Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/jYC1cEjsNrWxnCjnmpoeUH7gy4o.roa
File:                     jYC1cEjsNrWxnCjnmpoeUH7gy4o.roa (raw, json)
Hash identifier:          T+bfdfsDgd2OaWn7+JUKu/rBokQChVrK7TQPydNLPlQ=
Subject key identifier:   8D:80:B5:70:48:EC:36:B5:B1:9C:28:E7:9A:9A:1E:50:7E:E0:CB:8A
Certificate issuer:       /CN=d0bd4ca7f331aa2ad91240a6583a176c005e8a63
Certificate serial:       018CC26D437A8CE124721D580AD1249A14E4
Authority key identifier: D0:BD:4C:A7:F3:31:AA:2A:D9:12:40:A6:58:3A:17:6C:00:5E:8A:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0L1Mp_MxqirZEkCmWDoXbABeimM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/jYC1cEjsNrWxnCjnmpoeUH7gy4o.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44407
IP address blocks:        185.181.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/0L1Mp_MxqirZEkCmWDoXbABeimM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/0L1Mp_MxqirZEkCmWDoXbABeimM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0L1Mp_MxqirZEkCmWDoXbABeimM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:43:7a:8c:e1:24:72:1d:58:0a:d1:24:9a:14:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0bd4ca7f331aa2ad91240a6583a176c005e8a63
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d80b57048ec36b5b19c28e79a9a1e507ee0cb8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:e7:ac:ed:6b:34:e2:f8:3b:6f:2a:30:c1:4c:
                    43:19:16:cd:c8:7e:f4:86:66:0c:87:00:d6:21:d3:
                    c0:b6:37:0a:14:64:4c:5c:ee:d3:2c:65:0a:ca:24:
                    38:57:9d:84:b1:e0:51:77:33:ef:81:12:56:5f:88:
                    e2:ea:29:8f:03:0a:09:0d:7e:76:c3:9a:a0:d2:ab:
                    a9:6d:74:42:4a:dd:26:cc:a2:f9:e3:ac:b9:bf:2d:
                    24:ce:64:57:0f:e6:fd:a0:92:c0:6f:e7:f3:81:76:
                    25:02:75:3d:f2:7e:b0:73:e0:2f:be:2e:35:51:ff:
                    26:00:f7:66:77:c6:2d:2d:e7:11:a2:e8:3f:36:11:
                    67:2f:96:6d:99:87:0a:2d:01:81:5e:c0:9c:76:c5:
                    f6:ab:7f:82:42:10:47:da:3d:1d:6b:79:8a:1a:f6:
                    5e:24:06:5c:4d:3e:f2:a5:ed:e9:ca:71:24:36:af:
                    8a:49:6b:f6:6a:7b:5e:a6:a7:c3:00:ab:16:24:ea:
                    02:56:49:aa:4d:8b:49:31:4a:9c:7f:e5:86:e5:12:
                    79:64:f2:18:40:40:be:9e:47:10:37:04:c3:cf:1b:
                    ae:b9:c1:fa:bc:23:f6:3a:f0:48:cd:e2:f5:0d:8c:
                    83:7e:f3:fa:2f:d0:95:dc:11:0b:f6:55:76:c1:77:
                    18:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:80:B5:70:48:EC:36:B5:B1:9C:28:E7:9A:9A:1E:50:7E:E0:CB:8A
            X509v3 Authority Key Identifier:
                keyid:D0:BD:4C:A7:F3:31:AA:2A:D9:12:40:A6:58:3A:17:6C:00:5E:8A:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0L1Mp_MxqirZEkCmWDoXbABeimM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/jYC1cEjsNrWxnCjnmpoeUH7gy4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/0L1Mp_MxqirZEkCmWDoXbABeimM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:8e:a1:a6:c7:8d:a8:97:bc:51:13:65:e5:ac:b2:31:de:4a:
         12:bb:ea:75:63:2b:99:6b:88:fd:b3:32:4d:81:1a:a1:5b:c2:
         3d:58:6a:7a:0d:21:47:cd:51:3d:fd:09:34:ed:8e:88:2b:f5:
         08:10:3b:8f:a5:d8:62:da:6b:95:b5:a5:85:d3:38:41:83:64:
         f0:86:38:0d:3f:93:a4:33:a5:82:c2:d8:80:cd:0c:31:da:e8:
         bd:52:4f:3c:2b:c9:f3:ea:10:77:56:f3:fc:50:9c:5a:6b:b0:
         de:00:c7:fe:db:9c:3c:71:14:06:6e:b0:41:ab:cd:21:fd:fe:
         43:23:85:58:13:02:dd:07:b7:1a:8e:48:6f:37:fa:2d:df:10:
         9e:e6:9d:6a:94:73:c0:60:54:b4:55:8b:dd:6c:81:4f:53:8a:
         47:ce:cc:3c:e5:38:eb:85:d0:bb:90:96:19:07:45:c2:4a:c4:
         ce:59:4c:b2:6d:00:8f:07:a8:1b:6f:74:a7:85:3a:48:47:d3:
         4d:82:69:09:61:d4:86:97:1b:94:a4:d2:84:5e:69:80:11:90:
         60:28:26:f1:08:21:79:97:e5:87:d9:3d:62:44:7e:62:91:17:
         13:2f:13:92:0e:60:18:89:db:b2:12:b8:13:ed:1e:ee:a1:4d:
         cb:7c:56:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUN6jOEkch1YCtEkmhTkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYmQ0Y2E3ZjMzMWFhMmFkOTEyNDBhNjU4M2ExNzZjMDA1
ZThhNjMwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDgwYjU3MDQ4ZWMzNmI1YjE5YzI4ZTc5YTlhMWU1MDdlZTBjYjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Oes7Ws04vg7byowwUxDGRbNyH70
hmYMhwDWIdPAtjcKFGRMXO7TLGUKyiQ4V52EseBRdzPvgRJWX4ji6imPAwoJDX52
w5qg0qupbXRCSt0mzKL546y5vy0kzmRXD+b9oJLAb+fzgXYlAnU98n6wc+Avvi41
Uf8mAPdmd8YtLecRoug/NhFnL5ZtmYcKLQGBXsCcdsX2q3+CQhBH2j0da3mKGvZe
JAZcTT7ype3pynEkNq+KSWv2antepqfDAKsWJOoCVkmqTYtJMUqcf+WG5RJ5ZPIY
QEC+nkcQNwTDzxuuucH6vCP2OvBIzeL1DYyDfvP6L9CV3BEL9lV2wXcYVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2AtXBI7Da1sZwo55qaHlB+4MuKMB8GA1UdIwQY
MBaAFNC9TKfzMaoq2RJAplg6F2wAXopjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEwxTXBfTXhxaXJaRWtDbVdEb1hiQUJlaW1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8xZDk0NDAtY2VlOC00MzgzLWIwYTAt
ZTBiNWE5MmRmOTQwLzEvallDMWNFanNOcld4bkNqbm1wb2VVSDdneTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8xZDk0NDAtY2VlOC00MzgzLWIwYTAtZTBiNWE5MmRmOTQw
LzEvMEwxTXBfTXhxaXJaRWtDbVdEb1hiQUJlaW1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubWcMA0G
CSqGSIb3DQEBCwUAA4IBAQAUjqGmx42ol7xRE2XlrLIx3koSu+p1YyuZa4j9szJN
gRqhW8I9WGp6DSFHzVE9/Qk07Y6IK/UIEDuPpdhi2muVtaWF0zhBg2TwhjgNP5Ok
M6WCwtiAzQwx2ui9Uk88K8nz6hB3VvP8UJxaa7DeAMf+25w8cRQGbrBBq80h/f5D
I4VYEwLdB7cajkhvN/ot3xCe5p1qlHPAYFS0VYvdbIFPU4pHzsw85TjrhdC7kJYZ
B0XCSsTOWUyybQCPB6gbb3SnhTpIR9NNgmkJYdSGlxuUpNKEXmmAEZBgKCbxCCF5
l+WH2T1iRH5ikRcTLxOSDmAYiduyErgT7R7uoU3LfFZf
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:13:26 2024 by rpki-client on console-ams.rpki-client.org