Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/84oJ6n6M8NMMes9pS0zkO5TL5gk.roa
File:                     84oJ6n6M8NMMes9pS0zkO5TL5gk.roa (raw, json)
Hash identifier:          KJogACzFMuAjwcMsXI2TSNukYqA9tMD6yzbEmumAJ68=
Subject key identifier:   F3:8A:09:EA:7E:8C:F0:D3:0C:7A:CF:69:4B:4C:E4:3B:94:CB:E6:09
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       01903FE24D973939172548DFEDC1BDB5D069
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/84oJ6n6M8NMMes9pS0zkO5TL5gk.roa
Signing time:             Sat 22 Jun 2024 12:18:33 +0000
ROA not before:           Sat 22 Jun 2024 12:18:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47376
IP address blocks:        85.9.86.0/23 maxlen: 23
                          85.9.116.0/22 maxlen: 22
                          85.9.116.0/24 maxlen: 24
                          85.9.117.0/24 maxlen: 24
                          85.9.119.0/24 maxlen: 24
                          185.131.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3f:e2:4d:97:39:39:17:25:48:df:ed:c1:bd:b5:d0:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jun 22 12:18:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f38a09ea7e8cf0d30c7acf694b4ce43b94cbe609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b1:79:9b:17:63:0e:39:93:08:3a:c3:98:58:
                    b4:5a:07:51:93:8d:28:2c:6a:2a:9e:a6:01:8d:21:
                    2a:90:e7:67:fb:3e:ad:70:09:91:31:bc:2e:39:4f:
                    4a:e3:93:cb:97:4c:00:0e:b5:68:4f:84:3c:15:8c:
                    fc:98:e7:21:ed:1e:38:4a:47:bf:83:bf:51:c3:aa:
                    0e:8d:ed:2b:fd:2d:4e:f6:a0:a7:c3:53:dc:db:bc:
                    a2:a4:23:3d:a1:7e:bd:32:3b:95:c5:63:be:63:c4:
                    1d:e0:c2:a1:d3:cf:c8:40:8c:c8:19:cb:1e:42:79:
                    0d:f0:9d:e4:6d:69:b1:07:0e:66:eb:af:82:32:f7:
                    93:87:68:79:24:08:9a:1d:7d:1d:a0:db:fe:69:62:
                    c0:e9:a6:c1:55:e7:5f:bf:87:66:72:b7:03:a2:85:
                    70:dc:69:d3:b9:49:7e:ab:0b:24:92:1f:12:62:2e:
                    01:42:29:cc:e6:f0:1c:b6:a0:4c:c6:bf:36:4a:3e:
                    08:78:01:69:c1:60:a0:c4:56:49:e5:23:2f:3b:cb:
                    0a:23:cc:cd:44:fe:83:ea:47:2d:f0:0f:69:be:eb:
                    74:a5:0f:78:19:96:49:39:f1:7c:da:d1:07:3a:f3:
                    f4:93:8c:94:c2:6f:69:3b:13:5b:b3:fe:5f:b2:a1:
                    2b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:8A:09:EA:7E:8C:F0:D3:0C:7A:CF:69:4B:4C:E4:3B:94:CB:E6:09
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/84oJ6n6M8NMMes9pS0zkO5TL5gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.9.86.0/23
                  85.9.116.0/22
                  185.131.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:37:3f:d0:22:91:01:bd:33:8b:72:6d:de:54:d1:01:55:a8:
         3e:f7:e7:d2:ef:a3:06:75:08:d9:a9:49:ad:3e:3e:cc:38:03:
         8b:e9:46:3e:e7:56:cd:74:c6:e6:9b:91:92:ef:01:5e:3e:4d:
         fd:d2:1b:4f:b3:0e:fc:1f:c7:49:b3:94:9e:4f:ca:2f:a1:38:
         48:f1:83:5f:7c:fa:d0:d3:5c:56:fc:d0:77:28:ff:9f:36:f2:
         94:ea:c3:a0:8d:39:ec:7f:ad:58:82:36:13:2a:64:88:1c:00:
         c1:e1:8b:6e:fd:2b:7c:e4:95:0f:c5:f8:87:ee:d4:f4:f9:82:
         9e:36:4c:bc:f9:95:6c:99:26:d1:f7:ff:e3:f3:97:e4:c9:8a:
         83:7b:7a:56:b5:39:8d:fa:28:f5:32:e5:db:bf:d9:7d:1c:32:
         13:d8:7b:a0:9d:82:a5:3c:80:ec:2c:95:88:7f:28:4b:df:e8:
         1f:22:1f:8b:cd:e1:07:b0:df:8a:76:d8:f6:0c:ee:12:df:d0:
         37:c1:e1:e6:47:5b:c4:45:a1:e7:b9:d7:91:e9:2b:4e:83:9d:
         0a:d9:4e:f8:63:a1:e6:f3:df:1a:61:cb:6d:bc:65:24:70:ef:
         54:d3:2e:93:46:37:c8:51:13:ba:aa:9e:05:4c:87:71:48:36:
         f2:1e:ce:69
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZA/4k2XOTkXJUjf7cG9tdBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwNjIyMTIxODMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzhhMDllYTdlOGNmMGQzMGM3YWNmNjk0YjRjZTQzYjk0Y2JlNjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7F5mxdjDjmTCDrDmFi0WgdRk40o
LGoqnqYBjSEqkOdn+z6tcAmRMbwuOU9K45PLl0wADrVoT4Q8FYz8mOch7R44Ske/
g79Rw6oOje0r/S1O9qCnw1Pc27yipCM9oX69MjuVxWO+Y8Qd4MKh08/IQIzIGcse
QnkN8J3kbWmxBw5m66+CMveTh2h5JAiaHX0doNv+aWLA6abBVedfv4dmcrcDooVw
3GnTuUl+qwskkh8SYi4BQinM5vActqBMxr82Sj4IeAFpwWCgxFZJ5SMvO8sKI8zN
RP6D6kct8A9pvut0pQ94GZZJOfF82tEHOvP0k4yUwm9pOxNbs/5fsqEr9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPOKCep+jPDTDHrPaUtM5DuUy+YJMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvODRvSjZuNk04Tk1NZXM5cFMwemtPNVRMNWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBVQlWAwQC
VQl0AwQAuYMdMA0GCSqGSIb3DQEBCwUAA4IBAQBzNz/QIpEBvTOLcm3eVNEBVag+
9+fS76MGdQjZqUmtPj7MOAOL6UY+51bNdMbmm5GS7wFePk390htPsw78H8dJs5Se
T8ovoThI8YNffPrQ01xW/NB3KP+fNvKU6sOgjTnsf61YgjYTKmSIHADB4Ytu/St8
5JUPxfiH7tT0+YKeNky8+ZVsmSbR9//j85fkyYqDe3pWtTmN+ij1MuXbv9l9HDIT
2HugnYKlPIDsLJWIfyhL3+gfIh+LzeEHsN+Kdtj2DO4S39A3weHmR1vERaHnudeR
6StOg50K2U74Y6Hm898aYcttvGUkcO9U0y6TRjfIURO6qp4FTIdxSDbyHs5p
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:26:08 2024 by rpki-client on console-fra.rpki-client.org