Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/f5ea13-827a-4acd-a207-b9f3c6351225/1/jxeFKyut1iZvlnsyn9UpHH2X2Vw.roa
File:                     jxeFKyut1iZvlnsyn9UpHH2X2Vw.roa (raw, json)
Hash identifier:          jAKV81FzJg7A5FvDA2RBrSdw4xTuM7nlgpWC0k0fGWc=
Subject key identifier:   8F:17:85:2B:2B:AD:D6:26:6F:96:7B:32:9F:D5:29:1C:7D:97:D9:5C
Certificate issuer:       /CN=6c3a63c531cee41b3bed87300e459e45fb9e8978
Certificate serial:       018CC424488614BF85146526866784815CC6
Authority key identifier: 6C:3A:63:C5:31:CE:E4:1B:3B:ED:87:30:0E:45:9E:45:FB:9E:89:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bDpjxTHO5Bs77YcwDkWeRfueiXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/f5ea13-827a-4acd-a207-b9f3c6351225/1/jxeFKyut1iZvlnsyn9UpHH2X2Vw.roa
Signing time:             Mon 01 Jan 2024 08:29:21 +0000
ROA not before:           Mon 01 Jan 2024 08:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        185.158.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/f5ea13-827a-4acd-a207-b9f3c6351225/1/bDpjxTHO5Bs77YcwDkWeRfueiXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/f5ea13-827a-4acd-a207-b9f3c6351225/1/bDpjxTHO5Bs77YcwDkWeRfueiXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bDpjxTHO5Bs77YcwDkWeRfueiXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:48:86:14:bf:85:14:65:26:86:67:84:81:5c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c3a63c531cee41b3bed87300e459e45fb9e8978
        Validity
            Not Before: Jan  1 08:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f17852b2badd6266f967b329fd5291c7d97d95c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f9:6b:f8:3a:b8:c0:b4:e7:3a:aa:3f:87:84:
                    b5:e9:84:19:38:fa:5d:88:5f:c7:f5:ae:28:ef:ed:
                    69:7b:1e:11:79:2e:82:91:d1:83:d7:a7:99:54:72:
                    74:f4:5b:a3:35:a0:85:ad:c7:b4:98:0b:2e:5f:64:
                    9b:b2:7d:86:d1:67:e6:0f:80:cc:6c:c5:a5:42:e6:
                    ee:9a:ae:47:f5:80:2e:52:df:20:e9:3e:dc:36:59:
                    73:bb:5d:dc:f2:69:73:17:f2:d8:f7:d7:c8:57:e8:
                    24:a6:ae:a8:af:fc:c2:e9:b5:1b:42:bf:ec:84:40:
                    79:c2:4b:33:4b:a2:dd:70:54:91:35:20:8a:d1:67:
                    f3:32:41:06:a8:65:1a:03:ec:a6:5d:22:ea:fc:71:
                    24:e4:b3:15:4a:3c:4d:3e:58:14:f1:be:88:33:46:
                    50:a5:8b:0b:86:17:eb:b2:b7:ba:60:7d:f5:10:2f:
                    88:ae:56:9c:78:b3:f8:4e:61:1d:70:33:87:2b:71:
                    38:9c:b0:00:af:ad:b7:5f:24:75:2b:a6:5a:1a:f2:
                    cc:e5:41:b8:07:9c:37:37:8f:9e:d9:76:a5:b0:06:
                    e5:27:12:31:b3:1c:6c:9b:61:2e:f6:a1:ec:f9:e3:
                    68:cb:b3:26:d1:30:9f:79:7b:c6:45:6e:4f:b3:34:
                    01:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:17:85:2B:2B:AD:D6:26:6F:96:7B:32:9F:D5:29:1C:7D:97:D9:5C
            X509v3 Authority Key Identifier:
                keyid:6C:3A:63:C5:31:CE:E4:1B:3B:ED:87:30:0E:45:9E:45:FB:9E:89:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDpjxTHO5Bs77YcwDkWeRfueiXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/f5ea13-827a-4acd-a207-b9f3c6351225/1/jxeFKyut1iZvlnsyn9UpHH2X2Vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/f5ea13-827a-4acd-a207-b9f3c6351225/1/bDpjxTHO5Bs77YcwDkWeRfueiXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:44:11:0f:74:cb:00:f2:b0:f8:ad:bb:16:5b:e1:4b:eb:f7:
         99:49:3c:58:32:c5:ab:4d:e8:b7:ca:ac:93:a0:0b:ab:c5:20:
         a1:9f:1b:26:2b:fc:34:a1:98:ff:3d:d0:4b:69:f7:bd:b0:7c:
         be:09:02:89:9e:2e:62:32:7e:75:08:5e:7e:91:75:ca:04:a5:
         a5:64:17:37:70:35:eb:66:06:48:18:ca:18:e0:f2:82:be:40:
         b9:4f:0d:c3:f0:66:6f:40:5e:be:8b:cb:9f:61:ec:7b:f5:ab:
         b1:19:75:a3:d4:8d:22:e6:23:8f:46:1f:6d:96:ef:a7:5b:1f:
         58:83:7b:03:db:29:4d:42:27:ed:63:db:66:a0:69:c6:e5:3a:
         de:00:2c:01:9b:6e:64:d5:4d:65:cf:80:c1:d7:ef:f4:9e:2d:
         20:09:d2:51:b2:d7:0d:de:7f:c3:8d:97:6a:0d:0d:42:a0:36:
         09:f0:64:48:3b:92:5d:95:ef:ce:11:9a:f8:36:d7:77:ce:b0:
         ed:16:96:12:c3:a1:8e:e6:ec:1f:ab:ae:ef:20:01:db:86:03:
         e4:53:88:26:03:8a:b9:44:b7:2d:da:9b:8b:78:d7:67:e4:85:
         e6:33:95:d3:24:92:05:80:2a:17:fa:ea:5e:a7:b2:17:27:7a:
         cd:35:a9:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJEiGFL+FFGUmhmeEgVzGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjM2E2M2M1MzFjZWU0MWIzYmVkODczMDBlNDU5ZTQ1ZmI5
ZTg5NzgwHhcNMjQwMTAxMDgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjE3ODUyYjJiYWRkNjI2NmY5NjdiMzI5ZmQ1MjkxYzdkOTdkOTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/lr+Dq4wLTnOqo/h4S16YQZOPpd
iF/H9a4o7+1pex4ReS6CkdGD16eZVHJ09FujNaCFrce0mAsuX2Sbsn2G0WfmD4DM
bMWlQubumq5H9YAuUt8g6T7cNllzu13c8mlzF/LY99fIV+gkpq6or/zC6bUbQr/s
hEB5wkszS6LdcFSRNSCK0WfzMkEGqGUaA+ymXSLq/HEk5LMVSjxNPlgU8b6IM0ZQ
pYsLhhfrsre6YH31EC+IrlaceLP4TmEdcDOHK3E4nLAAr623XyR1K6ZaGvLM5UG4
B5w3N4+e2XalsAblJxIxsxxsm2Eu9qHs+eNoy7Mm0TCfeXvGRW5PszQB/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8XhSsrrdYmb5Z7Mp/VKRx9l9lcMB8GA1UdIwQY
MBaAFGw6Y8UxzuQbO+2HMA5FnkX7nol4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRwanhUSE81QnM3N1ljd0RrV2VSZnVlaVhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9mNWVhMTMtODI3YS00YWNkLWEyMDct
YjlmM2M2MzUxMjI1LzEvanhlRkt5dXQxaVp2bG5zeW45VXBISDJYMlZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9mNWVhMTMtODI3YS00YWNkLWEyMDctYjlmM2M2MzUxMjI1
LzEvYkRwanhUSE81QnM3N1ljd0RrV2VSZnVlaVhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ7MMA0G
CSqGSIb3DQEBCwUAA4IBAQCFRBEPdMsA8rD4rbsWW+FL6/eZSTxYMsWrTei3yqyT
oAurxSChnxsmK/w0oZj/PdBLafe9sHy+CQKJni5iMn51CF5+kXXKBKWlZBc3cDXr
ZgZIGMoY4PKCvkC5Tw3D8GZvQF6+i8ufYex79auxGXWj1I0i5iOPRh9tlu+nWx9Y
g3sD2ylNQiftY9tmoGnG5TreACwBm25k1U1lz4DB1+/0ni0gCdJRstcN3n/DjZdq
DQ1CoDYJ8GRIO5Jdle/OEZr4Ntd3zrDtFpYSw6GO5uwfq67vIAHbhgPkU4gmA4q5
RLct2puLeNdn5IXmM5XTJJIFgCoX+upep7IXJ3rNNald
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:59:03 2024 by rpki-client on console-ams.rpki-client.org