Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/ff9252-3db4-455f-b20f-e3e302005d8f/1/iXZOHA6PnId5_gFeR2sLaRMALSg.roa
File:                     iXZOHA6PnId5_gFeR2sLaRMALSg.roa (raw, json)
Hash identifier:          b/N3GNLnZgJpmAKw0+FQ0ZDvremGQTnMV6lErjiYD1I=
Subject key identifier:   89:76:4E:1C:0E:8F:9C:87:79:FE:01:5E:47:6B:0B:69:13:00:2D:28
Certificate issuer:       /CN=0f925691603903ef24485cb4bf35e28307867b83
Certificate serial:       019077C32F318A4DADC4A90CF0E639E0A80D
Authority key identifier: 0F:92:56:91:60:39:03:EF:24:48:5C:B4:BF:35:E2:83:07:86:7B:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D5JWkWA5A-8kSFy0vzXigweGe4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/ff9252-3db4-455f-b20f-e3e302005d8f/1/iXZOHA6PnId5_gFeR2sLaRMALSg.roa
Signing time:             Wed 03 Jul 2024 08:43:18 +0000
ROA not before:           Wed 03 Jul 2024 08:43:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29596
IP address blocks:        91.232.183.0/24 maxlen: 24
                          93.175.96.0/19 maxlen: 19
                          93.175.100.0/23 maxlen: 23
                          93.175.102.0/23 maxlen: 23
                          93.175.104.0/23 maxlen: 23
                          93.175.106.0/24 maxlen: 24
                          93.175.107.0/24 maxlen: 24
                          93.175.108.0/22 maxlen: 22
                          93.175.108.0/24 maxlen: 24
                          93.175.109.0/24 maxlen: 24
                          93.175.110.0/24 maxlen: 24
                          93.175.111.0/24 maxlen: 24
                          93.175.112.0/24 maxlen: 24
                          93.175.113.0/24 maxlen: 24
                          93.175.114.0/24 maxlen: 24
                          93.175.115.0/24 maxlen: 24
                          93.175.116.0/23 maxlen: 23
                          93.175.118.0/23 maxlen: 23
                          93.175.120.0/24 maxlen: 24
                          93.175.121.0/24 maxlen: 24
                          93.175.123.0/24 maxlen: 24
                          128.127.12.0/23 maxlen: 23
                          128.127.14.0/24 maxlen: 24
                          128.127.15.0/24 maxlen: 24
                          193.19.212.0/24 maxlen: 24
                          193.19.213.0/24 maxlen: 24
                          193.19.214.0/24 maxlen: 24
                          193.19.215.0/24 maxlen: 24
                          194.54.20.0/22 maxlen: 22
                          194.54.21.0/24 maxlen: 24
                          194.54.22.0/24 maxlen: 24
                          194.54.23.0/24 maxlen: 24
                          194.146.216.0/22 maxlen: 22
                          194.146.216.0/24 maxlen: 24
                          194.146.217.0/24 maxlen: 24
                          194.146.218.0/24 maxlen: 24
                          194.146.219.0/24 maxlen: 24
                          2a06:f4c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/ff9252-3db4-455f-b20f-e3e302005d8f/1/D5JWkWA5A-8kSFy0vzXigweGe4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/ff9252-3db4-455f-b20f-e3e302005d8f/1/D5JWkWA5A-8kSFy0vzXigweGe4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D5JWkWA5A-8kSFy0vzXigweGe4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:77:c3:2f:31:8a:4d:ad:c4:a9:0c:f0:e6:39:e0:a8:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f925691603903ef24485cb4bf35e28307867b83
        Validity
            Not Before: Jul  3 08:43:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89764e1c0e8f9c8779fe015e476b0b6913002d28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b1:f1:5c:aa:c8:73:0c:91:0c:ae:2f:f1:5e:
                    53:31:9d:c2:a7:ca:24:13:95:4b:6c:ae:09:60:e8:
                    0f:7b:44:c6:ee:9f:01:49:41:5b:15:30:12:15:37:
                    f6:ce:7c:90:f4:08:1f:a8:9a:9e:d2:7b:f5:50:26:
                    60:fc:fc:7c:18:e0:6b:6e:25:34:7e:b2:c5:7d:37:
                    a8:df:0c:a6:cf:3c:28:5f:16:ec:7c:e7:cb:5b:04:
                    35:d8:e8:ca:91:89:70:a0:e4:bf:5f:80:29:23:ce:
                    e8:13:33:5d:09:ba:1c:ad:3f:35:b5:49:6e:4f:49:
                    98:7e:d9:f0:50:ac:69:30:50:46:cb:4e:8f:8e:4d:
                    bb:1d:eb:cb:0a:cb:cd:ff:f1:99:f1:8c:9a:68:69:
                    b9:00:a1:af:1d:1a:57:a9:20:38:78:41:0d:5f:76:
                    20:9e:33:2f:27:05:43:73:43:cb:22:c6:20:7b:ee:
                    fb:76:ba:90:a4:81:9d:70:58:f1:b8:56:ba:eb:e8:
                    1f:e1:73:dc:d8:af:c4:87:51:f1:3a:fd:a8:2e:6f:
                    29:c9:6a:6b:21:72:f8:3b:bc:23:6e:1d:e4:34:9a:
                    e6:b7:c8:5c:d4:43:88:bf:aa:9a:b9:9d:90:d8:15:
                    5f:a8:5f:b6:a7:d5:b9:4d:21:31:b9:66:9a:7a:b8:
                    5e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:76:4E:1C:0E:8F:9C:87:79:FE:01:5E:47:6B:0B:69:13:00:2D:28
            X509v3 Authority Key Identifier:
                keyid:0F:92:56:91:60:39:03:EF:24:48:5C:B4:BF:35:E2:83:07:86:7B:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D5JWkWA5A-8kSFy0vzXigweGe4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/ff9252-3db4-455f-b20f-e3e302005d8f/1/iXZOHA6PnId5_gFeR2sLaRMALSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/ff9252-3db4-455f-b20f-e3e302005d8f/1/D5JWkWA5A-8kSFy0vzXigweGe4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.183.0/24
                  93.175.96.0/19
                  128.127.12.0/22
                  193.19.212.0/22
                  194.54.20.0/22
                  194.146.216.0/22
                IPv6:
                  2a06:f4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:d4:7b:4f:43:44:db:ba:17:60:a1:9a:1f:53:5c:c3:9b:a5:
         ac:3c:70:d1:eb:28:ae:fe:e7:60:ec:57:06:9e:44:f1:a1:e1:
         49:21:e5:bd:77:9c:b0:6d:91:f2:dd:dc:3b:80:ba:8e:29:61:
         8b:2f:57:f2:5e:3e:25:eb:14:92:6b:25:c5:27:1c:e3:c3:4f:
         42:4c:c1:f6:ce:99:0b:1d:41:3d:8a:e3:b6:ae:b2:f5:ae:a4:
         e5:d7:4e:cd:f0:c1:d7:77:8a:b7:d2:8a:05:3c:8f:08:a6:29:
         31:0c:f7:eb:40:0a:6c:34:0c:d2:65:66:16:6a:ce:5b:87:c7:
         2d:cb:aa:a2:59:d6:6c:2e:c7:f2:5d:26:97:af:97:38:f6:58:
         9b:b9:c3:e7:ec:a0:61:c4:e1:88:67:23:8a:3a:62:e4:d6:28:
         32:af:cc:91:b1:d1:48:a8:7d:89:bb:82:ff:08:c5:5c:4b:67:
         b0:aa:3c:99:5d:7c:cc:f0:5f:16:6d:af:de:c1:c4:b1:46:04:
         22:be:2d:66:eb:98:c1:c1:31:e0:81:cd:c2:76:2f:33:11:9c:
         63:33:bd:64:ff:f1:f3:74:e0:33:27:49:c7:11:d3:3c:48:68:
         59:4f:2e:dd:98:c1:25:6a:d6:b6:f5:e9:8e:8c:b3:ee:47:50:
         99:47:b1:1f
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZB3wy8xik2txKkM8OY54KgNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmOTI1NjkxNjAzOTAzZWYyNDQ4NWNiNGJmMzVlMjgzMDc4
NjdiODMwHhcNMjQwNzAzMDg0MzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTc2NGUxYzBlOGY5Yzg3NzlmZTAxNWU0NzZiMGI2OTEzMDAyZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bHxXKrIcwyRDK4v8V5TMZ3Cp8ok
E5VLbK4JYOgPe0TG7p8BSUFbFTASFTf2znyQ9AgfqJqe0nv1UCZg/Px8GOBrbiU0
frLFfTeo3wymzzwoXxbsfOfLWwQ12OjKkYlwoOS/X4ApI87oEzNdCbocrT81tUlu
T0mYftnwUKxpMFBGy06Pjk27HevLCsvN//GZ8YyaaGm5AKGvHRpXqSA4eEENX3Yg
njMvJwVDc0PLIsYge+77drqQpIGdcFjxuFa66+gf4XPc2K/Eh1HxOv2oLm8pyWpr
IXL4O7wjbh3kNJrmt8hc1EOIv6qauZ2Q2BVfqF+2p9W5TSExuWaaerhe8wIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFIl2ThwOj5yHef4BXkdrC2kTAC0oMB8GA1UdIwQY
MBaAFA+SVpFgOQPvJEhctL814oMHhnuDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDVKV2tXQTVBLThrU0Z5MHZ6WGlnd2VHZTRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9mZjkyNTItM2RiNC00NTVmLWIyMGYt
ZTNlMzAyMDA1ZDhmLzEvaVhaT0hBNlBuSWQ1X2dGZVIyc0xhUk1BTFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9mZjkyNTItM2RiNC00NTVmLWIyMGYtZTNlMzAyMDA1ZDhm
LzEvRDVKV2tXQTVBLThrU0Z5MHZ6WGlnd2VHZTRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAW+i3AwQF
Xa9gAwQCgH8MAwQCwRPUAwQCwjYUAwQCwpLYMA0EAgACMAcDBQMqBvTAMA0GCSqG
SIb3DQEBCwUAA4IBAQBp1HtPQ0TbuhdgoZofU1zDm6WsPHDR6yiu/udg7FcGnkTx
oeFJIeW9d5ywbZHy3dw7gLqOKWGLL1fyXj4l6xSSayXFJxzjw09CTMH2zpkLHUE9
iuO2rrL1rqTl107N8MHXd4q30ooFPI8IpikxDPfrQApsNAzSZWYWas5bh8cty6qi
WdZsLsfyXSaXr5c49libucPn7KBhxOGIZyOKOmLk1igyr8yRsdFIqH2Ju4L/CMVc
S2ewqjyZXXzM8F8Wba/ewcSxRgQivi1m65jBwTHggc3Cdi8zEZxjM71k//HzdOAz
J0nHEdM8SGhZTy7dmMElata29emOjLPuR1CZR7Ef
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:16:26 2024 by rpki-client on console-fra.rpki-client.org