Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/I8P4wOnFImAIuAMYdvxlAsMuArI.roa
File:                     I8P4wOnFImAIuAMYdvxlAsMuArI.roa (raw, json)
Hash identifier:          AD9GVp5kZ4L4e5SLMYvEHe7ZIQPH0mkAb3pQVUN/lug=
Subject key identifier:   23:C3:F8:C0:E9:C5:22:60:08:B8:03:18:76:FC:65:02:C3:2E:02:B2
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       018CC72775B29F1E1AE6BDBC20BB48491752
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/I8P4wOnFImAIuAMYdvxlAsMuArI.roa
Signing time:             Mon 01 Jan 2024 22:31:41 +0000
ROA not before:           Mon 01 Jan 2024 22:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262254
IP address blocks:        185.129.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:75:b2:9f:1e:1a:e6:bd:bc:20:bb:48:49:17:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Jan  1 22:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23c3f8c0e9c5226008b8031876fc6502c32e02b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ae:cb:57:bd:56:aa:33:fb:43:0b:18:ad:1a:
                    10:31:29:2c:f2:60:38:5b:c0:c6:cf:b3:5e:de:04:
                    65:29:61:1f:68:3a:f9:2c:77:2c:14:36:9f:34:47:
                    f9:63:01:bd:e5:d4:c4:14:d7:74:3a:12:fd:40:ac:
                    82:ac:62:cc:c4:02:6b:97:f4:03:41:29:8c:cf:02:
                    dd:63:7e:cd:68:91:22:ad:b5:a0:19:7a:b0:59:fd:
                    dd:84:21:7c:df:e2:f4:03:d6:2d:e1:f5:8c:ea:72:
                    48:59:49:8c:b1:95:3a:c6:87:85:8a:be:04:b6:38:
                    1a:31:bb:be:80:f7:58:34:e7:a9:3b:fe:9f:96:e3:
                    9a:f1:15:d1:48:19:51:5a:3a:d8:5b:b8:e1:8c:10:
                    4b:0f:fc:34:33:55:9f:c0:2b:1a:71:69:fa:5d:7d:
                    43:83:e6:58:a2:ef:4a:5d:6b:d8:1f:89:7a:b3:9d:
                    8a:6c:ee:73:7f:d3:c8:95:da:5c:24:1f:85:81:51:
                    35:e5:29:2e:59:0f:58:90:19:ed:b8:1c:7c:78:43:
                    2a:94:a9:52:82:f4:38:3a:c0:6e:49:4d:a8:c8:e7:
                    94:72:c9:b7:f7:d3:4f:0d:32:ba:03:83:fa:fb:f4:
                    bf:95:32:0f:ca:79:81:7a:46:ed:f6:6e:cc:e1:49:
                    82:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:C3:F8:C0:E9:C5:22:60:08:B8:03:18:76:FC:65:02:C3:2E:02:B2
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/I8P4wOnFImAIuAMYdvxlAsMuArI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:c9:e7:b0:cd:ce:b4:0a:88:a2:eb:a1:4b:9a:1d:f8:3e:76:
         12:c0:96:0c:19:85:58:5a:06:01:4c:ad:8e:55:32:58:92:72:
         71:03:00:89:60:8d:6a:c3:7c:e5:ca:d4:94:9e:2d:a5:63:6c:
         e6:95:26:b2:ee:6b:a2:cf:4d:93:bf:a2:82:8f:fd:b1:a9:2e:
         a0:d8:5e:33:47:cb:54:7a:82:13:af:cf:39:b3:06:c9:a7:0c:
         8c:2d:eb:bb:84:cf:7b:3f:c5:de:13:2f:fd:ae:7a:be:a6:dc:
         68:89:61:7a:39:43:c1:ea:65:58:a1:13:33:55:5b:5e:6a:d0:
         ab:a8:e3:aa:0c:f1:33:e6:01:2b:f5:25:f9:30:6f:be:cb:5a:
         a5:4e:fa:a3:b0:6c:84:0b:20:2e:9f:08:8e:77:32:b9:d1:b9:
         7f:f2:95:25:1d:b4:70:11:eb:5a:38:66:cf:2e:df:16:a2:77:
         a3:30:10:fe:07:33:fa:bd:50:68:f6:e1:65:56:b4:f5:a0:d9:
         3b:91:8e:fc:ef:24:59:97:68:03:e9:78:3e:c3:2c:4f:15:7b:
         aa:19:6b:49:73:06:03:93:08:82:b2:a3:a1:06:64:ab:68:ef:
         26:8d:19:4d:75:5b:26:f2:85:5c:45:49:f2:fe:b8:4e:a0:10:
         bc:33:9e:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3Wynx4a5r28ILtISRdSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjQwMTAxMjIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2MzZjhjMGU5YzUyMjYwMDhiODAzMTg3NmZjNjUwMmMzMmUwMmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz67LV71WqjP7QwsYrRoQMSks8mA4
W8DGz7Ne3gRlKWEfaDr5LHcsFDafNEf5YwG95dTEFNd0OhL9QKyCrGLMxAJrl/QD
QSmMzwLdY37NaJEirbWgGXqwWf3dhCF83+L0A9Yt4fWM6nJIWUmMsZU6xoeFir4E
tjgaMbu+gPdYNOepO/6fluOa8RXRSBlRWjrYW7jhjBBLD/w0M1WfwCsacWn6XX1D
g+ZYou9KXWvYH4l6s52KbO5zf9PIldpcJB+FgVE15SkuWQ9YkBntuBx8eEMqlKlS
gvQ4OsBuSU2oyOeUcsm399NPDTK6A4P6+/S/lTIPynmBekbt9m7M4UmCxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPD+MDpxSJgCLgDGHb8ZQLDLgKyMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvSThQNHdPbkZJbUFJdUFNWWR2eGxBc011QXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYEwMA0G
CSqGSIb3DQEBCwUAA4IBAQAiyeewzc60Coii66FLmh34PnYSwJYMGYVYWgYBTK2O
VTJYknJxAwCJYI1qw3zlytSUni2lY2zmlSay7muiz02Tv6KCj/2xqS6g2F4zR8tU
eoITr885swbJpwyMLeu7hM97P8XeEy/9rnq+ptxoiWF6OUPB6mVYoRMzVVteatCr
qOOqDPEz5gEr9SX5MG++y1qlTvqjsGyECyAunwiOdzK50bl/8pUlHbRwEetaOGbP
Lt8WonejMBD+BzP6vVBo9uFlVrT1oNk7kY787yRZl2gD6Xg+wyxPFXuqGWtJcwYD
kwiCsqOhBmSraO8mjRlNdVsm8oVcRUny/rhOoBC8M54l
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:29:53 2024 by rpki-client on console-fra.rpki-client.org