Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/i7RvoOLJu5rliZhLiYLPSQJWqLA.roa
File:                     i7RvoOLJu5rliZhLiYLPSQJWqLA.roa (raw, json)
Hash identifier:          ZkBIraxtLjJp7Shf7A0s9e3r+bccqRuL371i1wa7DiQ=
Subject key identifier:   8B:B4:6F:A0:E2:C9:BB:9A:E5:89:98:4B:89:82:CF:49:02:56:A8:B0
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC72766EDD88D4F7D1064BC6AFDC7725E
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/i7RvoOLJu5rliZhLiYLPSQJWqLA.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60448
IP address blocks:        89.174.26.0/23 maxlen: 23
                          89.174.25.0/24 maxlen: 24
                          85.219.192.0/24 maxlen: 24
                          89.174.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:66:ed:d8:8d:4f:7d:10:64:bc:6a:fd:c7:72:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bb46fa0e2c9bb9ae589984b8982cf490256a8b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e4:82:7e:37:4f:da:35:9a:46:48:78:19:9e:
                    6b:ce:b9:ef:e7:12:70:85:7d:84:83:3a:d8:c1:fc:
                    68:77:8d:36:6f:f2:f5:5d:34:89:88:de:9a:d3:81:
                    ea:5f:61:7b:5f:e3:18:f8:61:0c:f5:9e:44:07:13:
                    05:01:11:29:00:6b:1d:0a:40:ac:53:91:fb:b8:52:
                    af:50:1c:18:4f:69:61:04:4b:4b:3a:c7:81:37:19:
                    75:69:e1:87:1e:0d:10:68:5c:ea:40:50:0a:61:3b:
                    fd:4d:99:d3:b6:1b:26:41:16:79:ff:ba:e0:c8:cc:
                    c1:57:e4:39:f7:c9:c2:0b:15:00:1e:71:69:f7:36:
                    75:25:a7:c4:02:32:c5:04:9e:3b:9e:c6:b7:0b:24:
                    5b:5e:61:ac:1e:2e:6e:b6:2b:52:51:da:54:61:cf:
                    62:25:d0:51:00:05:16:32:65:67:35:b2:69:66:49:
                    0f:6f:17:63:1e:5d:b2:56:57:2b:40:18:17:b8:e2:
                    64:7a:52:3a:bd:64:46:3c:c8:62:78:90:9f:23:07:
                    e8:f2:81:42:e0:a7:fc:f1:b2:60:e0:e6:d3:4f:17:
                    20:d7:4a:dc:7f:2e:10:68:15:66:f2:8b:4e:5e:ea:
                    cd:7f:62:8d:22:cd:8e:59:c0:13:f6:90:7f:75:b1:
                    e5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:B4:6F:A0:E2:C9:BB:9A:E5:89:98:4B:89:82:CF:49:02:56:A8:B0
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/i7RvoOLJu5rliZhLiYLPSQJWqLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.192.0/24
                  89.174.25.0-89.174.27.255
                  89.174.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:3b:aa:61:db:2e:24:65:be:5e:a7:8f:9a:3b:c3:85:a9:d7:
         3c:a5:0e:f2:84:76:30:54:73:71:1e:8d:43:d8:98:ff:a8:d3:
         75:62:ed:f9:86:ee:2c:72:1d:f6:f1:5d:58:1e:86:4d:58:40:
         b2:26:c2:02:86:d8:3a:15:39:7e:af:dd:9c:6c:22:b4:f2:af:
         28:1d:fd:c0:2b:fd:ee:44:08:42:41:84:9a:4a:86:72:2c:e8:
         01:de:87:3a:63:8c:cd:c7:34:1f:2b:d6:a4:00:8e:31:54:a7:
         97:c4:4b:63:8d:f0:83:2e:51:89:21:4b:af:73:b7:81:cc:3e:
         90:d8:a9:13:79:41:5d:1d:97:ff:fb:f3:e6:41:01:ae:17:d6:
         c1:6e:53:15:f2:8a:96:67:4d:9a:64:2e:65:c9:75:1c:5f:29:
         c1:ef:44:c3:00:42:6f:a2:22:1d:a3:5d:15:e6:e6:b8:52:05:
         c0:50:ef:0a:fb:43:da:30:99:26:5e:49:ca:46:b8:ab:ee:a8:
         16:58:7b:f4:1f:75:66:dd:76:2a:84:49:5b:b5:66:41:88:f7:
         a7:07:37:3c:3e:3a:fe:bf:00:76:54:89:6e:d3:f1:35:b4:3d:
         08:ae:5e:a2:a7:88:0b:76:1b:b1:fd:8f:01:07:2c:7d:fc:90:
         4d:b6:dc:ac
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzHJ2bt2I1PfRBkvGr9x3JeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmI0NmZhMGUyYzliYjlhZTU4OTk4NGI4OTgyY2Y0OTAyNTZhOGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouSCfjdP2jWaRkh4GZ5rzrnv5xJw
hX2EgzrYwfxod402b/L1XTSJiN6a04HqX2F7X+MY+GEM9Z5EBxMFAREpAGsdCkCs
U5H7uFKvUBwYT2lhBEtLOseBNxl1aeGHHg0QaFzqQFAKYTv9TZnTthsmQRZ5/7rg
yMzBV+Q598nCCxUAHnFp9zZ1JafEAjLFBJ47nsa3CyRbXmGsHi5utitSUdpUYc9i
JdBRAAUWMmVnNbJpZkkPbxdjHl2yVlcrQBgXuOJkelI6vWRGPMhieJCfIwfo8oFC
4Kf88bJg4ObTTxcg10rcfy4QaBVm8otOXurNf2KNIs2OWcAT9pB/dbHl+wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIu0b6Diybua5YmYS4mCz0kCVqiwMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvaTdSdm9PTEp1NXJsaVpoTGlZTFBTUUpXcUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAVdvAMAwD
BABZrhkDBAJZrhgDBABZrrgwDQYJKoZIhvcNAQELBQADggEBAE47qmHbLiRlvl6n
j5o7w4Wp1zylDvKEdjBUc3EejUPYmP+o03Vi7fmG7ixyHfbxXVgehk1YQLImwgKG
2DoVOX6v3ZxsIrTyrygd/cAr/e5ECEJBhJpKhnIs6AHehzpjjM3HNB8r1qQAjjFU
p5fES2ON8IMuUYkhS69zt4HMPpDYqRN5QV0dl//78+ZBAa4X1sFuUxXyipZnTZpk
LmXJdRxfKcHvRMMAQm+iIh2jXRXm5rhSBcBQ7wr7Q9owmSZeScpGuKvuqBZYe/Qf
dWbddiqESVu1ZkGI96cHNzw+Ov6/AHZUiW7T8TW0PQiuXqKniAt2G7H9jwEHLH38
kE223Kw=
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:48 2024 by rpki-client on console-ams.rpki-client.org