Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/7f3546-4a87-4627-a019-341b9d64645d/1/ImMM7tbci2HiDo2g_cX1cCi5juI.roa
File:                     ImMM7tbci2HiDo2g_cX1cCi5juI.roa (raw, json)
Hash identifier:          TuKI0/iJG1UCabSQKf3VEOVRDfdviGn1M7elFFzzw6U=
Subject key identifier:   22:63:0C:EE:D6:DC:8B:61:E2:0E:8D:A0:FD:C5:F5:70:28:B9:8E:E2
Certificate issuer:       /CN=6ff9ca5c76bb35a9353e9b13e3fce80f36316180
Certificate serial:       018CC2DAB3CEC93EAF94DF138EBE95A4D28D
Authority key identifier: 6F:F9:CA:5C:76:BB:35:A9:35:3E:9B:13:E3:FC:E8:0F:36:31:61:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b_nKXHa7Nak1PpsT4_zoDzYxYYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/7f3546-4a87-4627-a019-341b9d64645d/1/ImMM7tbci2HiDo2g_cX1cCi5juI.roa
Signing time:             Mon 01 Jan 2024 02:29:21 +0000
ROA not before:           Mon 01 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197750
IP address blocks:        91.229.93.0/24 maxlen: 24
                          185.6.103.0/24 maxlen: 24
                          185.6.100.0/24 maxlen: 24
                          185.6.102.0/24 maxlen: 24
                          185.6.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/7f3546-4a87-4627-a019-341b9d64645d/1/b_nKXHa7Nak1PpsT4_zoDzYxYYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/7f3546-4a87-4627-a019-341b9d64645d/1/b_nKXHa7Nak1PpsT4_zoDzYxYYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b_nKXHa7Nak1PpsT4_zoDzYxYYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b3:ce:c9:3e:af:94:df:13:8e:be:95:a4:d2:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ff9ca5c76bb35a9353e9b13e3fce80f36316180
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22630ceed6dc8b61e20e8da0fdc5f57028b98ee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:62:e2:67:33:fc:e8:4d:a5:cd:69:ce:f5:cb:
                    6a:0b:ee:0e:e5:23:c2:90:c7:12:8e:13:fd:02:42:
                    b7:16:78:eb:0e:a4:51:95:94:c7:07:5f:f0:b4:ec:
                    c6:ab:c3:f0:1f:b6:d7:08:6e:a5:41:49:79:29:fd:
                    f7:6c:25:d4:d5:78:31:ad:5d:7b:96:e3:5e:2e:5f:
                    23:bf:57:b2:8f:6f:dd:65:c9:b8:e2:93:b7:b6:0d:
                    c4:2c:40:ad:44:ac:02:e3:27:b4:c3:ae:87:f0:fd:
                    78:d4:a8:97:1b:c8:dc:60:02:d7:65:f7:2c:00:e7:
                    98:7f:b0:a8:1c:fd:49:e7:ba:80:2c:3d:39:2b:82:
                    d6:46:6c:7c:77:e0:f9:5c:d3:7b:84:08:f7:85:7a:
                    0e:dd:64:08:f9:02:ed:1e:40:45:7c:ce:d1:3f:be:
                    5b:1f:13:94:7e:d3:f5:cc:cb:a5:13:53:67:a7:11:
                    a2:d0:8b:f2:94:ff:cd:77:de:32:39:b9:5a:8e:ea:
                    f5:20:67:9b:1a:1c:ca:5d:71:db:1e:34:83:dc:45:
                    11:94:b4:d8:28:d1:7c:a0:82:b7:dd:c4:8d:c1:84:
                    f8:71:4d:64:06:56:1a:62:40:86:9b:fd:39:38:39:
                    c4:f9:2d:40:d2:b0:ae:91:30:3b:77:df:d1:9d:ff:
                    b1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:63:0C:EE:D6:DC:8B:61:E2:0E:8D:A0:FD:C5:F5:70:28:B9:8E:E2
            X509v3 Authority Key Identifier:
                keyid:6F:F9:CA:5C:76:BB:35:A9:35:3E:9B:13:E3:FC:E8:0F:36:31:61:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b_nKXHa7Nak1PpsT4_zoDzYxYYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/7f3546-4a87-4627-a019-341b9d64645d/1/ImMM7tbci2HiDo2g_cX1cCi5juI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/7f3546-4a87-4627-a019-341b9d64645d/1/b_nKXHa7Nak1PpsT4_zoDzYxYYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.93.0/24
                  185.6.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:68:6f:8f:76:4a:40:4e:f8:23:7f:b8:88:fa:3f:d2:17:a0:
         70:ca:91:5e:8d:d6:d6:b8:f3:3e:e4:1d:c7:a9:8a:91:2c:b8:
         a5:3b:06:f3:46:be:08:1f:00:eb:ff:bf:57:e0:7b:36:c2:5b:
         c2:87:7f:57:c0:90:c0:e1:c5:2d:94:4b:39:01:d3:80:03:96:
         ad:ea:91:01:4d:5d:a4:94:7b:a2:c9:42:98:b6:65:0b:f1:52:
         ca:2a:ec:62:db:a3:ad:a7:8c:1e:e1:2b:4d:de:34:db:7f:5b:
         15:34:50:fd:9d:cb:c6:5b:2d:a4:e8:a3:1c:44:20:f2:74:e4:
         7a:86:89:51:c7:8d:a1:ae:a1:1e:68:86:0f:ef:c6:7a:e9:77:
         af:cc:f5:88:13:55:d5:60:fc:b3:57:4e:6d:d4:09:a4:76:b5:
         e2:c3:61:5b:ce:33:11:1c:7a:17:72:8a:6c:5c:bb:4d:b8:d7:
         1d:a2:fa:3a:ed:57:34:7b:97:07:39:84:d2:05:30:fe:5d:fc:
         a6:73:4f:d6:f6:4e:86:85:e5:2e:90:58:78:af:d4:cb:9b:f5:
         2c:62:7b:22:b1:3c:7a:75:ae:68:b9:d2:7d:07:7b:65:d3:83:
         c6:b5:0a:2f:f6:1f:ad:1e:f4:1e:67:95:a9:f6:30:2d:fa:c1:
         a8:e1:98:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2rPOyT6vlN8Tjr6VpNKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZjljYTVjNzZiYjM1YTkzNTNlOWIxM2UzZmNlODBmMzYz
MTYxODAwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjYzMGNlZWQ2ZGM4YjYxZTIwZThkYTBmZGM1ZjU3MDI4Yjk4ZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWLiZzP86E2lzWnO9ctqC+4O5SPC
kMcSjhP9AkK3FnjrDqRRlZTHB1/wtOzGq8PwH7bXCG6lQUl5Kf33bCXU1XgxrV17
luNeLl8jv1eyj2/dZcm44pO3tg3ELECtRKwC4ye0w66H8P141KiXG8jcYALXZfcs
AOeYf7CoHP1J57qALD05K4LWRmx8d+D5XNN7hAj3hXoO3WQI+QLtHkBFfM7RP75b
HxOUftP1zMulE1NnpxGi0IvylP/Nd94yOblajur1IGebGhzKXXHbHjSD3EURlLTY
KNF8oIK33cSNwYT4cU1kBlYaYkCGm/05ODnE+S1A0rCukTA7d9/Rnf+xFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCJjDO7W3Ith4g6NoP3F9XAouY7iMB8GA1UdIwQY
MBaAFG/5ylx2uzWpNT6bE+P86A82MWGAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYl9uS1hIYTdOYWsxUHBzVDRfem9Eell4WVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi83ZjM1NDYtNGE4Ny00NjI3LWEwMTkt
MzQxYjlkNjQ2NDVkLzEvSW1NTTd0YmNpMkhpRG8yZ19jWDFjQ2k1anVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi83ZjM1NDYtNGE4Ny00NjI3LWEwMTktMzQxYjlkNjQ2NDVk
LzEvYl9uS1hIYTdOYWsxUHBzVDRfem9Eell4WVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+VdAwQC
uQZkMA0GCSqGSIb3DQEBCwUAA4IBAQBPaG+PdkpATvgjf7iI+j/SF6BwypFejdbW
uPM+5B3HqYqRLLilOwbzRr4IHwDr/79X4Hs2wlvCh39XwJDA4cUtlEs5AdOAA5at
6pEBTV2klHuiyUKYtmUL8VLKKuxi26Otp4we4StN3jTbf1sVNFD9ncvGWy2k6KMc
RCDydOR6holRx42hrqEeaIYP78Z66XevzPWIE1XVYPyzV05t1AmkdrXiw2FbzjMR
HHoXcopsXLtNuNcdovo67Vc0e5cHOYTSBTD+Xfymc0/W9k6GheUukFh4r9TLm/Us
YnsisTx6da5oudJ9B3tl04PGtQov9h+tHvQeZ5Wp9jAt+sGo4Zir
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:03:30 2024 by rpki-client on console-fra.rpki-client.org