Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/aa9922-e92c-4105-8365-040129aeb0bf/1/DDoR1Bxm2_7weQCrkIong79V_tY.roa
File:                     DDoR1Bxm2_7weQCrkIong79V_tY.roa (raw, json)
Hash identifier:          cHXZUwBfkBKUiMjVuNHF/dqHisOiLxuglK7a26HBsQQ=
Subject key identifier:   0C:3A:11:D4:1C:66:DB:FE:F0:79:00:AB:90:8A:27:83:BF:55:FE:D6
Certificate issuer:       /CN=a2e9bbb2dc361f148b51a75080d8e0b4f78a1f82
Certificate serial:       018CC3493E59F26055D6734ACEB98499B225
Authority key identifier: A2:E9:BB:B2:DC:36:1F:14:8B:51:A7:50:80:D8:E0:B4:F7:8A:1F:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oum7stw2HxSLUadQgNjgtPeKH4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/aa9922-e92c-4105-8365-040129aeb0bf/1/DDoR1Bxm2_7weQCrkIong79V_tY.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35834
IP address blocks:        87.237.38.0/24 maxlen: 24
                          87.237.32.0/23 maxlen: 23
                          87.237.32.0/24 maxlen: 24
                          87.237.36.0/24 maxlen: 24
                          87.237.33.0/24 maxlen: 24
                          87.237.34.0/24 maxlen: 24
                          87.237.34.0/23 maxlen: 23
                          87.237.38.0/23 maxlen: 23
                          87.237.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/aa9922-e92c-4105-8365-040129aeb0bf/1/oum7stw2HxSLUadQgNjgtPeKH4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/aa9922-e92c-4105-8365-040129aeb0bf/1/oum7stw2HxSLUadQgNjgtPeKH4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oum7stw2HxSLUadQgNjgtPeKH4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3e:59:f2:60:55:d6:73:4a:ce:b9:84:99:b2:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2e9bbb2dc361f148b51a75080d8e0b4f78a1f82
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c3a11d41c66dbfef07900ab908a2783bf55fed6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8e:b1:0e:f9:9e:6d:ae:b4:08:bb:8f:a4:ca:
                    2f:05:81:bd:a1:60:3c:3b:ba:0a:b0:7d:91:d6:93:
                    0b:66:dd:fc:0b:01:06:cb:0c:b3:1f:dd:21:15:94:
                    a3:c8:36:d7:eb:a4:c4:29:b5:22:0a:af:8d:cc:ee:
                    1c:0a:8b:c9:00:ae:47:63:32:a8:38:04:c9:5d:5c:
                    87:35:59:d3:68:f8:50:e3:5b:9f:de:04:5d:b7:3d:
                    1f:8f:aa:2f:19:6c:67:98:b7:5e:29:37:58:42:ce:
                    93:94:0e:5b:4f:37:a1:6f:37:34:5c:90:d3:f9:89:
                    7b:5a:0f:4c:f6:7b:a5:93:04:9b:ee:e3:61:38:0f:
                    e0:a0:17:d0:f4:92:15:3e:18:6d:73:6a:7d:ab:ac:
                    5b:08:fe:18:64:b5:1c:61:af:6e:49:e2:93:c6:e9:
                    d8:17:44:65:e9:8b:fa:06:3a:3d:b3:80:2c:9f:ee:
                    70:22:6f:4b:e1:e7:3e:1f:ae:5f:3a:c6:c0:f3:a5:
                    ef:df:5d:30:3e:0a:44:4a:55:81:a5:e3:f2:d5:dd:
                    75:55:4a:14:2a:d6:c8:e5:31:5c:16:b3:98:0b:ec:
                    43:b6:dc:ed:2c:32:75:dd:82:7a:5c:be:79:0d:d7:
                    39:dc:30:8f:8f:77:2a:0c:5d:1b:be:dc:e5:93:68:
                    f6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:3A:11:D4:1C:66:DB:FE:F0:79:00:AB:90:8A:27:83:BF:55:FE:D6
            X509v3 Authority Key Identifier:
                keyid:A2:E9:BB:B2:DC:36:1F:14:8B:51:A7:50:80:D8:E0:B4:F7:8A:1F:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oum7stw2HxSLUadQgNjgtPeKH4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/aa9922-e92c-4105-8365-040129aeb0bf/1/DDoR1Bxm2_7weQCrkIong79V_tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/aa9922-e92c-4105-8365-040129aeb0bf/1/oum7stw2HxSLUadQgNjgtPeKH4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.32.0-87.237.36.255
                  87.237.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:2b:28:c0:79:d5:bd:15:3a:b9:8c:9d:4c:e4:a0:39:12:0d:
         24:95:57:44:f0:e0:97:27:87:8e:96:0e:bf:23:5d:f9:a1:42:
         da:84:6e:ec:a2:f1:55:4e:f6:22:5f:80:2e:aa:b9:8b:2e:0f:
         29:54:3e:5e:9d:3a:3e:f7:fe:31:a6:31:88:6e:ec:36:00:a2:
         77:c8:6e:10:e3:24:01:a7:70:b4:08:57:8a:ca:2c:cc:c6:3d:
         b9:09:cb:72:4f:cc:46:ba:1f:75:7c:20:46:83:61:5a:94:16:
         29:a3:40:3c:e2:7e:5d:0d:fc:8e:a6:ef:6c:20:ce:31:9a:6a:
         a2:aa:86:79:3c:dd:ec:9a:5a:e4:72:b0:5e:af:6f:1a:87:6d:
         33:ee:13:40:fd:36:23:fe:1b:09:fd:0c:0b:10:b7:77:0c:3c:
         a5:c4:50:39:94:da:7b:40:f8:6b:1b:19:42:d9:5d:93:bd:4d:
         88:d0:02:d6:93:49:bb:9b:b1:1b:89:f6:e6:9e:c1:f6:06:2f:
         2a:60:06:1e:ae:31:84:2d:e1:03:4f:77:ae:eb:f9:ab:68:a1:
         cd:94:cd:d8:b0:46:7a:2b:e0:1c:2e:5b:67:7b:54:af:bb:2c:
         ed:9f:ad:33:61:7c:14:1f:ec:da:ce:17:89:9b:4b:84:c8:f7:
         58:bd:1b:b5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDST5Z8mBV1nNKzrmEmbIlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZTliYmIyZGMzNjFmMTQ4YjUxYTc1MDgwZDhlMGI0Zjc4
YTFmODIwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzNhMTFkNDFjNjZkYmZlZjA3OTAwYWI5MDhhMjc4M2JmNTVmZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkY6xDvmeba60CLuPpMovBYG9oWA8
O7oKsH2R1pMLZt38CwEGywyzH90hFZSjyDbX66TEKbUiCq+NzO4cCovJAK5HYzKo
OATJXVyHNVnTaPhQ41uf3gRdtz0fj6ovGWxnmLdeKTdYQs6TlA5bTzehbzc0XJDT
+Yl7Wg9M9nulkwSb7uNhOA/goBfQ9JIVPhhtc2p9q6xbCP4YZLUcYa9uSeKTxunY
F0Rl6Yv6Bjo9s4Asn+5wIm9L4ec+H65fOsbA86Xv310wPgpESlWBpePy1d11VUoU
KtbI5TFcFrOYC+xDttztLDJ13YJ6XL55Ddc53DCPj3cqDF0bvtzlk2j28wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAw6EdQcZtv+8HkAq5CKJ4O/Vf7WMB8GA1UdIwQY
MBaAFKLpu7LcNh8Ui1GnUIDY4LT3ih+CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3VtN3N0dzJIeFNMVWFkUWdOamd0UGVLSDRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYTk5MjItZTkyYy00MTA1LTgzNjUt
MDQwMTI5YWViMGJmLzEvRERvUjFCeG0yXzd3ZVFDcmtJb25nNzlWX3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYTk5MjItZTkyYy00MTA1LTgzNjUtMDQwMTI5YWViMGJm
LzEvb3VtN3N0dzJIeFNMVWFkUWdOamd0UGVLSDRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAVX7SAD
BABX7SQDBAFX7SYwDQYJKoZIhvcNAQELBQADggEBADQrKMB51b0VOrmMnUzkoDkS
DSSVV0Tw4Jcnh46WDr8jXfmhQtqEbuyi8VVO9iJfgC6quYsuDylUPl6dOj73/jGm
MYhu7DYAonfIbhDjJAGncLQIV4rKLMzGPbkJy3JPzEa6H3V8IEaDYVqUFimjQDzi
fl0N/I6m72wgzjGaaqKqhnk83eyaWuRysF6vbxqHbTPuE0D9NiP+Gwn9DAsQt3cM
PKXEUDmU2ntA+GsbGULZXZO9TYjQAtaTSbubsRuJ9uaewfYGLypgBh6uMYQt4QNP
d67r+atooc2UzdiwRnor4BwuW2d7VK+7LO2frTNhfBQf7NrOF4mbS4TI91i9G7U=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:59:13 2024 by rpki-client on console-fra.rpki-client.org