Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/IjezXCFAn1MVflvOCKrv9Gq9ttk.roa
File:                     IjezXCFAn1MVflvOCKrv9Gq9ttk.roa (raw, json)
Hash identifier:          Sf1Lr7IW0S9n24sCOm8gb9hfbHcsLw35GWcYNpfz8WU=
Subject key identifier:   22:37:B3:5C:21:40:9F:53:15:7E:5B:CE:08:AA:EF:F4:6A:BD:B6:D9
Certificate issuer:       /CN=68d425cc7b1b7880a875f76beda80fe3109319ed
Certificate serial:       01902B94DC340F10E928BD50A775CEE900AB
Authority key identifier: 68:D4:25:CC:7B:1B:78:80:A8:75:F7:6B:ED:A8:0F:E3:10:93:19:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aNQlzHsbeICodfdr7agP4xCTGe0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/IjezXCFAn1MVflvOCKrv9Gq9ttk.roa
Signing time:             Tue 18 Jun 2024 13:41:34 +0000
ROA not before:           Tue 18 Jun 2024 13:41:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31673
IP address blocks:        185.181.84.0/22 maxlen: 22
                          2a0a:c780::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/aNQlzHsbeICodfdr7agP4xCTGe0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/aNQlzHsbeICodfdr7agP4xCTGe0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aNQlzHsbeICodfdr7agP4xCTGe0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2b:94:dc:34:0f:10:e9:28:bd:50:a7:75:ce:e9:00:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68d425cc7b1b7880a875f76beda80fe3109319ed
        Validity
            Not Before: Jun 18 13:41:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2237b35c21409f53157e5bce08aaeff46abdb6d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:30:d0:98:0f:e8:3e:6a:71:17:1c:96:f9:1d:
                    2b:c6:e0:cc:bd:0e:91:26:2d:03:15:02:62:ff:86:
                    90:f0:17:b8:da:78:3e:95:4b:57:13:21:44:d0:e9:
                    ab:82:74:0d:c5:18:c8:b6:dc:13:e2:c7:a8:72:e0:
                    93:3a:6c:07:1e:19:02:c1:33:87:0b:95:47:83:13:
                    30:d9:d7:90:9d:b9:e5:6e:79:4f:3f:d4:c4:18:f0:
                    39:46:fb:78:27:dc:2d:6d:ff:6d:56:93:09:86:2d:
                    0b:6c:d0:72:39:b3:e3:0e:20:b0:17:81:53:83:28:
                    13:e0:a0:14:70:1c:c6:7c:e2:b1:d2:4c:08:5f:75:
                    de:13:da:73:76:e3:62:36:1c:f1:54:30:1b:96:cd:
                    f8:5c:f7:41:5f:ab:19:c8:97:c3:b9:9d:6d:2e:06:
                    ac:ea:38:c9:d6:09:c0:7c:70:0e:6f:20:c3:f4:b0:
                    70:b2:7f:da:70:34:f8:69:04:26:d3:51:0a:aa:0e:
                    35:27:c7:a2:d9:8a:cf:e4:bf:10:e3:12:10:3e:be:
                    37:0d:e3:de:e4:41:6f:8a:b7:c7:1e:44:98:70:09:
                    17:4f:85:41:e8:bd:98:63:c8:14:6a:2b:31:61:37:
                    5a:ba:74:d7:28:79:79:25:25:98:64:35:fb:c7:8b:
                    38:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:37:B3:5C:21:40:9F:53:15:7E:5B:CE:08:AA:EF:F4:6A:BD:B6:D9
            X509v3 Authority Key Identifier:
                keyid:68:D4:25:CC:7B:1B:78:80:A8:75:F7:6B:ED:A8:0F:E3:10:93:19:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aNQlzHsbeICodfdr7agP4xCTGe0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/IjezXCFAn1MVflvOCKrv9Gq9ttk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/aNQlzHsbeICodfdr7agP4xCTGe0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.84.0/22
                IPv6:
                  2a0a:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         d0:ee:95:b5:2b:e5:4d:66:d7:c4:c1:99:89:ff:a8:aa:8c:94:
         c5:25:a9:48:6e:93:f4:7e:df:86:7d:aa:45:08:11:1a:be:27:
         24:ed:be:18:73:ee:c7:fc:ce:84:41:31:61:83:25:39:ec:6f:
         0e:9c:bd:b4:1d:87:f1:3d:d1:13:16:2a:50:8e:74:cb:a1:7c:
         50:65:2b:a2:29:6b:6d:a2:c7:e4:2c:ab:f0:8c:80:92:0e:ad:
         aa:3d:3c:b0:29:31:43:71:8c:1c:9f:35:0b:fe:01:02:37:14:
         0a:75:04:69:43:36:c5:02:f5:a9:e5:df:79:08:b2:e5:f7:e3:
         ea:b2:7d:91:59:b0:f1:60:bd:bc:c2:a8:fb:14:bb:53:05:b5:
         6c:85:58:a2:89:75:2a:44:40:98:25:aa:6a:84:10:e0:53:e9:
         a1:0e:0f:43:18:1b:1e:6b:21:88:c4:20:06:46:33:42:6f:93:
         db:5d:4a:37:4a:c8:6b:0d:48:07:f2:ff:be:36:a0:b1:89:c5:
         c5:ef:69:da:f6:92:6a:7b:07:2c:03:30:01:c8:6e:5a:0a:cd:
         3e:f9:4d:e4:d8:05:40:91:ac:86:3f:f8:ab:48:66:14:03:d8:
         e9:7d:be:b1:be:1d:b9:25:c4:29:c8:e6:8c:ac:4c:a6:c1:1a:
         70:be:6c:4a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZArlNw0DxDpKL1Qp3XO6QCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZDQyNWNjN2IxYjc4ODBhODc1Zjc2YmVkYTgwZmUzMTA5
MzE5ZWQwHhcNMjQwNjE4MTM0MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjM3YjM1YzIxNDA5ZjUzMTU3ZTViY2UwOGFhZWZmNDZhYmRiNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDDQmA/oPmpxFxyW+R0rxuDMvQ6R
Ji0DFQJi/4aQ8Be42ng+lUtXEyFE0OmrgnQNxRjIttwT4seocuCTOmwHHhkCwTOH
C5VHgxMw2deQnbnlbnlPP9TEGPA5Rvt4J9wtbf9tVpMJhi0LbNByObPjDiCwF4FT
gygT4KAUcBzGfOKx0kwIX3XeE9pzduNiNhzxVDAbls34XPdBX6sZyJfDuZ1tLgas
6jjJ1gnAfHAObyDD9LBwsn/acDT4aQQm01EKqg41J8ei2YrP5L8Q4xIQPr43DePe
5EFvirfHHkSYcAkXT4VB6L2YY8gUaisxYTdaunTXKHl5JSWYZDX7x4s4KQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCI3s1whQJ9TFX5bzgiq7/RqvbbZMB8GA1UdIwQY
MBaAFGjUJcx7G3iAqHX3a+2oD+MQkxntMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU5RbHpIc2JlSUNvZGZkcjdhZ1A0eENUR2UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jMGY3ZTMtNjNiOS00YTVmLTk2Y2Et
NWM0NWI2MThmOTkwLzEvSWplelhDRkFuMU1WZmx2T0NLcnY5R3E5dHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jMGY3ZTMtNjNiOS00YTVmLTk2Y2EtNWM0NWI2MThmOTkw
LzEvYU5RbHpIc2JlSUNvZGZkcjdhZ1A0eENUR2UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubVUMA0E
AgACMAcDBQMqCseAMA0GCSqGSIb3DQEBCwUAA4IBAQDQ7pW1K+VNZtfEwZmJ/6iq
jJTFJalIbpP0ft+GfapFCBEavick7b4Yc+7H/M6EQTFhgyU57G8OnL20HYfxPdET
FipQjnTLoXxQZSuiKWttosfkLKvwjICSDq2qPTywKTFDcYwcnzUL/gECNxQKdQRp
QzbFAvWp5d95CLLl9+Pqsn2RWbDxYL28wqj7FLtTBbVshViiiXUqRECYJapqhBDg
U+mhDg9DGBseayGIxCAGRjNCb5PbXUo3SshrDUgH8v++NqCxicXF72na9pJqewcs
AzAByG5aCs0++U3k2AVAkayGP/irSGYUA9jpfb6xvh25JcQpyOaMrEymwRpwvmxK
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:37:09 2024 by rpki-client on console-fra.rpki-client.org