Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/e28ba6-aaaf-4d33-b8dc-0aee360b0ba4/1/jpoGL8YjkIFW9El3p8zL5XXhrDE.roa
File:                     jpoGL8YjkIFW9El3p8zL5XXhrDE.roa (raw, json)
Hash identifier:          MJCYntxGdf9/MT67XHczWife5FTiw2lwISZQbmOt5tI=
Subject key identifier:   8E:9A:06:2F:C6:23:90:81:56:F4:49:77:A7:CC:CB:E5:75:E1:AC:31
Certificate issuer:       /CN=5a68d699d1a9457c78acfbec004f98677aa4cc16
Certificate serial:       018CC3B718F8715C6E2053E0D7D0651A095E
Authority key identifier: 5A:68:D6:99:D1:A9:45:7C:78:AC:FB:EC:00:4F:98:67:7A:A4:CC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WmjWmdGpRXx4rPvsAE-YZ3qkzBY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/e28ba6-aaaf-4d33-b8dc-0aee360b0ba4/1/jpoGL8YjkIFW9El3p8zL5XXhrDE.roa
Signing time:             Mon 01 Jan 2024 06:30:05 +0000
ROA not before:           Mon 01 Jan 2024 06:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12676
IP address blocks:        88.205.96.0/19 maxlen: 24
                          185.90.228.0/22 maxlen: 22
                          88.205.0.0/20 maxlen: 21
                          212.46.96.0/19 maxlen: 24
                          213.9.0.0/17 maxlen: 17
                          2a02:4c07:4000::/34 maxlen: 34
                          2a02:4c07:8000::/34 maxlen: 34
                          2a02:4c00::/40 maxlen: 40
                          2a02:4c00:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/e28ba6-aaaf-4d33-b8dc-0aee360b0ba4/1/WmjWmdGpRXx4rPvsAE-YZ3qkzBY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/e28ba6-aaaf-4d33-b8dc-0aee360b0ba4/1/WmjWmdGpRXx4rPvsAE-YZ3qkzBY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WmjWmdGpRXx4rPvsAE-YZ3qkzBY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:18:f8:71:5c:6e:20:53:e0:d7:d0:65:1a:09:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a68d699d1a9457c78acfbec004f98677aa4cc16
        Validity
            Not Before: Jan  1 06:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e9a062fc623908156f44977a7cccbe575e1ac31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3d:d3:82:3d:07:9d:de:2d:90:ef:b7:5b:e3:
                    da:26:49:c5:dd:a2:cd:89:a3:cc:0b:e3:47:44:a1:
                    34:8e:b7:e5:29:60:16:17:52:87:8d:77:a5:7a:fe:
                    17:7d:57:dd:cb:72:b6:31:d8:f2:c2:00:a1:bb:57:
                    bc:3f:9e:d5:32:6b:be:57:a6:30:c8:1d:a5:dd:7e:
                    5f:38:50:88:58:b8:60:b2:05:7e:9e:2e:9a:ac:81:
                    ea:ea:c5:bb:c3:c0:7e:b5:b6:dd:ad:71:90:f0:58:
                    4c:4c:5e:65:e2:8e:54:77:64:81:30:15:c1:2f:53:
                    c9:82:fa:3d:7d:46:6c:f7:46:7d:03:b8:62:15:92:
                    33:e3:5a:55:df:20:78:16:36:d2:88:1a:9f:2d:23:
                    98:2b:ca:37:26:85:26:7d:c1:2b:8c:36:30:ad:a5:
                    cc:3e:05:41:2b:a5:06:89:13:21:1d:92:27:bc:d6:
                    d6:4e:15:c1:59:4d:38:08:78:50:d4:10:da:6a:9b:
                    3a:52:b3:cf:70:41:bd:fa:3f:da:94:fe:35:d9:21:
                    12:13:c8:95:f9:a6:2f:b2:e1:b6:c5:0b:5c:6a:a1:
                    38:1b:a6:cf:1c:57:b3:7b:6a:92:ce:d4:57:32:57:
                    7d:71:87:f9:94:92:37:80:c7:40:e5:3f:3b:cb:76:
                    61:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:9A:06:2F:C6:23:90:81:56:F4:49:77:A7:CC:CB:E5:75:E1:AC:31
            X509v3 Authority Key Identifier:
                keyid:5A:68:D6:99:D1:A9:45:7C:78:AC:FB:EC:00:4F:98:67:7A:A4:CC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WmjWmdGpRXx4rPvsAE-YZ3qkzBY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/e28ba6-aaaf-4d33-b8dc-0aee360b0ba4/1/jpoGL8YjkIFW9El3p8zL5XXhrDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/e28ba6-aaaf-4d33-b8dc-0aee360b0ba4/1/WmjWmdGpRXx4rPvsAE-YZ3qkzBY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.205.0.0/20
                  88.205.96.0/19
                  185.90.228.0/22
                  212.46.96.0/19
                  213.9.0.0/17
                IPv6:
                  2a02:4c00::/39
                  2a02:4c07:4000::-2a02:4c07:bfff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1c:bc:40:21:03:19:ae:bc:47:fd:9d:0c:9c:56:e2:9b:43:5c:
         c5:33:56:85:8e:63:1c:b9:1b:71:82:f9:02:2e:87:ea:65:8a:
         ca:a0:1d:4d:02:23:4a:72:46:42:66:76:46:ca:f9:9e:13:ea:
         13:60:f6:f6:71:a4:50:0b:f4:85:98:31:f0:9f:1c:61:8b:89:
         5b:89:e5:78:77:5a:9b:dc:3f:53:40:d2:ef:43:51:17:dc:5c:
         aa:9d:66:d9:8b:06:fa:42:c5:75:61:a4:90:71:3d:e9:40:30:
         4e:74:6a:29:cf:06:6c:e8:19:6e:f2:d8:1e:18:33:b0:58:37:
         66:29:a2:75:53:1b:fb:6b:0c:ac:a5:1e:04:7d:69:17:a7:e7:
         ff:a0:6b:4e:a2:2f:d4:56:a9:08:34:55:7f:c2:02:97:55:f5:
         3c:02:59:95:f9:37:3b:53:b4:21:a8:b0:4d:74:06:c1:af:a5:
         05:dd:1f:5a:e3:74:2e:c2:a8:9a:a4:c0:70:62:21:0f:a1:6d:
         65:68:17:6b:74:cf:fe:d5:37:51:b7:36:cb:ff:4c:46:c6:f2:
         bb:10:19:dc:34:c5:5a:12:22:4f:1b:a3:1c:b7:76:b7:bd:de:
         96:0f:37:99:2b:3f:58:d6:6d:5b:15:da:71:87:26:12:2b:e3:
         f4:6c:c3:22
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYzDtxj4cVxuIFPg19BlGgleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNjhkNjk5ZDFhOTQ1N2M3OGFjZmJlYzAwNGY5ODY3N2Fh
NGNjMTYwHhcNMjQwMTAxMDYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTlhMDYyZmM2MjM5MDgxNTZmNDQ5NzdhN2NjY2JlNTc1ZTFhYzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlT3Tgj0Hnd4tkO+3W+PaJknF3aLN
iaPMC+NHRKE0jrflKWAWF1KHjXelev4XfVfdy3K2MdjywgChu1e8P57VMmu+V6Yw
yB2l3X5fOFCIWLhgsgV+ni6arIHq6sW7w8B+tbbdrXGQ8FhMTF5l4o5Ud2SBMBXB
L1PJgvo9fUZs90Z9A7hiFZIz41pV3yB4FjbSiBqfLSOYK8o3JoUmfcErjDYwraXM
PgVBK6UGiRMhHZInvNbWThXBWU04CHhQ1BDaaps6UrPPcEG9+j/alP412SESE8iV
+aYvsuG2xQtcaqE4G6bPHFeze2qSztRXMld9cYf5lJI3gMdA5T87y3Zh3wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFI6aBi/GI5CBVvRJd6fMy+V14awxMB8GA1UdIwQY
MBaAFFpo1pnRqUV8eKz77ABPmGd6pMwWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV21qV21kR3BSWHg0clB2c0FFLVlaM3FrekJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9lMjhiYTYtYWFhZi00ZDMzLWI4ZGMt
MGFlZTM2MGIwYmE0LzEvanBvR0w4WWprSUZXOUVsM3A4ekw1WFhockRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9lMjhiYTYtYWFhZi00ZDMzLWI4ZGMtMGFlZTM2MGIwYmE0
LzEvV21qV21kR3BSWHg0clB2c0FFLVlaM3FrekJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAkBAIAATAeAwQEWM0AAwQF
WM1gAwQCuVrkAwQF1C5gAwQH1QkAMCAEAgACMBoDBgEqAkwAADAQAwYGKgJMB0AD
BgYqAkwHgDANBgkqhkiG9w0BAQsFAAOCAQEAHLxAIQMZrrxH/Z0MnFbim0NcxTNW
hY5jHLkbcYL5Ai6H6mWKyqAdTQIjSnJGQmZ2Rsr5nhPqE2D29nGkUAv0hZgx8J8c
YYuJW4nleHdam9w/U0DS70NRF9xcqp1m2YsG+kLFdWGkkHE96UAwTnRqKc8GbOgZ
bvLYHhgzsFg3ZimidVMb+2sMrKUeBH1pF6fn/6BrTqIv1FapCDRVf8ICl1X1PAJZ
lfk3O1O0IaiwTXQGwa+lBd0fWuN0LsKomqTAcGIhD6FtZWgXa3TP/tU3Ubc2y/9M
RsbyuxAZ3DTFWhIiTxujHLd2t73elg83mSs/WNZtWxXacYcmEivj9GzDIg==
-----END CERTIFICATE-----
Generated at Tue Nov 26 02:54:08 2024 by rpki-client on console-fra.rpki-client.org