Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/jVyRKl5HAVI3ZZGV_6jmL3glkFU.roa
File:                     jVyRKl5HAVI3ZZGV_6jmL3glkFU.roa (raw, json)
Hash identifier:          xcv1t9AgnjfICj9HC0Ngd69QN6kDN5eM29uPFPU94XM=
Subject key identifier:   8D:5C:91:2A:5E:47:01:52:37:65:91:95:FF:A8:E6:2F:78:25:90:55
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       018DF9A7EDDB9067CF4C79C16579E5F1E8B6
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/jVyRKl5HAVI3ZZGV_6jmL3glkFU.roa
Signing time:             Fri 01 Mar 2024 10:55:48 +0000
ROA not before:           Fri 01 Mar 2024 10:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        80.246.225.0/24 maxlen: 24
                          80.246.228.0/24 maxlen: 24
                          80.246.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:a7:ed:db:90:67:cf:4c:79:c1:65:79:e5:f1:e8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Mar  1 10:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d5c912a5e47015237659195ffa8e62f78259055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1e:4d:8c:66:f3:34:00:df:82:e0:3a:8e:44:
                    63:6e:fd:74:60:bd:45:ec:52:e7:3c:6d:c3:5b:9f:
                    51:29:cf:61:34:f9:e1:51:06:f4:24:6b:04:68:cd:
                    e5:f6:0d:22:ef:e2:6b:5a:5d:7e:a7:9d:72:d3:05:
                    4b:cc:b1:1d:82:40:a4:a8:6e:47:2a:b6:90:1e:d3:
                    84:c5:dc:6f:38:41:f2:46:56:ef:e3:69:64:ed:42:
                    78:15:28:9f:12:f6:45:34:4d:3e:28:e1:bd:31:aa:
                    4a:2a:da:3a:99:0f:c7:3a:23:8a:b3:a1:44:49:90:
                    03:f5:31:79:10:58:57:3c:6c:40:5d:46:76:3b:62:
                    dd:02:8d:ad:56:24:35:f0:05:57:83:ba:39:1f:c2:
                    92:5e:23:95:c6:a7:e1:be:5f:60:e8:7b:be:a0:c0:
                    64:c4:c8:05:83:f1:fb:b2:c8:01:71:8e:9c:31:e8:
                    82:08:4f:8a:3d:1b:f0:c1:cd:60:31:3b:2f:ec:4e:
                    a5:b8:c9:46:dc:77:9a:7f:9c:af:a6:44:4a:79:5c:
                    ff:f4:5f:fd:1d:11:93:a8:47:0f:5a:11:f5:5f:7f:
                    c3:8b:01:c3:2d:80:d3:86:35:f8:c8:8a:79:4e:ee:
                    ad:5e:21:9c:fb:91:94:1f:1e:60:5d:58:c3:55:9a:
                    8f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:5C:91:2A:5E:47:01:52:37:65:91:95:FF:A8:E6:2F:78:25:90:55
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/jVyRKl5HAVI3ZZGV_6jmL3glkFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.225.0/24
                  80.246.228.0/24
                  80.246.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:6a:d3:61:eb:7c:71:79:70:f2:8c:d2:90:aa:c3:3f:0c:00:
         8c:5f:91:70:ad:a1:43:f2:90:be:8f:76:56:85:91:51:20:16:
         35:d9:f9:b6:b0:b5:2c:f4:21:b8:de:6c:72:83:3c:13:2b:72:
         ab:a0:59:9c:9e:23:6c:76:64:05:75:0a:04:57:31:1f:6d:5f:
         6a:49:d7:28:db:0e:11:ea:83:3e:ea:92:08:62:8a:a4:33:47:
         1e:92:a6:58:24:e3:8a:e4:28:47:1e:d7:7d:74:b5:74:f5:8a:
         47:f3:bd:60:97:28:55:2a:60:c6:33:bc:9c:f1:bd:3f:69:a2:
         64:4f:66:71:35:f2:7f:17:7e:ee:81:cc:26:c9:ae:83:0a:73:
         ce:38:ac:f2:ba:9d:c8:d2:6b:b1:85:1d:be:9f:eb:5a:7c:78:
         dc:85:e2:e2:f6:38:c3:d8:90:60:47:32:bc:9b:a3:ca:09:26:
         fc:35:11:78:ea:43:2d:23:fa:0a:1e:73:a7:dd:66:6a:6a:ac:
         64:3f:bb:ee:df:be:38:1f:d6:95:a1:44:44:cd:61:db:c3:b8:
         d5:83:c9:d3:46:b3:14:ce:0f:21:e5:cb:a6:92:a2:2a:e3:a5:
         e9:3e:24:e3:3e:dd:65:49:c3:36:f4:6a:9f:61:fe:c8:e2:26:
         4c:81:d3:e9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY35p+3bkGfPTHnBZXnl8ei2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjQwMzAxMTA1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDVjOTEyYTVlNDcwMTUyMzc2NTkxOTVmZmE4ZTYyZjc4MjU5MDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmh5NjGbzNADfguA6jkRjbv10YL1F
7FLnPG3DW59RKc9hNPnhUQb0JGsEaM3l9g0i7+JrWl1+p51y0wVLzLEdgkCkqG5H
KraQHtOExdxvOEHyRlbv42lk7UJ4FSifEvZFNE0+KOG9MapKKto6mQ/HOiOKs6FE
SZAD9TF5EFhXPGxAXUZ2O2LdAo2tViQ18AVXg7o5H8KSXiOVxqfhvl9g6Hu+oMBk
xMgFg/H7ssgBcY6cMeiCCE+KPRvwwc1gMTsv7E6luMlG3Heaf5yvpkRKeVz/9F/9
HRGTqEcPWhH1X3/DiwHDLYDThjX4yIp5Tu6tXiGc+5GUHx5gXVjDVZqPxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI1ckSpeRwFSN2WRlf+o5i94JZBVMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvalZ5UktsNUhBVkkzWlpHVl82am1MM2dsa0ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUPbhAwQA
UPbkAwQAUPbnMA0GCSqGSIb3DQEBCwUAA4IBAQCJatNh63xxeXDyjNKQqsM/DACM
X5FwraFD8pC+j3ZWhZFRIBY12fm2sLUs9CG43mxygzwTK3KroFmcniNsdmQFdQoE
VzEfbV9qSdco2w4R6oM+6pIIYoqkM0cekqZYJOOK5ChHHtd9dLV09YpH871glyhV
KmDGM7yc8b0/aaJkT2ZxNfJ/F37ugcwmya6DCnPOOKzyup3I0muxhR2+n+tafHjc
heLi9jjD2JBgRzK8m6PKCSb8NRF46kMtI/oKHnOn3WZqaqxkP7vu3744H9aVoURE
zWHbw7jVg8nTRrMUzg8h5cumkqIq46XpPiTjPt1lScM29GqfYf7I4iZMgdPp
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:27:57 2024 by rpki-client on console-ams.rpki-client.org