Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/jcaJbWMuJ-zRM0uY1-KBZHQ2wY8.roa
File:                     jcaJbWMuJ-zRM0uY1-KBZHQ2wY8.roa (raw, json)
Hash identifier:          F9CdJBaYIc90s4LTAcRKWuatdAvkxeD8qpnBXnQxvRw=
Subject key identifier:   8D:C6:89:6D:63:2E:27:EC:D1:33:4B:98:D7:E2:81:64:74:36:C1:8F
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       018F9FD897FD3DD5D2FFB4E50818AA3F6491
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/jcaJbWMuJ-zRM0uY1-KBZHQ2wY8.roa
Signing time:             Wed 22 May 2024 10:28:43 +0000
ROA not before:           Wed 22 May 2024 10:28:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        91.108.72.0/21 maxlen: 24
                          91.108.88.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9f:d8:97:fd:3d:d5:d2:ff:b4:e5:08:18:aa:3f:64:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: May 22 10:28:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dc6896d632e27ecd1334b98d7e281647436c18f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2a:d1:e7:e3:82:a7:92:7c:c1:f3:7d:36:0c:
                    de:25:8f:8f:0c:ca:94:51:06:e6:60:04:38:64:32:
                    57:05:73:1f:5f:a6:d4:73:61:aa:ba:44:d8:97:b9:
                    c3:1f:e8:03:25:bc:a7:ef:58:a7:c3:14:6f:44:3a:
                    ee:eb:f7:c2:5f:11:66:de:5d:18:e7:f8:78:93:16:
                    69:b9:ce:d1:a2:8f:01:c5:a4:4e:95:b0:df:10:f8:
                    f5:be:59:64:da:ea:39:2c:8a:78:26:f1:e6:9b:31:
                    c8:7b:eb:8b:14:60:66:a8:47:15:b9:00:a7:26:3b:
                    65:a6:d7:70:c2:44:0a:1a:0f:f4:92:69:f6:a0:ad:
                    15:5c:ba:ca:ee:df:4e:ac:7f:1e:26:a6:98:1e:fb:
                    d2:6d:aa:a4:d1:96:96:6b:38:14:05:23:2f:87:bf:
                    40:65:ab:6a:98:d8:76:87:04:ca:48:ae:04:67:79:
                    06:7b:e4:bf:50:8d:0a:c6:25:f4:c9:ce:f8:7f:eb:
                    42:56:bf:ab:c6:b2:8d:86:aa:9f:1a:18:6b:59:88:
                    ea:f1:09:7e:cc:6e:b9:43:4b:92:c0:ef:a0:2b:ac:
                    9b:cb:72:00:c0:02:b8:3a:76:03:43:05:66:0d:83:
                    59:1a:27:5f:87:46:b3:80:16:91:ad:84:4c:83:1d:
                    58:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:C6:89:6D:63:2E:27:EC:D1:33:4B:98:D7:E2:81:64:74:36:C1:8F
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/jcaJbWMuJ-zRM0uY1-KBZHQ2wY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.72.0/21
                  91.108.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         12:80:1b:d3:fb:2a:06:cd:2d:53:52:bb:53:1c:5b:35:4c:6a:
         eb:e8:d5:4f:49:84:40:c7:15:a4:00:ae:bb:2d:ff:94:bb:73:
         36:ae:f2:f5:f5:6b:ce:e5:a3:3a:56:07:7a:f8:11:26:c9:dd:
         86:cc:31:3d:9c:ff:50:83:16:b8:d2:ea:2b:ee:a2:18:cb:61:
         cc:68:02:23:63:8e:6b:2e:de:d5:3c:21:5e:f6:ad:00:5d:90:
         99:e8:4a:eb:50:1b:04:e5:d7:c0:38:58:79:7f:de:6f:b0:eb:
         71:00:08:59:b6:50:83:9e:69:5f:ee:71:53:a3:01:c5:38:72:
         c1:aa:78:c9:ae:2d:d7:62:f9:8d:ad:d3:10:ab:ab:71:8e:01:
         0b:a3:8e:1f:8d:40:42:e5:6c:51:7f:67:ef:be:75:54:6c:9e:
         2a:21:73:6f:31:37:92:33:5e:c2:e8:f0:e1:ab:9f:78:81:d5:
         0f:87:64:d8:df:5b:3d:37:b8:51:2f:52:28:7c:77:09:b5:b3:
         13:d4:4a:ae:42:0e:f6:8a:d5:9e:c9:38:0e:86:55:e1:ef:72:
         b4:21:3f:dc:2d:38:c0:06:0b:7d:3d:0b:ee:27:33:79:7b:9b:
         75:d2:59:74:9f:25:90:7b:1e:94:64:90:0c:20:11:bf:85:e7:
         0e:6b:a1:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+f2Jf9PdXS/7TlCBiqP2SRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQwNTIyMTAyODQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGM2ODk2ZDYzMmUyN2VjZDEzMzRiOThkN2UyODE2NDc0MzZjMThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2irR5+OCp5J8wfN9NgzeJY+PDMqU
UQbmYAQ4ZDJXBXMfX6bUc2GqukTYl7nDH+gDJbyn71inwxRvRDru6/fCXxFm3l0Y
5/h4kxZpuc7Roo8BxaROlbDfEPj1vllk2uo5LIp4JvHmmzHIe+uLFGBmqEcVuQCn
JjtlptdwwkQKGg/0kmn2oK0VXLrK7t9OrH8eJqaYHvvSbaqk0ZaWazgUBSMvh79A
ZatqmNh2hwTKSK4EZ3kGe+S/UI0KxiX0yc74f+tCVr+rxrKNhqqfGhhrWYjq8Ql+
zG65Q0uSwO+gK6yby3IAwAK4OnYDQwVmDYNZGidfh0azgBaRrYRMgx1YywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI3GiW1jLifs0TNLmNfigWR0NsGPMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvamNhSmJXTXVKLXpSTTB1WTEtS0JaSFEyd1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDW2xIAwQD
W2xYMA0GCSqGSIb3DQEBCwUAA4IBAQASgBvT+yoGzS1TUrtTHFs1TGrr6NVPSYRA
xxWkAK67Lf+Uu3M2rvL19WvO5aM6Vgd6+BEmyd2GzDE9nP9Qgxa40uor7qIYy2HM
aAIjY45rLt7VPCFe9q0AXZCZ6ErrUBsE5dfAOFh5f95vsOtxAAhZtlCDnmlf7nFT
owHFOHLBqnjJri3XYvmNrdMQq6txjgELo44fjUBC5WxRf2fvvnVUbJ4qIXNvMTeS
M17C6PDhq594gdUPh2TY31s9N7hRL1IofHcJtbMT1EquQg72itWeyTgOhlXh73K0
IT/cLTjABgt9PQvuJzN5e5t10ll0nyWQex6UZJAMIBG/hecOa6FE
-----END CERTIFICATE-----
Generated at Sun Jun 16 14:52:56 2024 by rpki-client on console-ams.rpki-client.org