Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/kvvKLDOBYQmJCrL-MVNswp6AvVc.roa
File:                     kvvKLDOBYQmJCrL-MVNswp6AvVc.roa (raw, json)
Hash identifier:          7LXTJ3RenJhpLqfikF7CGEeX4DAs/ioFpcDctyXrdgc=
Subject key identifier:   92:FB:CA:2C:33:81:61:09:89:0A:B2:FE:31:53:6C:C2:9E:80:BD:57
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7AE6099AEFDA2667211EF8AA40FAD
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/kvvKLDOBYQmJCrL-MVNswp6AvVc.roa
Signing time:             Mon 01 Jan 2024 20:29:35 +0000
ROA not before:           Mon 01 Jan 2024 20:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41022
IP address blocks:        185.195.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ae:60:99:ae:fd:a2:66:72:11:ef:8a:a4:0f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92fbca2c33816109890ab2fe31536cc29e80bd57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:74:49:f0:e4:e2:06:3c:87:ce:40:18:ae:e5:
                    75:7a:9c:f5:31:e0:87:f4:04:87:a7:97:89:6d:52:
                    a4:93:1c:e0:45:e8:e9:0a:68:6c:c0:d1:ee:2d:4f:
                    ef:ad:80:68:7a:cd:20:a4:71:02:a1:6c:6e:b2:42:
                    f5:42:8a:13:91:f5:2c:1b:5f:dc:6f:8c:9f:ef:c2:
                    f8:46:02:0e:88:87:d7:31:a6:6c:a5:c9:30:7b:40:
                    b1:ed:36:7b:01:97:86:52:a2:27:fa:8a:9d:54:6e:
                    04:37:5e:2b:4e:2a:5d:58:b4:f3:09:d2:db:3d:0b:
                    78:d2:90:b4:c8:63:19:59:e3:eb:71:13:f3:27:d6:
                    ac:45:bc:63:82:5d:03:68:73:1b:29:b1:a6:05:b9:
                    df:9f:cb:c4:0c:12:0d:8c:dd:36:dd:6f:88:cf:01:
                    34:f1:13:d6:4c:88:0c:14:71:13:e5:b2:05:f7:04:
                    d9:71:60:cf:79:f8:bf:4f:fa:f4:54:d9:bd:81:27:
                    a0:87:d0:da:8a:d9:68:23:39:c1:1c:20:de:c0:9d:
                    09:be:8b:c5:bf:22:3a:a3:d6:bc:ee:9d:51:c3:cf:
                    74:7a:5c:ee:b3:d9:e3:51:86:7e:60:24:05:f7:8b:
                    82:f0:f6:ac:7f:9a:c4:df:c8:eb:bb:5a:aa:9d:21:
                    48:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:FB:CA:2C:33:81:61:09:89:0A:B2:FE:31:53:6C:C2:9E:80:BD:57
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/kvvKLDOBYQmJCrL-MVNswp6AvVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:3a:62:8f:93:d1:f3:13:c9:df:93:e3:78:10:2f:cf:88:55:
         14:9d:b7:2b:b5:b9:14:49:c0:1f:e3:22:d1:b9:11:ff:82:ed:
         a5:aa:ea:b7:31:5e:2f:d1:56:c6:82:29:c7:53:18:5c:47:84:
         4a:29:78:ce:d7:8a:ea:14:e2:01:9e:32:dd:70:de:cc:7d:55:
         bf:f7:86:54:67:55:49:71:be:25:e2:b0:38:2a:d5:21:5f:59:
         46:48:24:39:d4:34:57:8c:66:00:d4:5e:5f:4a:45:be:25:25:
         17:78:c5:b6:6a:c3:7a:5b:0f:0f:f1:39:98:89:47:c3:90:2b:
         9e:d1:c2:65:ff:4d:de:66:53:ad:55:83:59:f9:0c:a5:0b:37:
         65:47:eb:6e:4e:72:65:ed:80:e0:1c:b9:c4:b8:a1:af:ef:05:
         83:91:d8:6d:3e:05:49:ff:9a:0a:77:60:97:7e:3a:e3:82:50:
         f3:be:0b:33:f2:98:37:0a:9d:7a:32:51:d6:06:32:b7:82:88:
         8c:f1:63:98:4e:47:7d:76:61:9b:59:27:73:61:bc:57:a0:65:
         cb:d5:1b:a2:8f:bf:24:ec:f7:43:db:17:e9:5d:56:59:a5:90:
         bc:c5:93:ef:d9:44:9c:2c:67:98:d9:e2:e0:a4:c3:7e:33:25:
         c2:dc:a2:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt65gma79omZyEe+KpA+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmZiY2EyYzMzODE2MTA5ODkwYWIyZmUzMTUzNmNjMjllODBiZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHRJ8OTiBjyHzkAYruV1epz1MeCH
9ASHp5eJbVKkkxzgRejpCmhswNHuLU/vrYBoes0gpHECoWxuskL1QooTkfUsG1/c
b4yf78L4RgIOiIfXMaZspckwe0Cx7TZ7AZeGUqIn+oqdVG4EN14rTipdWLTzCdLb
PQt40pC0yGMZWePrcRPzJ9asRbxjgl0DaHMbKbGmBbnfn8vEDBINjN023W+IzwE0
8RPWTIgMFHET5bIF9wTZcWDPefi/T/r0VNm9gSegh9DaitloIznBHCDewJ0JvovF
vyI6o9a87p1Rw890elzus9njUYZ+YCQF94uC8Pasf5rE38jru1qqnSFIqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJL7yiwzgWEJiQqy/jFTbMKegL1XMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEva3Z2S0xET0JZUW1KQ3JMLU1WTnN3cDZBdlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucPxMA0G
CSqGSIb3DQEBCwUAA4IBAQCyOmKPk9HzE8nfk+N4EC/PiFUUnbcrtbkUScAf4yLR
uRH/gu2lquq3MV4v0VbGginHUxhcR4RKKXjO14rqFOIBnjLdcN7MfVW/94ZUZ1VJ
cb4l4rA4KtUhX1lGSCQ51DRXjGYA1F5fSkW+JSUXeMW2asN6Ww8P8TmYiUfDkCue
0cJl/03eZlOtVYNZ+QylCzdlR+tuTnJl7YDgHLnEuKGv7wWDkdhtPgVJ/5oKd2CX
fjrjglDzvgsz8pg3Cp16MlHWBjK3goiM8WOYTkd9dmGbWSdzYbxXoGXL1Ruij78k
7PdD2xfpXVZZpZC8xZPv2UScLGeY2eLgpMN+MyXC3KK0
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:47:27 2024 by rpki-client on console-fra.rpki-client.org