Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/9JKisc39V8s6gnv4x5cY5yluNw0.roa
File:                     9JKisc39V8s6gnv4x5cY5yluNw0.roa (raw, json)
Hash identifier:          48VJhaC4iLoE/8OdgxLi6kcHXPVvuXrvr3np4GaFV9Y=
Subject key identifier:   F4:92:A2:B1:CD:FD:57:CB:3A:82:7B:F8:C7:97:18:E7:29:6E:37:0D
Certificate issuer:       /CN=f1f4609d0d053aec0307da44b0e678c388f641a4
Certificate serial:       018F3DF6D0F753DAF8314E86E572348A7FBF
Authority key identifier: F1:F4:60:9D:0D:05:3A:EC:03:07:DA:44:B0:E6:78:C3:88:F6:41:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/9JKisc39V8s6gnv4x5cY5yluNw0.roa
Signing time:             Fri 03 May 2024 10:18:56 +0000
ROA not before:           Fri 03 May 2024 10:18:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214973
IP address blocks:        185.18.221.0/24 maxlen: 24
                          2a13:2c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:f6:d0:f7:53:da:f8:31:4e:86:e5:72:34:8a:7f:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1f4609d0d053aec0307da44b0e678c388f641a4
        Validity
            Not Before: May  3 10:18:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f492a2b1cdfd57cb3a827bf8c79718e7296e370d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:68:79:85:7d:22:d2:0e:91:fd:3a:5c:70:0b:
                    30:b8:20:c9:11:6c:63:25:c2:54:a8:f6:12:f8:b1:
                    ae:ac:b3:c5:ad:dd:31:23:32:64:9b:24:87:8b:9b:
                    c2:00:5f:65:82:89:65:6d:9a:c4:ee:04:98:b2:56:
                    eb:98:96:66:60:21:95:08:8c:b9:a9:5e:3c:1e:02:
                    e1:c7:86:d1:ef:47:84:26:c5:84:1f:73:0c:74:8d:
                    bb:43:20:35:2c:ea:30:c2:e4:be:fc:ae:58:0c:f8:
                    8a:f0:c7:e9:ca:3c:22:0c:f6:c4:96:89:4d:49:b5:
                    34:af:d0:22:d2:2a:da:bb:cf:af:fb:fe:21:9a:2f:
                    5e:f5:f7:b8:4b:84:4e:b1:56:2a:02:e8:61:e8:4a:
                    1f:91:c2:89:22:67:cd:2f:0e:aa:e9:d1:99:85:c6:
                    ba:3d:96:52:53:be:f2:d5:2e:5e:f7:cf:30:0e:29:
                    13:b3:91:46:89:fd:e2:cd:f0:29:5f:86:3f:ae:e8:
                    d1:4f:28:57:d3:da:a7:17:f7:18:d1:52:f7:60:e5:
                    b9:25:87:79:d4:19:91:e7:08:f2:12:a3:bc:16:91:
                    52:fc:24:f5:ae:78:bf:ea:89:ae:15:7a:a5:67:76:
                    8d:a9:fa:fe:4a:2c:5f:90:a5:95:06:20:c8:2c:e6:
                    2c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:92:A2:B1:CD:FD:57:CB:3A:82:7B:F8:C7:97:18:E7:29:6E:37:0D
            X509v3 Authority Key Identifier:
                keyid:F1:F4:60:9D:0D:05:3A:EC:03:07:DA:44:B0:E6:78:C3:88:F6:41:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/9JKisc39V8s6gnv4x5cY5yluNw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/9a18ad-087b-4d12-9f69-8cbf903e91cd/1/8fRgnQ0FOuwDB9pEsOZ4w4j2QaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.221.0/24
                IPv6:
                  2a13:2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:26:8b:86:fe:f7:dd:7e:28:a5:55:bb:9a:fb:d4:26:28:fb:
         fb:f8:1b:e3:07:28:59:9e:12:67:5c:f7:2f:b8:63:3f:83:4c:
         19:cc:48:7c:22:da:bd:77:e9:98:1e:3c:ae:a4:85:12:d5:ca:
         1a:89:56:00:9d:d3:cb:c5:a1:2e:73:69:da:24:67:20:42:18:
         56:85:c7:55:83:79:8e:c6:7c:a1:09:23:70:f5:2e:e8:94:24:
         6d:dd:b7:a3:b4:3b:83:a8:a4:b1:27:55:c8:c5:cd:ca:dc:6c:
         48:aa:ec:8a:4f:c1:1e:42:4c:f0:39:fc:5e:2c:e5:a3:c9:1a:
         f0:02:87:dc:47:a1:6f:1b:4b:79:2d:28:2a:7e:7f:64:fe:84:
         73:8a:d5:73:de:1f:9b:77:ae:01:73:4f:99:73:5d:bd:dd:8d:
         20:b9:4a:92:ca:70:5c:4e:8e:bd:be:d4:17:04:a1:66:67:ca:
         88:11:d2:02:33:ba:fd:16:0e:2c:6b:fd:ad:8b:1c:5a:d7:07:
         4f:34:4f:20:0c:c8:36:5c:f6:49:15:1f:44:4d:05:98:ed:b0:
         55:f2:b9:c5:7c:37:68:87:04:9a:bd:9c:6d:f3:5d:29:ba:24:
         33:ce:d4:bf:e2:04:e0:ef:be:89:23:10:54:aa:64:40:33:ad:
         86:a6:ec:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY899tD3U9r4MU6G5XI0in+/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZjQ2MDlkMGQwNTNhZWMwMzA3ZGE0NGIwZTY3OGMzODhm
NjQxYTQwHhcNMjQwNTAzMTAxODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDkyYTJiMWNkZmQ1N2NiM2E4MjdiZjhjNzk3MThlNzI5NmUzNzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGh5hX0i0g6R/TpccAswuCDJEWxj
JcJUqPYS+LGurLPFrd0xIzJkmySHi5vCAF9lgollbZrE7gSYslbrmJZmYCGVCIy5
qV48HgLhx4bR70eEJsWEH3MMdI27QyA1LOowwuS+/K5YDPiK8MfpyjwiDPbElolN
SbU0r9Ai0irau8+v+/4hmi9e9fe4S4ROsVYqAuhh6EofkcKJImfNLw6q6dGZhca6
PZZSU77y1S5e988wDikTs5FGif3izfApX4Y/rujRTyhX09qnF/cY0VL3YOW5JYd5
1BmR5wjyEqO8FpFS/CT1rni/6omuFXqlZ3aNqfr+SixfkKWVBiDILOYsqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPSSorHN/VfLOoJ7+MeXGOcpbjcNMB8GA1UdIwQY
MBaAFPH0YJ0NBTrsAwfaRLDmeMOI9kGkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGZSZ25RMEZPdXdEQjlwRXNPWjR3NGoyUWFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85YTE4YWQtMDg3Yi00ZDEyLTlmNjkt
OGNiZjkwM2U5MWNkLzEvOUpLaXNjMzlWOHM2Z252NHg1Y1k1eWx1TncwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85YTE4YWQtMDg3Yi00ZDEyLTlmNjktOGNiZjkwM2U5MWNk
LzEvOGZSZ25RMEZPdXdEQjlwRXNPWjR3NGoyUWFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRLdMA0E
AgACMAcDBQMqEwLAMA0GCSqGSIb3DQEBCwUAA4IBAQA+JouG/vfdfiilVbua+9Qm
KPv7+BvjByhZnhJnXPcvuGM/g0wZzEh8Itq9d+mYHjyupIUS1coaiVYAndPLxaEu
c2naJGcgQhhWhcdVg3mOxnyhCSNw9S7olCRt3bejtDuDqKSxJ1XIxc3K3GxIquyK
T8EeQkzwOfxeLOWjyRrwAofcR6FvG0t5LSgqfn9k/oRzitVz3h+bd64Bc0+Zc129
3Y0guUqSynBcTo69vtQXBKFmZ8qIEdICM7r9Fg4sa/2tixxa1wdPNE8gDMg2XPZJ
FR9ETQWY7bBV8rnFfDdohwSavZxt810puiQzztS/4gTg776JIxBUqmRAM62Gpuyg
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:22:33 2024 by rpki-client on console-ams.rpki-client.org