Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/6a3d3e-25fd-42ff-a5fb-8b3bf8bf98eb/1/1-zIyQcXigrLmVJPoJ70dQF8tCdc.roa
File:                     1-zIyQcXigrLmVJPoJ70dQF8tCdc.roa (raw, json)
Hash identifier:          TXP3vPKzyPK54Lh1R+sUezVEsjJk2uOFChyNCW4zNus=
Subject key identifier:   FB:32:32:41:C5:E2:82:B2:E6:54:93:E8:27:BD:1D:40:5F:2D:09:D7
Certificate issuer:       /CN=24a30b60d23d74e8226bcd5e15dc5bf770ad307e
Certificate serial:       018CC8713A59C42D07B122030CD9DE94ECA7
Authority key identifier: 24:A3:0B:60:D2:3D:74:E8:22:6B:CD:5E:15:DC:5B:F7:70:AD:30:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JKMLYNI9dOgia81eFdxb93CtMH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/6a3d3e-25fd-42ff-a5fb-8b3bf8bf98eb/1/1-zIyQcXigrLmVJPoJ70dQF8tCdc.roa
Signing time:             Tue 02 Jan 2024 04:31:52 +0000
ROA not before:           Tue 02 Jan 2024 04:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206549
IP address blocks:        185.181.224.0/22 maxlen: 22
                          2a0a:d480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/6a3d3e-25fd-42ff-a5fb-8b3bf8bf98eb/1/JKMLYNI9dOgia81eFdxb93CtMH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/6a3d3e-25fd-42ff-a5fb-8b3bf8bf98eb/1/JKMLYNI9dOgia81eFdxb93CtMH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JKMLYNI9dOgia81eFdxb93CtMH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:3a:59:c4:2d:07:b1:22:03:0c:d9:de:94:ec:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24a30b60d23d74e8226bcd5e15dc5bf770ad307e
        Validity
            Not Before: Jan  2 04:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb323241c5e282b2e65493e827bd1d405f2d09d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4f:61:22:b0:b7:5f:31:f7:2e:25:78:f2:b0:
                    55:84:19:1d:b9:3e:2f:38:ba:d7:46:05:e2:51:66:
                    32:32:67:06:2e:38:84:88:05:4b:f9:e5:15:e8:67:
                    93:cd:68:45:55:9d:c6:88:2f:e3:d9:9b:45:93:9e:
                    23:c6:92:de:84:2d:c9:08:5d:98:4e:60:c9:13:d3:
                    e6:fb:c4:df:57:49:4a:14:04:53:94:42:f4:de:69:
                    40:c9:66:52:a7:54:5c:bf:54:0b:9a:cc:7c:c5:fc:
                    7a:bf:b6:32:35:68:57:38:a0:63:31:16:69:33:c5:
                    94:71:ec:86:fa:7b:d3:09:6b:6d:77:15:af:6e:f9:
                    7b:01:92:cb:f6:b4:6b:8f:8e:51:44:0f:f3:3b:59:
                    61:eb:ee:a2:e0:0a:1c:86:22:6b:5a:03:dc:79:11:
                    63:c4:e6:50:3d:ae:37:19:1a:d0:5b:4c:2d:0f:15:
                    c4:55:3a:d0:89:ad:29:4f:d6:20:70:af:c6:3a:3f:
                    f1:e1:28:0a:82:0d:8a:de:94:ad:3e:69:2a:4a:db:
                    9c:17:78:2e:dc:6a:4b:c6:01:75:ab:3d:1f:f1:d3:
                    7f:48:ab:b5:67:2c:cc:bc:11:b4:cb:d5:40:c5:12:
                    83:40:c6:27:0f:45:ea:57:74:82:65:6d:94:d5:04:
                    16:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:32:32:41:C5:E2:82:B2:E6:54:93:E8:27:BD:1D:40:5F:2D:09:D7
            X509v3 Authority Key Identifier:
                keyid:24:A3:0B:60:D2:3D:74:E8:22:6B:CD:5E:15:DC:5B:F7:70:AD:30:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JKMLYNI9dOgia81eFdxb93CtMH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/6a3d3e-25fd-42ff-a5fb-8b3bf8bf98eb/1/1-zIyQcXigrLmVJPoJ70dQF8tCdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/6a3d3e-25fd-42ff-a5fb-8b3bf8bf98eb/1/JKMLYNI9dOgia81eFdxb93CtMH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.224.0/22
                IPv6:
                  2a0a:d480::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:d2:b4:90:ed:32:91:fc:0f:bc:1c:65:70:eb:55:66:01:ce:
         3d:d5:d0:4d:38:d0:5b:b3:72:f7:17:0d:42:9c:88:59:04:46:
         5e:6d:5b:99:92:89:01:d8:20:1f:9e:e1:00:9c:31:90:7e:38:
         38:11:e7:78:4e:70:62:00:ea:2e:4f:66:10:5c:7f:a0:69:14:
         c2:6a:3e:eb:a1:3f:79:f3:e9:91:88:da:17:be:15:f8:fe:1b:
         ec:41:ea:e1:7e:d1:6a:6c:b5:ec:6f:d4:44:c2:61:e0:3c:04:
         05:21:c3:c0:47:5b:a4:24:69:8d:b0:6a:3f:83:31:e0:aa:f4:
         e6:eb:0c:53:d1:d4:c1:92:bd:0f:0b:7f:8c:a0:d1:cf:3d:83:
         27:00:f1:ce:ab:ae:5e:bc:dd:39:bc:fa:6d:71:fa:a3:39:d3:
         2f:a2:98:a5:63:7d:de:b2:fd:24:3f:b6:eb:54:c4:c8:40:41:
         66:15:c8:e5:1c:65:d4:08:10:b6:69:d7:7b:4d:27:91:26:8d:
         a0:08:a3:04:6b:d6:b1:ab:60:b1:30:e4:6b:c9:ea:1e:06:2b:
         d4:ee:cd:90:56:4a:89:dd:93:fa:5f:52:7f:13:26:f3:2f:f0:
         bb:f3:fe:ec:d0:5a:35:39:66:80:1d:3a:99:b0:be:76:be:f5:
         4b:00:0c:2d
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzIcTpZxC0HsSIDDNnelOynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YTMwYjYwZDIzZDc0ZTgyMjZiY2Q1ZTE1ZGM1YmY3NzBh
ZDMwN2UwHhcNMjQwMTAyMDQzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjMyMzI0MWM1ZTI4MmIyZTY1NDkzZTgyN2JkMWQ0MDVmMmQwOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzE9hIrC3XzH3LiV48rBVhBkduT4v
OLrXRgXiUWYyMmcGLjiEiAVL+eUV6GeTzWhFVZ3GiC/j2ZtFk54jxpLehC3JCF2Y
TmDJE9Pm+8TfV0lKFARTlEL03mlAyWZSp1Rcv1QLmsx8xfx6v7YyNWhXOKBjMRZp
M8WUceyG+nvTCWttdxWvbvl7AZLL9rRrj45RRA/zO1lh6+6i4AochiJrWgPceRFj
xOZQPa43GRrQW0wtDxXEVTrQia0pT9YgcK/GOj/x4SgKgg2K3pStPmkqStucF3gu
3GpLxgF1qz0f8dN/SKu1ZyzMvBG0y9VAxRKDQMYnD0XqV3SCZW2U1QQWCQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPsyMkHF4oKy5lST6Ce9HUBfLQnXMB8GA1UdIwQY
MBaAFCSjC2DSPXToImvNXhXcW/dwrTB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSktNTFlOSTlkT2dpYTgxZUZkeGI5M0N0TUg0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82YTNkM2UtMjVmZC00MmZmLWE1ZmIt
OGIzYmY4YmY5OGViLzEvMS16SXlRY1hpZ3JMbVZKUG9KNzBkUUY4dENkYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjYvNmEzZDNlLTI1ZmQtNDJmZi1hNWZiLThiM2JmOGJmOThl
Yi8xL0pLTUxZTkk5ZE9naWE4MWVGZHhiOTNDdE1INC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArm14DAN
BAIAAjAHAwUDKgrUgDANBgkqhkiG9w0BAQsFAAOCAQEAFdK0kO0ykfwPvBxlcOtV
ZgHOPdXQTTjQW7Ny9xcNQpyIWQRGXm1bmZKJAdggH57hAJwxkH44OBHneE5wYgDq
Lk9mEFx/oGkUwmo+66E/efPpkYjaF74V+P4b7EHq4X7Ramy17G/URMJh4DwEBSHD
wEdbpCRpjbBqP4Mx4Kr05usMU9HUwZK9Dwt/jKDRzz2DJwDxzquuXrzdObz6bXH6
oznTL6KYpWN93rL9JD+261TEyEBBZhXI5Rxl1AgQtmnXe00nkSaNoAijBGvWsatg
sTDka8nqHgYr1O7NkFZKid2T+l9SfxMm8y/wu/P+7NBaNTlmgB06mbC+dr71SwAM
LQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:54:45 2024 by rpki-client on console-ams.rpki-client.org