Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/owr80a4xtVqzYXfHca1sE65ekPo.roa
File:                     owr80a4xtVqzYXfHca1sE65ekPo.roa (raw, json)
Hash identifier:          G9O4wY3qR0BkTMSCP05EYXSjl5ayQV1aJUM4/0UIJFU=
Subject key identifier:   A3:0A:FC:D1:AE:31:B5:5A:B3:61:77:C7:71:AD:6C:13:AE:5E:90:FA
Certificate issuer:       /CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
Certificate serial:       018CC794658375173B1C0B3AF44171CDD9F1
Authority key identifier: AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/owr80a4xtVqzYXfHca1sE65ekPo.roa
Signing time:             Tue 02 Jan 2024 00:30:40 +0000
ROA not before:           Tue 02 Jan 2024 00:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12859
IP address blocks:        185.84.140.0/22 maxlen: 24
                          185.63.152.0/22 maxlen: 24
                          185.103.172.0/22 maxlen: 24
                          2a05:a640::/29 maxlen: 64
                          2a03:7e0::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:65:83:75:17:3b:1c:0b:3a:f4:41:71:cd:d9:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
        Validity
            Not Before: Jan  2 00:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a30afcd1ae31b55ab36177c771ad6c13ae5e90fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a5:af:d6:01:a8:7d:f4:3c:61:e4:52:64:d7:
                    2b:6c:1e:77:a4:99:2d:92:b7:90:aa:24:aa:02:a2:
                    49:5b:ea:3a:11:1a:23:de:6d:fb:94:71:11:23:5e:
                    28:9f:10:51:04:f4:2b:cb:fa:7c:20:3d:75:e5:3f:
                    bc:68:e5:15:89:c8:1d:65:4e:14:e9:37:cf:57:1a:
                    6d:20:23:77:2a:1f:3e:4f:ce:8f:b1:29:f3:53:1e:
                    89:1a:8f:82:21:39:64:d4:1c:20:df:c5:e2:b2:fc:
                    db:d5:62:ce:a3:02:33:c5:ed:e9:b0:a8:11:0b:8a:
                    10:5a:4a:90:85:30:5d:be:dc:ea:02:6d:09:76:6c:
                    04:80:16:bb:d7:dd:da:a1:65:2e:cf:4c:65:2d:6e:
                    5d:66:2d:39:80:3e:41:fe:fc:e5:f9:a9:17:67:05:
                    5a:78:71:35:ca:c6:9b:f1:fb:d1:d0:fb:42:8f:e9:
                    37:55:2c:16:02:c9:16:d8:c8:f8:42:29:6b:d7:d4:
                    78:29:a6:5b:b1:71:b3:98:7e:75:36:5a:a5:97:5e:
                    34:71:23:ec:b1:c3:27:be:6f:7f:04:60:7a:16:03:
                    33:a6:5d:88:02:9b:a5:cf:b5:d1:33:43:5a:a6:61:
                    9e:97:4e:ef:4f:87:bb:29:60:e9:33:7a:8d:09:f2:
                    78:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:0A:FC:D1:AE:31:B5:5A:B3:61:77:C7:71:AD:6C:13:AE:5E:90:FA
            X509v3 Authority Key Identifier:
                keyid:AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/owr80a4xtVqzYXfHca1sE65ekPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.152.0/22
                  185.84.140.0/22
                  185.103.172.0/22
                IPv6:
                  2a03:7e0::/32
                  2a05:a640::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:cc:db:12:0e:f3:7c:f6:d6:b4:09:33:6f:d4:dd:88:f7:ff:
         fa:3d:41:c2:ac:bc:9a:37:67:af:0c:8d:df:88:bc:72:54:21:
         89:13:37:c1:7b:c3:66:a7:8b:3b:e7:4e:d8:2f:f4:ab:e5:37:
         4a:d6:9e:69:03:6d:71:2d:31:25:73:9f:24:73:f9:f6:3e:92:
         7c:21:6d:a1:cc:cc:3d:69:c4:af:4c:86:19:aa:79:e6:5f:31:
         07:51:16:de:76:e2:a1:d7:51:55:ad:4a:72:6e:f1:19:4a:91:
         87:8a:f9:96:e3:a9:33:28:d6:97:44:3b:95:c4:cb:6d:76:ca:
         58:a6:5e:51:6b:b0:41:3d:7d:11:79:68:03:e8:d8:36:b1:35:
         86:3f:f9:49:79:15:fe:60:a4:d5:50:91:53:47:c9:a9:95:37:
         4b:7b:dd:2a:f8:cb:4a:49:29:77:17:d8:e4:21:b8:ea:50:e5:
         21:54:c1:fa:d0:89:96:a0:0b:e7:53:bf:b3:fc:68:99:96:9e:
         b8:3c:f3:f4:93:71:11:f7:97:cb:ea:e5:2d:43:61:59:fc:b7:
         5a:33:19:e4:6a:6e:d6:23:64:ee:a8:53:67:da:2b:92:48:47:
         8d:5d:02:ba:f0:a3:fb:63:db:46:ff:2c:20:9b:a7:95:a5:06:
         6b:e2:23:a5
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzHlGWDdRc7HAs69EFxzdnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMWQyYTU2MmM3ZGIyMTE1MWI0YTA5MjZiOGQ2ZmVlYWNl
Zjg4NTcwHhcNMjQwMTAyMDAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzBhZmNkMWFlMzFiNTVhYjM2MTc3Yzc3MWFkNmMxM2FlNWU5MGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqWv1gGoffQ8YeRSZNcrbB53pJkt
kreQqiSqAqJJW+o6ERoj3m37lHERI14onxBRBPQry/p8ID115T+8aOUVicgdZU4U
6TfPVxptICN3Kh8+T86PsSnzUx6JGo+CITlk1Bwg38Xisvzb1WLOowIzxe3psKgR
C4oQWkqQhTBdvtzqAm0JdmwEgBa7193aoWUuz0xlLW5dZi05gD5B/vzl+akXZwVa
eHE1ysab8fvR0PtCj+k3VSwWAskW2Mj4Qilr19R4KaZbsXGzmH51Nlqll140cSPs
scMnvm9/BGB6FgMzpl2IApulz7XRM0NapmGel07vT4e7KWDpM3qNCfJ4IQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFKMK/NGuMbVas2F3x3GtbBOuXpD6MB8GA1UdIwQY
MBaAFK0dKlYsfbIRUbSgkmuNb+6s74hXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDkt
MzI5MzZjM2E0YTlkLzEvb3dyODBhNHh0VnF6WVhmSGNhMXNFNjVla1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDktMzI5MzZjM2E0YTlk
LzEvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCuT+YAwQC
uVSMAwQCuWesMBQEAgACMA4DBQAqAwfgAwUDKgWmQDANBgkqhkiG9w0BAQsFAAOC
AQEAW8zbEg7zfPbWtAkzb9TdiPf/+j1Bwqy8mjdnrwyN34i8clQhiRM3wXvDZqeL
O+dO2C/0q+U3StaeaQNtcS0xJXOfJHP59j6SfCFtoczMPWnEr0yGGap55l8xB1EW
3nbioddRVa1Kcm7xGUqRh4r5luOpMyjWl0Q7lcTLbXbKWKZeUWuwQT19EXloA+jY
NrE1hj/5SXkV/mCk1VCRU0fJqZU3S3vdKvjLSkkpdxfY5CG46lDlIVTB+tCJlqAL
51O/s/xomZaeuDzz9JNxEfeXy+rlLUNhWfy3WjMZ5Gpu1iNk7qhTZ9orkkhHjV0C
uvCj+2PbRv8sIJunlaUGa+IjpQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:49:41 2024 by rpki-client on console-fra.rpki-client.org