Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/O84Y9YaCdkkzJLyBgWQ2h--28Wo.roa
File:                     O84Y9YaCdkkzJLyBgWQ2h--28Wo.roa (raw, json)
Hash identifier:          m/RLM6vw2MOJJFaottelv3TFN7g+HcPRlTVzgS2IsdI=
Subject key identifier:   3B:CE:18:F5:86:82:76:49:33:24:BC:81:81:64:36:87:EF:B6:F1:6A
Certificate issuer:       /CN=f0ff2c6229af763a99f5349a32510df4a4526143
Certificate serial:       018CC94D35578B3A6C17034123D54293FEC1
Authority key identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/O84Y9YaCdkkzJLyBgWQ2h--28Wo.roa
Signing time:             Tue 02 Jan 2024 08:32:09 +0000
ROA not before:           Tue 02 Jan 2024 08:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197746
IP address blocks:        194.219.79.0/24 maxlen: 24
                          62.1.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:35:57:8b:3a:6c:17:03:41:23:d5:42:93:fe:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0ff2c6229af763a99f5349a32510df4a4526143
        Validity
            Not Before: Jan  2 08:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bce18f5868276493324bc8181643687efb6f16a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b8:02:0d:42:06:32:d0:e3:4b:b3:3a:b8:41:
                    d7:3a:b3:b5:16:3c:e4:81:7c:b6:ee:23:e2:47:b3:
                    2c:11:0c:60:1a:e2:40:ed:b8:bc:7f:7c:4b:24:8e:
                    21:41:ae:0f:fe:6d:f3:c0:ae:ae:5a:a3:8a:ea:0c:
                    fe:3b:50:fc:86:c5:a8:1d:3a:ec:fd:64:f4:10:02:
                    14:1a:23:96:5b:b7:45:80:98:1c:b1:e2:76:16:8e:
                    05:5c:82:97:b6:ca:90:25:ff:0c:0b:5a:ce:2d:38:
                    7f:67:91:7b:17:0b:d7:32:94:55:39:18:c7:43:24:
                    05:fd:de:3a:e2:11:22:3b:b1:32:fc:0d:12:df:3f:
                    b5:dd:af:05:72:22:98:d5:a5:ca:8d:bc:9d:c6:19:
                    34:a1:22:f2:1b:b7:da:15:c1:e3:38:78:0a:64:e0:
                    74:de:6c:e2:50:68:87:e7:f1:f0:38:d8:89:5d:3e:
                    88:d4:f8:c8:0a:89:4c:04:a2:7e:5d:d0:20:72:2d:
                    bd:0e:52:b2:b5:ef:fc:6f:95:bb:e9:e2:e2:37:6d:
                    7c:06:bd:3a:67:18:86:73:04:e2:8f:a1:b1:05:be:
                    f5:ad:64:50:6c:1e:01:b3:6f:fe:f0:be:de:50:b0:
                    f9:75:b8:c3:c2:c0:0b:10:ce:99:47:66:28:73:fe:
                    c5:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:CE:18:F5:86:82:76:49:33:24:BC:81:81:64:36:87:EF:B6:F1:6A
            X509v3 Authority Key Identifier:
                keyid:F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/O84Y9YaCdkkzJLyBgWQ2h--28Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.1.216.0/24
                  194.219.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:41:00:ee:04:55:2c:c1:24:f2:c3:74:d0:47:4e:e9:e6:93:
         d8:c9:f7:04:14:01:f1:13:ab:fe:b6:06:b9:aa:3b:ba:de:56:
         7c:3c:1b:b4:4c:80:00:12:e5:15:1a:a3:0f:18:38:6a:b3:77:
         6e:41:9b:ff:39:36:08:09:61:20:97:1f:3c:33:39:73:a9:56:
         9d:a8:78:5a:ed:21:75:39:aa:a7:cb:36:e9:9c:73:84:fb:a9:
         6d:eb:6b:f3:17:06:90:96:29:07:da:38:6c:c7:d1:f4:15:61:
         c0:bb:8b:8a:20:d9:31:6c:0b:4c:29:ea:07:f4:40:96:53:bd:
         3d:c9:e1:f7:ab:87:5c:6f:3a:fe:03:e4:51:63:28:a9:02:39:
         3a:40:e5:2d:84:43:f8:3b:d9:2b:6a:bd:d7:bc:ec:6a:8b:6b:
         3c:8c:26:13:91:37:cc:1e:8b:1b:df:d3:4c:39:5f:27:65:fa:
         8f:f8:aa:2a:b2:bf:38:21:57:70:35:0d:51:84:2a:ed:f2:b3:
         d8:68:3b:6f:5d:90:56:00:b6:63:cf:e7:22:4f:30:19:ec:12:
         3a:71:78:20:b3:f1:83:d5:1e:f5:fd:98:21:00:5c:d1:1a:28:
         f6:5a:b4:b3:a4:1c:90:33:b0:cf:4c:7a:2c:bb:2e:33:81:10:
         3d:32:50:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTTVXizpsFwNBI9VCk/7BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZmYyYzYyMjlhZjc2M2E5OWY1MzQ5YTMyNTEwZGY0YTQ1
MjYxNDMwHhcNMjQwMTAyMDgzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNlMThmNTg2ODI3NjQ5MzMyNGJjODE4MTY0MzY4N2VmYjZmMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rgCDUIGMtDjS7M6uEHXOrO1Fjzk
gXy27iPiR7MsEQxgGuJA7bi8f3xLJI4hQa4P/m3zwK6uWqOK6gz+O1D8hsWoHTrs
/WT0EAIUGiOWW7dFgJgcseJ2Fo4FXIKXtsqQJf8MC1rOLTh/Z5F7FwvXMpRVORjH
QyQF/d464hEiO7Ey/A0S3z+13a8FciKY1aXKjbydxhk0oSLyG7faFcHjOHgKZOB0
3mziUGiH5/HwONiJXT6I1PjIColMBKJ+XdAgci29DlKyte/8b5W76eLiN218Br06
ZxiGcwTij6GxBb71rWRQbB4Bs2/+8L7eULD5dbjDwsALEM6ZR2Yoc/7FywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDvOGPWGgnZJMyS8gYFkNofvtvFqMB8GA1UdIwQY
MBaAFPD/LGIpr3Y6mfU0mjJRDfSkUmFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYt
ZTY5ZjdhNWQyZDkwLzEvTzg0WTlZYUNka2t6Skx5QmdXUTJoLS0yOFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYtZTY5ZjdhNWQyZDkw
LzEvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPgHYAwQA
wttPMA0GCSqGSIb3DQEBCwUAA4IBAQB5QQDuBFUswSTyw3TQR07p5pPYyfcEFAHx
E6v+tga5qju63lZ8PBu0TIAAEuUVGqMPGDhqs3duQZv/OTYICWEglx88MzlzqVad
qHha7SF1OaqnyzbpnHOE+6lt62vzFwaQlikH2jhsx9H0FWHAu4uKINkxbAtMKeoH
9ECWU709yeH3q4dcbzr+A+RRYyipAjk6QOUthEP4O9krar3XvOxqi2s8jCYTkTfM
Hosb39NMOV8nZfqP+Koqsr84IVdwNQ1RhCrt8rPYaDtvXZBWALZjz+ciTzAZ7BI6
cXggs/GD1R71/ZghAFzRGij2WrSzpByQM7DPTHosuy4zgRA9MlCn
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:38:43 2024 by rpki-client on console-fra.rpki-client.org