Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/pXUjXXpdd8z3NNb-ZOEhqMnaf8k.roa
File:                     pXUjXXpdd8z3NNb-ZOEhqMnaf8k.roa (raw, json)
Hash identifier:          irm2MfG/c3WJimSo/WCUga15kk8imQadma9Ty+FgCcQ=
Subject key identifier:   A5:75:23:5D:7A:5D:77:CC:F7:34:D6:FE:64:E1:21:A8:C9:DA:7F:C9
Certificate issuer:       /CN=7ba289ebe93351236a5580eb5b70102cf3f11dfc
Certificate serial:       018CCA9A152D7284080BDD7CAFEDFE6AFC0D
Authority key identifier: 7B:A2:89:EB:E9:33:51:23:6A:55:80:EB:5B:70:10:2C:F3:F1:1D:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/pXUjXXpdd8z3NNb-ZOEhqMnaf8k.roa
Signing time:             Tue 02 Jan 2024 14:35:44 +0000
ROA not before:           Tue 02 Jan 2024 14:35:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204436
IP address blocks:        185.181.116.0/22 maxlen: 24
                          91.197.228.0/22 maxlen: 24
                          2a0a:cb80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:15:2d:72:84:08:0b:dd:7c:af:ed:fe:6a:fc:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ba289ebe93351236a5580eb5b70102cf3f11dfc
        Validity
            Not Before: Jan  2 14:35:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a575235d7a5d77ccf734d6fe64e121a8c9da7fc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5a:50:d9:66:fb:a6:ae:57:32:ad:f9:59:85:
                    63:be:ac:07:5a:ca:8c:36:f7:f1:7b:ae:3b:d4:3c:
                    2f:b2:19:b9:02:a6:50:8b:9c:83:d6:7c:61:06:a1:
                    55:bd:09:fd:0f:a6:92:70:82:1c:ef:73:02:87:59:
                    3d:a2:2b:44:e9:07:8c:01:8f:4b:59:0e:18:f6:50:
                    5c:71:b9:f1:55:ce:d2:65:f5:89:30:4e:3d:43:5d:
                    a0:9f:15:81:f0:8b:ae:59:3a:fa:dc:58:cd:31:24:
                    4c:1e:dc:d3:30:78:1f:29:d2:81:59:0a:40:7f:55:
                    21:6a:7d:a8:5e:92:ac:fb:7c:dd:2c:15:73:f6:d0:
                    92:d8:dd:6f:1c:9e:49:74:68:74:b3:4a:f2:a6:3b:
                    40:33:05:b1:ca:e0:36:12:3b:96:02:2b:bc:1a:1d:
                    d8:c4:47:ec:2a:22:a1:60:eb:a0:ed:3c:0c:c3:a5:
                    7c:e3:7d:34:70:24:db:77:5f:f9:eb:a9:4d:da:08:
                    d5:ea:2b:a5:67:65:2e:18:1b:67:dd:d9:24:02:42:
                    7a:ea:f1:91:05:97:a0:33:21:0c:32:77:22:8a:75:
                    e1:cb:71:c6:a0:a3:6f:59:ab:45:40:45:4a:f7:18:
                    c4:92:5f:12:67:95:43:65:45:d0:28:2a:28:a7:02:
                    b6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:75:23:5D:7A:5D:77:CC:F7:34:D6:FE:64:E1:21:A8:C9:DA:7F:C9
            X509v3 Authority Key Identifier:
                keyid:7B:A2:89:EB:E9:33:51:23:6A:55:80:EB:5B:70:10:2C:F3:F1:1D:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/pXUjXXpdd8z3NNb-ZOEhqMnaf8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de1e7c-7d74-4ccc-9c6c-d163b5499e68/1/e6KJ6-kzUSNqVYDrW3AQLPPxHfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.228.0/22
                  185.181.116.0/22
                IPv6:
                  2a0a:cb80::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:53:5b:5b:8b:f6:69:58:b7:05:7d:42:20:eb:43:ac:43:15:
         72:f1:f7:2a:1e:4c:a9:49:07:bc:c5:70:55:e2:4f:92:a7:76:
         8c:29:bc:8d:c3:35:b0:21:4d:7f:1b:7b:ed:a0:b6:3e:d0:38:
         52:ef:8c:07:2d:70:b7:e2:8f:62:ba:92:5d:5c:b5:66:7a:04:
         8d:e2:f3:8d:b6:ce:82:2b:a5:d4:56:46:a0:3e:3c:05:ca:34:
         fd:5a:56:1b:45:c3:6b:aa:a5:32:77:77:da:8d:bc:1d:cc:66:
         5c:2b:0f:aa:38:52:72:0a:30:b1:3e:8e:ea:2a:20:15:db:2d:
         80:cd:2a:36:e6:76:5c:48:b4:36:9e:28:1a:26:28:a2:68:ff:
         25:d1:65:31:da:74:e5:55:51:18:cd:22:dd:3e:12:34:3a:29:
         10:86:a9:2f:ac:76:db:05:1d:ce:2c:8e:c6:1b:a8:42:5c:b2:
         2b:1f:70:f7:50:58:cd:66:63:7c:e2:e2:dc:b8:7d:17:d1:42:
         c2:aa:1a:6f:ea:e9:de:67:8f:85:6f:4e:f1:5c:27:c6:1e:61:
         d5:8c:8e:41:c8:3e:5a:32:52:06:2a:22:89:1d:c8:b3:37:ca:
         82:0e:aa:71:53:cb:ea:d2:3f:4f:db:e0:cd:3c:ef:63:89:56:
         42:3b:77:1a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKmhUtcoQIC918r+3+avwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYTI4OWViZTkzMzUxMjM2YTU1ODBlYjViNzAxMDJjZjNm
MTFkZmMwHhcNMjQwMTAyMTQzNTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTc1MjM1ZDdhNWQ3N2NjZjczNGQ2ZmU2NGUxMjFhOGM5ZGE3ZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVpQ2Wb7pq5XMq35WYVjvqwHWsqM
Nvfxe6471Dwvshm5AqZQi5yD1nxhBqFVvQn9D6aScIIc73MCh1k9oitE6QeMAY9L
WQ4Y9lBccbnxVc7SZfWJME49Q12gnxWB8IuuWTr63FjNMSRMHtzTMHgfKdKBWQpA
f1Uhan2oXpKs+3zdLBVz9tCS2N1vHJ5JdGh0s0rypjtAMwWxyuA2EjuWAiu8Gh3Y
xEfsKiKhYOug7TwMw6V84300cCTbd1/566lN2gjV6iulZ2UuGBtn3dkkAkJ66vGR
BZegMyEMMnciinXhy3HGoKNvWatFQEVK9xjEkl8SZ5VDZUXQKCoopwK2nwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKV1I116XXfM9zTW/mThIajJ2n/JMB8GA1UdIwQY
MBaAFHuiievpM1EjalWA61twECzz8R38MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZLSjYta3pVU05xVllEclczQVFMUFB4SGZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kZTFlN2MtN2Q3NC00Y2NjLTljNmMt
ZDE2M2I1NDk5ZTY4LzEvcFhValhYcGRkOHozTk5iLVpPRWhxTW5hZjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kZTFlN2MtN2Q3NC00Y2NjLTljNmMtZDE2M2I1NDk5ZTY4
LzEvZTZLSjYta3pVU05xVllEclczQVFMUFB4SGZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8XkAwQC
ubV0MA0EAgACMAcDBQAqCsuAMA0GCSqGSIb3DQEBCwUAA4IBAQA1U1tbi/ZpWLcF
fUIg60OsQxVy8fcqHkypSQe8xXBV4k+Sp3aMKbyNwzWwIU1/G3vtoLY+0DhS74wH
LXC34o9iupJdXLVmegSN4vONts6CK6XUVkagPjwFyjT9WlYbRcNrqqUyd3fajbwd
zGZcKw+qOFJyCjCxPo7qKiAV2y2AzSo25nZcSLQ2nigaJiiiaP8l0WUx2nTlVVEY
zSLdPhI0OikQhqkvrHbbBR3OLI7GG6hCXLIrH3D3UFjNZmN84uLcuH0X0ULCqhpv
6uneZ4+Fb07xXCfGHmHVjI5ByD5aMlIGKiKJHcizN8qCDqpxU8vq0j9P2+DNPO9j
iVZCO3ca
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:23:07 2024 by rpki-client on console-ams.rpki-client.org