Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/Jabrq9hrAJzjVUbkACteaMvNHjg.roa
File:                     Jabrq9hrAJzjVUbkACteaMvNHjg.roa (raw, json)
Hash identifier:          yRzmXBOSLFJ88Wge2/H1BE0KgpR6yvsJ6fE2M2Zj6T8=
Subject key identifier:   25:A6:EB:AB:D8:6B:00:9C:E3:55:46:E4:00:2B:5E:68:CB:CD:1E:38
Certificate issuer:       /CN=af036816a317dd99d25383a32a681859c047b5ff
Certificate serial:       018CC424C1E524E92D51FB40DB045C3411DF
Authority key identifier: AF:03:68:16:A3:17:DD:99:D2:53:83:A3:2A:68:18:59:C0:47:B5:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/Jabrq9hrAJzjVUbkACteaMvNHjg.roa
Signing time:             Mon 01 Jan 2024 08:29:52 +0000
ROA not before:           Mon 01 Jan 2024 08:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51212
IP address blocks:        194.187.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c1:e5:24:e9:2d:51:fb:40:db:04:5c:34:11:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af036816a317dd99d25383a32a681859c047b5ff
        Validity
            Not Before: Jan  1 08:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25a6ebabd86b009ce35546e4002b5e68cbcd1e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:5e:ef:4c:2d:35:67:f3:c2:c8:18:69:4b:d9:
                    a1:4a:36:96:89:e2:c8:64:13:54:a0:aa:91:79:fc:
                    87:a6:bf:6e:08:7e:19:33:a8:49:1b:66:f4:2b:e3:
                    8d:74:93:34:cc:70:e2:72:d4:ce:cd:33:ae:e0:8a:
                    47:46:c3:6e:1c:c4:e4:c2:66:f2:1e:45:0b:96:db:
                    57:ae:be:26:9a:58:8d:53:df:09:15:92:86:56:b2:
                    5a:68:f6:c2:ec:c7:2f:70:f1:39:07:ca:23:06:25:
                    f6:10:b4:96:86:83:f6:aa:93:a8:c3:26:65:69:3e:
                    ed:a4:b1:30:21:a4:02:52:6a:c1:78:cd:69:15:bd:
                    22:c6:96:df:37:0a:3f:d4:7f:d9:89:48:99:6a:fd:
                    d7:80:e3:f5:71:ad:0e:dd:49:9e:1b:b8:fb:b3:ed:
                    f5:bf:75:e0:92:75:1a:83:51:18:65:41:8b:c4:ff:
                    a5:1f:58:89:8a:97:3a:c4:b2:8e:98:cc:3b:a3:eb:
                    ba:10:10:79:f8:48:5c:48:3c:6a:72:21:6e:f3:c5:
                    39:33:f6:c0:e3:9a:00:6e:df:bf:a3:51:60:20:63:
                    a6:e4:a2:c3:8e:0a:4c:c1:6c:fd:5e:21:65:39:b7:
                    9d:b0:02:a4:73:4a:ae:32:55:b2:67:90:2c:03:ee:
                    36:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:A6:EB:AB:D8:6B:00:9C:E3:55:46:E4:00:2B:5E:68:CB:CD:1E:38
            X509v3 Authority Key Identifier:
                keyid:AF:03:68:16:A3:17:DD:99:D2:53:83:A3:2A:68:18:59:C0:47:B5:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/Jabrq9hrAJzjVUbkACteaMvNHjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/52b199-9e1f-4ec7-b0aa-4a4e0f424f17/1/rwNoFqMX3ZnSU4OjKmgYWcBHtf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:97:36:2d:c8:8e:62:91:8b:50:15:f4:af:52:d7:1b:67:ba:
         72:a4:95:d8:f3:24:98:98:7b:41:38:08:bb:c4:53:50:04:c2:
         a5:c8:1d:7a:70:c9:38:41:15:1c:0f:63:46:5b:de:27:bd:5b:
         9d:d1:ed:c3:b2:3e:e4:86:1e:55:75:95:57:59:78:1a:aa:ef:
         11:0d:18:42:4b:a4:fa:3b:36:40:9c:a2:34:9a:7d:64:7a:e9:
         a3:2c:75:e3:ce:d7:04:a0:f7:2d:fa:86:8f:c3:25:07:22:6e:
         5c:ab:e7:57:c6:13:c5:94:0c:fc:32:5a:c1:5c:72:a7:58:75:
         11:61:66:ec:53:ff:e3:4f:17:5d:65:82:56:98:b2:b9:e0:c6:
         76:b2:2b:ec:e9:5e:ca:a2:5d:35:d2:04:85:8a:b2:f9:4e:b8:
         be:e0:b5:c1:ca:ed:71:b5:8f:fa:7a:f7:44:00:4a:7e:a6:ef:
         dc:06:10:ac:45:de:72:d6:2b:74:96:52:4d:f3:7f:50:30:97:
         1d:e0:b8:a4:72:7e:1b:1a:c7:67:c1:bd:d2:80:d3:f6:de:68:
         2b:98:90:a2:3a:26:10:fd:65:ea:aa:c4:c5:5a:09:e1:f3:29:
         ef:7b:0a:b4:0c:c5:09:7b:91:9b:46:fd:89:27:c3:f9:53:41:
         d5:be:9d:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJMHlJOktUftA2wRcNBHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDM2ODE2YTMxN2RkOTlkMjUzODNhMzJhNjgxODU5YzA0
N2I1ZmYwHhcNMjQwMTAxMDgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWE2ZWJhYmQ4NmIwMDljZTM1NTQ2ZTQwMDJiNWU2OGNiY2QxZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA617vTC01Z/PCyBhpS9mhSjaWieLI
ZBNUoKqRefyHpr9uCH4ZM6hJG2b0K+ONdJM0zHDictTOzTOu4IpHRsNuHMTkwmby
HkULlttXrr4mmliNU98JFZKGVrJaaPbC7McvcPE5B8ojBiX2ELSWhoP2qpOowyZl
aT7tpLEwIaQCUmrBeM1pFb0ixpbfNwo/1H/ZiUiZav3XgOP1ca0O3UmeG7j7s+31
v3XgknUag1EYZUGLxP+lH1iJipc6xLKOmMw7o+u6EBB5+EhcSDxqciFu88U5M/bA
45oAbt+/o1FgIGOm5KLDjgpMwWz9XiFlObedsAKkc0quMlWyZ5AsA+42lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCWm66vYawCc41VG5AArXmjLzR44MB8GA1UdIwQY
MBaAFK8DaBajF92Z0lODoypoGFnAR7X/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndOb0ZxTVgzWm5TVTRPakttZ1lXY0JIdGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81MmIxOTktOWUxZi00ZWM3LWIwYWEt
NGE0ZTBmNDI0ZjE3LzEvSmFicnE5aHJBSnpqVlVia0FDdGVhTXZOSGpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81MmIxOTktOWUxZi00ZWM3LWIwYWEtNGE0ZTBmNDI0ZjE3
LzEvcndOb0ZxTVgzWm5TVTRPakttZ1lXY0JIdGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrs4MA0G
CSqGSIb3DQEBCwUAA4IBAQBflzYtyI5ikYtQFfSvUtcbZ7pypJXY8ySYmHtBOAi7
xFNQBMKlyB16cMk4QRUcD2NGW94nvVud0e3Dsj7khh5VdZVXWXgaqu8RDRhCS6T6
OzZAnKI0mn1keumjLHXjztcEoPct+oaPwyUHIm5cq+dXxhPFlAz8MlrBXHKnWHUR
YWbsU//jTxddZYJWmLK54MZ2sivs6V7Kol010gSFirL5Tri+4LXByu1xtY/6evdE
AEp+pu/cBhCsRd5y1it0llJN839QMJcd4Likcn4bGsdnwb3SgNP23mgrmJCiOiYQ
/WXqqsTFWgnh8ynvewq0DMUJe5GbRv2JJ8P5U0HVvp23
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:48:12 2024 by rpki-client on console-fra.rpki-client.org