Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/b34a33-062b-4b70-ba51-02a12b86180d/1/ig7AY-Z9jmnBBmZqQmOqaP0RI8A.roa
File:                     ig7AY-Z9jmnBBmZqQmOqaP0RI8A.roa (raw, json)
Hash identifier:          0OWHjwebazEMmwY/CRC0QnsWyEjP2Yk7aIWvEXccSQY=
Subject key identifier:   8A:0E:C0:63:E6:7D:8E:69:C1:06:66:6A:42:63:AA:68:FD:11:23:C0
Certificate issuer:       /CN=b944ca2d992d7785800bdd5524d3e11383d9f1de
Certificate serial:       018CC26D421FE66B67B4D0215F66F4C80571
Authority key identifier: B9:44:CA:2D:99:2D:77:85:80:0B:DD:55:24:D3:E1:13:83:D9:F1:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUTKLZktd4WAC91VJNPhE4PZ8d4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/b34a33-062b-4b70-ba51-02a12b86180d/1/ig7AY-Z9jmnBBmZqQmOqaP0RI8A.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25353
IP address blocks:        46.235.56.0/21 maxlen: 21
                          81.201.192.0/20 maxlen: 20
                          185.183.188.0/22 maxlen: 22
                          2a03:2600::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/b34a33-062b-4b70-ba51-02a12b86180d/1/uUTKLZktd4WAC91VJNPhE4PZ8d4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/b34a33-062b-4b70-ba51-02a12b86180d/1/uUTKLZktd4WAC91VJNPhE4PZ8d4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUTKLZktd4WAC91VJNPhE4PZ8d4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:42:1f:e6:6b:67:b4:d0:21:5f:66:f4:c8:05:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b944ca2d992d7785800bdd5524d3e11383d9f1de
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a0ec063e67d8e69c106666a4263aa68fd1123c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d5:d5:eb:e0:5d:b8:17:02:69:68:3e:08:9b:
                    e4:bd:68:e9:67:e3:ec:ec:dd:26:c5:01:ed:09:e6:
                    1a:5d:cf:66:af:87:3f:2c:95:08:60:33:e4:cc:36:
                    8b:dc:77:93:fe:e9:80:93:c4:2c:4a:15:50:95:25:
                    fd:79:8c:a3:06:be:d4:d7:dd:46:c2:01:a9:a7:68:
                    15:b2:dd:13:f8:b0:ad:44:3b:92:6c:37:73:ea:7a:
                    96:7e:2f:17:2e:9e:49:b2:7f:c9:0a:c2:e4:36:17:
                    23:81:5d:c9:db:06:62:f7:86:26:27:73:41:10:29:
                    b2:c1:35:70:7f:f3:4f:46:4c:0f:ad:47:73:42:c9:
                    a3:74:b1:57:8f:c7:ea:ff:74:fb:1f:10:f2:d2:d4:
                    8c:1d:67:fd:0b:f8:c8:d2:aa:b3:ec:17:67:a5:f8:
                    70:4f:0c:ef:a5:fa:9a:74:10:93:df:cb:a7:3b:73:
                    55:a7:69:69:89:63:0e:aa:6d:1f:d8:9c:34:2a:1f:
                    d3:1e:b2:4a:e5:74:f8:97:e1:44:28:cc:18:49:bc:
                    db:d6:a2:8d:d8:84:c6:c9:b2:b5:d5:cc:86:d5:67:
                    5c:b5:48:da:cc:df:c5:10:97:05:ea:41:2a:75:03:
                    c7:0d:37:9f:42:39:d8:37:7e:c4:7f:e6:ef:3f:3e:
                    16:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:0E:C0:63:E6:7D:8E:69:C1:06:66:6A:42:63:AA:68:FD:11:23:C0
            X509v3 Authority Key Identifier:
                keyid:B9:44:CA:2D:99:2D:77:85:80:0B:DD:55:24:D3:E1:13:83:D9:F1:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUTKLZktd4WAC91VJNPhE4PZ8d4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/b34a33-062b-4b70-ba51-02a12b86180d/1/ig7AY-Z9jmnBBmZqQmOqaP0RI8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/b34a33-062b-4b70-ba51-02a12b86180d/1/uUTKLZktd4WAC91VJNPhE4PZ8d4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.56.0/21
                  81.201.192.0/20
                  185.183.188.0/22
                IPv6:
                  2a03:2600::/32

    Signature Algorithm: sha256WithRSAEncryption
         ae:59:e7:5a:b7:c2:72:1a:f8:ca:ab:84:d9:a9:8d:3a:92:bd:
         cb:ca:e3:49:c2:ad:f4:6a:00:16:76:82:e9:64:21:ef:a4:9c:
         fa:41:90:76:26:72:8c:d8:f7:98:ff:23:e4:05:a8:69:16:8a:
         76:f2:de:98:8f:44:85:d1:82:ce:dd:8c:f2:57:5c:f1:18:a7:
         4c:95:c2:6e:aa:fb:b5:99:b5:45:34:44:86:a8:b8:1c:f9:d5:
         7c:95:e0:b2:16:4e:d4:b2:3d:44:94:95:75:f7:d3:7a:42:6b:
         80:d6:b3:ca:eb:8b:a6:6d:93:36:c7:b7:ef:84:65:1e:5f:9d:
         ab:13:ea:e3:a4:88:16:ee:16:da:a0:f0:bb:d5:e9:d9:75:ab:
         4f:92:0c:da:c0:3c:80:b5:bc:01:41:bf:50:a4:98:f9:9c:d0:
         7f:06:c8:33:d2:80:f3:6f:f8:99:4a:c1:dd:90:9d:3a:75:74:
         aa:34:89:24:67:b8:e9:66:df:77:e3:b8:79:f1:4f:70:a1:6c:
         5f:b2:e4:74:f5:f3:74:a2:12:d2:9e:14:fd:a1:25:f8:e9:8c:
         cb:c8:de:64:7d:5c:86:2d:f4:99:3c:3f:98:b2:2a:fa:56:be:
         bf:aa:a2:2f:dc:d0:d5:b9:b0:e8:b9:dd:4f:50:61:22:92:ec:
         56:eb:b3:33
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzCbUIf5mtntNAhX2b0yAVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDRjYTJkOTkyZDc3ODU4MDBiZGQ1NTI0ZDNlMTEzODNk
OWYxZGUwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTBlYzA2M2U2N2Q4ZTY5YzEwNjY2NmE0MjYzYWE2OGZkMTEyM2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNXV6+BduBcCaWg+CJvkvWjpZ+Ps
7N0mxQHtCeYaXc9mr4c/LJUIYDPkzDaL3HeT/umAk8QsShVQlSX9eYyjBr7U191G
wgGpp2gVst0T+LCtRDuSbDdz6nqWfi8XLp5Jsn/JCsLkNhcjgV3J2wZi94YmJ3NB
ECmywTVwf/NPRkwPrUdzQsmjdLFXj8fq/3T7HxDy0tSMHWf9C/jI0qqz7Bdnpfhw
TwzvpfqadBCT38unO3NVp2lpiWMOqm0f2Jw0Kh/THrJK5XT4l+FEKMwYSbzb1qKN
2ITGybK11cyG1WdctUjazN/FEJcF6kEqdQPHDTefQjnYN37Ef+bvPz4WWQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIoOwGPmfY5pwQZmakJjqmj9ESPAMB8GA1UdIwQY
MBaAFLlEyi2ZLXeFgAvdVSTT4ROD2fHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVUS0xaa3RkNFdBQzkxVkpOUGhFNFBaOGQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9iMzRhMzMtMDYyYi00YjcwLWJhNTEt
MDJhMTJiODYxODBkLzEvaWc3QVktWjlqbW5CQm1acVFtT3FhUDBSSThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9iMzRhMzMtMDYyYi00YjcwLWJhNTEtMDJhMTJiODYxODBk
LzEvdVVUS0xaa3RkNFdBQzkxVkpOUGhFNFBaOGQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDLus4AwQE
UcnAAwQCube8MA0EAgACMAcDBQAqAyYAMA0GCSqGSIb3DQEBCwUAA4IBAQCuWeda
t8JyGvjKq4TZqY06kr3LyuNJwq30agAWdoLpZCHvpJz6QZB2JnKM2PeY/yPkBahp
Fop28t6Yj0SF0YLO3YzyV1zxGKdMlcJuqvu1mbVFNESGqLgc+dV8leCyFk7Usj1E
lJV199N6QmuA1rPK64umbZM2x7fvhGUeX52rE+rjpIgW7hbaoPC71enZdatPkgza
wDyAtbwBQb9QpJj5nNB/Bsgz0oDzb/iZSsHdkJ06dXSqNIkkZ7jpZt9347h58U9w
oWxfsuR09fN0ohLSnhT9oSX46YzLyN5kfVyGLfSZPD+Ysir6Vr6/qqIv3NDVubDo
ud1PUGEikuxW67Mz
-----END CERTIFICATE-----
Generated at Wed Nov 27 08:53:45 2024 by rpki-client on console-fra.rpki-client.org