Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/0feb89-7d8c-4300-99b5-06247a978d69/1/gkCkfK6aeVwy8ObLjnY5oMIOPm4.roa
File:                     gkCkfK6aeVwy8ObLjnY5oMIOPm4.roa (raw, json)
Hash identifier:          O3CYbaVmYYHDKRh7fqlC6/QADvljnto2um6DLzGJ8OU=
Subject key identifier:   82:40:A4:7C:AE:9A:79:5C:32:F0:E6:CB:8E:76:39:A0:C2:0E:3E:6E
Certificate issuer:       /CN=cc9c41a123764cf7dc0f2db9841f732a3b961343
Certificate serial:       018CC725713DA8576553994E40FD3CCA6CFC
Authority key identifier: CC:9C:41:A1:23:76:4C:F7:DC:0F:2D:B9:84:1F:73:2A:3B:96:13:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zJxBoSN2TPfcDy25hB9zKjuWE0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/0feb89-7d8c-4300-99b5-06247a978d69/1/gkCkfK6aeVwy8ObLjnY5oMIOPm4.roa
Signing time:             Mon 01 Jan 2024 22:29:28 +0000
ROA not before:           Mon 01 Jan 2024 22:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201246
IP address blocks:        103.58.8.0/22 maxlen: 24
                          188.114.120.0/24 maxlen: 24
                          188.114.121.0/24 maxlen: 24
                          185.80.19.0/24 maxlen: 24
                          2a05:7980::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/0feb89-7d8c-4300-99b5-06247a978d69/1/zJxBoSN2TPfcDy25hB9zKjuWE0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/0feb89-7d8c-4300-99b5-06247a978d69/1/zJxBoSN2TPfcDy25hB9zKjuWE0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zJxBoSN2TPfcDy25hB9zKjuWE0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:71:3d:a8:57:65:53:99:4e:40:fd:3c:ca:6c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc9c41a123764cf7dc0f2db9841f732a3b961343
        Validity
            Not Before: Jan  1 22:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8240a47cae9a795c32f0e6cb8e7639a0c20e3e6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:61:e5:87:3e:c4:b4:52:3f:df:52:fc:19:f9:
                    b2:40:d1:79:af:5b:68:65:9d:51:aa:27:69:08:42:
                    18:cc:fc:fa:24:b9:97:44:76:cf:86:99:98:e1:8d:
                    d1:a2:ba:34:b1:8e:77:6d:3b:d9:88:89:c9:35:3a:
                    71:6f:56:1b:ec:06:e7:70:aa:fc:9a:23:c4:ea:6e:
                    7a:0b:1e:18:01:e9:4e:f5:b1:e7:3e:b9:a6:12:01:
                    8c:9e:da:bd:eb:38:4b:f1:e0:0f:a7:54:6f:10:01:
                    64:f1:b4:86:76:45:90:85:49:33:f5:5d:7f:9c:02:
                    2c:83:0b:02:53:4b:8f:72:03:cf:74:86:13:93:0a:
                    51:38:6a:41:1c:b3:0c:13:cf:d0:80:21:e4:7b:81:
                    33:07:f3:e7:96:ba:cf:dc:7d:3d:a0:b2:75:c8:9c:
                    ed:45:15:55:01:50:a7:1e:7f:00:de:8d:87:c8:14:
                    89:08:be:a7:b9:2c:36:b9:07:40:57:7b:ad:7f:fa:
                    18:12:7a:04:e6:20:0e:0a:c2:57:d9:77:84:bb:69:
                    58:e0:5c:18:ae:c2:68:30:03:80:47:4f:54:a6:7f:
                    66:c3:c9:f6:8d:fc:2c:c2:97:7a:b3:3d:5e:a6:05:
                    9b:f9:2b:57:1c:94:19:61:a6:3e:af:af:78:6b:dd:
                    28:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:40:A4:7C:AE:9A:79:5C:32:F0:E6:CB:8E:76:39:A0:C2:0E:3E:6E
            X509v3 Authority Key Identifier:
                keyid:CC:9C:41:A1:23:76:4C:F7:DC:0F:2D:B9:84:1F:73:2A:3B:96:13:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zJxBoSN2TPfcDy25hB9zKjuWE0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/0feb89-7d8c-4300-99b5-06247a978d69/1/gkCkfK6aeVwy8ObLjnY5oMIOPm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/0feb89-7d8c-4300-99b5-06247a978d69/1/zJxBoSN2TPfcDy25hB9zKjuWE0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.58.8.0/22
                  185.80.19.0/24
                  188.114.120.0/23
                IPv6:
                  2a05:7980::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:36:ea:b7:c3:fb:39:4f:90:fb:c2:8b:46:21:90:e5:eb:
         28:a9:36:15:cb:66:da:ea:51:c5:49:e9:a2:b2:f7:d6:50:15:
         42:c6:14:f1:59:11:95:9e:f4:5e:77:6f:2d:6e:f8:56:6e:9f:
         ac:f7:5b:46:52:5d:eb:69:52:fc:bf:a4:bb:a9:e2:eb:57:95:
         96:a9:03:57:09:18:3e:48:ba:71:c4:6c:dc:42:c1:2b:38:50:
         3a:67:24:f2:77:67:2e:e7:7d:7a:a2:2a:2d:f0:4e:1b:4b:bb:
         2d:f9:ad:33:e4:f8:7f:de:2f:4b:db:5f:3e:31:7f:da:a2:15:
         46:14:44:d4:40:81:6c:a5:7b:fc:33:db:35:2d:c9:12:fe:01:
         7b:d5:e0:6c:de:74:96:29:6c:2e:ca:1c:6c:c6:3b:fb:aa:4e:
         57:1d:b1:7e:05:14:af:c7:2e:cc:dc:6d:a0:8f:1d:f7:6d:65:
         c5:4e:29:43:c7:64:cf:e3:fb:c9:c4:2c:a2:03:f6:62:8d:c8:
         77:7c:51:eb:3a:46:6c:a4:92:38:b1:bc:d3:94:b0:63:31:33:
         52:ee:e6:1c:24:9e:3e:61:e8:ac:c2:ee:b5:3d:27:fa:f7:71:
         3e:c7:b1:1d:88:38:60:0e:fb:58:4c:26:51:00:99:09:c5:a5:
         d0:3d:8c:ef
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzHJXE9qFdlU5lOQP08ymz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjOWM0MWExMjM3NjRjZjdkYzBmMmRiOTg0MWY3MzJhM2I5
NjEzNDMwHhcNMjQwMTAxMjIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjQwYTQ3Y2FlOWE3OTVjMzJmMGU2Y2I4ZTc2MzlhMGMyMGUzZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWHlhz7EtFI/31L8GfmyQNF5r1to
ZZ1RqidpCEIYzPz6JLmXRHbPhpmY4Y3Roro0sY53bTvZiInJNTpxb1Yb7AbncKr8
miPE6m56Cx4YAelO9bHnPrmmEgGMntq96zhL8eAPp1RvEAFk8bSGdkWQhUkz9V1/
nAIsgwsCU0uPcgPPdIYTkwpROGpBHLMME8/QgCHke4EzB/PnlrrP3H09oLJ1yJzt
RRVVAVCnHn8A3o2HyBSJCL6nuSw2uQdAV3utf/oYEnoE5iAOCsJX2XeEu2lY4FwY
rsJoMAOAR09Upn9mw8n2jfwswpd6sz1epgWb+StXHJQZYaY+r694a90oSQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIJApHyumnlcMvDmy452OaDCDj5uMB8GA1UdIwQY
MBaAFMycQaEjdkz33A8tuYQfcyo7lhNDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekp4Qm9TTjJUUGZjRHkyNWhCOXpLanVXRTBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8wZmViODktN2Q4Yy00MzAwLTk5YjUt
MDYyNDdhOTc4ZDY5LzEvZ2tDa2ZLNmFlVnd5OE9iTGpuWTVvTUlPUG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8wZmViODktN2Q4Yy00MzAwLTk5YjUtMDYyNDdhOTc4ZDY5
LzEvekp4Qm9TTjJUUGZjRHkyNWhCOXpLanVXRTBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCZzoIAwQA
uVATAwQBvHJ4MA0EAgACMAcDBQMqBXmAMA0GCSqGSIb3DQEBCwUAA4IBAQBugzbq
t8P7OU+Q+8KLRiGQ5esoqTYVy2ba6lHFSemisvfWUBVCxhTxWRGVnvRed28tbvhW
bp+s91tGUl3raVL8v6S7qeLrV5WWqQNXCRg+SLpxxGzcQsErOFA6ZyTyd2cu5316
oiot8E4bS7st+a0z5Ph/3i9L218+MX/aohVGFETUQIFspXv8M9s1LckS/gF71eBs
3nSWKWwuyhxsxjv7qk5XHbF+BRSvxy7M3G2gjx33bWXFTilDx2TP4/vJxCyiA/Zi
jch3fFHrOkZspJI4sbzTlLBjMTNS7uYcJJ4+Yeiswu61PSf693E+x7EdiDhgDvtY
TCZRAJkJxaXQPYzv
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:17:28 2024 by rpki-client on console-ams.rpki-client.org