Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/b79a00-ade4-4776-a334-29da87323a2d/1/xmA1Hv7SK78O4OiQIjbpmlIwZGM.roa
File:                     xmA1Hv7SK78O4OiQIjbpmlIwZGM.roa (raw, json)
Hash identifier:          Az/n8IbGfCPmIkj+Pv6glZq8VUChanfszofybsY4IwU=
Subject key identifier:   C6:60:35:1E:FE:D2:2B:BF:0E:E0:E8:90:22:36:E9:9A:52:30:64:63
Certificate issuer:       /CN=faa067162e2209dc6c216ba6cfcd8be6d7386179
Certificate serial:       018CC2DABBAFB63C035D6AA32F5263CE0B1A
Authority key identifier: FA:A0:67:16:2E:22:09:DC:6C:21:6B:A6:CF:CD:8B:E6:D7:38:61:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-qBnFi4iCdxsIWumz82L5tc4YXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/b79a00-ade4-4776-a334-29da87323a2d/1/xmA1Hv7SK78O4OiQIjbpmlIwZGM.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12859
IP address blocks:        185.214.148.0/22 maxlen: 24
                          46.182.182.0/23 maxlen: 24
                          46.182.180.0/23 maxlen: 24
                          2a04:e1c0:1::/48 maxlen: 64
                          2a0b:9cc0::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/b79a00-ade4-4776-a334-29da87323a2d/1/1-qBnFi4iCdxsIWumz82L5tc4YXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/b79a00-ade4-4776-a334-29da87323a2d/1/1-qBnFi4iCdxsIWumz82L5tc4YXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-qBnFi4iCdxsIWumz82L5tc4YXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:bb:af:b6:3c:03:5d:6a:a3:2f:52:63:ce:0b:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faa067162e2209dc6c216ba6cfcd8be6d7386179
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c660351efed22bbf0ee0e8902236e99a52306463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b0:e1:77:03:27:b3:37:56:ec:2a:5d:24:62:
                    38:6b:ed:bb:35:5b:66:34:07:55:52:4c:17:d2:03:
                    ca:45:de:f7:b9:22:e8:24:7f:c5:0d:06:72:a3:58:
                    19:ac:8d:ec:65:4c:6d:1e:f4:ea:29:fb:11:c7:9b:
                    45:c3:3a:17:3d:b5:61:a0:16:44:8d:94:14:3c:70:
                    3b:16:78:8f:20:bc:2e:49:5c:2c:08:19:68:c4:50:
                    5f:cb:1a:1e:5e:bf:23:32:f1:b9:e8:59:53:a9:29:
                    15:a5:80:be:01:c7:7a:39:f8:9b:50:50:9e:81:e1:
                    04:a8:13:c2:9d:b9:cf:f5:10:1e:54:12:4c:44:37:
                    fc:bd:e1:c0:c7:d5:c2:d6:30:81:ee:f9:0e:68:c5:
                    42:d8:72:be:cd:c3:98:71:26:24:21:69:b8:f1:60:
                    5c:75:12:ba:61:8a:6c:3f:83:92:c3:84:e9:ce:a6:
                    dd:d1:1a:d4:35:c4:16:92:89:cb:db:fa:65:ad:c8:
                    c8:8e:3a:f0:01:f4:36:bf:cb:f0:3c:94:3f:f0:67:
                    a9:a8:ef:06:d6:c4:96:32:37:3e:a5:1f:d2:e3:99:
                    90:a7:0d:83:5e:f8:53:45:3f:6e:fa:9a:06:66:12:
                    a1:e4:8c:6f:ee:d7:28:c5:2e:9a:3a:4c:f2:19:fd:
                    b2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:60:35:1E:FE:D2:2B:BF:0E:E0:E8:90:22:36:E9:9A:52:30:64:63
            X509v3 Authority Key Identifier:
                keyid:FA:A0:67:16:2E:22:09:DC:6C:21:6B:A6:CF:CD:8B:E6:D7:38:61:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-qBnFi4iCdxsIWumz82L5tc4YXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/b79a00-ade4-4776-a334-29da87323a2d/1/xmA1Hv7SK78O4OiQIjbpmlIwZGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/b79a00-ade4-4776-a334-29da87323a2d/1/1-qBnFi4iCdxsIWumz82L5tc4YXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.180.0/22
                  185.214.148.0/22
                IPv6:
                  2a04:e1c0:1::/48
                  2a0b:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:63:27:2c:75:79:2e:2f:50:7d:ac:56:91:0f:9f:f6:23:c6:
         d6:89:3d:bf:2b:87:20:86:70:fd:0b:30:28:bf:80:31:f6:d5:
         95:b3:e4:59:0d:7c:ef:62:e4:f7:c2:7e:22:cc:d8:28:f0:20:
         89:3c:9b:19:d4:68:5a:ee:7c:94:33:e6:76:8b:47:99:09:4d:
         aa:0b:4a:76:10:b2:c4:ea:d7:b2:4b:82:f6:18:86:73:c3:21:
         8c:c2:b5:fb:63:b9:5d:55:0c:f6:26:0b:36:c4:03:c6:ee:92:
         a7:ae:50:fe:c0:a9:75:d4:b0:fd:a8:33:fb:50:87:61:b3:e1:
         86:a5:cd:25:ab:72:e7:01:09:8d:b0:24:db:2c:a2:8d:41:47:
         fa:26:15:c0:43:77:0f:30:72:2c:3f:b2:94:d8:83:81:c3:50:
         6e:28:c9:9f:17:8c:5d:cc:71:2b:72:4e:a1:ca:f8:d5:7e:ba:
         53:b5:ad:4c:6c:95:01:ab:32:aa:64:9f:c9:12:98:3a:5b:a4:
         c5:fe:3b:23:a7:3b:a2:dd:23:b7:18:d1:1e:cc:a6:cc:43:72:
         e6:46:e5:db:20:7f:61:b4:02:87:0c:31:08:f2:21:cf:ff:c8:
         85:33:51:4f:49:e5:6d:0a:e4:3d:c6:6a:e1:ab:a9:b0:0e:10:
         e0:4e:3f:82
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzC2ruvtjwDXWqjL1JjzgsaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYTA2NzE2MmUyMjA5ZGM2YzIxNmJhNmNmY2Q4YmU2ZDcz
ODYxNzkwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjYwMzUxZWZlZDIyYmJmMGVlMGU4OTAyMjM2ZTk5YTUyMzA2NDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7DhdwMnszdW7CpdJGI4a+27NVtm
NAdVUkwX0gPKRd73uSLoJH/FDQZyo1gZrI3sZUxtHvTqKfsRx5tFwzoXPbVhoBZE
jZQUPHA7FniPILwuSVwsCBloxFBfyxoeXr8jMvG56FlTqSkVpYC+Acd6OfibUFCe
geEEqBPCnbnP9RAeVBJMRDf8veHAx9XC1jCB7vkOaMVC2HK+zcOYcSYkIWm48WBc
dRK6YYpsP4OSw4Tpzqbd0RrUNcQWkonL2/plrcjIjjrwAfQ2v8vwPJQ/8GepqO8G
1sSWMjc+pR/S45mQpw2DXvhTRT9u+poGZhKh5Ixv7tcoxS6aOkzyGf2yewIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFMZgNR7+0iu/DuDokCI26ZpSMGRjMB8GA1UdIwQY
MBaAFPqgZxYuIgncbCFrps/Ni+bXOGF5MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1xQm5GaTRpQ2R4c0lXdW16ODJMNXRjNFlYay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWEvYjc5YTAwLWFkZTQtNDc3Ni1hMzM0
LTI5ZGE4NzMyM2EyZC8xL3htQTFIdjdTSzc4TzRPaVFJamJwbWxJd1pHTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWEvYjc5YTAwLWFkZTQtNDc3Ni1hMzM0LTI5ZGE4NzMyM2Ey
ZC8xLzEtcUJuRmk0aUNkeHNJV3VtejgyTDV0YzRZWGsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwPQYIKwYBBQUHAQcBAf8ELjAsMBIEAgABMAwDBAIutrQD
BAK51pQwFgQCAAIwEAMHACoE4cAAAQMFAyoLnMAwDQYJKoZIhvcNAQELBQADggEB
AFZjJyx1eS4vUH2sVpEPn/YjxtaJPb8rhyCGcP0LMCi/gDH21ZWz5FkNfO9i5PfC
fiLM2CjwIIk8mxnUaFrufJQz5naLR5kJTaoLSnYQssTq17JLgvYYhnPDIYzCtftj
uV1VDPYmCzbEA8bukqeuUP7AqXXUsP2oM/tQh2Gz4YalzSWrcucBCY2wJNssoo1B
R/omFcBDdw8wciw/spTYg4HDUG4oyZ8XjF3McStyTqHK+NV+ulO1rUxslQGrMqpk
n8kSmDpbpMX+OyOnO6LdI7cY0R7MpsxDcuZG5dsgf2G0AocMMQjyIc//yIUzUU9J
5W0K5D3GauGrqbAOEOBOP4I=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:19:04 2024 by rpki-client on console-ams.rpki-client.org