Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/10303c-43d5-4033-808a-52c699d386cd/1/iYZ__kjlwqgvduakgJVSJo2oR74.roa
File:                     iYZ__kjlwqgvduakgJVSJo2oR74.roa (raw, json)
Hash identifier:          pWyJKvedVOkJvXO5uczSSddz0ww7SO9rpP1GHlvbRLQ=
Subject key identifier:   89:86:7F:FE:48:E5:C2:A8:2F:76:E6:A4:80:95:52:26:8D:A8:47:BE
Certificate issuer:       /CN=b3d14ce18a8f1d05a6a35390af4aec8ce6cc56ec
Certificate serial:       018CC4255B8700675B0C04C20461D949A4DE
Authority key identifier: B3:D1:4C:E1:8A:8F:1D:05:A6:A3:53:90:AF:4A:EC:8C:E6:CC:56:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9FM4YqPHQWmo1OQr0rsjObMVuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/10303c-43d5-4033-808a-52c699d386cd/1/iYZ__kjlwqgvduakgJVSJo2oR74.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8708
IP address blocks:        89.37.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/10303c-43d5-4033-808a-52c699d386cd/1/s9FM4YqPHQWmo1OQr0rsjObMVuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/10303c-43d5-4033-808a-52c699d386cd/1/s9FM4YqPHQWmo1OQr0rsjObMVuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9FM4YqPHQWmo1OQr0rsjObMVuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5b:87:00:67:5b:0c:04:c2:04:61:d9:49:a4:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d14ce18a8f1d05a6a35390af4aec8ce6cc56ec
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89867ffe48e5c2a82f76e6a4809552268da847be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2f:83:9a:d5:f0:ca:27:8c:6d:6b:43:72:ee:
                    23:01:26:45:81:b6:65:6a:b5:e9:94:cb:ec:43:50:
                    7a:fc:15:04:8a:4d:72:a6:42:0b:e9:9b:23:02:ce:
                    7d:73:92:bc:66:00:0d:6b:d1:a3:cb:02:b2:4f:34:
                    52:c7:31:7f:77:05:0f:37:87:cd:9e:68:46:8e:e4:
                    c7:b8:c0:8e:de:ef:79:d6:d7:d4:42:f8:f2:81:c7:
                    02:e4:c0:f1:17:0d:12:d7:da:11:05:93:c5:5b:89:
                    85:31:75:2e:a3:1a:ba:70:20:59:33:f7:04:a4:ca:
                    98:d1:96:a7:32:03:06:7c:03:b7:eb:7f:0f:76:11:
                    86:26:d2:7c:08:61:26:58:03:26:30:bc:dc:8a:5e:
                    b2:47:ae:c0:b1:ce:4f:68:30:13:7f:b2:37:f9:3f:
                    a6:02:22:74:d1:b5:bf:e4:ab:49:24:9c:c9:5c:74:
                    7d:6f:83:d2:0f:2e:ad:d8:cc:51:56:c4:dd:94:2c:
                    91:ce:d6:5b:92:4e:fd:41:dc:dc:f2:c4:c8:76:55:
                    8d:fe:9f:f7:67:c5:62:f0:e1:ca:4c:f7:be:0a:6f:
                    24:09:48:59:e6:d9:0f:bb:41:98:5b:63:28:0a:9f:
                    fe:3d:33:e6:ea:eb:ab:34:29:1b:1d:71:6b:97:ac:
                    43:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:86:7F:FE:48:E5:C2:A8:2F:76:E6:A4:80:95:52:26:8D:A8:47:BE
            X509v3 Authority Key Identifier:
                keyid:B3:D1:4C:E1:8A:8F:1D:05:A6:A3:53:90:AF:4A:EC:8C:E6:CC:56:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9FM4YqPHQWmo1OQr0rsjObMVuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/10303c-43d5-4033-808a-52c699d386cd/1/iYZ__kjlwqgvduakgJVSJo2oR74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/10303c-43d5-4033-808a-52c699d386cd/1/s9FM4YqPHQWmo1OQr0rsjObMVuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.37.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:e7:d2:6c:ba:ba:96:52:66:de:a0:8f:09:71:b5:02:5c:3e:
         a0:d9:9c:96:11:c6:84:5b:28:85:31:f6:3a:17:2d:b1:7a:58:
         fc:0e:a6:95:96:c5:6c:e7:c1:da:eb:cd:2e:5c:44:63:23:ea:
         59:a2:1a:85:d5:04:27:b4:51:65:d5:99:6c:dc:1b:00:2e:39:
         99:c6:cf:8d:97:33:8a:90:69:0a:89:83:73:a4:94:1d:6d:c4:
         30:8a:5a:03:1e:18:45:00:f8:19:a0:ce:de:04:46:c8:a0:d7:
         53:71:49:77:d7:fb:65:09:d2:03:25:d1:14:5e:57:f6:03:e6:
         43:b0:17:80:91:64:e2:04:a7:1c:ad:40:46:65:9c:64:57:c8:
         33:07:55:f3:97:e4:77:3a:31:fa:41:3b:a2:6a:4b:95:19:07:
         1b:cf:da:06:a8:6d:a9:cf:95:27:69:9b:9a:71:be:c5:8e:d3:
         b6:d4:15:d8:95:0d:3a:20:02:0b:e3:27:06:a2:e4:a6:49:4c:
         c5:e4:a2:7d:03:71:71:5f:bf:03:28:f0:96:da:91:18:90:6f:
         cf:e6:ee:02:33:2b:ba:95:7f:2a:f5:d7:61:33:6b:46:ef:f9:
         2b:d7:48:07:e8:fc:fc:c2:b0:13:1b:a7:6d:79:d2:33:e4:6f:
         85:91:59:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVuHAGdbDATCBGHZSaTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDE0Y2UxOGE4ZjFkMDVhNmEzNTM5MGFmNGFlYzhjZTZj
YzU2ZWMwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTg2N2ZmZTQ4ZTVjMmE4MmY3NmU2YTQ4MDk1NTIyNjhkYTg0N2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyC+DmtXwyieMbWtDcu4jASZFgbZl
arXplMvsQ1B6/BUEik1ypkIL6ZsjAs59c5K8ZgANa9GjywKyTzRSxzF/dwUPN4fN
nmhGjuTHuMCO3u951tfUQvjygccC5MDxFw0S19oRBZPFW4mFMXUuoxq6cCBZM/cE
pMqY0ZanMgMGfAO3638PdhGGJtJ8CGEmWAMmMLzcil6yR67Asc5PaDATf7I3+T+m
AiJ00bW/5KtJJJzJXHR9b4PSDy6t2MxRVsTdlCyRztZbkk79Qdzc8sTIdlWN/p/3
Z8Vi8OHKTPe+Cm8kCUhZ5tkPu0GYW2MoCp/+PTPm6uurNCkbHXFrl6xD0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImGf/5I5cKoL3bmpICVUiaNqEe+MB8GA1UdIwQY
MBaAFLPRTOGKjx0FpqNTkK9K7IzmzFbsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlGTTRZcVBIUVdtbzFPUXIwcnNqT2JNVnV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8xMDMwM2MtNDNkNS00MDMzLTgwOGEt
NTJjNjk5ZDM4NmNkLzEvaVlaX19ramx3cWd2ZHVha2dKVlNKbzJvUjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8xMDMwM2MtNDNkNS00MDMzLTgwOGEtNTJjNjk5ZDM4NmNk
LzEvczlGTTRZcVBIUVdtbzFPUXIwcnNqT2JNVnV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSWHMA0G
CSqGSIb3DQEBCwUAA4IBAQCT59JsurqWUmbeoI8JcbUCXD6g2ZyWEcaEWyiFMfY6
Fy2xelj8DqaVlsVs58Ha680uXERjI+pZohqF1QQntFFl1Zls3BsALjmZxs+NlzOK
kGkKiYNzpJQdbcQwiloDHhhFAPgZoM7eBEbIoNdTcUl31/tlCdIDJdEUXlf2A+ZD
sBeAkWTiBKccrUBGZZxkV8gzB1Xzl+R3OjH6QTuiakuVGQcbz9oGqG2pz5UnaZua
cb7FjtO21BXYlQ06IAIL4ycGouSmSUzF5KJ9A3FxX78DKPCW2pEYkG/P5u4CMyu6
lX8q9ddhM2tG7/kr10gH6Pz8wrATG6dtedIz5G+FkVnb
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:03:02 2024 by rpki-client on console-ams.rpki-client.org