Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/IrzLGxqFJNr1HbyZId1ZwAxaIu0.roa
File:                     IrzLGxqFJNr1HbyZId1ZwAxaIu0.roa (raw, json)
Hash identifier:          6kRceCQgWHMci2yNu+E/h3nBgsjgEjfZJhdTBCm5Bio=
Subject key identifier:   22:BC:CB:1B:1A:85:24:DA:F5:1D:BC:99:21:DD:59:C0:0C:5A:22:ED
Certificate issuer:       /CN=932460b78f6e8f4662aec7858e92051e856099f5
Certificate serial:       018CC4253AF826B414DB1253B5EFF240F47B
Authority key identifier: 93:24:60:B7:8F:6E:8F:46:62:AE:C7:85:8E:92:05:1E:85:60:99:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kyRgt49uj0ZirseFjpIFHoVgmfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/IrzLGxqFJNr1HbyZId1ZwAxaIu0.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47836
IP address blocks:        91.208.175.0/24 maxlen: 24
                          185.161.88.0/22 maxlen: 24
                          2a00:ddc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/kyRgt49uj0ZirseFjpIFHoVgmfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/kyRgt49uj0ZirseFjpIFHoVgmfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kyRgt49uj0ZirseFjpIFHoVgmfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3a:f8:26:b4:14:db:12:53:b5:ef:f2:40:f4:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=932460b78f6e8f4662aec7858e92051e856099f5
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22bccb1b1a8524daf51dbc9921dd59c00c5a22ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:41:8c:2c:27:c9:04:80:0d:4d:22:be:4d:72:
                    2a:97:b4:9d:c8:09:3d:66:ea:40:19:94:cd:50:ff:
                    bc:07:c4:11:21:eb:d6:37:40:72:27:94:00:39:61:
                    1f:3f:01:e2:a0:30:10:7f:32:46:46:f3:ee:34:ce:
                    f7:dc:54:78:e1:da:a1:ee:40:c5:1e:78:1c:df:e4:
                    a7:87:d5:f7:82:7f:08:da:bd:25:a4:f3:32:e3:c8:
                    fd:d7:14:e8:21:3b:5e:91:ce:53:31:1d:f5:c6:cd:
                    46:57:34:e2:ce:c2:49:3a:fd:ee:f2:22:cc:68:42:
                    6e:f0:27:76:30:96:c2:3b:d4:76:aa:14:68:2f:37:
                    b1:d9:a7:70:02:23:56:0a:9a:1d:6e:d9:3f:48:a3:
                    a8:d2:50:c2:a6:69:0a:0d:65:f8:38:8d:a0:1b:82:
                    c1:1d:66:ec:80:3a:4a:27:ec:3b:72:8a:ad:80:c5:
                    76:31:21:d7:dd:06:43:a6:f3:0b:cb:c4:a6:fa:bf:
                    2b:3e:59:0c:ce:f8:c6:23:2a:5b:3c:09:cb:8d:ba:
                    d5:5a:06:01:08:55:54:5a:1a:09:4b:ba:4d:9c:1f:
                    4e:37:ec:ef:10:f5:e7:4f:60:0a:79:b6:7b:af:e0:
                    62:ff:52:74:3e:76:b0:ca:c2:16:89:fe:36:ff:83:
                    b8:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:BC:CB:1B:1A:85:24:DA:F5:1D:BC:99:21:DD:59:C0:0C:5A:22:ED
            X509v3 Authority Key Identifier:
                keyid:93:24:60:B7:8F:6E:8F:46:62:AE:C7:85:8E:92:05:1E:85:60:99:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kyRgt49uj0ZirseFjpIFHoVgmfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/IrzLGxqFJNr1HbyZId1ZwAxaIu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/kyRgt49uj0ZirseFjpIFHoVgmfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.175.0/24
                  185.161.88.0/22
                IPv6:
                  2a00:ddc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:bb:84:9d:fa:98:42:55:e3:34:ef:8c:9f:a1:c1:c0:08:fd:
         01:f3:b3:52:70:90:f3:ca:c6:ab:e8:74:37:d7:b9:d8:4b:e1:
         c4:49:e5:4f:7b:5c:55:5c:2c:9b:b4:b4:d4:e0:d9:17:ca:01:
         d8:39:9a:e2:7e:62:16:0c:63:dd:53:b2:3b:a2:b9:b5:28:7a:
         68:3c:56:9d:20:be:8c:0f:21:65:11:44:13:5d:ee:45:3c:95:
         ac:a3:60:20:3c:84:a1:ee:8b:e8:a3:99:1b:be:4f:ac:88:e8:
         31:87:c6:66:79:be:bb:fa:60:93:d4:93:07:46:66:9a:93:41:
         06:0b:b9:ed:9b:e2:44:45:95:57:bf:3b:f6:74:30:56:64:5a:
         1d:76:89:88:41:fb:c0:0c:cb:15:12:4b:09:77:c1:06:e6:22:
         af:d7:c6:14:01:60:20:75:ce:a2:c5:c7:55:ba:39:d3:95:f0:
         34:f1:c5:2a:e8:60:33:eb:3a:a8:00:ff:4f:3d:39:08:ab:a5:
         7e:07:43:cb:a5:ed:9b:e6:fd:75:f4:4f:11:56:0e:52:29:4e:
         84:6b:63:8a:42:9a:0a:ed:9a:f4:2d:a0:5f:db:56:9c:4e:09:
         c3:db:dd:48:74:a9:b2:58:a7:33:0a:0d:e8:37:81:10:6c:3b:
         cc:58:34:17
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJTr4JrQU2xJTte/yQPR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMjQ2MGI3OGY2ZThmNDY2MmFlYzc4NThlOTIwNTFlODU2
MDk5ZjUwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmJjY2IxYjFhODUyNGRhZjUxZGJjOTkyMWRkNTljMDBjNWEyMmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkGMLCfJBIANTSK+TXIql7SdyAk9
ZupAGZTNUP+8B8QRIevWN0ByJ5QAOWEfPwHioDAQfzJGRvPuNM733FR44dqh7kDF
Hngc3+Snh9X3gn8I2r0lpPMy48j91xToITtekc5TMR31xs1GVzTizsJJOv3u8iLM
aEJu8Cd2MJbCO9R2qhRoLzex2adwAiNWCpodbtk/SKOo0lDCpmkKDWX4OI2gG4LB
HWbsgDpKJ+w7coqtgMV2MSHX3QZDpvMLy8Sm+r8rPlkMzvjGIypbPAnLjbrVWgYB
CFVUWhoJS7pNnB9ON+zvEPXnT2AKebZ7r+Bi/1J0PnawysIWif42/4O4KQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCK8yxsahSTa9R28mSHdWcAMWiLtMB8GA1UdIwQY
MBaAFJMkYLePbo9GYq7HhY6SBR6FYJn1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3lSZ3Q0OXVqMFppcnNlRmpwSUZIb1ZnbWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9jMjUxZjEtY2I3MC00MjgzLTg0MzMt
OGM5ZmNiYjNlYzUyLzEvSXJ6TEd4cUZKTnIxSGJ5WklkMVp3QXhhSXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9jMjUxZjEtY2I3MC00MjgzLTg0MzMtOGM5ZmNiYjNlYzUy
LzEva3lSZ3Q0OXVqMFppcnNlRmpwSUZIb1ZnbWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9CvAwQC
uaFYMA0EAgACMAcDBQAqAN3AMA0GCSqGSIb3DQEBCwUAA4IBAQAlu4Sd+phCVeM0
74yfocHACP0B87NScJDzysar6HQ317nYS+HESeVPe1xVXCybtLTU4NkXygHYOZri
fmIWDGPdU7I7orm1KHpoPFadIL6MDyFlEUQTXe5FPJWso2AgPISh7ovoo5kbvk+s
iOgxh8Zmeb67+mCT1JMHRmaak0EGC7ntm+JERZVXvzv2dDBWZFoddomIQfvADMsV
EksJd8EG5iKv18YUAWAgdc6ixcdVujnTlfA08cUq6GAz6zqoAP9PPTkIq6V+B0PL
pe2b5v119E8RVg5SKU6Ea2OKQpoK7Zr0LaBf21acTgnD291IdKmyWKczCg3oN4EQ
bDvMWDQX
-----END CERTIFICATE-----
Generated at Mon Nov 25 09:33:27 2024 by rpki-client on console-fra.rpki-client.org