Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/jsGV_meQHNBvMTZnVEGZG3ZAtv0.roa
File:                     jsGV_meQHNBvMTZnVEGZG3ZAtv0.roa (raw, json)
Hash identifier:          8wFvp4xS0v/E2NTZeEepNffwcfAEyIVmCuLVOahYcvI=
Subject key identifier:   8E:C1:95:FE:67:90:1C:D0:6F:31:36:67:54:41:99:1B:76:40:B6:FD
Certificate issuer:       /CN=69854a57ab0d8a3c922c8f6a79aa8fe8a6a2c09e
Certificate serial:       0190E397092E86AF41B02D06B570BD1BD1CE
Authority key identifier: 69:85:4A:57:AB:0D:8A:3C:92:2C:8F:6A:79:AA:8F:E8:A6:A2:C0:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aYVKV6sNijySLI9qeaqP6KaiwJ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/jsGV_meQHNBvMTZnVEGZG3ZAtv0.roa
Signing time:             Wed 24 Jul 2024 07:14:04 +0000
ROA not before:           Wed 24 Jul 2024 07:14:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203836
IP address blocks:        194.34.200.0/24 maxlen: 24
                          194.34.201.0/24 maxlen: 24
                          194.34.202.0/24 maxlen: 24
                          194.34.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/aYVKV6sNijySLI9qeaqP6KaiwJ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/aYVKV6sNijySLI9qeaqP6KaiwJ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aYVKV6sNijySLI9qeaqP6KaiwJ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e3:97:09:2e:86:af:41:b0:2d:06:b5:70:bd:1b:d1:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69854a57ab0d8a3c922c8f6a79aa8fe8a6a2c09e
        Validity
            Not Before: Jul 24 07:14:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ec195fe67901cd06f3136675441991b7640b6fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:55:62:39:f7:1c:e8:38:92:27:8a:64:46:28:
                    de:b3:d9:e1:42:e0:3a:89:d7:aa:94:ff:93:82:46:
                    01:47:61:52:2f:3f:b4:17:a3:80:74:41:6a:60:1d:
                    e9:3e:3a:09:88:96:15:ba:57:3c:83:27:45:b7:8a:
                    54:05:db:88:d3:5f:f4:8b:b4:9b:bd:fe:87:e6:85:
                    5d:5f:e2:5f:99:4f:79:66:b7:70:c8:19:a1:14:fd:
                    71:bd:e2:40:07:38:b3:ea:55:f8:c4:d2:0b:b7:f0:
                    7a:c7:2c:e2:23:87:14:a4:50:a2:9e:12:5c:03:61:
                    4d:70:30:2c:3c:27:d9:1c:01:2c:a3:a4:ba:5d:5b:
                    01:c9:e0:a3:8d:60:54:b2:dd:ae:ad:55:f5:c2:c8:
                    d5:c9:c8:7a:0d:e8:c0:97:f0:de:9f:d5:3a:26:0a:
                    ff:e8:8e:11:04:b5:05:ae:d7:19:8e:00:6a:27:e1:
                    a2:b1:94:7d:a5:84:58:ff:4e:1b:d1:ba:6d:c3:b6:
                    44:20:40:95:f5:f6:b9:5b:08:ab:d9:ed:a3:61:56:
                    9a:b8:97:16:19:15:0d:e5:20:23:1d:52:b0:65:f1:
                    e8:63:87:e6:6a:bc:d6:68:63:52:fb:29:bb:8d:19:
                    3a:42:96:79:67:33:4f:e0:d7:a0:d8:de:f7:4e:ff:
                    83:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:C1:95:FE:67:90:1C:D0:6F:31:36:67:54:41:99:1B:76:40:B6:FD
            X509v3 Authority Key Identifier:
                keyid:69:85:4A:57:AB:0D:8A:3C:92:2C:8F:6A:79:AA:8F:E8:A6:A2:C0:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aYVKV6sNijySLI9qeaqP6KaiwJ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/jsGV_meQHNBvMTZnVEGZG3ZAtv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3f8107-fc15-4c71-81d4-5238b03545ca/1/aYVKV6sNijySLI9qeaqP6KaiwJ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:75:3e:13:37:8a:55:e4:21:ca:a7:76:de:31:aa:3a:cd:f7:
         07:82:c3:00:06:6f:df:e5:64:aa:5e:c2:cf:a3:4b:65:6e:60:
         4b:87:e9:d6:70:61:31:a1:12:e0:43:f8:ab:21:29:20:b0:f4:
         14:83:d2:bb:d5:ec:e9:f3:72:c9:1b:2a:8a:5b:d6:48:93:3f:
         75:d2:bb:b6:22:99:2a:1c:f8:f2:3c:ae:95:81:8c:ac:b0:2d:
         df:a8:de:55:f1:a0:31:e9:f1:44:53:f8:17:6a:a2:43:4d:03:
         25:f8:b8:3c:ba:3f:77:b6:f3:91:bd:10:d4:50:92:c0:d0:46:
         44:50:14:ed:ae:8f:87:ff:fb:91:57:0e:87:20:66:4f:a7:3e:
         d0:fe:1d:1c:8a:f2:58:07:dd:49:f4:bc:ca:41:13:3a:d5:07:
         a4:21:12:06:63:b6:0b:bb:74:f2:a1:16:04:a8:07:ca:99:6e:
         f5:a9:69:6e:f4:22:2f:a4:49:22:f6:f7:6a:56:86:8d:59:1e:
         73:8f:b4:0e:aa:6c:77:d3:18:22:54:d9:c2:19:24:46:5c:c6:
         05:4a:3c:74:1e:c9:a5:fc:d6:dc:aa:c2:e2:29:8a:3f:6c:7c:
         f8:7b:8c:2c:ce:fd:f9:a7:78:f2:74:5a:ee:97:1f:09:2c:16:
         d7:90:7d:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDjlwkuhq9BsC0GtXC9G9HOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ODU0YTU3YWIwZDhhM2M5MjJjOGY2YTc5YWE4ZmU4YTZh
MmMwOWUwHhcNMjQwNzI0MDcxNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWMxOTVmZTY3OTAxY2QwNmYzMTM2Njc1NDQxOTkxYjc2NDBiNmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVViOfcc6DiSJ4pkRijes9nhQuA6
ideqlP+TgkYBR2FSLz+0F6OAdEFqYB3pPjoJiJYVulc8gydFt4pUBduI01/0i7Sb
vf6H5oVdX+JfmU95ZrdwyBmhFP1xveJABziz6lX4xNILt/B6xyziI4cUpFCinhJc
A2FNcDAsPCfZHAEso6S6XVsByeCjjWBUst2urVX1wsjVych6DejAl/Den9U6Jgr/
6I4RBLUFrtcZjgBqJ+GisZR9pYRY/04b0bptw7ZEIECV9fa5Wwir2e2jYVaauJcW
GRUN5SAjHVKwZfHoY4fmarzWaGNS+ym7jRk6QpZ5ZzNP4Neg2N73Tv+D/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI7Blf5nkBzQbzE2Z1RBmRt2QLb9MB8GA1UdIwQY
MBaAFGmFSlerDYo8kiyPanmqj+imosCeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVlWS1Y2c05panlTTEk5cWVhcVA2S2Fpd0o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZjgxMDctZmMxNS00YzcxLTgxZDQt
NTIzOGIwMzU0NWNhLzEvanNHVl9tZVFITkJ2TVRablZFR1pHM1pBdHYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZjgxMDctZmMxNS00YzcxLTgxZDQtNTIzOGIwMzU0NWNh
LzEvYVlWS1Y2c05panlTTEk5cWVhcVA2S2Fpd0o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiLIMA0G
CSqGSIb3DQEBCwUAA4IBAQCqdT4TN4pV5CHKp3beMao6zfcHgsMABm/f5WSqXsLP
o0tlbmBLh+nWcGExoRLgQ/irISkgsPQUg9K71ezp83LJGyqKW9ZIkz910ru2Ipkq
HPjyPK6VgYyssC3fqN5V8aAx6fFEU/gXaqJDTQMl+Lg8uj93tvORvRDUUJLA0EZE
UBTtro+H//uRVw6HIGZPpz7Q/h0civJYB91J9LzKQRM61QekIRIGY7YLu3TyoRYE
qAfKmW71qWlu9CIvpEki9vdqVoaNWR5zj7QOqmx30xgiVNnCGSRGXMYFSjx0Hsml
/NbcqsLiKYo/bHz4e4wszv35p3jydFrulx8JLBbXkH3v
-----END CERTIFICATE-----
Generated at Sat Nov 23 09:55:18 2024 by rpki-client on console-fra.rpki-client.org