b5:05:87:ef:11:59:ca:48:0c:18:e2:f4:
         1c:fa:48:4e:c6:a4:da:f4:05:9e:e9:1d:a6:ad:a4:fb:ff:11:
         de:33:55:dd:38:0e:d9:97:40:e2:f5:a5:c4:dd:5f:19:09:90:
         23:ce:ca:dd:fd:4d:2a:a9:5d:fa:ba:85:63:2f:01:c4:9b:66:
         5e:7d:9b:c3:64:16:30:20:b9:af:42:8b:4f:7e:25:c7:b2:8a:
         06:f5:b1:15
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzGSgPza0XvRDg0MUX5gAXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjQwMTAxMTgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGYyZGMxZWJkMTVjMjFlMGZhMDgwZjU2YTk1NmJlZjVmNTIyZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMHdbVIxc32n+30owU4UdNzW+GRf
GPJbTtY9SWVPmXRc6A1nYiHSk1fV6AjRIAVSHJgqjlrINU1ZARx1Hjnekgr2wbMN
n1vrQpMAnfmXRwZi/V6FPX+oEz98l5fxwnCEnNCZKyRgKTGyTH76kGQSn87ZVtOc
ZsVSBB6qc8UGU51sHQ29IVEmG2+Anu0mdJYJ/y+vqYWn9eHWwusnnD3tAdnThawJ
UkNbWTZ7BrN7hWUNy6Pk07c8tHXR0UumQPJfTvzZVc77JHmJq5tmkHBPO0sqPojY
Mf2CfLilyo9NGUBZaUJjJVqKIhHppI+kAeF/dMcISUynUh2EQvwzvvbfjwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDjy3B69FcIeD6CA9WqVa+9fUi4JMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvT1BMY0hyMFZ3aDRQb0lEMWFwVnI3MTlTTGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBUFqwAwQB
X4yQAwQAX4yWMA0EAgACMAcDBQAqABgYMA0GCSqGSIb3DQEBCwUAA4IBAQAC4di6
TFLT+sv/HMLKzp9gaI4GUT5H5aZvPpzHGmMljmcQ5h2y2urAiSjj/affdxDsolPn
4N4t09TN7otY6O8++faXLKE+ByNOp2+pzFTRZaRwzkPVfzLlA2CHrOXfcYuJpwe4
CZhWjPhR+bQrsQqtA67c1Q7ACBYTvlrwsgMiK2EfwEubbFLT/4LOLe1/fu85DfTs
dc6inTtszr61qYgK5U5Km5Ym/b21BYfvEVnKSAwY4vQc+khOxqTa9AWe6R2mraT7
/xHeM1XdOA7Zl0Di9aXE3V8ZCZAjzsrd/U0qqV36uoVjLwHEm2ZefZvDZBYwILmv
QotPfiXHsooG9bEV
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:51:09 2024 by rpki-client on console-fra.rpki-client.org