Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/57269b-0f70-46cf-bce2-c7775159fc82/1/IuGQMbFOEAl0kd89xSUHGfOFPYA.roa
File:                     IuGQMbFOEAl0kd89xSUHGfOFPYA.roa (raw, json)
Hash identifier:          3aLF/866GCr0PtdWXcDhNDf2vwDrR+vpXiXptTJxxLw=
Subject key identifier:   22:E1:90:31:B1:4E:10:09:74:91:DF:3D:C5:25:07:19:F3:85:3D:80
Certificate issuer:       /CN=a42cf3ea3f4619add7b1f85e5dbc768cd3d1742d
Certificate serial:       0190730E59AB6F66F5CDB19DA2A768C1243F
Authority key identifier: A4:2C:F3:EA:3F:46:19:AD:D7:B1:F8:5E:5D:BC:76:8C:D3:D1:74:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pCzz6j9GGa3XsfheXbx2jNPRdC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/57269b-0f70-46cf-bce2-c7775159fc82/1/IuGQMbFOEAl0kd89xSUHGfOFPYA.roa
Signing time:             Tue 02 Jul 2024 10:47:18 +0000
ROA not before:           Tue 02 Jul 2024 10:47:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209634
IP address blocks:        147.78.184.0/22 maxlen: 22
                          185.18.232.0/24 maxlen: 24
                          185.18.233.0/24 maxlen: 24
                          185.18.234.0/24 maxlen: 24
                          2a09:840::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/57269b-0f70-46cf-bce2-c7775159fc82/1/pCzz6j9GGa3XsfheXbx2jNPRdC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/57269b-0f70-46cf-bce2-c7775159fc82/1/pCzz6j9GGa3XsfheXbx2jNPRdC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pCzz6j9GGa3XsfheXbx2jNPRdC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:73:0e:59:ab:6f:66:f5:cd:b1:9d:a2:a7:68:c1:24:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a42cf3ea3f4619add7b1f85e5dbc768cd3d1742d
        Validity
            Not Before: Jul  2 10:47:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22e19031b14e10097491df3dc5250719f3853d80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:08:7e:78:15:c2:73:f5:6b:3a:4b:95:2b:3b:
                    aa:e9:2a:6a:4d:9f:f1:2c:01:47:e5:cb:e5:88:25:
                    6e:56:68:85:6c:e1:8a:8f:16:18:c3:c5:d8:57:f2:
                    ef:3e:54:0c:b8:f5:d6:0a:df:54:7a:4a:1d:10:89:
                    29:bc:17:66:85:f5:58:12:08:35:17:6d:3b:18:e1:
                    22:c2:23:fd:a9:ac:d2:c7:0a:fb:01:02:3c:a4:ac:
                    4d:df:0c:77:e1:f9:59:8f:27:46:fe:34:0e:ab:67:
                    78:c8:18:13:09:91:07:7b:0d:21:9a:7d:c0:84:1c:
                    c2:35:bd:d2:77:db:18:92:ce:95:81:77:35:ae:32:
                    48:0e:96:ab:a3:47:2f:73:fd:a6:29:6a:12:a7:72:
                    19:e4:09:a7:32:39:15:27:66:a8:bf:4d:8d:98:96:
                    e7:c8:c2:70:1b:b5:b0:6f:77:c4:be:d1:18:7a:7b:
                    00:6b:41:2f:da:ad:0e:4e:94:44:8f:8d:b7:99:13:
                    ed:49:7b:7f:97:6c:49:46:22:d6:e0:53:a2:f9:65:
                    e9:96:4c:d2:7e:b8:b1:94:32:d2:51:1f:f4:cc:22:
                    d9:d7:b2:54:ea:2f:3b:81:e1:59:90:36:5c:cf:cf:
                    c3:59:a3:87:1c:0d:43:93:0c:3c:35:ba:48:22:16:
                    22:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:E1:90:31:B1:4E:10:09:74:91:DF:3D:C5:25:07:19:F3:85:3D:80
            X509v3 Authority Key Identifier:
                keyid:A4:2C:F3:EA:3F:46:19:AD:D7:B1:F8:5E:5D:BC:76:8C:D3:D1:74:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pCzz6j9GGa3XsfheXbx2jNPRdC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/57269b-0f70-46cf-bce2-c7775159fc82/1/IuGQMbFOEAl0kd89xSUHGfOFPYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/57269b-0f70-46cf-bce2-c7775159fc82/1/pCzz6j9GGa3XsfheXbx2jNPRdC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.184.0/22
                  185.18.232.0-185.18.234.255
                IPv6:
                  2a09:840::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:20:fb:b1:35:94:c5:c5:6e:45:23:41:65:f5:81:18:2b:be:
         2a:d0:fb:69:01:2f:49:5f:67:3c:ec:b0:2f:0e:2a:51:b5:01:
         e8:d6:0a:5f:dd:d3:29:f0:5a:d2:df:0e:d2:fb:08:75:af:05:
         19:e7:c5:d9:b9:f7:28:1e:af:e6:ab:ae:22:45:e6:33:f3:4b:
         95:44:d3:16:4f:1b:9e:61:3b:a5:99:e8:30:5c:f5:5a:e4:86:
         a7:8f:b4:e2:f8:88:6d:19:af:19:9a:05:94:a8:2a:cb:b9:0c:
         59:d3:a2:57:8c:3d:55:53:a2:3c:65:63:bc:1d:d7:e9:b2:af:
         11:4e:03:59:cf:16:68:4e:75:9c:1c:80:2b:89:a6:a3:8c:b0:
         a8:fc:71:d3:b2:c5:41:79:b0:32:de:08:1a:fa:7d:84:9b:d0:
         16:91:66:d6:16:e9:6d:ba:69:b9:41:ea:8a:d0:9d:7a:30:d6:
         96:f1:1a:f7:ba:ea:cd:23:37:b4:a5:f0:05:18:75:26:87:0e:
         49:61:c1:dc:cf:40:ad:bf:fb:b2:18:7a:f5:d0:06:50:93:70:
         1c:ed:28:2c:58:8c:da:3e:b1:da:7e:52:11:a4:d5:7b:b1:b6:
         a0:45:22:8a:6c:13:5a:fd:ed:91:c1:fa:8f:e0:00:53:d7:b3:
         3e:14:ad:97
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZBzDlmrb2b1zbGdoqdowSQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MmNmM2VhM2Y0NjE5YWRkN2IxZjg1ZTVkYmM3NjhjZDNk
MTc0MmQwHhcNMjQwNzAyMTA0NzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmUxOTAzMWIxNGUxMDA5NzQ5MWRmM2RjNTI1MDcxOWYzODUzZDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAh+eBXCc/VrOkuVKzuq6SpqTZ/x
LAFH5cvliCVuVmiFbOGKjxYYw8XYV/LvPlQMuPXWCt9UekodEIkpvBdmhfVYEgg1
F207GOEiwiP9qazSxwr7AQI8pKxN3wx34flZjydG/jQOq2d4yBgTCZEHew0hmn3A
hBzCNb3Sd9sYks6VgXc1rjJIDparo0cvc/2mKWoSp3IZ5AmnMjkVJ2aov02NmJbn
yMJwG7Wwb3fEvtEYensAa0Ev2q0OTpREj423mRPtSXt/l2xJRiLW4FOi+WXplkzS
frixlDLSUR/0zCLZ17JU6i87geFZkDZcz8/DWaOHHA1Dkww8NbpIIhYiFQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFCLhkDGxThAJdJHfPcUlBxnzhT2AMB8GA1UdIwQY
MBaAFKQs8+o/Rhmt17H4Xl28dozT0XQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEN6ejZqOUdHYTNYc2ZoZVhieDJqTlBSZEMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC81NzI2OWItMGY3MC00NmNmLWJjZTIt
Yzc3NzUxNTlmYzgyLzEvSXVHUU1iRk9FQWwwa2Q4OXhTVUhHZk9GUFlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC81NzI2OWItMGY3MC00NmNmLWJjZTItYzc3NzUxNTlmYzgy
LzEvcEN6ejZqOUdHYTNYc2ZoZVhieDJqTlBSZEMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQCk064MAwD
BAO5EugDBAC5EuowDQQCAAIwBwMFACoJCEAwDQYJKoZIhvcNAQELBQADggEBAEUg
+7E1lMXFbkUjQWX1gRgrvirQ+2kBL0lfZzzssC8OKlG1AejWCl/d0ynwWtLfDtL7
CHWvBRnnxdm59yger+arriJF5jPzS5VE0xZPG55hO6WZ6DBc9VrkhqePtOL4iG0Z
rxmaBZSoKsu5DFnToleMPVVTojxlY7wd1+myrxFOA1nPFmhOdZwcgCuJpqOMsKj8
cdOyxUF5sDLeCBr6fYSb0BaRZtYW6W26ablB6orQnXow1pbxGve66s0jN7Sl8AUY
dSaHDklhwdzPQK2/+7IYevXQBlCTcBztKCxYjNo+sdp+UhGk1XuxtqBFIopsE1r9
7ZHB+o/gAFPXsz4UrZc=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:12:34 2024 by rpki-client on console-fra.rpki-client.org