Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/e1ee5b-023b-430a-9c6f-0ee2ea7d4884/1/jeqdODV5Oo-PvaAgffzEqC0Qzrg.roa
File:                     jeqdODV5Oo-PvaAgffzEqC0Qzrg.roa (raw, json)
Hash identifier:          oD8CTbBrNuSPnxtwsrgqcBoxoX04icyjoLE1XLCq9bE=
Subject key identifier:   8D:EA:9D:38:35:79:3A:8F:8F:BD:A0:20:7D:FC:C4:A8:2D:10:CE:B8
Certificate issuer:       /CN=0462b9b58ee08e83f1a9ad4e9643e80d3b40cb3e
Certificate serial:       018CC4250FD268F4EED0E26893DB34CDAA6E
Authority key identifier: 04:62:B9:B5:8E:E0:8E:83:F1:A9:AD:4E:96:43:E8:0D:3B:40:CB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BGK5tY7gjoPxqa1OlkPoDTtAyz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/e1ee5b-023b-430a-9c6f-0ee2ea7d4884/1/jeqdODV5Oo-PvaAgffzEqC0Qzrg.roa
Signing time:             Mon 01 Jan 2024 08:30:12 +0000
ROA not before:           Mon 01 Jan 2024 08:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211580
IP address blocks:        91.197.121.0/24 maxlen: 24
                          91.197.122.0/24 maxlen: 24
                          91.197.123.0/24 maxlen: 24
                          91.197.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/e1ee5b-023b-430a-9c6f-0ee2ea7d4884/1/BGK5tY7gjoPxqa1OlkPoDTtAyz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/e1ee5b-023b-430a-9c6f-0ee2ea7d4884/1/BGK5tY7gjoPxqa1OlkPoDTtAyz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BGK5tY7gjoPxqa1OlkPoDTtAyz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0f:d2:68:f4:ee:d0:e2:68:93:db:34:cd:aa:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0462b9b58ee08e83f1a9ad4e9643e80d3b40cb3e
        Validity
            Not Before: Jan  1 08:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dea9d3835793a8f8fbda0207dfcc4a82d10ceb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:73:fb:c8:25:5e:49:77:b3:e4:4e:06:e6:41:
                    2c:ed:c8:61:47:c5:ce:78:27:06:33:9d:a5:5c:55:
                    00:77:05:0d:e8:2d:8f:43:3b:8c:e4:f0:67:7d:18:
                    d6:25:30:13:42:63:76:3a:d8:98:fd:38:ee:2d:62:
                    ba:21:ab:e9:35:63:34:86:1f:b3:0b:a2:e3:79:d6:
                    41:2d:0b:12:ae:05:80:49:04:82:b6:b6:97:54:86:
                    5a:d9:c9:78:cc:2a:b3:98:ce:fc:e6:3e:27:3a:f4:
                    cb:d0:e2:88:e3:a7:3f:86:34:d9:ca:e4:6d:33:9d:
                    b9:aa:fd:40:7f:0d:0f:ae:01:87:85:12:9f:79:46:
                    03:49:46:e1:4e:bc:b3:33:f0:db:37:bf:71:c4:af:
                    f8:f6:51:35:34:f1:24:60:18:4d:60:54:4b:ed:45:
                    a1:5f:1f:8f:d5:a8:4f:e6:fc:04:64:aa:ad:33:6d:
                    0c:4a:21:70:1c:b7:0e:56:e8:51:a7:58:10:87:51:
                    f4:0c:44:3f:61:e8:ed:43:7b:75:8d:72:1a:fc:32:
                    07:97:8b:e4:9e:7e:ac:44:a8:90:a8:49:c0:08:37:
                    88:9d:df:15:e3:e9:fd:6a:70:a6:0d:92:44:95:a9:
                    22:0a:ff:bd:16:6b:b1:ad:db:6a:26:71:94:70:35:
                    22:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:EA:9D:38:35:79:3A:8F:8F:BD:A0:20:7D:FC:C4:A8:2D:10:CE:B8
            X509v3 Authority Key Identifier:
                keyid:04:62:B9:B5:8E:E0:8E:83:F1:A9:AD:4E:96:43:E8:0D:3B:40:CB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BGK5tY7gjoPxqa1OlkPoDTtAyz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/e1ee5b-023b-430a-9c6f-0ee2ea7d4884/1/jeqdODV5Oo-PvaAgffzEqC0Qzrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/e1ee5b-023b-430a-9c6f-0ee2ea7d4884/1/BGK5tY7gjoPxqa1OlkPoDTtAyz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:84:07:3a:5d:44:4a:bd:8e:ba:0c:4e:0d:40:ba:7c:3f:48:
         e6:c5:03:33:7e:20:71:37:7b:75:bd:8e:ce:ae:1e:c3:4a:2e:
         f2:de:c3:94:8c:e2:a3:a8:91:32:87:5d:27:55:c7:6d:2f:00:
         f9:e5:36:80:47:26:a5:e9:96:f6:d5:88:f6:e9:df:bb:04:1f:
         72:67:b6:b5:81:8f:61:0b:71:db:07:01:9a:15:bf:34:01:6a:
         9c:4d:ab:37:b3:cf:92:57:49:30:d7:be:5f:dd:10:e3:74:44:
         a7:89:22:46:cb:b3:e3:99:b5:26:a9:c6:d6:42:80:70:66:d3:
         d0:8e:e1:1a:68:1e:3b:28:27:4a:b0:7f:46:4b:e9:a8:ed:af:
         73:95:a7:eb:e9:f6:a6:7b:8b:97:09:f7:9a:21:7f:8f:cd:28:
         05:b7:a5:ce:5e:dc:4e:0d:2d:0a:71:68:ee:f3:df:4d:45:19:
         dd:c0:c7:a1:c3:cf:03:a4:82:9a:fc:4a:bf:d9:5f:07:40:85:
         ac:f1:43:e9:b0:53:a1:15:9c:9f:64:f2:ae:34:9c:54:f5:f3:
         8e:9c:ab:24:70:6e:5d:7d:33:75:8f:3a:33:d8:f3:7d:36:ec:
         9b:4b:0b:b9:a3:74:3e:65:b2:e6:00:a6:44:f5:68:a2:6f:d4:
         c3:40:93:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQ/SaPTu0OJok9s0zapuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NjJiOWI1OGVlMDhlODNmMWE5YWQ0ZTk2NDNlODBkM2I0
MGNiM2UwHhcNMjQwMTAxMDgzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGVhOWQzODM1NzkzYThmOGZiZGEwMjA3ZGZjYzRhODJkMTBjZWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinP7yCVeSXez5E4G5kEs7chhR8XO
eCcGM52lXFUAdwUN6C2PQzuM5PBnfRjWJTATQmN2OtiY/TjuLWK6IavpNWM0hh+z
C6LjedZBLQsSrgWASQSCtraXVIZa2cl4zCqzmM785j4nOvTL0OKI46c/hjTZyuRt
M525qv1Afw0PrgGHhRKfeUYDSUbhTryzM/DbN79xxK/49lE1NPEkYBhNYFRL7UWh
Xx+P1ahP5vwEZKqtM20MSiFwHLcOVuhRp1gQh1H0DEQ/YejtQ3t1jXIa/DIHl4vk
nn6sRKiQqEnACDeInd8V4+n9anCmDZJElakiCv+9FmuxrdtqJnGUcDUiuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3qnTg1eTqPj72gIH38xKgtEM64MB8GA1UdIwQY
MBaAFARiubWO4I6D8amtTpZD6A07QMs+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkdLNXRZN2dqb1B4cWExT2xrUG9EVHRBeXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9lMWVlNWItMDIzYi00MzBhLTljNmYt
MGVlMmVhN2Q0ODg0LzEvamVxZE9EVjVPby1QdmFBZ2ZmekVxQzBRenJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9lMWVlNWItMDIzYi00MzBhLTljNmYtMGVlMmVhN2Q0ODg0
LzEvQkdLNXRZN2dqb1B4cWExT2xrUG9EVHRBeXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8V4MA0G
CSqGSIb3DQEBCwUAA4IBAQBkhAc6XURKvY66DE4NQLp8P0jmxQMzfiBxN3t1vY7O
rh7DSi7y3sOUjOKjqJEyh10nVcdtLwD55TaARyal6Zb21Yj26d+7BB9yZ7a1gY9h
C3HbBwGaFb80AWqcTas3s8+SV0kw175f3RDjdESniSJGy7PjmbUmqcbWQoBwZtPQ
juEaaB47KCdKsH9GS+mo7a9zlafr6fame4uXCfeaIX+PzSgFt6XOXtxODS0KcWju
899NRRndwMehw88DpIKa/Eq/2V8HQIWs8UPpsFOhFZyfZPKuNJxU9fOOnKskcG5d
fTN1jzoz2PN9NuybSwu5o3Q+ZbLmAKZE9Wiib9TDQJMd
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:36:06 2024 by rpki-client on console-ams.rpki-client.org