Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/Yfa8Bx26eP6d0J9t44QLfg-JEEM.roa
File:                     Yfa8Bx26eP6d0J9t44QLfg-JEEM.roa (raw, json)
Hash identifier:          +x4GnG2jg2YbfsWupYQ1v36vepvFYryFlEu+IZwkimM=
Subject key identifier:   61:F6:BC:07:1D:BA:78:FE:9D:D0:9F:6D:E3:84:0B:7E:0F:89:10:43
Certificate issuer:       /CN=2995944e84dc37ba6a42d68bb1e2b9a4421e84a4
Certificate serial:       018CC5DCE9E2FC1C3357F55C55D19B2A5E8C
Authority key identifier: 29:95:94:4E:84:DC:37:BA:6A:42:D6:8B:B1:E2:B9:A4:42:1E:84:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KZWUToTcN7pqQtaLseK5pEIehKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/Yfa8Bx26eP6d0J9t44QLfg-JEEM.roa
Signing time:             Mon 01 Jan 2024 16:30:38 +0000
ROA not before:           Mon 01 Jan 2024 16:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3549
IP address blocks:        185.114.187.0/24 maxlen: 24
                          185.114.186.0/24 maxlen: 24
                          185.114.185.0/24 maxlen: 24
                          185.114.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/KZWUToTcN7pqQtaLseK5pEIehKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/KZWUToTcN7pqQtaLseK5pEIehKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KZWUToTcN7pqQtaLseK5pEIehKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:e9:e2:fc:1c:33:57:f5:5c:55:d1:9b:2a:5e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2995944e84dc37ba6a42d68bb1e2b9a4421e84a4
        Validity
            Not Before: Jan  1 16:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61f6bc071dba78fe9dd09f6de3840b7e0f891043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:20:30:c8:8b:72:c9:9c:13:85:30:e0:5d:9d:
                    5e:6a:1b:c5:88:22:2d:6c:88:d5:d4:45:1b:61:a8:
                    ba:75:60:99:ae:4e:ef:e8:17:af:7c:a1:32:ec:c7:
                    a2:9d:62:0e:b8:a1:5e:de:e0:66:d4:2e:c4:be:48:
                    e6:cf:a1:a1:55:65:34:b2:9a:ad:d4:d5:c2:b8:dd:
                    5b:86:16:f8:22:22:fe:10:ec:0e:04:8d:ac:a1:15:
                    b9:e1:cc:e1:99:06:9d:ec:c7:ce:e7:f3:71:47:01:
                    06:1c:a5:25:a4:53:06:87:89:99:7c:ba:13:15:3d:
                    bc:53:a6:d7:45:fb:c9:b6:35:08:85:c7:dd:59:67:
                    db:5b:d4:62:50:cc:af:96:f3:2f:17:1b:95:cf:4e:
                    a3:84:59:4d:7b:f5:5a:aa:6d:48:dd:07:17:69:7c:
                    5c:84:1a:7d:7f:15:14:f4:d5:49:22:e9:1d:63:5e:
                    d2:4f:fe:5b:d1:59:08:49:a3:1f:3c:35:5d:b6:20:
                    32:03:01:a3:87:13:30:ab:93:5a:b2:4c:11:98:3d:
                    84:47:5c:a3:25:2c:81:4c:6c:97:97:17:ce:c5:5b:
                    4c:c9:e4:15:b3:f5:9e:06:5b:3d:32:c7:18:cb:c2:
                    c3:a9:0d:bc:cb:e5:e6:87:1d:d0:9a:8b:78:6e:d7:
                    64:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F6:BC:07:1D:BA:78:FE:9D:D0:9F:6D:E3:84:0B:7E:0F:89:10:43
            X509v3 Authority Key Identifier:
                keyid:29:95:94:4E:84:DC:37:BA:6A:42:D6:8B:B1:E2:B9:A4:42:1E:84:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZWUToTcN7pqQtaLseK5pEIehKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/Yfa8Bx26eP6d0J9t44QLfg-JEEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a12069-a061-442e-9bfb-338bdd439ee1/1/KZWUToTcN7pqQtaLseK5pEIehKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:87:13:37:c0:6d:7f:19:66:6f:6d:d6:71:72:8c:e5:c9:fe:
         9c:50:bc:d8:ef:75:ed:db:4c:d7:7f:9b:db:ca:52:b2:0b:fe:
         4c:74:92:f1:59:7e:d3:e0:0c:da:5d:83:12:b4:eb:87:e5:a8:
         28:3a:5f:09:78:97:ff:3c:3b:86:46:99:ed:65:60:aa:2e:7a:
         3f:6e:a7:67:d1:4f:4a:27:ec:9c:d3:85:8a:c9:33:22:1d:8b:
         7e:49:44:45:78:64:f6:4f:ba:43:23:19:1f:40:85:02:83:a8:
         18:6f:4b:9d:09:1a:1d:17:e4:e0:93:0a:b9:91:ad:12:46:3c:
         83:02:48:33:10:01:60:30:e2:22:13:89:fc:41:a9:83:80:d5:
         88:96:6e:ab:fe:d7:f6:91:8b:18:b6:56:43:b2:dd:a5:aa:39:
         8c:b3:35:1e:5e:e8:9b:64:dc:b5:87:33:96:8c:ff:1c:d6:32:
         f0:64:9e:3c:ab:5f:0b:80:76:9a:23:1b:2c:ed:d7:e1:ae:2b:
         01:3a:69:b5:1e:ac:13:7c:27:d2:c7:6e:65:b7:91:3d:94:d0:
         87:1b:84:5c:48:df:1a:d7:54:8a:7a:48:39:1f:7c:a7:6e:42:
         09:11:5a:aa:07:40:1b:2c:d6:df:e8:60:7c:39:43:3c:a6:1a:
         29:55:63:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Oni/BwzV/VcVdGbKl6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5OTU5NDRlODRkYzM3YmE2YTQyZDY4YmIxZTJiOWE0NDIx
ZTg0YTQwHhcNMjQwMTAxMTYzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWY2YmMwNzFkYmE3OGZlOWRkMDlmNmRlMzg0MGI3ZTBmODkxMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyAwyItyyZwThTDgXZ1eahvFiCIt
bIjV1EUbYai6dWCZrk7v6BevfKEy7MeinWIOuKFe3uBm1C7Evkjmz6GhVWU0spqt
1NXCuN1bhhb4IiL+EOwOBI2soRW54czhmQad7MfO5/NxRwEGHKUlpFMGh4mZfLoT
FT28U6bXRfvJtjUIhcfdWWfbW9RiUMyvlvMvFxuVz06jhFlNe/Vaqm1I3QcXaXxc
hBp9fxUU9NVJIukdY17ST/5b0VkISaMfPDVdtiAyAwGjhxMwq5NaskwRmD2ER1yj
JSyBTGyXlxfOxVtMyeQVs/WeBls9MscYy8LDqQ28y+Xmhx3Qmot4btdkuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGH2vAcdunj+ndCfbeOEC34PiRBDMB8GA1UdIwQY
MBaAFCmVlE6E3De6akLWi7HiuaRCHoSkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1pXVVRvVGNON3BxUXRhTHNlSzVwRUllaEtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hMTIwNjktYTA2MS00NDJlLTliZmIt
MzM4YmRkNDM5ZWUxLzEvWWZhOEJ4MjZlUDZkMEo5dDQ0UUxmZy1KRUVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hMTIwNjktYTA2MS00NDJlLTliZmItMzM4YmRkNDM5ZWUx
LzEvS1pXVVRvVGNON3BxUXRhTHNlSzVwRUllaEtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXK4MA0G
CSqGSIb3DQEBCwUAA4IBAQBjhxM3wG1/GWZvbdZxcozlyf6cULzY73Xt20zXf5vb
ylKyC/5MdJLxWX7T4AzaXYMStOuH5agoOl8JeJf/PDuGRpntZWCqLno/bqdn0U9K
J+yc04WKyTMiHYt+SURFeGT2T7pDIxkfQIUCg6gYb0udCRodF+Tgkwq5ka0SRjyD
AkgzEAFgMOIiE4n8QamDgNWIlm6r/tf2kYsYtlZDst2lqjmMszUeXuibZNy1hzOW
jP8c1jLwZJ48q18LgHaaIxss7dfhrisBOmm1HqwTfCfSx25lt5E9lNCHG4RcSN8a
11SKekg5H3ynbkIJEVqqB0AbLNbf6GB8OUM8phopVWOZ
-----END CERTIFICATE-----
Generated at Sun Nov 24 22:40:43 2024 by rpki-client on console-fra.rpki-client.org