Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DyXUbwpIEDome5ow3Bh9K4jpUYk.roa
File:                     DyXUbwpIEDome5ow3Bh9K4jpUYk.roa (raw, json)
Hash identifier:          5X926MC42+33sQIuGK3+5uem3apC+MV36YpyhXpHp3o=
Subject key identifier:   0F:25:D4:6F:0A:48:10:3A:26:7B:9A:30:DC:18:7D:2B:88:E9:51:89
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6B8DE200171A67BF4ECC4868E8E51
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DyXUbwpIEDome5ow3Bh9K4jpUYk.roa
Signing time:             Mon 01 Jan 2024 06:29:41 +0000
ROA not before:           Mon 01 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29657
IP address blocks:        92.52.221.0/24 maxlen: 24
                          5.180.123.0/24 maxlen: 24
                          194.41.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b8:de:20:01:71:a6:7b:f4:ec:c4:86:8e:8e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f25d46f0a48103a267b9a30dc187d2b88e95189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b2:13:2d:f0:66:74:a9:2f:24:e7:f3:fd:1e:
                    95:36:01:95:21:d6:63:2b:08:98:1c:49:72:c2:22:
                    3c:10:51:25:fd:b4:82:89:52:76:f2:00:20:5b:25:
                    4b:ae:41:12:45:76:e0:38:4a:de:f4:18:e7:ec:3f:
                    3b:70:2a:74:6d:6d:e0:5f:c9:e7:cc:06:32:f6:2d:
                    5f:42:dc:32:c1:89:93:82:ef:87:c0:00:72:91:e2:
                    86:d3:47:c2:74:43:39:4f:1c:8f:68:f1:68:cc:1b:
                    37:0a:c7:a6:de:a0:b7:f4:eb:e7:46:3f:a1:43:5c:
                    01:ec:35:5e:ef:b3:1a:2a:73:14:6d:09:ae:7b:87:
                    dd:f3:9c:26:95:0c:fc:3c:40:63:98:21:36:4a:e9:
                    26:ae:8d:2d:fb:c0:24:56:47:92:d9:c8:c7:5c:0d:
                    88:08:fd:91:b2:5a:44:8c:6a:d0:9e:87:0b:fa:69:
                    d4:4e:21:02:b2:c4:16:04:96:04:c8:3f:64:4f:19:
                    45:85:f5:ea:cf:a0:18:26:f8:f2:84:a3:c0:14:7a:
                    5c:52:c6:03:fb:70:b5:a1:0a:3f:ad:95:f5:70:22:
                    2f:87:3b:cd:0f:dd:32:19:7b:4c:60:92:94:40:39:
                    bc:29:fc:0c:19:c5:db:2e:d1:02:cf:ee:71:78:bc:
                    38:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:25:D4:6F:0A:48:10:3A:26:7B:9A:30:DC:18:7D:2B:88:E9:51:89
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DyXUbwpIEDome5ow3Bh9K4jpUYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.123.0/24
                  92.52.221.0/24
                  194.41.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:83:82:f2:00:e7:d6:d1:81:96:27:4e:a8:fc:50:5d:cf:e0:
         eb:a6:a0:01:70:ea:b8:e9:f6:21:7a:87:50:8a:43:65:84:d1:
         60:fe:d2:b5:9a:b9:bb:ff:be:c9:0e:59:49:5b:bd:aa:af:37:
         81:51:5d:2d:22:96:f3:b5:e5:99:ca:27:d0:ce:b1:ab:c0:8e:
         bb:67:a5:1d:b1:33:b8:aa:0b:9b:ef:4a:de:83:93:7b:10:97:
         f0:2e:69:24:f8:60:23:05:f3:61:44:ec:c6:44:34:d4:70:38:
         d1:7d:31:89:97:eb:b4:26:79:cb:e5:83:fe:99:e1:fc:c2:88:
         5d:d2:4c:ab:c8:34:91:c0:fd:12:de:31:f7:f4:64:84:9e:8b:
         0d:62:1d:56:4d:cf:df:cc:be:4f:72:ad:cf:03:32:b3:5e:fe:
         36:17:77:62:1b:56:c7:04:ef:05:c5:d4:09:b6:84:e0:4c:da:
         3a:03:16:e5:f3:86:21:9a:ee:a1:77:b1:1a:bf:7e:08:19:ce:
         81:dc:73:68:e3:9a:44:fa:10:c9:00:58:44:d8:65:b2:9d:a4:
         28:ee:a6:92:e8:55:09:11:e8:92:2f:29:fc:1c:50:74:a8:9d:
         22:83:cf:f5:10:8d:7e:90:50:db:8c:95:29:bc:70:c8:5a:57:
         6f:4a:ae:32
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtrjeIAFxpnv07MSGjo5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjI1ZDQ2ZjBhNDgxMDNhMjY3YjlhMzBkYzE4N2QyYjg4ZTk1MTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLITLfBmdKkvJOfz/R6VNgGVIdZj
KwiYHElywiI8EFEl/bSCiVJ28gAgWyVLrkESRXbgOEre9Bjn7D87cCp0bW3gX8nn
zAYy9i1fQtwywYmTgu+HwABykeKG00fCdEM5TxyPaPFozBs3Csem3qC39OvnRj+h
Q1wB7DVe77MaKnMUbQmue4fd85wmlQz8PEBjmCE2Sukmro0t+8AkVkeS2cjHXA2I
CP2RslpEjGrQnocL+mnUTiECssQWBJYEyD9kTxlFhfXqz6AYJvjyhKPAFHpcUsYD
+3C1oQo/rZX1cCIvhzvND90yGXtMYJKUQDm8KfwMGcXbLtECz+5xeLw4bwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA8l1G8KSBA6JnuaMNwYfSuI6VGJMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRHlYVWJ3cElFRG9tZTVvdzNCaDlLNGpwVVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbR7AwQA
XDTdAwQAwikuMA0GCSqGSIb3DQEBCwUAA4IBAQBwg4LyAOfW0YGWJ06o/FBdz+Dr
pqABcOq46fYheodQikNlhNFg/tK1mrm7/77JDllJW72qrzeBUV0tIpbzteWZyifQ
zrGrwI67Z6UdsTO4qgub70reg5N7EJfwLmkk+GAjBfNhROzGRDTUcDjRfTGJl+u0
JnnL5YP+meH8wohd0kyryDSRwP0S3jH39GSEnosNYh1WTc/fzL5Pcq3PAzKzXv42
F3diG1bHBO8FxdQJtoTgTNo6Axbl84Yhmu6hd7Eav34IGc6B3HNo45pE+hDJAFhE
2GWynaQo7qaS6FUJEeiSLyn8HFB0qJ0ig8/1EI1+kFDbjJUpvHDIWldvSq4y
-----END CERTIFICATE-----
Generated at Mon Nov 25 09:33:34 2024 by rpki-client on console-fra.rpki-client.org