Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/_J4DnC5fm3UqQ9z1KSUUtH0EMcs.roa
File:                     _J4DnC5fm3UqQ9z1KSUUtH0EMcs.roa (raw, json)
Hash identifier:          ZV/xRLQYf9YtKvTysWyT36z3hOYMJJmuWH5tL6+IjnA=
Subject key identifier:   FC:9E:03:9C:2E:5F:9B:75:2A:43:DC:F5:29:25:14:B4:7D:04:31:CB
Certificate issuer:       /CN=d34271d123c60ecd7ac5288c72e60e41b5791f9f
Certificate serial:       018CC3B68ACF60968A7FCA6ADD58ADFB1440
Authority key identifier: D3:42:71:D1:23:C6:0E:CD:7A:C5:28:8C:72:E6:0E:41:B5:79:1F:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/00Jx0SPGDs16xSiMcuYOQbV5H58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/_J4DnC5fm3UqQ9z1KSUUtH0EMcs.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48095
IP address blocks:        185.222.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/00Jx0SPGDs16xSiMcuYOQbV5H58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/00Jx0SPGDs16xSiMcuYOQbV5H58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/00Jx0SPGDs16xSiMcuYOQbV5H58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8a:cf:60:96:8a:7f:ca:6a:dd:58:ad:fb:14:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d34271d123c60ecd7ac5288c72e60e41b5791f9f
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc9e039c2e5f9b752a43dcf5292514b47d0431cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:51:0e:a8:0e:51:24:7c:a4:34:b4:56:a2:7f:
                    b2:d7:37:c6:91:38:c1:1d:0d:72:3f:bd:61:c4:9a:
                    32:7b:d5:52:6f:67:83:9a:52:d8:da:f4:39:75:03:
                    3d:12:4d:01:9f:ac:d2:65:45:41:a4:e3:3e:d0:18:
                    a1:4c:c8:cd:52:cd:50:81:f5:40:26:8b:d9:dc:63:
                    65:3b:d5:9d:17:f0:fe:d3:8b:8d:9a:9b:a2:fa:29:
                    e0:4a:5d:7a:ea:6c:21:35:c4:d7:3a:b0:f2:c6:20:
                    02:b1:da:bb:e6:8a:4f:22:30:54:61:44:49:0b:f7:
                    a1:d8:df:36:d8:aa:25:06:56:8d:a7:a5:8c:6c:12:
                    7a:de:87:5d:17:e0:74:90:6c:64:68:f0:64:94:ae:
                    e2:60:f9:5f:8e:65:92:46:a8:66:8c:0a:3f:15:00:
                    74:53:e9:be:66:67:69:44:bf:c0:ef:9a:06:e3:8d:
                    42:94:16:34:00:5a:60:b9:93:27:d9:48:12:28:53:
                    cb:bd:7d:d2:a1:8d:bb:54:53:36:d7:31:e2:53:ca:
                    ea:24:2d:5f:5e:ef:79:cd:31:22:f8:ea:27:83:d4:
                    c3:f6:bf:7b:98:20:64:46:9d:3f:6e:9d:12:3b:5d:
                    9e:87:c6:e0:bb:3a:01:92:2a:11:af:97:dd:2a:e9:
                    2e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:9E:03:9C:2E:5F:9B:75:2A:43:DC:F5:29:25:14:B4:7D:04:31:CB
            X509v3 Authority Key Identifier:
                keyid:D3:42:71:D1:23:C6:0E:CD:7A:C5:28:8C:72:E6:0E:41:B5:79:1F:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/00Jx0SPGDs16xSiMcuYOQbV5H58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/_J4DnC5fm3UqQ9z1KSUUtH0EMcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6ecfdf-a94d-4ff0-8800-198c7872df4f/1/00Jx0SPGDs16xSiMcuYOQbV5H58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:4e:85:35:44:fb:eb:3a:13:28:3f:97:ee:69:dc:46:7c:3b:
         7a:9c:1e:be:5c:dd:13:4a:f2:a2:92:c9:49:f4:6e:d9:c5:51:
         ff:20:3a:74:91:82:3b:62:9e:c4:1f:80:74:50:f2:84:bf:7b:
         b7:1b:6f:71:e3:f8:11:70:b4:7e:35:40:3e:45:4d:76:c3:2f:
         04:fb:4b:07:b6:63:5e:0a:a2:a4:a6:82:46:9a:24:68:42:d0:
         d9:8f:51:55:0e:53:e6:b7:e5:90:a2:3e:9c:0f:33:65:ed:27:
         15:d9:b7:03:00:1b:b8:b8:41:fd:5b:73:03:3a:58:f5:4d:9c:
         67:69:d5:c6:c3:0d:8f:6c:22:70:3e:6c:08:8e:0c:b2:ea:41:
         9f:64:15:2b:7f:90:f1:2c:26:73:24:71:66:c0:e4:39:b5:14:
         ff:d8:e7:06:b2:f5:fc:ba:ce:86:38:98:93:c6:a3:dc:c5:5a:
         65:77:ba:f7:7b:8d:5f:8c:7a:5c:c7:5f:7f:e0:93:0d:32:0e:
         81:15:a1:23:8c:fd:6b:f7:d7:6e:22:49:e8:5e:e0:b8:18:52:
         8e:61:2a:65:9d:52:f0:4b:f3:f4:ab:a6:7b:c6:9a:33:57:dc:
         a0:a1:56:31:56:d0:f0:c3:56:48:05:48:06:c8:ec:bc:f4:c4:
         7a:b6:11:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtorPYJaKf8pq3Vit+xRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNDI3MWQxMjNjNjBlY2Q3YWM1Mjg4YzcyZTYwZTQxYjU3
OTFmOWYwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzllMDM5YzJlNWY5Yjc1MmE0M2RjZjUyOTI1MTRiNDdkMDQzMWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1EOqA5RJHykNLRWon+y1zfGkTjB
HQ1yP71hxJoye9VSb2eDmlLY2vQ5dQM9Ek0Bn6zSZUVBpOM+0BihTMjNUs1QgfVA
JovZ3GNlO9WdF/D+04uNmpui+ingSl166mwhNcTXOrDyxiACsdq75opPIjBUYURJ
C/eh2N822KolBlaNp6WMbBJ63oddF+B0kGxkaPBklK7iYPlfjmWSRqhmjAo/FQB0
U+m+ZmdpRL/A75oG441ClBY0AFpguZMn2UgSKFPLvX3SoY27VFM21zHiU8rqJC1f
Xu95zTEi+Oong9TD9r97mCBkRp0/bp0SO12eh8bguzoBkioRr5fdKukuSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyeA5wuX5t1KkPc9SklFLR9BDHLMB8GA1UdIwQY
MBaAFNNCcdEjxg7NesUojHLmDkG1eR+fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDBKeDBTUEdEczE2eFNpTWN1WU9RYlY1SDU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82ZWNmZGYtYTk0ZC00ZmYwLTg4MDAt
MTk4Yzc4NzJkZjRmLzEvX0o0RG5DNWZtM1VxUTl6MUtTVVV0SDBFTWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82ZWNmZGYtYTk0ZC00ZmYwLTg4MDAtMTk4Yzc4NzJkZjRm
LzEvMDBKeDBTUEdEczE2eFNpTWN1WU9RYlY1SDU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud6sMA0G
CSqGSIb3DQEBCwUAA4IBAQCnToU1RPvrOhMoP5fuadxGfDt6nB6+XN0TSvKikslJ
9G7ZxVH/IDp0kYI7Yp7EH4B0UPKEv3u3G29x4/gRcLR+NUA+RU12wy8E+0sHtmNe
CqKkpoJGmiRoQtDZj1FVDlPmt+WQoj6cDzNl7ScV2bcDABu4uEH9W3MDOlj1TZxn
adXGww2PbCJwPmwIjgyy6kGfZBUrf5DxLCZzJHFmwOQ5tRT/2OcGsvX8us6GOJiT
xqPcxVpld7r3e41fjHpcx19/4JMNMg6BFaEjjP1r99duIknoXuC4GFKOYSplnVLw
S/P0q6Z7xpozV9ygoVYxVtDww1ZIBUgGyOy89MR6thGU
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:31:58 2024 by rpki-client on console-ams.rpki-client.org