Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bc22a9-f871-400c-8fcf-cf1740823400/1/mo0Sinn5s7cb8rX2d4Ad9F0yn24.roa
File:                     mo0Sinn5s7cb8rX2d4Ad9F0yn24.roa (raw, json)
Hash identifier:          +G3nPtXhspYKnW2TnXWzdhyhS3gycOH4B84Pl8APDxk=
Subject key identifier:   9A:8D:12:8A:79:F9:B3:B7:1B:F2:B5:F6:77:80:1D:F4:5D:32:9F:6E
Certificate issuer:       /CN=74896c544b461d8b062eff9e3d2c29cd3cc960ec
Certificate serial:       018CC3B6B7CAADB7262843986965D14A4296
Authority key identifier: 74:89:6C:54:4B:46:1D:8B:06:2E:FF:9E:3D:2C:29:CD:3C:C9:60:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dIlsVEtGHYsGLv-ePSwpzTzJYOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bc22a9-f871-400c-8fcf-cf1740823400/1/mo0Sinn5s7cb8rX2d4Ad9F0yn24.roa
Signing time:             Mon 01 Jan 2024 06:29:40 +0000
ROA not before:           Mon 01 Jan 2024 06:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36351
IP address blocks:        89.38.52.0/24 maxlen: 24
                          89.38.54.0/24 maxlen: 24
                          89.38.53.0/24 maxlen: 24
                          185.69.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bc22a9-f871-400c-8fcf-cf1740823400/1/dIlsVEtGHYsGLv-ePSwpzTzJYOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bc22a9-f871-400c-8fcf-cf1740823400/1/dIlsVEtGHYsGLv-ePSwpzTzJYOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dIlsVEtGHYsGLv-ePSwpzTzJYOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b7:ca:ad:b7:26:28:43:98:69:65:d1:4a:42:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74896c544b461d8b062eff9e3d2c29cd3cc960ec
        Validity
            Not Before: Jan  1 06:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a8d128a79f9b3b71bf2b5f677801df45d329f6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:30:e9:83:b3:19:44:81:b5:59:72:e1:69:77:
                    b0:fd:0d:43:ed:1e:51:90:7c:b7:df:ef:66:fb:9f:
                    e5:e3:34:dc:06:3a:a3:68:9d:74:6f:12:a0:5f:c6:
                    a2:02:ce:12:7c:25:a6:94:b5:64:63:2e:66:c9:ee:
                    c4:bc:08:a3:e1:a4:e1:c8:a9:e8:83:25:ff:64:ca:
                    9e:71:0e:46:f8:41:46:a7:07:00:a2:fc:2f:60:4d:
                    bc:37:9b:5a:0f:2d:71:ef:36:0b:8f:f4:d6:33:10:
                    73:98:5f:2c:2e:5a:d1:88:86:05:94:0d:18:ae:5c:
                    98:4e:57:89:e7:38:be:ab:af:69:ab:e1:29:37:ce:
                    3e:e0:49:c4:88:73:9d:77:45:60:06:ce:66:32:fc:
                    c2:6f:ab:f4:d1:4d:3b:6b:54:62:80:e8:61:84:06:
                    ab:da:f9:c0:6b:8c:ea:5d:de:f3:07:5b:1d:19:d2:
                    e7:d0:9e:cf:8b:98:f8:ee:bf:05:8c:2a:c2:e2:7d:
                    90:59:46:f2:9b:8d:1d:97:29:f4:78:37:b5:d7:21:
                    af:7a:0d:3d:cb:05:04:79:33:e2:db:bc:39:dc:51:
                    08:1b:73:dd:d2:0e:b4:e7:6c:e0:95:0a:49:f1:d6:
                    76:99:76:54:d8:a5:e2:68:ad:2c:64:79:04:ed:7f:
                    b9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:8D:12:8A:79:F9:B3:B7:1B:F2:B5:F6:77:80:1D:F4:5D:32:9F:6E
            X509v3 Authority Key Identifier:
                keyid:74:89:6C:54:4B:46:1D:8B:06:2E:FF:9E:3D:2C:29:CD:3C:C9:60:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dIlsVEtGHYsGLv-ePSwpzTzJYOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bc22a9-f871-400c-8fcf-cf1740823400/1/mo0Sinn5s7cb8rX2d4Ad9F0yn24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bc22a9-f871-400c-8fcf-cf1740823400/1/dIlsVEtGHYsGLv-ePSwpzTzJYOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.52.0-89.38.54.255
                  185.69.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:01:f8:ae:09:b6:76:e3:7c:8a:db:9f:8c:c1:f1:3d:f7:a6:
         e9:fe:76:a4:5a:a2:fc:bc:64:55:b1:95:df:2d:91:01:19:d4:
         e7:52:96:2c:ad:f7:61:a5:e7:13:da:6b:8f:1b:66:83:85:e1:
         78:bf:02:34:9b:5c:68:4e:e7:8f:78:d8:c8:b8:80:2e:da:de:
         fe:82:88:26:40:ee:97:74:b8:99:7d:86:b4:7b:e4:04:41:e0:
         53:b4:04:09:82:17:f9:d4:2d:94:0a:8f:1d:b3:a2:1b:eb:91:
         e3:2b:ef:00:45:85:67:51:d4:63:e6:6e:5e:b4:dd:50:f8:a9:
         e9:b2:ef:20:31:32:50:b3:f5:2f:ce:b9:25:72:5f:7c:75:57:
         27:d3:30:04:d0:a5:ba:4c:0a:35:96:52:9d:12:4f:52:29:8a:
         cd:94:22:ed:56:10:31:f7:6e:e5:d9:b1:6b:0e:88:05:5c:cd:
         ea:ba:71:9d:e1:ac:90:f3:7a:0d:26:9c:6d:39:f6:65:2e:96:
         ea:ac:92:ae:11:7c:dd:28:ab:c0:8b:5c:fa:54:90:b2:db:e3:
         ca:5c:9c:c0:c7:a8:50:68:ca:9b:25:fe:73:94:bf:a0:ab:19:
         9c:da:0e:ca:d6:14:54:82:8a:34:59:a0:ce:5f:e3:0c:b7:63:
         4e:20:cf:f4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDtrfKrbcmKEOYaWXRSkKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ODk2YzU0NGI0NjFkOGIwNjJlZmY5ZTNkMmMyOWNkM2Nj
OTYwZWMwHhcNMjQwMTAxMDYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YThkMTI4YTc5ZjliM2I3MWJmMmI1ZjY3NzgwMWRmNDVkMzI5ZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzDpg7MZRIG1WXLhaXew/Q1D7R5R
kHy33+9m+5/l4zTcBjqjaJ10bxKgX8aiAs4SfCWmlLVkYy5mye7EvAij4aThyKno
gyX/ZMqecQ5G+EFGpwcAovwvYE28N5taDy1x7zYLj/TWMxBzmF8sLlrRiIYFlA0Y
rlyYTleJ5zi+q69pq+EpN84+4EnEiHOdd0VgBs5mMvzCb6v00U07a1RigOhhhAar
2vnAa4zqXd7zB1sdGdLn0J7Pi5j47r8FjCrC4n2QWUbym40dlyn0eDe11yGveg09
ywUEeTPi27w53FEIG3Pd0g6052zglQpJ8dZ2mXZU2KXiaK0sZHkE7X+5DwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJqNEop5+bO3G/K19neAHfRdMp9uMB8GA1UdIwQY
MBaAFHSJbFRLRh2LBi7/nj0sKc08yWDsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZElsc1ZFdEdIWXNHTHYtZVBTd3B6VHpKWU93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYzIyYTktZjg3MS00MDBjLThmY2Yt
Y2YxNzQwODIzNDAwLzEvbW8wU2lubjVzN2NiOHJYMmQ0QWQ5RjB5bjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYzIyYTktZjg3MS00MDBjLThmY2YtY2YxNzQwODIzNDAw
LzEvZElsc1ZFdEdIWXNHTHYtZVBTd3B6VHpKWU93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJZJjQD
BABZJjYDBAC5RfAwDQYJKoZIhvcNAQELBQADggEBAJQB+K4JtnbjfIrbn4zB8T33
pun+dqRaovy8ZFWxld8tkQEZ1OdSliyt92Gl5xPaa48bZoOF4Xi/AjSbXGhO5494
2Mi4gC7a3v6CiCZA7pd0uJl9hrR75ARB4FO0BAmCF/nULZQKjx2zohvrkeMr7wBF
hWdR1GPmbl603VD4qemy7yAxMlCz9S/OuSVyX3x1VyfTMATQpbpMCjWWUp0ST1Ip
is2UIu1WEDH3buXZsWsOiAVczeq6cZ3hrJDzeg0mnG059mUuluqskq4RfN0oq8CL
XPpUkLLb48pcnMDHqFBoypsl/nOUv6CrGZzaDsrWFFSCijRZoM5f4wy3Y04gz/Q=
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:49:04 2024 by rpki-client on console-fra.rpki-client.org