Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/7f0464-226d-4f49-a270-1cd6c871c1e8/1/KJZRzDNaLiKvHDCB8MD5nOMsOwQ.roa
File:                     KJZRzDNaLiKvHDCB8MD5nOMsOwQ.roa (raw, json)
Hash identifier:          M9y6v4QHaBwTFAHkA4LdCiNEMu4XSGm+hiR97uiiVj0=
Subject key identifier:   28:96:51:CC:33:5A:2E:22:AF:1C:30:81:F0:C0:F9:9C:E3:2C:3B:04
Certificate issuer:       /CN=20d2633bffb16da2d75edaf49bc821187cfb88ef
Certificate serial:       018CC56E3E805E041C84253B52DD04126755
Authority key identifier: 20:D2:63:3B:FF:B1:6D:A2:D7:5E:DA:F4:9B:C8:21:18:7C:FB:88:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/INJjO_-xbaLXXtr0m8ghGHz7iO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/7f0464-226d-4f49-a270-1cd6c871c1e8/1/KJZRzDNaLiKvHDCB8MD5nOMsOwQ.roa
Signing time:             Mon 01 Jan 2024 14:29:45 +0000
ROA not before:           Mon 01 Jan 2024 14:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47895
IP address blocks:        185.244.20.0/22 maxlen: 22
                          185.189.100.0/22 maxlen: 22
                          185.34.21.0/24 maxlen: 24
                          185.34.20.0/22 maxlen: 22
                          91.205.131.0/24 maxlen: 24
                          91.205.128.0/22 maxlen: 22
                          78.142.232.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/7f0464-226d-4f49-a270-1cd6c871c1e8/1/INJjO_-xbaLXXtr0m8ghGHz7iO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/7f0464-226d-4f49-a270-1cd6c871c1e8/1/INJjO_-xbaLXXtr0m8ghGHz7iO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/INJjO_-xbaLXXtr0m8ghGHz7iO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3e:80:5e:04:1c:84:25:3b:52:dd:04:12:67:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20d2633bffb16da2d75edaf49bc821187cfb88ef
        Validity
            Not Before: Jan  1 14:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=289651cc335a2e22af1c3081f0c0f99ce32c3b04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a7:bc:5c:6b:45:97:fe:99:20:95:22:d2:f1:
                    28:fe:96:d4:1c:6b:30:cc:8d:35:6c:ad:7a:53:5e:
                    00:fb:dd:dd:ed:70:4a:53:19:fe:8c:a0:1b:69:9c:
                    fb:3e:8d:b8:98:0d:4a:3c:a0:18:55:1f:93:f2:63:
                    1a:e8:7c:5a:3e:39:48:05:81:a5:71:04:f6:54:04:
                    6e:93:80:21:ad:7e:7b:76:c1:41:ad:c7:cc:a5:23:
                    77:7c:94:c3:68:da:ae:51:fc:1b:88:34:0f:95:58:
                    f9:ce:49:36:b0:f9:14:8b:d2:12:0c:c4:01:c1:b4:
                    87:70:d0:aa:96:4f:bc:6a:b4:d3:5f:02:c8:39:6c:
                    ee:cb:65:18:6f:c2:f7:bf:62:bb:cf:2c:f1:84:bf:
                    16:8b:13:ea:bc:af:82:81:61:0b:03:f1:3e:fe:eb:
                    a4:f5:e8:bb:db:e4:3d:aa:4c:ed:18:60:8d:90:f7:
                    b9:da:dd:e1:6d:11:60:5a:b9:86:8f:f1:31:94:fe:
                    71:fd:d4:c2:7f:16:b0:cf:c0:9b:b4:e8:00:fb:36:
                    c8:f3:8e:3a:ea:6c:78:65:44:07:7b:e1:ba:59:3b:
                    cc:be:31:40:c7:4e:24:e9:e5:7c:80:df:3b:62:d4:
                    a3:06:96:ac:45:db:b4:d5:14:67:3a:08:c8:8c:c2:
                    2f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:96:51:CC:33:5A:2E:22:AF:1C:30:81:F0:C0:F9:9C:E3:2C:3B:04
            X509v3 Authority Key Identifier:
                keyid:20:D2:63:3B:FF:B1:6D:A2:D7:5E:DA:F4:9B:C8:21:18:7C:FB:88:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/INJjO_-xbaLXXtr0m8ghGHz7iO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/7f0464-226d-4f49-a270-1cd6c871c1e8/1/KJZRzDNaLiKvHDCB8MD5nOMsOwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/7f0464-226d-4f49-a270-1cd6c871c1e8/1/INJjO_-xbaLXXtr0m8ghGHz7iO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.232.0/22
                  91.205.128.0/22
                  185.34.20.0/22
                  185.189.100.0/22
                  185.244.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:ec:f9:b1:7e:77:96:5c:4a:68:1f:20:8d:f3:dd:68:aa:02:
         08:29:b1:4d:0a:2c:00:f0:70:80:e0:e0:14:2e:bc:09:28:c9:
         cb:a1:3b:9f:78:5a:e2:d8:74:25:1a:04:2b:f2:fe:04:d4:98:
         e5:74:08:82:0b:7b:d3:4f:f4:37:1d:2f:da:4e:b7:d8:c9:41:
         d3:9f:83:70:f3:1a:c8:23:2b:8f:73:1c:fa:64:90:bd:69:7d:
         21:99:63:58:5a:bf:45:ec:c6:b8:78:f6:62:fb:c6:7b:1f:3c:
         1f:5f:36:52:ed:59:b6:1c:ad:2b:6d:17:99:ab:4d:b5:5b:c4:
         14:a9:3c:ca:29:e2:b9:4e:0a:03:b9:9f:9d:3a:e3:c7:df:a4:
         c5:50:97:8d:c5:d4:71:a8:0d:fb:83:0c:8f:2a:b9:8d:98:b1:
         21:9a:8a:86:70:78:95:dc:c2:a9:65:7c:08:e4:ce:5c:ce:fd:
         14:51:a3:ad:52:eb:14:52:1e:e1:a7:fa:fe:e1:fc:ce:44:1a:
         69:67:19:8d:80:c5:1a:38:51:4d:a5:2f:29:ea:f3:57:db:9a:
         8e:45:5a:08:ce:a8:e7:4f:0e:a6:66:31:d3:1f:75:18:47:34:
         a7:74:ff:02:47:86:bc:a0:51:ea:ca:2e:eb:42:13:cf:1b:3b:
         9e:03:a6:31
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzFbj6AXgQchCU7Ut0EEmdVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZDI2MzNiZmZiMTZkYTJkNzVlZGFmNDliYzgyMTE4N2Nm
Yjg4ZWYwHhcNMjQwMTAxMTQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODk2NTFjYzMzNWEyZTIyYWYxYzMwODFmMGMwZjk5Y2UzMmMzYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqe8XGtFl/6ZIJUi0vEo/pbUHGsw
zI01bK16U14A+93d7XBKUxn+jKAbaZz7Po24mA1KPKAYVR+T8mMa6HxaPjlIBYGl
cQT2VARuk4AhrX57dsFBrcfMpSN3fJTDaNquUfwbiDQPlVj5zkk2sPkUi9ISDMQB
wbSHcNCqlk+8arTTXwLIOWzuy2UYb8L3v2K7zyzxhL8WixPqvK+CgWELA/E+/uuk
9ei72+Q9qkztGGCNkPe52t3hbRFgWrmGj/ExlP5x/dTCfxawz8CbtOgA+zbI8446
6mx4ZUQHe+G6WTvMvjFAx04k6eV8gN87YtSjBpasRdu01RRnOgjIjMIvxwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCiWUcwzWi4irxwwgfDA+ZzjLDsEMB8GA1UdIwQY
MBaAFCDSYzv/sW2i117a9JvIIRh8+4jvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU5Kak9fLXhiYUxYWHRyMG04Z2hHSHo3aU84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi83ZjA0NjQtMjI2ZC00ZjQ5LWEyNzAt
MWNkNmM4NzFjMWU4LzEvS0paUnpETmFMaUt2SERDQjhNRDVuT01zT3dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi83ZjA0NjQtMjI2ZC00ZjQ5LWEyNzAtMWNkNmM4NzFjMWU4
LzEvSU5Kak9fLXhiYUxYWHRyMG04Z2hHSHo3aU84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCTo7oAwQC
W82AAwQCuSIUAwQCub1kAwQCufQUMA0GCSqGSIb3DQEBCwUAA4IBAQB47PmxfneW
XEpoHyCN891oqgIIKbFNCiwA8HCA4OAULrwJKMnLoTufeFri2HQlGgQr8v4E1Jjl
dAiCC3vTT/Q3HS/aTrfYyUHTn4Nw8xrIIyuPcxz6ZJC9aX0hmWNYWr9F7Ma4ePZi
+8Z7HzwfXzZS7Vm2HK0rbReZq021W8QUqTzKKeK5TgoDuZ+dOuPH36TFUJeNxdRx
qA37gwyPKrmNmLEhmoqGcHiV3MKpZXwI5M5czv0UUaOtUusUUh7hp/r+4fzORBpp
ZxmNgMUaOFFNpS8p6vNX25qORVoIzqjnTw6mZjHTH3UYRzSndP8CR4a8oFHqyi7r
QhPPGzueA6Yx
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:32:50 2024 by rpki-client on console-ams.rpki-client.org