Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/IuvHkFudrQgIAc26i0t2VcGCoCA.roa
File:                     IuvHkFudrQgIAc26i0t2VcGCoCA.roa (raw, json)
Hash identifier:          XQaEeomItNz9vvSaMJ5f7Db6j39u9h6HoIChMYiJyXY=
Subject key identifier:   22:EB:C7:90:5B:9D:AD:08:08:01:CD:BA:8B:4B:76:55:C1:82:A0:20
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC1119CF5C5A43FD89AC7F57C2B93
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/IuvHkFudrQgIAc26i0t2VcGCoCA.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43402
IP address blocks:        83.142.240.0/21 maxlen: 24
                          95.131.160.0/21 maxlen: 24
                          185.127.144.0/22 maxlen: 24
                          2a03:62c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c1:11:9c:f5:c5:a4:3f:d8:9a:c7:f5:7c:2b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22ebc7905b9dad080801cdba8b4b7655c182a020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d6:f7:ba:e5:f6:50:87:ac:b5:d2:41:df:11:
                    62:13:62:85:7e:de:20:4c:30:86:6b:db:87:84:4b:
                    f3:0b:5d:4e:ad:5e:cd:25:88:7a:7f:74:ab:ba:0a:
                    8c:a0:84:85:37:74:11:9f:a0:d1:51:3c:c5:3c:1e:
                    e1:33:ae:54:e6:42:46:2c:40:21:71:1c:a0:a6:de:
                    af:44:47:15:fe:94:c3:4a:41:c9:2e:26:d0:57:79:
                    39:c4:fa:b9:b6:21:14:e1:a1:3b:fe:32:ff:ff:50:
                    4e:00:ad:48:3c:e1:92:3e:16:13:fd:a1:60:13:0d:
                    51:36:d2:b1:c5:53:2d:c8:22:87:45:3a:21:aa:ca:
                    36:8d:e3:2b:04:e2:d9:71:c9:68:03:42:03:f4:ca:
                    83:df:b0:60:ba:11:ed:cd:5b:ce:ce:f7:73:82:ac:
                    ad:ec:06:11:a3:5c:bc:72:b9:49:e3:1b:3a:3b:58:
                    0e:08:40:2b:3c:28:9b:4a:43:88:49:0f:ff:2e:81:
                    8b:41:01:2d:72:46:dc:19:67:64:d4:f4:8b:0c:00:
                    da:cd:af:64:09:cf:54:d9:eb:b8:94:9b:8b:6e:c1:
                    11:69:a5:47:10:6b:d8:60:c2:e9:a2:e7:1c:9f:c2:
                    8d:6f:7b:2f:3c:d6:db:33:ee:67:7a:d2:82:e4:b2:
                    c0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:EB:C7:90:5B:9D:AD:08:08:01:CD:BA:8B:4B:76:55:C1:82:A0:20
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/IuvHkFudrQgIAc26i0t2VcGCoCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.142.240.0/21
                  95.131.160.0/21
                  185.127.144.0/22
                IPv6:
                  2a03:62c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:a5:79:16:ba:d4:2f:56:d2:53:96:b8:33:61:da:ba:48:19:
         02:e6:c0:f3:d3:90:79:47:49:d0:20:20:35:2b:ba:db:38:e7:
         86:b7:17:57:62:b5:94:95:69:8b:19:30:a4:68:cb:36:c3:cf:
         58:6b:fb:a6:fb:fc:5d:78:c2:98:73:8e:a8:82:25:d9:34:37:
         fa:68:77:42:cc:99:0f:36:92:00:72:35:e2:e2:d6:ac:85:b6:
         ba:f6:7b:08:90:0a:14:4e:c3:a6:1f:ee:74:77:1b:1a:9f:d8:
         dc:53:19:c8:b8:d9:05:a2:e1:71:05:ca:b6:f3:eb:10:53:20:
         68:a3:7d:cb:87:56:2c:f6:33:d0:08:49:f9:07:c9:47:63:09:
         37:89:17:ed:a1:d5:bf:ff:dd:dd:7a:33:55:0d:52:2e:36:27:
         a9:3c:bf:07:6b:33:5e:83:6b:20:00:52:c1:27:fc:d0:e3:b5:
         82:4a:02:ad:ae:6e:af:dc:fb:44:e2:a5:f8:f5:ae:16:11:ee:
         c1:3c:81:01:ab:8d:80:b2:e8:4c:76:80:55:51:7c:03:4d:2c:
         03:8d:44:4d:97:fb:d1:b6:ee:db:97:9d:28:f8:8d:05:d8:2f:
         dd:3f:c0:3a:88:76:89:20:34:cf:4f:48:79:8b:51:6d:4e:ba:
         5b:72:d2:ea
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzC2sERnPXFpD/Ymsf1fCuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmViYzc5MDViOWRhZDA4MDgwMWNkYmE4YjRiNzY1NWMxODJhMDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9b3uuX2UIestdJB3xFiE2KFft4g
TDCGa9uHhEvzC11OrV7NJYh6f3SrugqMoISFN3QRn6DRUTzFPB7hM65U5kJGLEAh
cRygpt6vREcV/pTDSkHJLibQV3k5xPq5tiEU4aE7/jL//1BOAK1IPOGSPhYT/aFg
Ew1RNtKxxVMtyCKHRTohqso2jeMrBOLZccloA0ID9MqD37BguhHtzVvOzvdzgqyt
7AYRo1y8crlJ4xs6O1gOCEArPCibSkOISQ//LoGLQQEtckbcGWdk1PSLDADaza9k
Cc9U2eu4lJuLbsERaaVHEGvYYMLpouccn8KNb3svPNbbM+5netKC5LLAawIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCLrx5Bbna0ICAHNuotLdlXBgqAgMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvSXV2SGtGdWRyUWdJQWMyNmkwdDJWY0dDb0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDU47wAwQD
X4OgAwQCuX+QMA0EAgACMAcDBQAqA2LAMA0GCSqGSIb3DQEBCwUAA4IBAQAZpXkW
utQvVtJTlrgzYdq6SBkC5sDz05B5R0nQICA1K7rbOOeGtxdXYrWUlWmLGTCkaMs2
w89Ya/um+/xdeMKYc46ogiXZNDf6aHdCzJkPNpIAcjXi4tashba69nsIkAoUTsOm
H+50dxsan9jcUxnIuNkFouFxBcq28+sQUyBoo33Lh1Ys9jPQCEn5B8lHYwk3iRft
odW//93dejNVDVIuNiepPL8HazNeg2sgAFLBJ/zQ47WCSgKtrm6v3PtE4qX49a4W
Ee7BPIEBq42AsuhMdoBVUXwDTSwDjURNl/vRtu7bl50o+I0F2C/dP8A6iHaJIDTP
T0h5i1FtTrpbctLq
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:26:08 2024 by rpki-client on console-ams.rpki-client.org