Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/Ik4wL7zRItG3dv3yCGuk4n7xlOk.roa
File:                     Ik4wL7zRItG3dv3yCGuk4n7xlOk.roa (raw, json)
Hash identifier:          lNH+pm3ILtMR+vfHvFVI3pMXrPW/bi8+dnEll6CGITc=
Subject key identifier:   22:4E:30:2F:BC:D1:22:D1:B7:76:FD:F2:08:6B:A4:E2:7E:F1:94:E9
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       018CC4248F0905704029A961BF31139AA910
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/Ik4wL7zRItG3dv3yCGuk4n7xlOk.roa
Signing time:             Mon 01 Jan 2024 08:29:39 +0000
ROA not before:           Mon 01 Jan 2024 08:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        89.23.92.0/24 maxlen: 24
                          89.23.85.0/24 maxlen: 24
                          89.23.80.0/24 maxlen: 24
                          89.23.81.0/24 maxlen: 24
                          89.23.79.0/24 maxlen: 24
                          89.23.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:8f:09:05:70:40:29:a9:61:bf:31:13:9a:a9:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 08:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=224e302fbcd122d1b776fdf2086ba4e27ef194e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:92:8f:4c:1e:31:d0:7b:cb:a7:19:41:e2:ee:
                    81:b6:27:c2:73:69:77:f8:dc:0d:5b:d2:c3:88:47:
                    b3:57:6a:0b:99:4f:f1:be:77:ab:0a:8e:20:32:62:
                    06:52:dc:9a:cf:52:6d:94:48:20:f8:05:e1:a6:c0:
                    49:4b:a0:9b:22:0d:99:44:13:a8:1a:5d:0d:d2:9d:
                    bb:98:78:7a:59:01:ce:c9:f2:eb:77:8c:2c:63:ed:
                    e0:a7:69:10:ba:63:f9:14:b8:1e:48:76:ab:b6:9a:
                    c4:70:88:dc:54:23:60:2e:41:a0:39:c4:86:4e:bc:
                    7f:17:ad:d1:ea:15:11:fb:09:b2:ef:2c:76:8b:42:
                    11:de:9c:8d:a4:d5:d9:4d:84:db:68:63:83:a3:1a:
                    cc:43:cb:6e:2b:51:72:71:f8:95:51:18:c8:b5:f9:
                    c0:d2:7e:95:d5:03:b9:21:d8:90:de:cd:02:f7:d6:
                    41:c2:95:00:77:76:a8:37:dd:29:9a:12:96:de:36:
                    42:24:9f:7e:39:9e:85:69:50:7d:ef:b7:77:ef:3f:
                    4d:49:d5:5d:c9:a1:e3:5e:d9:34:2c:17:03:ba:40:
                    47:38:7d:cd:81:61:cb:3a:0c:18:56:ba:7e:7b:41:
                    02:73:cb:de:2e:8e:e6:ed:d8:ef:7a:32:82:c1:1e:
                    0d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4E:30:2F:BC:D1:22:D1:B7:76:FD:F2:08:6B:A4:E2:7E:F1:94:E9
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/Ik4wL7zRItG3dv3yCGuk4n7xlOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.79.0-89.23.81.255
                  89.23.85.0/24
                  89.23.87.0/24
                  89.23.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:be:b3:86:b0:d5:31:48:e6:a1:c2:c2:af:3a:c8:56:4a:48:
         5a:89:5e:21:44:da:ac:6f:cb:a8:a4:d5:42:25:1c:e8:c9:dc:
         ce:fc:77:4f:4e:fa:8d:0d:cb:52:dd:59:22:b0:f1:2c:4e:bc:
         4f:bf:c8:6f:6a:9d:48:52:b7:4e:a6:d0:f2:e1:b9:5f:12:2c:
         f3:7a:30:9b:94:59:85:ac:39:1a:48:09:92:3d:67:27:9a:ba:
         9c:c5:2c:ac:b9:77:1d:2d:9a:67:79:d3:fc:f7:45:c8:81:19:
         de:01:8d:2d:9d:67:e0:a6:0d:d4:3d:85:c8:0c:01:9f:99:8a:
         88:34:19:1d:8a:e6:2f:ad:4e:1d:fd:fe:ac:df:6b:de:02:d2:
         b3:6c:4b:89:1f:17:55:3d:bc:0c:25:30:30:ae:ae:57:62:d7:
         50:34:98:85:d8:2b:d0:e8:d9:55:07:5d:f5:a6:9e:ce:6e:5d:
         cb:73:94:43:03:8b:fe:28:58:ca:e7:c2:85:31:a6:b7:dd:fc:
         a7:02:b6:85:67:01:f6:87:ce:ed:f6:6c:bc:fd:61:9d:22:7d:
         ee:e2:9b:a3:27:27:54:b4:c5:de:7f:e9:3d:b2:8a:64:a9:8f:
         8b:97:a7:49:1b:da:3b:2d:05:32:e4:7e:60:ee:95:65:68:f7:
         d6:64:48:32
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzEJI8JBXBAKalhvzETmqkQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjQwMTAxMDgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjRlMzAyZmJjZDEyMmQxYjc3NmZkZjIwODZiYTRlMjdlZjE5NGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZKPTB4x0HvLpxlB4u6BtifCc2l3
+NwNW9LDiEezV2oLmU/xvnerCo4gMmIGUtyaz1JtlEgg+AXhpsBJS6CbIg2ZRBOo
Gl0N0p27mHh6WQHOyfLrd4wsY+3gp2kQumP5FLgeSHartprEcIjcVCNgLkGgOcSG
Trx/F63R6hUR+wmy7yx2i0IR3pyNpNXZTYTbaGODoxrMQ8tuK1FycfiVURjItfnA
0n6V1QO5IdiQ3s0C99ZBwpUAd3aoN90pmhKW3jZCJJ9+OZ6FaVB977d37z9NSdVd
yaHjXtk0LBcDukBHOH3NgWHLOgwYVrp+e0ECc8veLo7m7djvejKCwR4NiwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCJOMC+80SLRt3b98ghrpOJ+8ZTpMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvSWs0d0w3elJJdEczZHYzeUNHdWs0bjd4bE9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBABZF08D
BAFZF1ADBABZF1UDBABZF1cDBABZF1wwDQYJKoZIhvcNAQELBQADggEBACm+s4aw
1TFI5qHCwq86yFZKSFqJXiFE2qxvy6ik1UIlHOjJ3M78d09O+o0Ny1LdWSKw8SxO
vE+/yG9qnUhSt06m0PLhuV8SLPN6MJuUWYWsORpICZI9ZyeaupzFLKy5dx0tmmd5
0/z3RciBGd4BjS2dZ+CmDdQ9hcgMAZ+Ziog0GR2K5i+tTh39/qzfa94C0rNsS4kf
F1U9vAwlMDCurldi11A0mIXYK9Do2VUHXfWmns5uXctzlEMDi/4oWMrnwoUxprfd
/KcCtoVnAfaHzu32bLz9YZ0ife7im6MnJ1S0xd5/6T2yimSpj4uXp0kb2jstBTLk
fmDulWVo99ZkSDI=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:08:21 2024 by rpki-client on console-ams.rpki-client.org