Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/uKjgcUiiELGji79gxQPuFWDy5zM.roa
File:                     uKjgcUiiELGji79gxQPuFWDy5zM.roa (raw, json)
Hash identifier:          vbSFUAOxp/5AuXHSJt4YIzKHtn0xgLmJU2VO6KrFUkY=
Subject key identifier:   B8:A8:E0:71:48:A2:10:B1:A3:8B:BF:60:C5:03:EE:15:60:F2:E7:33
Certificate issuer:       /CN=2283711bd7ab13da3d11f25bb57a4f483c1f99ac
Certificate serial:       018CC94CCE5FE461B3F9E77464F6E528320E
Authority key identifier: 22:83:71:1B:D7:AB:13:DA:3D:11:F2:5B:B5:7A:4F:48:3C:1F:99:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IoNxG9erE9o9EfJbtXpPSDwfmaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/uKjgcUiiELGji79gxQPuFWDy5zM.roa
Signing time:             Tue 02 Jan 2024 08:31:43 +0000
ROA not before:           Tue 02 Jan 2024 08:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47947
IP address blocks:        185.139.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/IoNxG9erE9o9EfJbtXpPSDwfmaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/IoNxG9erE9o9EfJbtXpPSDwfmaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IoNxG9erE9o9EfJbtXpPSDwfmaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:ce:5f:e4:61:b3:f9:e7:74:64:f6:e5:28:32:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2283711bd7ab13da3d11f25bb57a4f483c1f99ac
        Validity
            Not Before: Jan  2 08:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8a8e07148a210b1a38bbf60c503ee1560f2e733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4a:81:f1:7b:31:71:8e:76:3e:e7:7d:65:44:
                    5a:72:ca:3a:fd:15:76:77:48:f5:79:ef:69:6d:5f:
                    ba:12:17:5e:57:02:6f:9e:22:7c:00:4d:d4:60:26:
                    a1:6d:3c:e2:c6:fc:02:08:c0:83:e5:cd:42:77:6f:
                    52:71:d5:7d:b6:5b:1d:b6:c5:fd:91:ef:b0:cd:ee:
                    51:56:aa:06:cd:e0:5f:1e:ce:e4:11:83:bf:ee:4f:
                    47:cc:92:e1:cd:dd:27:e3:c4:be:76:78:83:87:23:
                    d6:35:ac:63:5c:b5:ea:a7:56:ab:f4:8f:83:b1:1a:
                    60:1e:b9:cd:dd:c5:a1:89:01:fa:64:14:a2:1a:d3:
                    4d:b7:e3:3d:03:fd:96:0f:d9:8d:c5:5f:33:50:95:
                    1d:c2:9f:37:f6:e7:df:fc:06:14:55:6d:8d:68:19:
                    c0:bd:b7:21:c8:6e:a5:1c:17:e4:6b:77:94:4a:69:
                    16:8d:b1:09:be:da:23:1c:be:37:35:55:b1:4f:99:
                    50:ed:34:4d:cd:98:5b:39:4a:3e:3a:3c:63:0a:2b:
                    43:60:f6:a5:e4:c0:7e:2c:50:b8:73:5d:67:72:2a:
                    ce:0b:da:eb:ee:98:97:cd:47:b0:cf:d9:7b:d8:cc:
                    d5:79:e1:1e:b8:4d:6e:f0:3f:b7:43:72:89:fa:21:
                    fb:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:A8:E0:71:48:A2:10:B1:A3:8B:BF:60:C5:03:EE:15:60:F2:E7:33
            X509v3 Authority Key Identifier:
                keyid:22:83:71:1B:D7:AB:13:DA:3D:11:F2:5B:B5:7A:4F:48:3C:1F:99:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IoNxG9erE9o9EfJbtXpPSDwfmaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/uKjgcUiiELGji79gxQPuFWDy5zM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/IoNxG9erE9o9EfJbtXpPSDwfmaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:84:0f:f9:14:24:93:ce:9c:6f:09:e4:38:f8:c3:5e:95:12:
         6b:e0:52:26:9c:53:67:99:6d:8c:97:ed:b9:1b:09:72:d8:de:
         d5:0a:bc:0c:56:28:fe:32:88:c3:ea:89:70:76:b4:e2:05:93:
         35:d0:e9:0a:0c:d9:01:61:2f:52:75:1b:6e:c4:eb:f6:d9:bd:
         14:55:3d:0d:28:8b:44:a7:4d:54:57:11:6e:fb:d7:06:7c:d3:
         28:66:db:a3:34:41:76:fa:a0:48:42:47:e2:d4:27:a8:b7:17:
         f1:82:25:e6:4d:cd:60:87:52:41:29:7c:17:8f:77:97:79:7e:
         2d:fd:e3:ca:95:41:ae:0d:ca:bd:24:cf:17:e1:ea:ab:88:86:
         07:d8:a9:6d:a4:ee:1f:1e:97:5d:cc:20:01:11:fd:cd:84:2c:
         b6:ae:08:08:41:30:4e:d6:d7:9c:dc:bd:7f:8d:8e:73:93:7d:
         b3:da:8e:5b:4c:0b:4a:1a:14:2e:e7:bb:c4:43:06:4a:e5:33:
         c2:ff:b5:3c:88:6d:56:8a:d4:54:b5:19:9e:e1:64:1a:72:55:
         9d:a5:93:5b:da:9b:73:e0:c6:8a:cc:a1:39:d2:7d:5b:86:fb:
         9e:69:a8:a8:5c:c3:3c:0e:89:62:8d:44:f3:a9:ff:09:bb:bc:
         b8:78:24:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTM5f5GGz+ed0ZPblKDIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyODM3MTFiZDdhYjEzZGEzZDExZjI1YmI1N2E0ZjQ4M2Mx
Zjk5YWMwHhcNMjQwMTAyMDgzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGE4ZTA3MTQ4YTIxMGIxYTM4YmJmNjBjNTAzZWUxNTYwZjJlNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkqB8XsxcY52Pud9ZURacso6/RV2
d0j1ee9pbV+6EhdeVwJvniJ8AE3UYCahbTzixvwCCMCD5c1Cd29ScdV9tlsdtsX9
ke+wze5RVqoGzeBfHs7kEYO/7k9HzJLhzd0n48S+dniDhyPWNaxjXLXqp1ar9I+D
sRpgHrnN3cWhiQH6ZBSiGtNNt+M9A/2WD9mNxV8zUJUdwp839uff/AYUVW2NaBnA
vbchyG6lHBfka3eUSmkWjbEJvtojHL43NVWxT5lQ7TRNzZhbOUo+OjxjCitDYPal
5MB+LFC4c11ncirOC9rr7piXzUewz9l72MzVeeEeuE1u8D+3Q3KJ+iH7yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLio4HFIohCxo4u/YMUD7hVg8uczMB8GA1UdIwQY
MBaAFCKDcRvXqxPaPRHyW7V6T0g8H5msMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW9OeEc5ZXJFOW85RWZKYnRYcFBTRHdmbWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS85Y2JlODgtM2U3NS00MmVmLWI4NzEt
NWVlNzZmMGY2NGUyLzEvdUtqZ2NVaWlFTEdqaTc5Z3hRUHVGV0R5NXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS85Y2JlODgtM2U3NS00MmVmLWI4NzEtNWVlNzZmMGY2NGUy
LzEvSW9OeEc5ZXJFOW85RWZKYnRYcFBTRHdmbWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYv0MA0G
CSqGSIb3DQEBCwUAA4IBAQA4hA/5FCSTzpxvCeQ4+MNelRJr4FImnFNnmW2Ml+25
Gwly2N7VCrwMVij+MojD6olwdrTiBZM10OkKDNkBYS9SdRtuxOv22b0UVT0NKItE
p01UVxFu+9cGfNMoZtujNEF2+qBIQkfi1CeotxfxgiXmTc1gh1JBKXwXj3eXeX4t
/ePKlUGuDcq9JM8X4eqriIYH2KltpO4fHpddzCABEf3NhCy2rggIQTBO1tec3L1/
jY5zk32z2o5bTAtKGhQu57vEQwZK5TPC/7U8iG1WitRUtRme4WQaclWdpZNb2ptz
4MaKzKE50n1bhvueaaioXMM8DolijUTzqf8Ju7y4eCR6
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:54:13 2024 by rpki-client on console-fra.rpki-client.org