Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/jMwWbP7dqIRAqKKhFB48fH-Q4_0.roa
File:                     jMwWbP7dqIRAqKKhFB48fH-Q4_0.roa (raw, json)
Hash identifier:          8Ra4Bw476d7JW+2i7QxfmQ1GvbDGCLDxrJrGrRr3K7Y=
Subject key identifier:   8C:CC:16:6C:FE:DD:A8:84:40:A8:A2:A1:14:1E:3C:7C:7F:90:E3:FD
Certificate issuer:       /CN=beb12ce6a91030e27d5abad146df27bc2880652b
Certificate serial:       018CC72661461CEDB8D46C8487D6AA2D64C3
Authority key identifier: BE:B1:2C:E6:A9:10:30:E2:7D:5A:BA:D1:46:DF:27:BC:28:80:65:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/jMwWbP7dqIRAqKKhFB48fH-Q4_0.roa
Signing time:             Mon 01 Jan 2024 22:30:30 +0000
ROA not before:           Mon 01 Jan 2024 22:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205020
IP address blocks:        193.186.197.0/24 maxlen: 24
                          193.186.198.0/24 maxlen: 24
                          193.186.198.0/23 maxlen: 23
                          193.186.196.0/24 maxlen: 24
                          193.186.196.0/23 maxlen: 23
                          193.186.199.0/24 maxlen: 24
                          193.186.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:61:46:1c:ed:b8:d4:6c:84:87:d6:aa:2d:64:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beb12ce6a91030e27d5abad146df27bc2880652b
        Validity
            Not Before: Jan  1 22:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ccc166cfedda88440a8a2a1141e3c7c7f90e3fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d2:6a:15:8d:7f:e7:a6:90:c1:df:d6:dd:d2:
                    1c:75:ba:8d:54:82:d9:d2:c4:aa:ec:ac:9d:7b:11:
                    15:9d:ab:52:5a:9a:7b:4b:40:16:8d:89:6a:e3:18:
                    24:61:7b:0a:0e:2e:b0:5c:19:61:6c:cb:81:84:00:
                    b8:17:63:d2:ba:d3:04:51:11:9f:70:2e:85:94:d3:
                    8e:8f:65:fa:62:81:20:25:2c:72:6b:88:96:f0:34:
                    3e:23:39:8d:d5:d8:04:f5:7c:69:a4:ae:7f:9e:e3:
                    90:2a:6d:bb:29:d1:f5:18:c5:49:e0:97:e7:71:2b:
                    c1:20:34:7a:1e:86:7d:71:e4:6a:57:b8:97:f9:a3:
                    d0:23:23:09:54:7b:fb:21:2a:8f:f1:f8:9c:0d:49:
                    97:5c:55:c6:98:28:32:58:c1:f9:ae:44:0e:e5:b5:
                    2c:6e:e7:fe:50:96:b7:e0:81:10:40:b5:07:ad:8b:
                    d0:e3:a1:4a:eb:46:08:96:be:b8:34:44:b1:41:34:
                    36:c1:8c:af:2f:da:dc:2f:9d:71:f5:29:35:d9:bc:
                    d9:64:63:86:9a:2b:64:22:d8:47:6c:cc:56:e7:cc:
                    3d:cf:c4:b8:5e:3b:6a:a9:20:4d:63:d7:10:10:8c:
                    b6:08:66:d2:3d:b5:3a:fd:ea:1c:5f:e1:81:b2:64:
                    e5:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:CC:16:6C:FE:DD:A8:84:40:A8:A2:A1:14:1E:3C:7C:7F:90:E3:FD
            X509v3 Authority Key Identifier:
                keyid:BE:B1:2C:E6:A9:10:30:E2:7D:5A:BA:D1:46:DF:27:BC:28:80:65:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/jMwWbP7dqIRAqKKhFB48fH-Q4_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/74940a-d9fa-4552-be5c-a7ade434d451/1/vrEs5qkQMOJ9WrrRRt8nvCiAZSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:85:99:ab:04:c9:19:2c:a7:81:f6:9f:8d:eb:91:37:7e:76:
         53:6d:f1:cf:0b:46:c7:0a:1a:9c:af:51:db:14:f3:44:e8:55:
         61:7c:c5:61:39:0e:73:12:97:13:60:17:02:9e:cf:8e:48:4f:
         8b:d1:d5:72:c7:b3:12:59:0b:e5:c0:54:56:f1:ac:3b:98:9a:
         46:f3:6e:f0:f5:ee:d9:82:c5:17:af:fa:0a:1f:f0:6e:fd:6a:
         c8:85:41:e6:bf:38:b5:b6:11:35:60:03:c8:ce:08:89:97:fd:
         47:fa:6f:f4:b8:a4:c4:1b:3b:b2:4a:3d:54:b7:a1:b6:f5:2c:
         34:52:5b:a5:6c:cb:b3:ff:46:12:e5:d1:2a:4c:33:84:6c:16:
         a7:34:54:b3:35:94:6c:5d:ea:7e:34:d6:c2:71:a1:cc:3a:69:
         6c:ce:38:0d:38:0d:7c:82:91:4c:44:aa:11:9b:11:eb:68:49:
         e1:fb:25:a2:48:37:6d:05:9e:0a:71:45:e7:4a:c6:11:c8:50:
         ae:db:87:6c:89:32:13:71:39:a5:ca:33:82:72:cc:8c:4a:17:
         0e:c2:80:6d:df:e2:ab:4d:6b:73:4c:5e:86:68:22:0e:b6:f0:
         02:2e:0d:41:77:b2:27:5d:ae:30:90:88:b8:bf:74:6c:22:01:
         0a:10:6c:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJmFGHO241GyEh9aqLWTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYjEyY2U2YTkxMDMwZTI3ZDVhYmFkMTQ2ZGYyN2JjMjg4
MDY1MmIwHhcNMjQwMTAxMjIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2NjMTY2Y2ZlZGRhODg0NDBhOGEyYTExNDFlM2M3YzdmOTBlM2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39JqFY1/56aQwd/W3dIcdbqNVILZ
0sSq7KydexEVnatSWpp7S0AWjYlq4xgkYXsKDi6wXBlhbMuBhAC4F2PSutMEURGf
cC6FlNOOj2X6YoEgJSxya4iW8DQ+IzmN1dgE9XxppK5/nuOQKm27KdH1GMVJ4Jfn
cSvBIDR6HoZ9ceRqV7iX+aPQIyMJVHv7ISqP8ficDUmXXFXGmCgyWMH5rkQO5bUs
buf+UJa34IEQQLUHrYvQ46FK60YIlr64NESxQTQ2wYyvL9rcL51x9Sk12bzZZGOG
mitkIthHbMxW58w9z8S4XjtqqSBNY9cQEIy2CGbSPbU6/eocX+GBsmTlLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzMFmz+3aiEQKiioRQePHx/kOP9MB8GA1UdIwQY
MBaAFL6xLOapEDDifVq60UbfJ7wogGUrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJFczVxa1FNT0o5V3JyUlJ0OG52Q2lBWlNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC83NDk0MGEtZDlmYS00NTUyLWJlNWMt
YTdhZGU0MzRkNDUxLzEvak13V2JQN2RxSVJBcUtLaEZCNDhmSC1RNF8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC83NDk0MGEtZDlmYS00NTUyLWJlNWMtYTdhZGU0MzRkNDUx
LzEvdnJFczVxa1FNT0o5V3JyUlJ0OG52Q2lBWlNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwbrEMA0G
CSqGSIb3DQEBCwUAA4IBAQAHhZmrBMkZLKeB9p+N65E3fnZTbfHPC0bHChqcr1Hb
FPNE6FVhfMVhOQ5zEpcTYBcCns+OSE+L0dVyx7MSWQvlwFRW8aw7mJpG827w9e7Z
gsUXr/oKH/Bu/WrIhUHmvzi1thE1YAPIzgiJl/1H+m/0uKTEGzuySj1Ut6G29Sw0
UlulbMuz/0YS5dEqTDOEbBanNFSzNZRsXep+NNbCcaHMOmlszjgNOA18gpFMRKoR
mxHraEnh+yWiSDdtBZ4KcUXnSsYRyFCu24dsiTITcTmlyjOCcsyMShcOwoBt3+Kr
TWtzTF6GaCIOtvACLg1Bd7InXa4wkIi4v3RsIgEKEGzt
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:34:22 2024 by rpki-client on console-ams.rpki-client.org