Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/Oj1hncm_xaYEZCLizehq0fSKORQ.roa
File:                     Oj1hncm_xaYEZCLizehq0fSKORQ.roa (raw, json)
Hash identifier:          MA0OpR/2AVW44anGMAuBd2Me5xMYy/KG5GbjnhkEyi0=
Subject key identifier:   3A:3D:61:9D:C9:BF:C5:A6:04:64:22:E2:CD:E8:6A:D1:F4:8A:39:14
Certificate issuer:       /CN=96f71b2273ab34ed4a5481176ef70fad867ef166
Certificate serial:       018CC7936E0FB29C68BE8249BF734C6481C1
Authority key identifier: 96:F7:1B:22:73:AB:34:ED:4A:54:81:17:6E:F7:0F:AD:86:7E:F1:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lvcbInOrNO1KVIEXbvcPrYZ-8WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/Oj1hncm_xaYEZCLizehq0fSKORQ.roa
Signing time:             Tue 02 Jan 2024 00:29:36 +0000
ROA not before:           Tue 02 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42947
IP address blocks:        193.31.96.0/22 maxlen: 24
                          176.101.72.0/21 maxlen: 24
                          193.32.72.0/21 maxlen: 24
                          185.152.108.0/23 maxlen: 24
                          185.152.110.0/24 maxlen: 24
                          193.150.16.0/22 maxlen: 24
                          185.50.116.0/22 maxlen: 24
                          193.187.184.0/22 maxlen: 24
                          89.34.28.0/22 maxlen: 24
                          185.88.232.0/22 maxlen: 24
                          185.110.224.0/22 maxlen: 24
                          194.36.200.0/22 maxlen: 24
                          2a02:2b60::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/lvcbInOrNO1KVIEXbvcPrYZ-8WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/lvcbInOrNO1KVIEXbvcPrYZ-8WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lvcbInOrNO1KVIEXbvcPrYZ-8WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:6e:0f:b2:9c:68:be:82:49:bf:73:4c:64:81:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96f71b2273ab34ed4a5481176ef70fad867ef166
        Validity
            Not Before: Jan  2 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a3d619dc9bfc5a6046422e2cde86ad1f48a3914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:81:da:1c:05:b8:5f:63:d8:9a:88:76:d2:5a:
                    21:d1:41:d0:81:d1:d2:d7:1c:26:fd:a9:c6:c3:fd:
                    cb:fd:ba:21:fc:1f:cf:15:8d:1f:de:a4:dc:73:b6:
                    96:38:6e:d1:34:13:84:81:25:bf:2e:d7:f2:7c:13:
                    2d:d0:e0:62:dc:34:9b:21:2b:4f:d8:49:59:d7:57:
                    ab:2a:a8:05:b0:c5:25:1c:ee:72:c7:9c:36:1d:1a:
                    bc:17:49:ee:c8:b1:e7:38:19:73:f3:cb:e1:1c:e9:
                    6b:8e:27:4e:f0:1e:23:33:66:9d:10:41:a7:56:e6:
                    c1:d9:6d:8a:b0:a9:01:60:c3:16:6f:5a:9a:20:2d:
                    34:66:a0:a0:27:b4:6d:3f:6d:87:5e:3b:7c:d7:ae:
                    6b:74:f1:e5:0f:22:2d:18:98:b8:cd:a9:70:47:fc:
                    76:ba:48:d0:21:15:23:19:69:15:86:5b:9d:44:57:
                    44:f0:ef:52:56:d3:f4:96:6f:61:e6:a6:d5:95:39:
                    fb:ce:05:9c:1d:11:47:75:55:71:3e:13:1c:33:bc:
                    4b:b0:94:1a:ad:7d:16:2d:d3:b5:75:ab:44:d9:3e:
                    ed:a8:c0:7b:7e:0f:8c:34:22:17:00:78:69:3d:b2:
                    06:36:f3:e2:73:3c:55:0c:6e:95:45:4c:66:70:db:
                    87:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:3D:61:9D:C9:BF:C5:A6:04:64:22:E2:CD:E8:6A:D1:F4:8A:39:14
            X509v3 Authority Key Identifier:
                keyid:96:F7:1B:22:73:AB:34:ED:4A:54:81:17:6E:F7:0F:AD:86:7E:F1:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lvcbInOrNO1KVIEXbvcPrYZ-8WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/Oj1hncm_xaYEZCLizehq0fSKORQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/07ae9e-3d04-45b6-9db0-46935fcc855e/1/lvcbInOrNO1KVIEXbvcPrYZ-8WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.28.0/22
                  176.101.72.0/21
                  185.50.116.0/22
                  185.88.232.0/22
                  185.110.224.0/22
                  185.152.108.0-185.152.110.255
                  193.31.96.0/22
                  193.32.72.0/21
                  193.150.16.0/22
                  193.187.184.0/22
                  194.36.200.0/22
                IPv6:
                  2a02:2b60::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:8b:57:1d:f8:f2:2f:9a:6e:23:e5:62:43:47:a4:03:21:39:
         0b:54:a6:b6:bb:b3:3e:d7:fc:71:bf:e3:7d:45:13:51:f6:18:
         99:f1:37:e9:f1:22:0e:bf:22:ed:ff:2f:f2:9b:12:8a:dc:b9:
         71:19:9b:72:cb:73:18:7e:c5:5e:72:0e:5b:72:f9:81:12:b9:
         1b:8d:f0:b2:0c:db:be:e1:a4:6a:d2:0f:a1:f8:73:1c:1d:34:
         02:1a:ae:d3:b6:bf:e8:ee:ca:7d:36:3b:db:c1:15:3c:af:05:
         5b:81:c4:4a:96:ab:47:ea:ba:08:44:d7:f7:4c:3d:2d:c4:fa:
         ec:2d:6b:ac:11:d6:30:f0:94:a3:62:25:9a:5b:d7:8c:9f:d0:
         7c:9a:39:2c:24:9c:89:eb:bc:10:3c:d5:4d:4b:53:4c:9e:e4:
         8c:7e:4a:9d:53:a8:85:50:be:86:d4:1f:cd:fb:1f:ea:08:e9:
         9e:24:ce:0f:ea:c3:81:2f:24:32:9d:f2:d1:c6:29:c9:b3:f6:
         8b:0c:90:4d:ec:77:e2:96:79:15:58:97:3a:e8:c5:b3:25:19:
         dd:17:b4:18:f4:ca:31:de:17:90:aa:e4:75:36:22:6d:85:80:
         3f:d2:55:0c:59:bc:d0:73:0b:59:80:2f:0c:4f:1a:44:7c:d5:
         19:e6:0b:a7
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYzHk24PspxovoJJv3NMZIHBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZjcxYjIyNzNhYjM0ZWQ0YTU0ODExNzZlZjcwZmFkODY3
ZWYxNjYwHhcNMjQwMTAyMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTNkNjE5ZGM5YmZjNWE2MDQ2NDIyZTJjZGU4NmFkMWY0OGEzOTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4HaHAW4X2PYmoh20loh0UHQgdHS
1xwm/anGw/3L/boh/B/PFY0f3qTcc7aWOG7RNBOEgSW/LtfyfBMt0OBi3DSbIStP
2ElZ11erKqgFsMUlHO5yx5w2HRq8F0nuyLHnOBlz88vhHOlrjidO8B4jM2adEEGn
VubB2W2KsKkBYMMWb1qaIC00ZqCgJ7RtP22HXjt8165rdPHlDyItGJi4zalwR/x2
ukjQIRUjGWkVhludRFdE8O9SVtP0lm9h5qbVlTn7zgWcHRFHdVVxPhMcM7xLsJQa
rX0WLdO1datE2T7tqMB7fg+MNCIXAHhpPbIGNvPiczxVDG6VRUxmcNuHjQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFDo9YZ3Jv8WmBGQi4s3oatH0ijkUMB8GA1UdIwQY
MBaAFJb3GyJzqzTtSlSBF273D62GfvFmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHZjYkluT3JOTzFLVklFWGJ2Y1ByWVotOFdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wN2FlOWUtM2QwNC00NWI2LTlkYjAt
NDY5MzVmY2M4NTVlLzEvT2oxaG5jbV94YVlFWkNMaXplaHEwZlNLT1JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wN2FlOWUtM2QwNC00NWI2LTlkYjAtNDY5MzVmY2M4NTVl
LzEvbHZjYkluT3JOTzFLVklFWGJ2Y1ByWVotOFdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQCWSIcAwQD
sGVIAwQCuTJ0AwQCuVjoAwQCuW7gMAwDBAK5mGwDBAC5mG4DBALBH2ADBAPBIEgD
BALBlhADBALBu7gDBALCJMgwDQQCAAIwBwMFACoCK2AwDQYJKoZIhvcNAQELBQAD
ggEBACmLVx348i+abiPlYkNHpAMhOQtUpra7sz7X/HG/431FE1H2GJnxN+nxIg6/
Iu3/L/KbEorcuXEZm3LLcxh+xV5yDlty+YESuRuN8LIM277hpGrSD6H4cxwdNAIa
rtO2v+juyn02O9vBFTyvBVuBxEqWq0fqughE1/dMPS3E+uwta6wR1jDwlKNiJZpb
14yf0HyaOSwknInrvBA81U1LU0ye5Ix+Sp1TqIVQvobUH837H+oI6Z4kzg/qw4Ev
JDKd8tHGKcmz9osMkE3sd+KWeRVYlzroxbMlGd0XtBj0yjHeF5Cq5HU2Im2FgD/S
VQxZvNBzC1mALwxPGkR81RnmC6c=
-----END CERTIFICATE-----
Generated at Sat Jun 15 20:35:38 2024 by rpki-client on console-fra.rpki-client.org