Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/4437d6-22d8-401b-8137-10bf77b20dac/1/xH0ofpCYSPXfnzm_LZMOe6B2ZXI.roa
File:                     xH0ofpCYSPXfnzm_LZMOe6B2ZXI.roa (raw, json)
Hash identifier:          XJwtmsUpuwO9Cs720+UdReDasm+Sxie0+s3n7LLrQr8=
Subject key identifier:   C4:7D:28:7E:90:98:48:F5:DF:9F:39:BF:2D:93:0E:7B:A0:76:65:72
Certificate issuer:       /CN=266f31ad1701dfca21bbf4a65e07f25c1cf2b2c8
Certificate serial:       018CC348F482C0EAB6A08A9DDFEE39229FD2
Authority key identifier: 26:6F:31:AD:17:01:DF:CA:21:BB:F4:A6:5E:07:F2:5C:1C:F2:B2:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jm8xrRcB38ohu_SmXgfyXBzyssg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/4437d6-22d8-401b-8137-10bf77b20dac/1/xH0ofpCYSPXfnzm_LZMOe6B2ZXI.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25094
IP address blocks:        185.106.24.0/22 maxlen: 24
                          148.110.0.0/16 maxlen: 16
                          2a00:18e8::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/4437d6-22d8-401b-8137-10bf77b20dac/1/Jm8xrRcB38ohu_SmXgfyXBzyssg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/4437d6-22d8-401b-8137-10bf77b20dac/1/Jm8xrRcB38ohu_SmXgfyXBzyssg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jm8xrRcB38ohu_SmXgfyXBzyssg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f4:82:c0:ea:b6:a0:8a:9d:df:ee:39:22:9f:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=266f31ad1701dfca21bbf4a65e07f25c1cf2b2c8
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c47d287e909848f5df9f39bf2d930e7ba0766572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:18:1c:b5:70:7b:18:59:89:1e:32:1a:90:bb:
                    66:10:8f:29:95:4c:7e:69:0f:00:be:98:24:c1:e9:
                    1a:49:37:40:8c:f9:5e:75:d4:80:ea:ab:08:0a:78:
                    8d:87:1e:a5:0c:1c:c5:cd:c4:10:f2:70:4d:93:82:
                    95:3e:ca:f6:e5:e1:98:cb:85:64:f1:9b:ef:f8:a0:
                    20:e7:c5:a2:fb:60:f4:ed:2e:08:70:43:35:2b:07:
                    37:72:11:e1:88:37:bc:19:49:7d:a6:36:bf:96:8b:
                    74:3b:99:27:2a:e3:32:83:fa:da:4a:ab:57:6f:4d:
                    f2:83:0f:dd:d5:3c:59:5a:71:5c:97:6e:e0:ca:10:
                    f2:9e:cb:35:66:8c:5f:50:b6:96:bc:36:9e:6e:af:
                    23:fa:96:50:b6:14:0f:73:de:cb:b1:c8:60:39:4b:
                    dc:04:46:e2:22:6b:d7:a0:33:6d:96:84:c6:3a:00:
                    09:1a:a8:f6:f3:ef:50:33:52:98:b0:59:04:97:87:
                    8b:ba:43:da:a0:ee:7e:fb:88:cc:40:de:1d:89:d8:
                    58:a0:e7:d1:40:ad:ba:34:ed:e8:d2:76:ba:8b:72:
                    e8:d4:43:ed:47:1d:3e:88:7b:fe:d4:6f:10:f1:3c:
                    c1:22:a4:73:68:2f:d2:f7:9b:c8:e8:f3:39:8d:d7:
                    06:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:7D:28:7E:90:98:48:F5:DF:9F:39:BF:2D:93:0E:7B:A0:76:65:72
            X509v3 Authority Key Identifier:
                keyid:26:6F:31:AD:17:01:DF:CA:21:BB:F4:A6:5E:07:F2:5C:1C:F2:B2:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jm8xrRcB38ohu_SmXgfyXBzyssg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/4437d6-22d8-401b-8137-10bf77b20dac/1/xH0ofpCYSPXfnzm_LZMOe6B2ZXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/4437d6-22d8-401b-8137-10bf77b20dac/1/Jm8xrRcB38ohu_SmXgfyXBzyssg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.110.0.0/16
                  185.106.24.0/22
                IPv6:
                  2a00:18e8::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:7d:f4:27:a5:1c:c5:c9:2d:a8:2a:c9:74:be:88:d0:18:68:
         4b:7c:0f:a7:52:92:09:53:64:55:de:79:d4:60:1a:40:3f:23:
         13:e1:7b:cf:9c:e1:55:cf:92:f8:10:64:c6:93:9b:57:72:83:
         7c:cd:63:5a:5d:77:db:78:4b:d5:31:96:e0:c6:fe:ac:28:13:
         e9:52:6d:25:14:be:a3:29:68:ec:16:79:27:41:12:91:1e:72:
         93:d7:e5:55:4a:99:5c:af:3b:a9:67:be:63:eb:47:c4:e7:be:
         e4:2b:28:7a:6a:13:b3:90:7f:eb:05:6c:85:85:95:88:8f:c4:
         28:12:1f:87:f2:0b:98:2d:d3:e3:7e:cc:07:f1:38:8f:cb:37:
         13:c2:c1:f3:9b:29:df:69:62:3b:44:ec:d4:3e:ff:8d:ac:4c:
         6a:e6:73:e9:ba:96:3e:e7:09:64:a4:75:d0:90:2d:e5:47:44:
         a4:88:b3:11:db:4e:4d:fc:53:39:19:e8:00:91:25:4b:44:d9:
         f2:5c:26:dd:fd:38:b7:01:91:46:b2:11:39:7f:25:69:7f:92:
         c5:c3:a7:ae:5d:bc:3b:9d:24:13:b4:dd:35:59:2f:ef:88:07:
         d1:ca:d2:56:f5:ca:f6:8d:73:04:1b:e5:c6:84:ed:e0:aa:e9:
         31:9e:42:6a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzDSPSCwOq2oIqd3+45Ip/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NmYzMWFkMTcwMWRmY2EyMWJiZjRhNjVlMDdmMjVjMWNm
MmIyYzgwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDdkMjg3ZTkwOTg0OGY1ZGY5ZjM5YmYyZDkzMGU3YmEwNzY2NTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRgctXB7GFmJHjIakLtmEI8plUx+
aQ8AvpgkwekaSTdAjPleddSA6qsICniNhx6lDBzFzcQQ8nBNk4KVPsr25eGYy4Vk
8Zvv+KAg58Wi+2D07S4IcEM1Kwc3chHhiDe8GUl9pja/lot0O5knKuMyg/raSqtX
b03ygw/d1TxZWnFcl27gyhDynss1ZoxfULaWvDaebq8j+pZQthQPc97LschgOUvc
BEbiImvXoDNtloTGOgAJGqj28+9QM1KYsFkEl4eLukPaoO5++4jMQN4didhYoOfR
QK26NO3o0na6i3Lo1EPtRx0+iHv+1G8Q8TzBIqRzaC/S95vI6PM5jdcGwQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFMR9KH6QmEj13585vy2TDnugdmVyMB8GA1UdIwQY
MBaAFCZvMa0XAd/KIbv0pl4H8lwc8rLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm04eHJSY0IzOG9odV9TbVhnZnlYQnp5c3NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi80NDM3ZDYtMjJkOC00MDFiLTgxMzct
MTBiZjc3YjIwZGFjLzEveEgwb2ZwQ1lTUFhmbnptX0xaTU9lNkIyWlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi80NDM3ZDYtMjJkOC00MDFiLTgxMzctMTBiZjc3YjIwZGFj
LzEvSm04eHJSY0IzOG9odV9TbVhnZnlYQnp5c3NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAlG4DBAK5
ahgwDQQCAAIwBwMFAyoAGOgwDQYJKoZIhvcNAQELBQADggEBAIR99CelHMXJLagq
yXS+iNAYaEt8D6dSkglTZFXeedRgGkA/IxPhe8+c4VXPkvgQZMaTm1dyg3zNY1pd
d9t4S9UxluDG/qwoE+lSbSUUvqMpaOwWeSdBEpEecpPX5VVKmVyvO6lnvmPrR8Tn
vuQrKHpqE7OQf+sFbIWFlYiPxCgSH4fyC5gt0+N+zAfxOI/LNxPCwfObKd9pYjtE
7NQ+/42sTGrmc+m6lj7nCWSkddCQLeVHRKSIsxHbTk38UzkZ6ACRJUtE2fJcJt39
OLcBkUayETl/JWl/ksXDp65dvDudJBO03TVZL++IB9HK0lb1yvaNcwQb5caE7eCq
6TGeQmo=
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:14:23 2024 by rpki-client on console-ams.rpki-client.org