Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/jlSyRhAImk2ahzsTWeK2mbDOiDg.roa
File:                     jlSyRhAImk2ahzsTWeK2mbDOiDg.roa (raw, json)
Hash identifier:          OyxwZPmYQsSeqQZde8GoYU+9qlwBlRTnL32559O0Ykw=
Subject key identifier:   8E:54:B2:46:10:08:9A:4D:9A:87:3B:13:59:E2:B6:99:B0:CE:88:38
Certificate issuer:       /CN=923a2b3dd7667275f09886df7da079f755ceed59
Certificate serial:       018CCA2A3E45C957D02860F781DDA3CB70DE
Authority key identifier: 92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/jlSyRhAImk2ahzsTWeK2mbDOiDg.roa
Signing time:             Tue 02 Jan 2024 12:33:35 +0000
ROA not before:           Tue 02 Jan 2024 12:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        185.77.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3e:45:c9:57:d0:28:60:f7:81:dd:a3:cb:70:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=923a2b3dd7667275f09886df7da079f755ceed59
        Validity
            Not Before: Jan  2 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e54b24610089a4d9a873b1359e2b699b0ce8838
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:54:20:75:a9:85:5d:5e:9c:90:5b:e7:8d:9c:
                    dc:96:09:de:4a:f9:04:1c:06:39:89:32:3b:05:e5:
                    4a:71:aa:18:ec:a0:25:ee:84:b6:e6:78:f6:29:68:
                    57:41:28:8d:0d:92:79:b7:be:a5:a1:09:c5:4a:8e:
                    b1:8c:dd:89:ab:23:c7:92:65:b9:02:12:51:e4:bc:
                    3c:43:98:42:3d:04:9b:c4:7d:77:50:21:03:c7:bd:
                    19:c6:ab:b2:a1:6c:58:7c:25:6b:b6:2e:11:f9:6a:
                    eb:9c:5e:32:44:23:e1:b8:d0:86:f3:2b:aa:29:bb:
                    de:2a:b3:32:40:2d:f2:2e:e6:be:36:85:21:97:59:
                    d6:94:fe:28:f4:16:9c:b3:0c:b6:8c:71:d4:5e:a4:
                    49:11:00:b3:d3:4a:00:93:45:cc:54:1f:ea:f8:a5:
                    f5:4a:07:04:46:61:d0:91:af:09:c7:29:f1:8b:5c:
                    71:65:66:7f:e5:2d:3a:ab:9f:6a:c3:ce:7d:56:c3:
                    e1:3e:c5:b3:38:63:10:d4:3e:f5:91:01:35:96:21:
                    20:ad:a6:3c:2c:c8:08:da:a9:1f:d7:70:ad:66:f1:
                    e3:c2:e4:31:1d:ff:97:6e:98:db:b6:b9:7b:8e:c8:
                    38:7e:9c:0c:7d:e0:30:ec:f1:4a:52:9b:49:25:51:
                    31:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:54:B2:46:10:08:9A:4D:9A:87:3B:13:59:E2:B6:99:B0:CE:88:38
            X509v3 Authority Key Identifier:
                keyid:92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/jlSyRhAImk2ahzsTWeK2mbDOiDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:6a:94:bd:c5:0d:35:9a:c6:02:1e:80:11:aa:f3:01:78:8c:
         eb:01:af:e7:b0:49:37:ee:f1:1c:e4:2c:dc:8c:a8:d8:33:36:
         36:45:79:1b:fd:f8:0b:80:5b:69:24:1d:7e:04:f5:ea:16:ed:
         6a:45:b5:8b:b8:4d:66:95:c7:68:0d:aa:94:09:d7:46:98:9d:
         fa:78:d0:f1:a1:93:67:af:8d:cb:b1:45:b9:a6:e6:be:50:78:
         33:c7:6d:9f:32:9f:ee:7c:47:83:d3:66:d4:c7:4d:33:b0:7a:
         1b:f1:c1:bd:53:78:56:64:e3:a7:dc:4c:e3:86:ba:b7:f4:a9:
         b5:0e:23:69:a0:fb:c5:80:28:97:33:66:20:24:d7:ed:6c:14:
         81:70:14:dc:e5:b2:81:3e:95:56:5e:c5:bd:22:d2:c7:1e:30:
         11:bc:c6:ef:4b:86:5c:8a:21:b7:5c:b0:51:b4:c9:15:18:f0:
         29:44:f4:da:c4:05:3d:d4:dc:5a:44:b1:85:44:32:cd:63:00:
         a7:89:2a:99:a8:13:ee:26:30:26:70:8f:5f:7b:a7:dc:2f:b8:
         a6:0c:49:1a:1a:fe:fd:39:c5:de:ac:37:7b:6f:ca:06:cf:2a:
         30:06:bd:ed:70:07:ea:e1:16:69:b5:cd:62:23:42:93:75:8a:
         73:01:85:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKj5FyVfQKGD3gd2jy3DeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyM2EyYjNkZDc2NjcyNzVmMDk4ODZkZjdkYTA3OWY3NTVj
ZWVkNTkwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTU0YjI0NjEwMDg5YTRkOWE4NzNiMTM1OWUyYjY5OWIwY2U4ODM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVQgdamFXV6ckFvnjZzclgneSvkE
HAY5iTI7BeVKcaoY7KAl7oS25nj2KWhXQSiNDZJ5t76loQnFSo6xjN2JqyPHkmW5
AhJR5Lw8Q5hCPQSbxH13UCEDx70ZxquyoWxYfCVrti4R+WrrnF4yRCPhuNCG8yuq
KbveKrMyQC3yLua+NoUhl1nWlP4o9Bacswy2jHHUXqRJEQCz00oAk0XMVB/q+KX1
SgcERmHQka8Jxynxi1xxZWZ/5S06q59qw859VsPhPsWzOGMQ1D71kQE1liEgraY8
LMgI2qkf13CtZvHjwuQxHf+Xbpjbtrl7jsg4fpwMfeAw7PFKUptJJVEx3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5UskYQCJpNmoc7E1nitpmwzog4MB8GA1UdIwQY
MBaAFJI6Kz3XZnJ18JiG332gefdVzu1ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjkt
MjczOGJjYjQzZDZkLzEvamxTeVJoQUltazJhaHpzVFdlSzJtYkRPaURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjktMjczOGJjYjQzZDZk
LzEva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU0AMA0G
CSqGSIb3DQEBCwUAA4IBAQBXapS9xQ01msYCHoARqvMBeIzrAa/nsEk37vEc5Czc
jKjYMzY2RXkb/fgLgFtpJB1+BPXqFu1qRbWLuE1mlcdoDaqUCddGmJ36eNDxoZNn
r43LsUW5pua+UHgzx22fMp/ufEeD02bUx00zsHob8cG9U3hWZOOn3Ezjhrq39Km1
DiNpoPvFgCiXM2YgJNftbBSBcBTc5bKBPpVWXsW9ItLHHjARvMbvS4ZciiG3XLBR
tMkVGPApRPTaxAU91NxaRLGFRDLNYwCniSqZqBPuJjAmcI9fe6fcL7imDEkaGv79
OcXerDd7b8oGzyowBr3tcAfq4RZptc1iI0KTdYpzAYUV
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:18:34 2024 by rpki-client on console-fra.rpki-client.org