Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/DN7cb2WxNWOTpycH6YaG66edbbs.roa
File:                     DN7cb2WxNWOTpycH6YaG66edbbs.roa (raw, json)
Hash identifier:          xHRCbbCrWIHuruRPkilEuXWa24rKkDGqIeFboryKMwQ=
Subject key identifier:   0C:DE:DC:6F:65:B1:35:63:93:A7:27:07:E9:86:86:EB:A7:9D:6D:BB
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       01942748949616F02EA19F0088F6166BE985
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/DN7cb2WxNWOTpycH6YaG66edbbs.roa
Signing time:             Thu 02 Jan 2025 13:50:55 +0000
ROA not before:           Thu 02 Jan 2025 13:50:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199614
IP address blocks:        80.93.192.0/24 maxlen: 24
                          80.93.194.0/24 maxlen: 24
                          80.93.195.0/24 maxlen: 24
                          80.93.196.0/24 maxlen: 24
                          80.93.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:94:96:16:f0:2e:a1:9f:00:88:f6:16:6b:e9:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Jan  2 13:50:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cdedc6f65b1356393a72707e98686eba79d6dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8e:21:e2:5e:f0:ed:e7:ea:91:c2:6c:e3:e7:
                    2b:00:d8:89:3b:73:9c:80:5e:d2:51:98:94:dc:51:
                    e8:b3:80:74:63:ea:0f:d4:9e:69:12:08:3f:06:d8:
                    2a:bb:a6:f0:b6:28:39:72:f3:e1:76:48:4b:b0:93:
                    ce:c7:a3:16:2c:52:41:ef:31:da:5b:e0:0e:f1:69:
                    f6:ce:55:e8:1e:77:cc:c0:67:6d:32:44:5a:79:26:
                    cd:b9:3d:cb:fc:7b:ee:d6:58:e8:32:26:85:ae:81:
                    db:1e:cf:f7:b1:6d:c7:f6:9d:eb:3b:47:bb:30:5d:
                    a3:54:b5:6e:6a:68:be:36:a9:d3:a1:4f:b1:85:e0:
                    8f:89:99:32:a6:ec:e5:2e:6d:34:dc:13:fd:ba:d7:
                    3b:be:07:3b:34:8a:50:a9:e4:b0:f6:06:c1:a6:98:
                    87:be:02:03:80:0c:25:98:aa:6d:41:26:f8:5d:65:
                    d2:a8:72:ed:dd:2f:34:92:03:d5:5d:c8:8d:34:17:
                    da:d3:d0:a8:21:07:bb:d6:97:22:fc:b1:34:f7:6f:
                    8e:1b:e0:02:d9:26:74:b8:08:c5:a4:f6:ff:ad:21:
                    15:3d:87:5a:45:1d:d9:4a:0c:c4:f2:dc:93:a9:7d:
                    66:6c:22:11:79:a2:7f:21:96:c8:48:10:09:2b:0a:
                    13:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DE:DC:6F:65:B1:35:63:93:A7:27:07:E9:86:86:EB:A7:9D:6D:BB
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/DN7cb2WxNWOTpycH6YaG66edbbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.192.0/24
                  80.93.194.0-80.93.196.255
                  80.93.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:9d:ee:79:82:f6:8f:8d:c3:5e:71:6d:5b:94:4b:84:0f:0c:
         00:04:d3:09:64:2c:a1:c7:0e:00:9e:02:eb:ce:04:c1:3b:af:
         1b:df:96:09:22:c8:ce:25:15:fa:b1:bb:7d:35:5c:21:40:d8:
         e4:38:ed:c5:83:4e:eb:9d:39:ab:9c:0d:2e:94:22:a3:d5:f2:
         80:9b:73:6e:3d:75:dc:77:9e:a3:bf:8a:e2:2b:4d:f2:a1:3e:
         02:63:b0:0c:14:82:21:24:60:e5:01:8e:2b:5d:0d:ff:7f:04:
         e5:0f:90:b8:ec:aa:6d:e4:fe:0a:fa:2d:1a:88:56:f4:f4:87:
         72:ad:96:28:e0:dd:1c:d7:58:bc:ea:35:4f:5e:7c:f8:4f:24:
         7e:4f:61:54:1a:95:92:26:9c:ca:1f:b2:c2:d1:11:f3:24:df:
         07:53:18:9b:4f:b5:f0:4f:3f:98:1c:b0:30:2f:c9:9c:81:dd:
         c0:31:17:5b:06:78:5a:b7:86:a8:61:77:a3:21:d5:c4:62:96:
         8c:b0:82:b8:7a:3c:99:92:ca:a3:99:5c:9f:9b:75:34:05:ec:
         d4:70:2a:9a:3b:3d:84:16:14:e9:33:0e:c7:42:ba:ef:21:44:
         7d:92:34:bd:70:bb:c0:2b:28:98:06:3e:39:33:38:90:f4:ea:
         3f:35:ea:f0
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQnSJSWFvAuoZ8AiPYWa+mFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjUwMTAyMTM1MDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RlZGM2ZjY1YjEzNTYzOTNhNzI3MDdlOTg2ODZlYmE3OWQ2ZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoI4h4l7w7efqkcJs4+crANiJO3Oc
gF7SUZiU3FHos4B0Y+oP1J5pEgg/Btgqu6bwtig5cvPhdkhLsJPOx6MWLFJB7zHa
W+AO8Wn2zlXoHnfMwGdtMkRaeSbNuT3L/Hvu1ljoMiaFroHbHs/3sW3H9p3rO0e7
MF2jVLVuami+NqnToU+xheCPiZkypuzlLm003BP9utc7vgc7NIpQqeSw9gbBppiH
vgIDgAwlmKptQSb4XWXSqHLt3S80kgPVXciNNBfa09CoIQe71pci/LE092+OG+AC
2SZ0uAjFpPb/rSEVPYdaRR3ZSgzE8tyTqX1mbCIReaJ/IZbISBAJKwoT/wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAze3G9lsTVjk6cnB+mGhuunnW27MB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvRE43Y2IyV3hOV09UcHljSDZZYUc2NmVkYmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAUF3AMAwD
BAFQXcIDBABQXcQDBABQXckwDQYJKoZIhvcNAQELBQADggEBAGmd7nmC9o+Nw15x
bVuUS4QPDAAE0wlkLKHHDgCeAuvOBME7rxvflgkiyM4lFfqxu301XCFA2OQ47cWD
TuudOaucDS6UIqPV8oCbc249ddx3nqO/iuIrTfKhPgJjsAwUgiEkYOUBjitdDf9/
BOUPkLjsqm3k/gr6LRqIVvT0h3Ktlijg3RzXWLzqNU9efPhPJH5PYVQalZImnMof
ssLREfMk3wdTGJtPtfBPP5gcsDAvyZyB3cAxF1sGeFq3hqhhd6Mh1cRiloywgrh6
PJmSyqOZXJ+bdTQF7NRwKpo7PYQWFOkzDsdCuu8hRH2SNL1wu8ArKJgGPjkzOJD0
6j816vA=
-----END CERTIFICATE-----
Generated at Wed Feb 5 06:04:51 2025 by rpki-client