Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/jKCpd047w1lM3s94zFFZRK-0RQU.roa
File:                     jKCpd047w1lM3s94zFFZRK-0RQU.roa (raw, json)
Hash identifier:          Ns47IBkAW4gtifMLRt255ammlTRdSm2nlb/8qWxwI7Y=
Subject key identifier:   8C:A0:A9:77:4E:3B:C3:59:4C:DE:CF:78:CC:51:59:44:AF:B4:45:05
Certificate issuer:       /CN=ff1f615b91839f51ed3a5b53753b27b02c76da95
Certificate serial:       018FFA073688CE5B2B48F83FAAA0C8FA96C7
Authority key identifier: FF:1F:61:5B:91:83:9F:51:ED:3A:5B:53:75:3B:27:B0:2C:76:DA:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_x9hW5GDn1HtOltTdTsnsCx22pU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/jKCpd047w1lM3s94zFFZRK-0RQU.roa
Signing time:             Sat 08 Jun 2024 22:45:27 +0000
ROA not before:           Sat 08 Jun 2024 22:45:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215098
IP address blocks:        185.220.194.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/_x9hW5GDn1HtOltTdTsnsCx22pU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/_x9hW5GDn1HtOltTdTsnsCx22pU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_x9hW5GDn1HtOltTdTsnsCx22pU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fa:07:36:88:ce:5b:2b:48:f8:3f:aa:a0:c8:fa:96:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff1f615b91839f51ed3a5b53753b27b02c76da95
        Validity
            Not Before: Jun  8 22:45:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ca0a9774e3bc3594cdecf78cc515944afb44505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0f:0b:eb:6c:21:f0:7e:50:9f:b2:48:67:15:
                    b8:2c:2a:45:42:79:b9:29:07:e5:02:31:23:41:b9:
                    4d:eb:92:13:72:78:6b:a3:db:97:e9:bd:01:38:68:
                    5f:9b:76:16:81:c9:90:86:46:19:14:00:6a:f3:4f:
                    9c:58:ac:a1:03:82:41:78:28:fb:fa:71:a4:f4:c1:
                    7e:b8:f9:a2:1d:fa:de:17:01:19:01:a2:d6:d7:ea:
                    85:ca:16:6e:39:2e:8b:df:8a:5f:f8:5d:64:40:2b:
                    f4:0e:1a:de:1b:c8:9b:d0:3e:2f:41:01:4f:72:40:
                    bc:a1:bd:6a:23:fe:60:29:8f:1e:94:9a:bc:d6:a3:
                    a3:66:ce:60:82:18:9d:6b:88:58:f3:a9:23:8b:a3:
                    30:00:cf:ef:95:80:e9:15:08:27:81:e6:51:f8:95:
                    35:5d:6d:96:c5:80:f6:2a:c8:1a:dc:f7:e1:ac:89:
                    d1:4e:6e:a4:08:22:78:c3:72:c5:fb:28:dc:a8:ce:
                    2a:cd:ab:8d:1d:a6:46:ca:f9:10:e1:c8:55:89:a7:
                    01:39:0b:dd:d0:45:e0:4c:d4:eb:e6:bb:33:22:74:
                    dc:15:19:5e:32:af:50:5a:16:b7:c4:cc:86:85:99:
                    50:d2:3b:a0:83:a4:c2:7c:19:69:ee:e8:b5:e3:11:
                    b2:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A0:A9:77:4E:3B:C3:59:4C:DE:CF:78:CC:51:59:44:AF:B4:45:05
            X509v3 Authority Key Identifier:
                keyid:FF:1F:61:5B:91:83:9F:51:ED:3A:5B:53:75:3B:27:B0:2C:76:DA:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_x9hW5GDn1HtOltTdTsnsCx22pU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/jKCpd047w1lM3s94zFFZRK-0RQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/b416a5-ee4f-4cc7-b0c4-7475f70df9fa/1/_x9hW5GDn1HtOltTdTsnsCx22pU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:4b:e0:df:98:c0:8d:3d:af:a4:db:2c:7f:d6:a1:5b:33:3f:
         ec:80:d8:71:2e:a0:29:d4:7a:90:18:59:78:48:88:b1:f4:35:
         93:c0:22:09:10:6c:74:a7:57:73:af:f6:bf:89:1e:79:44:a5:
         c9:a3:7c:3f:cc:65:80:01:ce:b7:29:eb:b5:37:39:88:f9:e0:
         ed:2c:99:a6:a5:69:10:13:0f:62:f7:b3:35:30:d1:a3:26:7d:
         ff:38:4c:6d:0f:99:46:90:3e:46:1f:0b:20:39:eb:73:a1:b1:
         37:14:0b:10:9f:56:8b:48:03:13:2f:ef:d4:92:3a:29:11:d8:
         c5:30:7a:2f:70:7d:15:7d:f9:65:1e:0b:02:5f:76:1f:20:be:
         2b:b0:64:f2:e3:aa:af:c5:86:47:f3:8c:87:6a:2b:03:a2:c4:
         96:8b:d4:7a:37:a6:8f:55:4e:15:94:e3:38:22:bb:d2:66:95:
         e8:98:5a:66:18:df:47:8d:1b:72:72:49:e1:76:b7:1a:62:c2:
         d2:d5:3e:43:16:c3:0e:41:4c:23:e3:da:9a:16:8e:c5:85:38:
         b2:22:6e:f2:ac:de:a4:7f:12:67:24:a4:9e:d8:56:d2:50:d8:
         98:2b:7a:c0:c8:52:2b:77:de:66:a3:22:7a:f9:40:96:6d:ca:
         33:97:f2:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/6BzaIzlsrSPg/qqDI+pbHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMWY2MTViOTE4MzlmNTFlZDNhNWI1Mzc1M2IyN2IwMmM3
NmRhOTUwHhcNMjQwNjA4MjI0NTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2EwYTk3NzRlM2JjMzU5NGNkZWNmNzhjYzUxNTk0NGFmYjQ0NTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg8L62wh8H5Qn7JIZxW4LCpFQnm5
KQflAjEjQblN65ITcnhro9uX6b0BOGhfm3YWgcmQhkYZFABq80+cWKyhA4JBeCj7
+nGk9MF+uPmiHfreFwEZAaLW1+qFyhZuOS6L34pf+F1kQCv0DhreG8ib0D4vQQFP
ckC8ob1qI/5gKY8elJq81qOjZs5gghida4hY86kji6MwAM/vlYDpFQgngeZR+JU1
XW2WxYD2Ksga3PfhrInRTm6kCCJ4w3LF+yjcqM4qzauNHaZGyvkQ4chViacBOQvd
0EXgTNTr5rszInTcFRleMq9QWha3xMyGhZlQ0jugg6TCfBlp7ui14xGyQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIygqXdOO8NZTN7PeMxRWUSvtEUFMB8GA1UdIwQY
MBaAFP8fYVuRg59R7TpbU3U7J7AsdtqVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3g5aFc1R0RuMUh0T2x0VGRUc25zQ3gyMnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9iNDE2YTUtZWU0Zi00Y2M3LWIwYzQt
NzQ3NWY3MGRmOWZhLzEvaktDcGQwNDd3MWxNM3M5NHpGRlpSSy0wUlFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9iNDE2YTUtZWU0Zi00Y2M3LWIwYzQtNzQ3NWY3MGRmOWZh
LzEvX3g5aFc1R0RuMUh0T2x0VGRUc25zQ3gyMnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudzCMA0G
CSqGSIb3DQEBCwUAA4IBAQBtS+DfmMCNPa+k2yx/1qFbMz/sgNhxLqAp1HqQGFl4
SIix9DWTwCIJEGx0p1dzr/a/iR55RKXJo3w/zGWAAc63Keu1NzmI+eDtLJmmpWkQ
Ew9i97M1MNGjJn3/OExtD5lGkD5GHwsgOetzobE3FAsQn1aLSAMTL+/UkjopEdjF
MHovcH0VffllHgsCX3YfIL4rsGTy46qvxYZH84yHaisDosSWi9R6N6aPVU4VlOM4
IrvSZpXomFpmGN9HjRtycknhdrcaYsLS1T5DFsMOQUwj49qaFo7FhTiyIm7yrN6k
fxJnJKSe2FbSUNiYK3rAyFIrd95moyJ6+UCWbcozl/L8
-----END CERTIFICATE-----
Generated at Tue Nov 26 09:14:28 2024 by rpki-client on console-fra.rpki-client.org