Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/be1720-801e-4f9e-a5c1-68a2f0bb5b7a/1/22wESLfBPQHKbV2nko6fd8ndlYE.roa
File:                     22wESLfBPQHKbV2nko6fd8ndlYE.roa (raw, json)
Hash identifier:          3sXdYNO91p9YQtZhFg3hiqrzR9yfxYIxPoYM6C9E/qo=
Subject key identifier:   DB:6C:04:48:B7:C1:3D:01:CA:6D:5D:A7:92:8E:9F:77:C9:DD:95:81
Certificate issuer:       /CN=e24bc2870de2599daf66497f5729c74b33ef993a
Certificate serial:       018CC492C9C08828431CA254BEC5BFBC921E
Authority key identifier: E2:4B:C2:87:0D:E2:59:9D:AF:66:49:7F:57:29:C7:4B:33:EF:99:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4kvChw3iWZ2vZkl_VynHSzPvmTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/be1720-801e-4f9e-a5c1-68a2f0bb5b7a/1/22wESLfBPQHKbV2nko6fd8ndlYE.roa
Signing time:             Mon 01 Jan 2024 10:30:03 +0000
ROA not before:           Mon 01 Jan 2024 10:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62193
IP address blocks:        185.44.108.0/22 maxlen: 24
                          2a01:6420::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/be1720-801e-4f9e-a5c1-68a2f0bb5b7a/1/4kvChw3iWZ2vZkl_VynHSzPvmTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/be1720-801e-4f9e-a5c1-68a2f0bb5b7a/1/4kvChw3iWZ2vZkl_VynHSzPvmTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4kvChw3iWZ2vZkl_VynHSzPvmTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:c9:c0:88:28:43:1c:a2:54:be:c5:bf:bc:92:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e24bc2870de2599daf66497f5729c74b33ef993a
        Validity
            Not Before: Jan  1 10:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db6c0448b7c13d01ca6d5da7928e9f77c9dd9581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:29:a5:04:ff:6c:88:9e:17:6f:54:29:1a:0f:
                    b8:55:63:c1:d0:02:7d:93:7c:bd:c3:bb:a3:36:f3:
                    2d:a9:54:eb:be:0f:5a:f7:0f:ec:3c:d5:1d:2b:3c:
                    79:ed:1c:cc:ff:8c:55:85:81:29:84:94:6c:34:75:
                    c2:4a:b0:4a:a6:76:48:ee:bb:8a:84:b0:0b:56:48:
                    2f:d2:b9:56:7b:57:d5:8d:a8:d0:a7:6a:15:d2:98:
                    f8:6f:db:17:93:5d:7e:dd:7c:18:c8:9a:6d:dc:3f:
                    04:22:7d:f5:08:9f:6a:68:cb:1a:77:63:33:c3:b6:
                    de:9a:12:3d:5e:cc:c5:46:1b:ea:c7:00:7a:1e:ca:
                    a0:0e:12:a6:13:01:12:56:4d:dd:22:7c:0a:3f:b7:
                    0a:d5:b7:08:02:19:29:ac:b9:4f:69:00:b3:f9:a3:
                    21:bd:00:be:08:49:f1:7d:34:8b:52:d4:96:a4:ae:
                    ff:12:51:98:9c:0c:97:e1:21:f0:13:cd:7f:36:19:
                    1d:22:b5:ca:48:1b:b6:23:e3:39:74:0b:5c:11:50:
                    1c:e4:c2:70:85:37:4d:1f:a5:ae:99:43:fa:53:79:
                    9e:8e:1f:4b:2d:8b:1c:7b:0a:a9:39:f5:86:99:82:
                    31:6d:70:f8:23:94:e4:7e:00:5e:4d:c7:49:b8:47:
                    ef:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:6C:04:48:B7:C1:3D:01:CA:6D:5D:A7:92:8E:9F:77:C9:DD:95:81
            X509v3 Authority Key Identifier:
                keyid:E2:4B:C2:87:0D:E2:59:9D:AF:66:49:7F:57:29:C7:4B:33:EF:99:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4kvChw3iWZ2vZkl_VynHSzPvmTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/be1720-801e-4f9e-a5c1-68a2f0bb5b7a/1/22wESLfBPQHKbV2nko6fd8ndlYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/be1720-801e-4f9e-a5c1-68a2f0bb5b7a/1/4kvChw3iWZ2vZkl_VynHSzPvmTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.108.0/22
                IPv6:
                  2a01:6420::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:2d:0f:d7:f2:eb:50:15:52:54:2e:17:ff:27:d4:0e:60:cd:
         53:bd:bf:bd:04:da:4e:fc:70:7b:04:9b:c9:f4:c4:25:bc:b4:
         ec:cf:f3:6e:9c:53:da:f6:75:b5:70:11:58:fb:b3:74:39:ed:
         e5:d0:aa:a9:a4:a3:61:ef:19:c8:ed:00:79:71:7c:31:2b:ff:
         cb:55:58:50:c9:ca:28:65:aa:ed:3a:86:c8:35:ab:ef:e3:30:
         d9:54:1e:b0:94:ce:f6:9e:aa:9d:6b:dc:3b:48:75:c9:9f:9e:
         a9:24:d3:e7:98:a1:4f:b5:88:14:de:1b:3b:9a:73:26:75:38:
         15:46:8f:61:1d:fb:d5:db:fd:b1:7f:37:e0:48:74:09:b4:14:
         5a:d9:91:89:0b:dc:5d:73:36:ca:34:cc:7c:eb:c5:85:ac:94:
         2b:63:9e:a4:c7:dc:a7:b9:b8:c0:a2:46:5f:ae:4a:cd:c9:a3:
         d9:15:9c:cf:23:a8:9a:dd:53:cc:2e:ca:aa:21:3b:8b:23:34:
         3b:bf:c3:d9:c6:53:8e:0d:10:bc:bc:52:ec:0d:e0:da:3c:1d:
         8e:cf:1c:62:ad:41:d0:d8:8c:dc:79:8f:c0:76:c0:7a:82:de:
         c4:69:aa:a2:d4:8b:16:f0:27:f9:43:6b:f5:c7:26:77:df:04:
         53:b1:55:92
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEksnAiChDHKJUvsW/vJIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNGJjMjg3MGRlMjU5OWRhZjY2NDk3ZjU3MjljNzRiMzNl
Zjk5M2EwHhcNMjQwMTAxMTAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjZjMDQ0OGI3YzEzZDAxY2E2ZDVkYTc5MjhlOWY3N2M5ZGQ5NTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCmlBP9siJ4Xb1QpGg+4VWPB0AJ9
k3y9w7ujNvMtqVTrvg9a9w/sPNUdKzx57RzM/4xVhYEphJRsNHXCSrBKpnZI7ruK
hLALVkgv0rlWe1fVjajQp2oV0pj4b9sXk11+3XwYyJpt3D8EIn31CJ9qaMsad2Mz
w7bemhI9XszFRhvqxwB6HsqgDhKmEwESVk3dInwKP7cK1bcIAhkprLlPaQCz+aMh
vQC+CEnxfTSLUtSWpK7/ElGYnAyX4SHwE81/NhkdIrXKSBu2I+M5dAtcEVAc5MJw
hTdNH6WumUP6U3mejh9LLYscewqpOfWGmYIxbXD4I5TkfgBeTcdJuEfvowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNtsBEi3wT0Bym1dp5KOn3fJ3ZWBMB8GA1UdIwQY
MBaAFOJLwocN4lmdr2ZJf1cpx0sz75k6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGt2Q2h3M2lXWjJ2WmtsX1Z5bkhTelB2bVRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9iZTE3MjAtODAxZS00ZjllLWE1YzEt
NjhhMmYwYmI1YjdhLzEvMjJ3RVNMZkJQUUhLYlYybmtvNmZkOG5kbFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9iZTE3MjAtODAxZS00ZjllLWE1YzEtNjhhMmYwYmI1Yjdh
LzEvNGt2Q2h3M2lXWjJ2WmtsX1Z5bkhTelB2bVRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSxsMA0E
AgACMAcDBQMqAWQgMA0GCSqGSIb3DQEBCwUAA4IBAQAPLQ/X8utQFVJULhf/J9QO
YM1Tvb+9BNpO/HB7BJvJ9MQlvLTsz/NunFPa9nW1cBFY+7N0Oe3l0KqppKNh7xnI
7QB5cXwxK//LVVhQycooZartOobINavv4zDZVB6wlM72nqqda9w7SHXJn56pJNPn
mKFPtYgU3hs7mnMmdTgVRo9hHfvV2/2xfzfgSHQJtBRa2ZGJC9xdczbKNMx868WF
rJQrY56kx9ynubjAokZfrkrNyaPZFZzPI6ia3VPMLsqqITuLIzQ7v8PZxlOODRC8
vFLsDeDaPB2OzxxirUHQ2IzceY/AdsB6gt7Eaaqi1IsW8Cf5Q2v1xyZ33wRTsVWS
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:43:57 2024 by rpki-client on console-ams.rpki-client.org