Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iab1qz6itiyYhhSpoj-JZw5nkAc.roa
File:                     iab1qz6itiyYhhSpoj-JZw5nkAc.roa (raw, json)
Hash identifier:          mSoxHRMsSulvt3MX4jNq7/N8Wk7y0QqzTrsh4N2nmQY=
Subject key identifier:   89:A6:F5:AB:3E:A2:B6:2C:98:86:14:A9:A2:3F:89:67:0E:67:90:07
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCD74376A53EA56187EA3E840A29BA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iab1qz6itiyYhhSpoj-JZw5nkAc.roa
Signing time:             Tue 02 Jan 2024 06:29:25 +0000
ROA not before:           Tue 02 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26506
IP address blocks:        185.207.13.0/24 maxlen: 24
                          2a00:1728:2c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d7:43:76:a5:3e:a5:61:87:ea:3e:84:0a:29:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89a6f5ab3ea2b62c988614a9a23f89670e679007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:cf:54:d6:52:47:12:ff:0a:3b:2d:f9:be:fb:
                    7c:80:d3:2d:f2:8f:c7:51:e9:b1:89:5d:4e:86:11:
                    d3:cf:7c:8d:49:7f:f8:4c:8d:48:fc:f5:b1:70:7c:
                    9b:1c:18:a5:1a:24:b2:6f:f9:19:dd:b6:2e:a8:17:
                    d0:77:0e:98:c9:30:ac:07:7d:05:5c:bf:ba:f9:be:
                    17:15:66:4a:27:23:4a:bf:77:fc:bd:0e:60:fb:10:
                    81:c7:e3:80:72:a9:a0:57:36:51:b3:1b:4e:4c:38:
                    62:80:b4:49:78:3e:ba:d2:f3:10:ed:30:9d:6b:6b:
                    5a:cc:08:10:39:69:65:39:6f:2c:c8:db:73:b0:6d:
                    61:e6:4b:96:09:c4:93:11:19:93:2e:1e:e1:c8:19:
                    c4:77:b5:5f:49:ac:4d:42:38:3b:e0:a2:69:d2:0d:
                    96:56:21:39:8d:28:f7:47:98:57:38:47:3d:80:c8:
                    33:af:7d:64:87:68:5a:5d:53:30:8a:eb:57:56:b2:
                    3e:fb:3b:0e:03:2f:04:60:f3:6c:3d:98:4a:4a:93:
                    94:81:d8:2a:a8:3e:0f:5d:cb:b5:07:37:9d:66:11:
                    cf:8b:09:73:47:03:33:20:97:8b:5f:0f:64:0f:7b:
                    8c:01:06:8d:c6:c6:84:7a:7a:f5:db:f9:85:4c:25:
                    e4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A6:F5:AB:3E:A2:B6:2C:98:86:14:A9:A2:3F:89:67:0E:67:90:07
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iab1qz6itiyYhhSpoj-JZw5nkAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.13.0/24
                IPv6:
                  2a00:1728:2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:62:ab:cc:f9:80:3c:ac:28:8a:73:5f:5f:3c:8c:cc:ed:f5:
         61:9f:af:6a:1b:45:6b:c0:c8:93:d2:e8:4b:9f:3c:b1:a0:91:
         80:99:4e:76:a4:d7:41:e4:47:a9:bf:7a:d3:82:7d:21:e7:10:
         3b:83:2f:8a:3f:76:4b:95:e0:54:8c:6f:e6:27:20:ec:00:d5:
         29:9f:62:70:a1:16:e7:49:d2:3b:30:41:8e:9e:82:2d:25:8f:
         71:af:4d:03:b8:cc:4d:22:a0:cb:f5:bb:61:08:09:97:19:e5:
         d8:27:45:c9:1a:30:4f:d7:90:8a:6d:9c:eb:a4:f0:91:c5:9a:
         28:e1:a1:6d:a4:b7:bf:65:b0:9a:3a:45:41:fa:5b:84:19:12:
         cc:19:55:9a:cb:7e:90:18:40:1e:3f:1d:4b:76:64:3b:d2:2d:
         fc:b8:3d:b4:a3:59:d0:8f:41:2e:28:83:e3:f4:53:29:cd:bb:
         14:81:0d:16:51:81:cd:8e:2b:d8:7f:c9:28:18:b8:78:af:25:
         ff:cd:fe:15:84:93:15:e2:58:fc:11:e0:de:92:12:7d:15:2c:
         62:03:25:cc:de:70:79:fa:52:ad:e3:24:3c:d3:fb:17:19:15:
         51:36:04:d5:c6:09:6c:0d:be:0a:c6:0c:43:6e:eb:50:c6:71:
         af:32:98:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3NdDdqU+pWGH6j6ECim6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWE2ZjVhYjNlYTJiNjJjOTg4NjE0YTlhMjNmODk2NzBlNjc5MDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgc9U1lJHEv8KOy35vvt8gNMt8o/H
UemxiV1OhhHTz3yNSX/4TI1I/PWxcHybHBilGiSyb/kZ3bYuqBfQdw6YyTCsB30F
XL+6+b4XFWZKJyNKv3f8vQ5g+xCBx+OAcqmgVzZRsxtOTDhigLRJeD660vMQ7TCd
a2tazAgQOWllOW8syNtzsG1h5kuWCcSTERmTLh7hyBnEd7VfSaxNQjg74KJp0g2W
ViE5jSj3R5hXOEc9gMgzr31kh2haXVMwiutXVrI++zsOAy8EYPNsPZhKSpOUgdgq
qD4PXcu1BzedZhHPiwlzRwMzIJeLXw9kD3uMAQaNxsaEenr12/mFTCXkkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFImm9as+orYsmIYUqaI/iWcOZ5AHMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaWFiMXF6Nml0aXlZaGhTcG9qLUpadzVua0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuc8NMA8E
AgACMAkDBwAqABcoACwwDQYJKoZIhvcNAQELBQADggEBAGJiq8z5gDysKIpzX188
jMzt9WGfr2obRWvAyJPS6EufPLGgkYCZTnak10HkR6m/etOCfSHnEDuDL4o/dkuV
4FSMb+YnIOwA1SmfYnChFudJ0jswQY6egi0lj3GvTQO4zE0ioMv1u2EICZcZ5dgn
RckaME/XkIptnOuk8JHFmijhoW2kt79lsJo6RUH6W4QZEswZVZrLfpAYQB4/HUt2
ZDvSLfy4PbSjWdCPQS4og+P0UynNuxSBDRZRgc2OK9h/ySgYuHivJf/N/hWEkxXi
WPwR4N6SEn0VLGIDJczecHn6Uq3jJDzT+xcZFVE2BNXGCWwNvgrGDENu61DGca8y
mA4=
-----END CERTIFICATE-----
Generated at Thu Nov 21 23:43:27 2024 by rpki-client on console-ams.rpki-client.org