Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/JejxIRr0NCoSyHwhoFvKW66oYbA.roa
File:                     JejxIRr0NCoSyHwhoFvKW66oYbA.roa (raw, json)
Hash identifier:          cXjtXjxHtdas8MtEi3DxlOuaSwI5K9RHQUhFcdtSSJc=
Subject key identifier:   25:E8:F1:21:1A:F4:34:2A:12:C8:7C:21:A0:5B:CA:5B:AE:A8:61:B0
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FAD8609A5C3DFD963CBC6E41B1B58
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/JejxIRr0NCoSyHwhoFvKW66oYbA.roa
Signing time:             Tue 02 Jan 2024 04:30:11 +0000
ROA not before:           Tue 02 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        185.51.192.0/24 maxlen: 24
                          2a01:b2e0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ad:86:09:a5:c3:df:d9:63:cb:c6:e4:1b:1b:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25e8f1211af4342a12c87c21a05bca5baea861b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:5d:bd:10:9f:0e:37:05:bc:d5:b5:c4:58:c5:
                    ed:5f:ad:62:98:e3:e0:40:4f:3c:10:98:90:01:01:
                    f2:47:68:6b:4d:61:85:78:bc:8d:e2:ac:1f:8e:49:
                    ac:32:84:57:4b:f6:20:02:d6:79:61:92:96:38:37:
                    e8:ed:6d:00:db:27:fa:fc:cc:8f:78:a8:f7:8f:65:
                    c1:c1:8f:f6:85:54:7a:28:2c:c3:02:d8:fc:58:22:
                    5b:bd:db:af:78:2a:4e:af:d5:b3:2f:c5:37:93:49:
                    bc:00:18:5e:68:6d:06:dd:2f:a0:ad:d3:42:36:28:
                    34:bc:07:4a:76:b5:43:fe:49:06:0d:b2:d8:b3:6c:
                    42:fc:93:fc:9f:c3:8b:76:fc:87:34:43:dd:42:a4:
                    5e:eb:da:a0:0b:2b:70:df:fa:9f:2d:7a:47:ef:3d:
                    3b:f9:5a:9b:f4:34:ab:68:59:1b:76:1c:1e:d5:b0:
                    65:00:a1:a4:dd:9f:97:2d:71:4a:c4:3c:ff:4a:95:
                    4c:26:73:84:ac:47:11:d0:24:c7:a4:7e:5c:4d:c4:
                    3f:ed:d5:24:aa:82:27:ce:fd:6d:c4:3c:92:b0:48:
                    61:60:a1:f9:7f:30:e9:c7:cf:ae:f5:2c:8a:48:ea:
                    b6:e7:72:9e:0c:4e:69:7a:ea:85:05:3f:74:8e:d6:
                    b9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:E8:F1:21:1A:F4:34:2A:12:C8:7C:21:A0:5B:CA:5B:AE:A8:61:B0
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/JejxIRr0NCoSyHwhoFvKW66oYbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.192.0/24
                IPv6:
                  2a01:b2e0::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:6c:b9:83:4e:59:ed:ee:d4:2f:ca:78:04:f5:f2:84:fd:68:
         5d:65:bc:00:1d:cd:07:1c:6a:e7:e5:54:5c:c5:90:5f:2c:34:
         fd:1f:df:3e:46:4b:47:1c:9a:3e:e0:8f:9d:ee:05:5c:71:d9:
         18:5a:71:79:69:17:12:73:c3:b9:ca:c9:a3:67:16:7e:90:66:
         0b:80:af:3b:a9:8a:2f:60:bb:4b:5d:e3:fd:36:82:76:e6:7c:
         7a:a1:02:07:7f:b8:48:c3:f0:64:2f:d6:cd:53:bd:5d:7d:85:
         a3:8d:86:c4:8b:28:9b:46:26:4e:81:39:e7:a7:ce:42:05:e0:
         b9:a4:2b:8b:8a:a9:ec:c5:41:f1:0d:a0:13:07:58:8e:f2:07:
         5e:39:52:e7:72:e3:25:0b:7e:eb:29:4e:bd:2c:dd:b1:50:ce:
         8e:2a:c6:2b:85:40:54:ad:50:87:a4:28:81:8d:a7:e2:0b:dc:
         b2:e5:c8:bf:0e:a6:5a:c6:63:9f:60:ed:86:56:63:96:18:21:
         cd:ad:0f:85:24:45:67:8a:2d:de:3c:58:46:f9:ec:47:c4:ba:
         2e:18:6d:d1:b4:92:4e:a7:97:a7:4b:1b:85:46:8c:3f:be:6d:
         bb:08:c1:57:12:80:71:a3:5c:d1:3f:f0:a5:1f:60:a6:c4:f9:
         dd:ca:17:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb62GCaXD39ljy8bkGxtYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWU4ZjEyMTFhZjQzNDJhMTJjODdjMjFhMDViY2E1YmFlYTg2MWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5l29EJ8ONwW81bXEWMXtX61imOPg
QE88EJiQAQHyR2hrTWGFeLyN4qwfjkmsMoRXS/YgAtZ5YZKWODfo7W0A2yf6/MyP
eKj3j2XBwY/2hVR6KCzDAtj8WCJbvduveCpOr9WzL8U3k0m8ABheaG0G3S+grdNC
Nig0vAdKdrVD/kkGDbLYs2xC/JP8n8OLdvyHNEPdQqRe69qgCytw3/qfLXpH7z07
+Vqb9DSraFkbdhwe1bBlAKGk3Z+XLXFKxDz/SpVMJnOErEcR0CTHpH5cTcQ/7dUk
qoInzv1txDySsEhhYKH5fzDpx8+u9SyKSOq253KeDE5peuqFBT90jta5qwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCXo8SEa9DQqEsh8IaBbyluuqGGwMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvSmVqeElScjBOQ29TeUh3aG9GdktXNjZvWWJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTPAMA0E
AgACMAcDBQMqAbLgMA0GCSqGSIb3DQEBCwUAA4IBAQBmbLmDTlnt7tQvyngE9fKE
/WhdZbwAHc0HHGrn5VRcxZBfLDT9H98+RktHHJo+4I+d7gVccdkYWnF5aRcSc8O5
ysmjZxZ+kGYLgK87qYovYLtLXeP9NoJ25nx6oQIHf7hIw/BkL9bNU71dfYWjjYbE
iyibRiZOgTnnp85CBeC5pCuLiqnsxUHxDaATB1iO8gdeOVLncuMlC37rKU69LN2x
UM6OKsYrhUBUrVCHpCiBjafiC9yy5ci/DqZaxmOfYO2GVmOWGCHNrQ+FJEVnii3e
PFhG+exHxLouGG3RtJJOp5enSxuFRow/vm27CMFXEoBxo1zRP/ClH2CmxPndyhfR
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:26:28 2024 by rpki-client on console-ams.rpki-client.org