Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/Iapo1sYws9xLqN2XQEc3rQAkpIc.roa
File:                     Iapo1sYws9xLqN2XQEc3rQAkpIc.roa (raw, json)
Hash identifier:          S7/ZN5hIHpyL45/AQUxf0+LWc4UGreVTCdNfqS0+UJs=
Subject key identifier:   21:AA:68:D6:C6:30:B3:DC:4B:A8:DD:97:40:47:37:AD:00:24:A4:87
Certificate issuer:       /CN=192fc85b01f21a0d685c03001df47ac460937bf1
Certificate serial:       018CC64B2473263B59D5B9D98AD7D349811F
Authority key identifier: 19:2F:C8:5B:01:F2:1A:0D:68:5C:03:00:1D:F4:7A:C4:60:93:7B:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GS_IWwHyGg1oXAMAHfR6xGCTe_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/Iapo1sYws9xLqN2XQEc3rQAkpIc.roa
Signing time:             Mon 01 Jan 2024 18:31:02 +0000
ROA not before:           Mon 01 Jan 2024 18:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12812
IP address blocks:        185.190.29.0/24 maxlen: 24
                          185.190.28.0/22 maxlen: 24
                          185.190.28.0/24 maxlen: 24
                          193.188.131.0/24 maxlen: 24
                          193.188.128.0/24 maxlen: 24
                          193.188.128.0/22 maxlen: 24
                          193.188.129.0/24 maxlen: 24
                          193.188.130.0/24 maxlen: 24
                          2a02:f700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GS_IWwHyGg1oXAMAHfR6xGCTe_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GS_IWwHyGg1oXAMAHfR6xGCTe_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GS_IWwHyGg1oXAMAHfR6xGCTe_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:24:73:26:3b:59:d5:b9:d9:8a:d7:d3:49:81:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=192fc85b01f21a0d685c03001df47ac460937bf1
        Validity
            Not Before: Jan  1 18:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21aa68d6c630b3dc4ba8dd97404737ad0024a487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:da:68:d4:f0:84:75:43:2a:71:0f:89:b0:1d:
                    3a:e5:5b:79:c4:a8:9b:6b:87:81:f3:60:f7:d9:05:
                    75:d8:78:05:2b:2d:e3:d1:a3:82:cb:68:87:81:03:
                    9b:3d:62:2d:c4:b1:91:ce:35:1b:5b:5d:a5:14:02:
                    24:48:9b:aa:49:4d:15:76:3a:e6:7e:dd:2b:cd:59:
                    f7:68:ba:8e:a8:df:f6:92:cb:55:89:de:05:4b:0f:
                    36:1b:58:b5:6a:d6:7f:2e:fd:fe:5b:99:0c:b3:8c:
                    b7:4f:3e:d0:2f:1e:d3:37:5e:a9:d6:cd:90:c7:51:
                    88:e7:5a:03:ce:0a:53:a2:6b:95:32:88:fd:53:2e:
                    7f:48:0a:ae:25:12:ba:e7:84:4f:8d:52:7b:8f:3d:
                    2f:76:4e:c1:e6:48:b6:be:8e:94:4f:e1:37:2e:be:
                    41:2c:f2:b7:50:e4:5e:18:ac:70:9e:92:90:74:26:
                    eb:59:8a:0b:44:73:96:74:2a:30:6a:af:e6:7b:cc:
                    b0:9e:b2:fa:c7:2e:c1:e9:be:ae:f9:37:88:ef:7e:
                    63:f6:75:aa:b6:62:0f:4c:ef:93:f3:7d:a9:da:03:
                    a6:59:37:0a:78:cb:ee:90:77:79:01:ed:73:b9:c2:
                    83:f0:06:c8:0c:84:da:be:6d:02:5c:b5:0c:fc:24:
                    97:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AA:68:D6:C6:30:B3:DC:4B:A8:DD:97:40:47:37:AD:00:24:A4:87
            X509v3 Authority Key Identifier:
                keyid:19:2F:C8:5B:01:F2:1A:0D:68:5C:03:00:1D:F4:7A:C4:60:93:7B:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GS_IWwHyGg1oXAMAHfR6xGCTe_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/Iapo1sYws9xLqN2XQEc3rQAkpIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GS_IWwHyGg1oXAMAHfR6xGCTe_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.28.0/22
                  193.188.128.0/22
                IPv6:
                  2a02:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:90:08:ad:18:04:4d:10:c7:9c:23:97:f6:91:65:d4:30:53:
         82:bb:b3:cf:30:9e:7d:36:9d:90:fa:2a:d1:4a:32:51:5a:dc:
         90:17:63:1d:4b:40:5f:b2:4c:14:54:c9:8a:e5:e2:89:22:6b:
         9e:ea:bb:aa:2b:47:c4:ea:c1:fe:eb:89:17:e9:5c:61:8d:b1:
         59:e3:f7:10:c1:c6:ed:5c:05:5a:b5:04:6a:5f:81:62:41:6e:
         b9:88:09:79:f8:2e:99:98:52:cd:17:9c:80:4f:57:23:26:2b:
         32:6b:2a:7f:57:ae:35:d6:f1:2e:cf:47:cf:4b:31:a4:4c:b3:
         c5:0f:94:05:db:6c:ec:0d:8f:ab:d4:8a:f4:99:28:12:4e:97:
         33:e7:f9:75:fc:a0:d6:cd:bd:7a:0b:19:3b:f1:a1:d3:ab:b5:
         c3:30:7a:ed:18:b7:46:e0:8f:3c:24:5e:99:2e:4b:a1:8b:f4:
         d0:48:3f:14:99:47:9e:13:67:d2:c5:c2:a5:84:f1:ad:ae:5e:
         7b:62:57:96:08:86:d9:9b:f1:94:13:94:7b:99:85:e1:a2:04:
         44:75:3b:6f:e1:50:e6:4e:79:d0:e4:d3:68:44:61:da:3b:9f:
         6a:05:57:73:c4:59:a6:d8:96:25:26:a6:35:59:7f:17:e5:0b:
         60:c1:6b:8b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGSyRzJjtZ1bnZitfTSYEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MmZjODViMDFmMjFhMGQ2ODVjMDMwMDFkZjQ3YWM0NjA5
MzdiZjEwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFhNjhkNmM2MzBiM2RjNGJhOGRkOTc0MDQ3MzdhZDAwMjRhNDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNpo1PCEdUMqcQ+JsB065Vt5xKib
a4eB82D32QV12HgFKy3j0aOCy2iHgQObPWItxLGRzjUbW12lFAIkSJuqSU0Vdjrm
ft0rzVn3aLqOqN/2kstVid4FSw82G1i1atZ/Lv3+W5kMs4y3Tz7QLx7TN16p1s2Q
x1GI51oDzgpTomuVMoj9Uy5/SAquJRK654RPjVJ7jz0vdk7B5ki2vo6UT+E3Lr5B
LPK3UOReGKxwnpKQdCbrWYoLRHOWdCowaq/me8ywnrL6xy7B6b6u+TeI735j9nWq
tmIPTO+T832p2gOmWTcKeMvukHd5Ae1zucKD8AbIDITavm0CXLUM/CSXVQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCGqaNbGMLPcS6jdl0BHN60AJKSHMB8GA1UdIwQY
MBaAFBkvyFsB8hoNaFwDAB30esRgk3vxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1NfSVd3SHlHZzFvWEFNQUhmUjZ4R0NUZV9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8xODI5MTUtZmVlYy00MTYwLTg4YmYt
YjIxMDQ0N2MwN2ZmLzEvSWFwbzFzWXdzOXhMcU4yWFFFYzNyUUFrcEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8xODI5MTUtZmVlYy00MTYwLTg4YmYtYjIxMDQ0N2MwN2Zm
LzEvR1NfSVd3SHlHZzFvWEFNQUhmUjZ4R0NUZV9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCub4cAwQC
wbyAMA0EAgACMAcDBQMqAvcAMA0GCSqGSIb3DQEBCwUAA4IBAQBMkAitGARNEMec
I5f2kWXUMFOCu7PPMJ59Np2Q+irRSjJRWtyQF2MdS0BfskwUVMmK5eKJImue6ruq
K0fE6sH+64kX6VxhjbFZ4/cQwcbtXAVatQRqX4FiQW65iAl5+C6ZmFLNF5yAT1cj
Jisyayp/V6411vEuz0fPSzGkTLPFD5QF22zsDY+r1Ir0mSgSTpcz5/l1/KDWzb16
Cxk78aHTq7XDMHrtGLdG4I88JF6ZLkuhi/TQSD8UmUeeE2fSxcKlhPGtrl57YleW
CIbZm/GUE5R7mYXhogREdTtv4VDmTnnQ5NNoRGHaO59qBVdzxFmm2JYlJqY1WX8X
5QtgwWuL
-----END CERTIFICATE-----
Generated at Sat Dec 28 02:56:03 2024 by rpki-client on console-ams.rpki-client.org