Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/83aa8c-0581-44d8-a5c1-05373ba9483d/1/7oi22xEE6Qx30p_PmbB9QhUGXOw.roa
File:                     7oi22xEE6Qx30p_PmbB9QhUGXOw.roa (raw, json)
Hash identifier:          uQVbgOKmO5N4f7H7ETcrvApu/JOpmS34i0t/ARGIoGA=
Subject key identifier:   EE:88:B6:DB:11:04:E9:0C:77:D2:9F:CF:99:B0:7D:42:15:06:5C:EC
Certificate issuer:       /CN=01723506718dfcf2a8bd176d4ea24e275322fcfb
Certificate serial:       018CC56E4241F2826AB915712AD405CB58FF
Authority key identifier: 01:72:35:06:71:8D:FC:F2:A8:BD:17:6D:4E:A2:4E:27:53:22:FC:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AXI1BnGN_PKovRdtTqJOJ1Mi_Ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/83aa8c-0581-44d8-a5c1-05373ba9483d/1/7oi22xEE6Qx30p_PmbB9QhUGXOw.roa
Signing time:             Mon 01 Jan 2024 14:29:46 +0000
ROA not before:           Mon 01 Jan 2024 14:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56911
IP address blocks:        185.111.76.0/22 maxlen: 24
                          46.149.168.0/22 maxlen: 24
                          2a0d:f7c0::/32 maxlen: 34
                          2a06:5bc0::/29 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/83aa8c-0581-44d8-a5c1-05373ba9483d/1/AXI1BnGN_PKovRdtTqJOJ1Mi_Ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/83aa8c-0581-44d8-a5c1-05373ba9483d/1/AXI1BnGN_PKovRdtTqJOJ1Mi_Ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AXI1BnGN_PKovRdtTqJOJ1Mi_Ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:42:41:f2:82:6a:b9:15:71:2a:d4:05:cb:58:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01723506718dfcf2a8bd176d4ea24e275322fcfb
        Validity
            Not Before: Jan  1 14:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee88b6db1104e90c77d29fcf99b07d4215065cec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:20:e3:ea:2d:43:b8:91:70:2c:d1:5d:79:55:
                    35:cc:0e:58:59:15:a3:31:5a:d1:3f:16:b7:4a:0f:
                    52:0e:c2:ca:bb:97:c7:60:c8:a3:1a:71:57:b0:7d:
                    0f:f7:52:c2:67:50:5d:e7:1c:92:d0:74:92:29:d2:
                    62:4d:61:20:1b:1d:cf:34:4c:ec:4f:bf:92:5b:c3:
                    74:e7:85:bd:be:ea:ce:2c:44:35:8a:fd:7b:01:46:
                    c5:7a:1c:8f:4d:e1:1b:37:e9:f2:f1:07:60:76:3e:
                    d7:12:d9:81:1b:81:1d:53:92:de:2c:20:4d:fd:03:
                    fb:50:0c:62:94:ad:1d:e0:b7:74:ec:20:5f:ff:0a:
                    7f:c7:70:a0:b9:bf:a9:41:be:31:1f:d9:9a:f1:8f:
                    92:81:ec:76:85:83:0a:b2:17:06:1c:57:ca:c9:b8:
                    e4:ad:7d:4c:9f:e5:43:b9:d1:86:94:f5:c6:db:b2:
                    88:31:50:05:d0:b6:39:ee:33:0e:95:01:2e:b0:64:
                    26:01:13:44:c3:35:fe:54:20:4c:96:13:68:3b:0c:
                    94:d6:04:9c:b1:4b:95:86:d8:0d:62:4f:d6:69:36:
                    1a:3a:f8:7e:f5:b6:2a:96:d7:38:00:3d:87:86:64:
                    28:4a:e6:de:27:fd:0c:85:76:72:bf:d4:99:6c:21:
                    6a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:88:B6:DB:11:04:E9:0C:77:D2:9F:CF:99:B0:7D:42:15:06:5C:EC
            X509v3 Authority Key Identifier:
                keyid:01:72:35:06:71:8D:FC:F2:A8:BD:17:6D:4E:A2:4E:27:53:22:FC:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AXI1BnGN_PKovRdtTqJOJ1Mi_Ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/83aa8c-0581-44d8-a5c1-05373ba9483d/1/7oi22xEE6Qx30p_PmbB9QhUGXOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/83aa8c-0581-44d8-a5c1-05373ba9483d/1/AXI1BnGN_PKovRdtTqJOJ1Mi_Ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.168.0/22
                  185.111.76.0/22
                IPv6:
                  2a06:5bc0::/29
                  2a0d:f7c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:d5:7c:c9:ec:58:ae:0e:e8:cf:b1:e6:be:e1:49:b0:7e:a2:
         79:9e:a4:0a:17:5d:97:06:0b:9c:99:e8:b3:78:02:49:9b:43:
         87:d8:f2:e9:09:93:bc:03:08:f9:b0:a9:4f:43:68:87:38:eb:
         22:81:a7:c4:ed:57:78:0a:fb:91:a2:b0:c4:68:94:d7:e7:68:
         9e:75:f1:a9:23:56:f1:b5:5f:86:59:0e:e4:3c:f8:cf:c0:a1:
         3c:40:04:1e:ea:68:8c:79:98:d3:d6:ad:a7:f1:9b:dc:2b:a6:
         68:7f:02:2a:9b:ae:f2:c5:57:be:74:1a:49:dd:39:f4:31:c2:
         7b:ce:ca:2a:cc:ea:8b:d6:b1:de:24:5a:6f:61:7c:c3:0c:15:
         b3:d1:cb:35:85:4c:08:d0:c8:23:f1:7c:d6:3e:07:29:8f:65:
         42:b2:50:b5:68:03:4f:9f:7d:c3:ff:27:e4:df:2e:e4:ef:0f:
         a4:4f:a5:3f:19:bf:6c:52:4b:e8:9d:c5:5f:57:90:27:5b:fe:
         8f:10:41:cb:38:94:79:cb:3f:e9:fe:22:fa:b7:a6:2c:37:71:
         b6:73:7b:65:72:3a:78:bf:69:23:67:fa:ae:dc:62:61:6b:8c:
         cb:00:b1:64:55:2c:aa:ec:8e:42:7b:e8:ea:69:b8:6c:1e:05:
         1d:10:3b:1c
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzFbkJB8oJquRVxKtQFy1j/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNzIzNTA2NzE4ZGZjZjJhOGJkMTc2ZDRlYTI0ZTI3NTMy
MmZjZmIwHhcNMjQwMTAxMTQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTg4YjZkYjExMDRlOTBjNzdkMjlmY2Y5OWIwN2Q0MjE1MDY1Y2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCDj6i1DuJFwLNFdeVU1zA5YWRWj
MVrRPxa3Sg9SDsLKu5fHYMijGnFXsH0P91LCZ1Bd5xyS0HSSKdJiTWEgGx3PNEzs
T7+SW8N054W9vurOLEQ1iv17AUbFehyPTeEbN+ny8Qdgdj7XEtmBG4EdU5LeLCBN
/QP7UAxilK0d4Ld07CBf/wp/x3Cgub+pQb4xH9ma8Y+Sgex2hYMKshcGHFfKybjk
rX1Mn+VDudGGlPXG27KIMVAF0LY57jMOlQEusGQmARNEwzX+VCBMlhNoOwyU1gSc
sUuVhtgNYk/WaTYaOvh+9bYqltc4AD2HhmQoSubeJ/0MhXZyv9SZbCFqFwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFO6IttsRBOkMd9Kfz5mwfUIVBlzsMB8GA1UdIwQY
MBaAFAFyNQZxjfzyqL0XbU6iTidTIvz7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVhJMUJuR05fUEtvdlJkdFRxSk9KMU1pX1BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84M2FhOGMtMDU4MS00NGQ4LWE1YzEt
MDUzNzNiYTk0ODNkLzEvN29pMjJ4RUU2UXgzMHBfUG1iQjlRaFVHWE93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84M2FhOGMtMDU4MS00NGQ4LWE1YzEtMDUzNzNiYTk0ODNk
LzEvQVhJMUJuR05fUEtvdlJkdFRxSk9KMU1pX1BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCLpWoAwQC
uW9MMBQEAgACMA4DBQMqBlvAAwUAKg33wDANBgkqhkiG9w0BAQsFAAOCAQEAVNV8
yexYrg7oz7HmvuFJsH6ieZ6kChddlwYLnJnos3gCSZtDh9jy6QmTvAMI+bCpT0No
hzjrIoGnxO1XeAr7kaKwxGiU1+donnXxqSNW8bVfhlkO5Dz4z8ChPEAEHupojHmY
09atp/Gb3CumaH8CKpuu8sVXvnQaSd059DHCe87KKszqi9ax3iRab2F8wwwVs9HL
NYVMCNDII/F81j4HKY9lQrJQtWgDT599w/8n5N8u5O8PpE+lPxm/bFJL6J3FX1eQ
J1v+jxBByziUecs/6f4i+remLDdxtnN7ZXI6eL9pI2f6rtxiYWuMywCxZFUsquyO
Qnvo6mm4bB4FHRA7HA==
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:29:46 2024 by rpki-client on console-ams.rpki-client.org