Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iJA2iH_TCHE9gVWq1xDLkdAv4W0.roa
File:                     iJA2iH_TCHE9gVWq1xDLkdAv4W0.roa (raw, json)
Hash identifier:          X7oH0u3DrkvjqsWwICQ8xhxZ1BqE4FtQLtZ8lJTNQaY=
Subject key identifier:   88:90:36:88:7F:D3:08:71:3D:81:55:AA:D7:10:CB:91:D0:2F:E1:6D
Certificate issuer:       /CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Certificate serial:       018CC8030108954DE6BB2714EE77530798B2
Authority key identifier: 88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iJA2iH_TCHE9gVWq1xDLkdAv4W0.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3333
IP address blocks:        193.0.0.0/21 maxlen: 21
                          193.0.10.0/23 maxlen: 23
                          193.0.12.0/23 maxlen: 23
                          193.0.20.0/23 maxlen: 23
                          193.0.18.0/23 maxlen: 23
                          193.0.22.0/23 maxlen: 23
                          2a13:27c0::/29 maxlen: 48
                          2a13:27c0:10::/44 maxlen: 44
                          2001:67c:2e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:01:08:95:4d:e6:bb:27:14:ee:77:53:07:98:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=889036887fd308713d8155aad710cb91d02fe16d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f5:e8:a7:f3:26:fc:b9:a3:9b:dc:3a:a3:73:
                    21:69:be:a4:b9:42:07:88:d9:1c:fa:9f:2a:83:78:
                    de:95:22:9e:60:b7:66:4b:69:89:ad:ac:99:18:87:
                    63:98:48:68:0b:25:1a:37:f7:bc:59:0b:60:29:43:
                    34:94:71:9c:c7:01:2e:90:0c:1e:d0:b9:e0:1e:a3:
                    df:e4:3c:51:80:85:3d:b4:93:78:a4:d1:da:da:c4:
                    61:fe:c0:31:b9:98:88:b3:b1:19:5e:04:46:8d:29:
                    ad:fe:c5:e1:b8:51:84:41:4c:6d:89:4e:8a:d7:ca:
                    93:c8:8d:f7:68:51:97:61:29:f2:8a:98:ec:c1:1c:
                    de:43:b6:e9:1b:17:42:8b:94:0c:f4:b9:e4:7d:d3:
                    6f:bb:65:c1:ea:b6:10:71:e7:af:da:91:12:cb:8c:
                    61:15:26:0b:6e:5f:ac:dd:7c:18:57:78:d1:d0:b2:
                    79:31:b3:6d:ce:2b:d2:95:67:78:a6:47:23:fb:fd:
                    eb:02:59:e8:d8:b8:3e:fc:6f:25:3d:21:cf:eb:65:
                    80:d4:ef:ad:0c:68:20:78:ff:18:1f:9c:a5:9c:8b:
                    77:00:23:c2:0e:9d:a7:ae:80:1f:ff:a7:b4:ed:20:
                    02:34:10:a8:b2:30:47:2a:44:58:20:90:3b:83:d6:
                    9a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:90:36:88:7F:D3:08:71:3D:81:55:AA:D7:10:CB:91:D0:2F:E1:6D
            X509v3 Authority Key Identifier:
                keyid:88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iJA2iH_TCHE9gVWq1xDLkdAv4W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.0.0/21
                  193.0.10.0-193.0.13.255
                  193.0.18.0-193.0.23.255
                IPv6:
                  2001:67c:2e8::/48
                  2a13:27c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:b3:a5:81:b9:e3:93:d3:84:53:2c:37:68:28:54:f5:94:fc:
         15:5f:e9:12:4c:ac:c9:b3:cd:f4:1e:88:d2:93:90:ce:b2:8d:
         69:f8:5b:2a:5c:c7:8b:22:f6:41:48:f3:76:df:c9:62:f2:1e:
         b2:26:17:62:21:09:96:2c:45:01:2b:d9:4a:1b:71:81:4e:17:
         37:c2:32:bc:84:f4:15:05:0b:ce:81:dc:1b:f3:4e:24:4b:16:
         49:8c:a7:56:4f:03:7e:e5:29:08:4d:39:e6:da:bb:9f:b6:92:
         9b:47:43:61:13:5d:b7:bb:d2:77:c1:0b:ef:58:23:b3:41:7d:
         9b:5f:c4:f9:89:a3:fa:f8:65:85:20:ad:dd:32:dc:3c:2f:a8:
         5b:e9:f5:5f:3c:4c:26:b2:50:98:f1:61:b6:68:ee:0a:30:5c:
         bd:02:2c:f6:35:c5:92:3e:f7:f5:e5:a3:74:37:98:96:63:aa:
         d1:0c:de:b4:d5:f5:4f:e5:91:d3:3c:5d:d0:59:31:1c:d4:53:
         3c:06:e1:11:17:c8:02:ba:67:19:62:c5:ad:28:b6:14:b2:e6:
         a2:85:ec:fc:06:8b:20:4c:99:fc:7f:6a:c1:43:2f:f9:21:88:
         17:92:72:3d:c8:db:73:b6:86:2a:43:54:e7:8d:22:05:2f:98:
         a0:0f:2a:f5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYzIAwEIlU3muycU7ndTB5iyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTdhYWZlYzYxYzNhNmIwMjRiNmE5ZjU0ZmZiNzY0Y2Ez
ZGY5MjIwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODkwMzY4ODdmZDMwODcxM2Q4MTU1YWFkNzEwY2I5MWQwMmZlMTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPXop/Mm/Lmjm9w6o3Mhab6kuUIH
iNkc+p8qg3jelSKeYLdmS2mJrayZGIdjmEhoCyUaN/e8WQtgKUM0lHGcxwEukAwe
0LngHqPf5DxRgIU9tJN4pNHa2sRh/sAxuZiIs7EZXgRGjSmt/sXhuFGEQUxtiU6K
18qTyI33aFGXYSnyipjswRzeQ7bpGxdCi5QM9LnkfdNvu2XB6rYQceev2pESy4xh
FSYLbl+s3XwYV3jR0LJ5MbNtzivSlWd4pkcj+/3rAlno2Lg+/G8lPSHP62WA1O+t
DGggeP8YH5ylnIt3ACPCDp2nroAf/6e07SACNBCosjBHKkRYIJA7g9aaewIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFIiQNoh/0whxPYFVqtcQy5HQL+FtMB8GA1UdIwQY
MBaAFIgXqv7GHDprAktqn1T/t2TKPfkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0Mjkt
ZTY2MzY5NjQ5NDExLzEvaUpBMmlIX1RDSEU5Z1ZXcTF4RExrZEF2NFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0MjktZTY2MzY5NjQ5NDEx
LzEvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAoBAIAATAiAwQDwQAAMAwD
BAHBAAoDBAHBAAwwDAMEAcEAEgMEA8EAEDAWBAIAAjAQAwcAIAEGfALoAwUDKhMn
wDANBgkqhkiG9w0BAQsFAAOCAQEAbbOlgbnjk9OEUyw3aChU9ZT8FV/pEkysybPN
9B6I0pOQzrKNafhbKlzHiyL2QUjzdt/JYvIesiYXYiEJlixFASvZShtxgU4XN8Iy
vIT0FQULzoHcG/NOJEsWSYynVk8DfuUpCE055tq7n7aSm0dDYRNdt7vSd8EL71gj
s0F9m1/E+Ymj+vhlhSCt3TLcPC+oW+n1XzxMJrJQmPFhtmjuCjBcvQIs9jXFkj73
9eWjdDeYlmOq0QzetNX1T+WR0zxd0FkxHNRTPAbhERfIArpnGWLFrSi2FLLmooXs
/AaLIEyZ/H9qwUMv+SGIF5JyPcjbc7aGKkNU540iBS+YoA8q9Q==
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:48:41 2024 by rpki-client on console-fra.rpki-client.org