Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/jQAe0USN00WDZOWswcwgnn8YOhQ.roa
File:                     jQAe0USN00WDZOWswcwgnn8YOhQ.roa (raw, json)
Hash identifier:          wzbdVYyucrnBROmfiQ2KpjIQmuEhSj/m0AJzB9UzpFo=
Subject key identifier:   8D:00:1E:D1:44:8D:D3:45:83:64:E5:AC:C1:CC:20:9E:7F:18:3A:14
Certificate issuer:       /CN=0c5140282591f9912f9639ee1412b6d1dcff0861
Certificate serial:       018FA596ECF1B03AB07A3DE7E2218AAD0C6C
Authority key identifier: 0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/jQAe0USN00WDZOWswcwgnn8YOhQ.roa
Signing time:             Thu 23 May 2024 13:14:42 +0000
ROA not before:           Thu 23 May 2024 13:14:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210016
IP address blocks:        188.72.9.0/24 maxlen: 24
                          188.72.10.0/24 maxlen: 24
                          188.72.11.0/24 maxlen: 24
                          188.72.13.0/24 maxlen: 24
                          188.72.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:96:ec:f1:b0:3a:b0:7a:3d:e7:e2:21:8a:ad:0c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c5140282591f9912f9639ee1412b6d1dcff0861
        Validity
            Not Before: May 23 13:14:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d001ed1448dd3458364e5acc1cc209e7f183a14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7a:f3:09:0e:db:87:23:f7:00:f8:be:76:15:
                    4b:61:08:f3:ff:4b:44:f1:b4:b9:ed:c1:69:b9:83:
                    0b:1b:fc:82:2d:4f:bd:f9:a6:e4:c4:22:0c:7a:78:
                    96:11:a5:46:a5:7e:a2:c8:e6:ce:f2:6b:c4:1a:f9:
                    aa:a4:63:99:f8:46:fd:fb:3b:d8:7d:fb:cd:75:4c:
                    ae:d1:0b:c1:1d:40:7e:70:36:9a:73:67:da:71:8e:
                    04:bc:b2:04:70:e1:d4:2d:02:71:ab:f8:f2:68:03:
                    bb:0a:0d:74:33:9f:04:1a:a9:b9:7e:f3:96:ab:dd:
                    f6:84:a1:fc:2d:ae:91:d7:e2:27:82:7a:1c:3d:ef:
                    1a:70:d2:30:8d:5d:00:0b:b7:06:26:54:41:49:9c:
                    89:a0:e5:7d:ee:d1:b6:21:1f:0f:05:99:bc:f1:b3:
                    a4:24:0d:16:ab:7d:a9:91:ea:e7:eb:6e:68:6d:da:
                    32:71:9e:66:07:f8:85:e3:02:38:17:72:08:4d:c3:
                    92:33:eb:86:a2:72:41:23:52:b6:5c:bd:74:8c:72:
                    7e:ef:04:fd:d8:41:0d:b9:03:e5:2c:f8:d7:39:a2:
                    5b:4e:47:2d:25:40:8c:87:56:d8:e9:2c:19:4c:ff:
                    09:00:95:58:5f:b3:d3:0f:2d:3a:05:6a:4a:ba:ba:
                    52:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:00:1E:D1:44:8D:D3:45:83:64:E5:AC:C1:CC:20:9E:7F:18:3A:14
            X509v3 Authority Key Identifier:
                keyid:0C:51:40:28:25:91:F9:91:2F:96:39:EE:14:12:B6:D1:DC:FF:08:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DFFAKCWR-ZEvljnuFBK20dz_CGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/jQAe0USN00WDZOWswcwgnn8YOhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/0554a2-d3d9-4fc4-8ed5-de91469d3772/1/DFFAKCWR-ZEvljnuFBK20dz_CGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.9.0-188.72.11.255
                  188.72.13.0-188.72.14.255

    Signature Algorithm: sha256WithRSAEncryption
         8f:38:55:9d:41:3e:fb:58:e9:ad:8e:62:7b:a5:3d:af:c8:00:
         1c:c2:1d:39:de:3c:49:9a:b5:54:82:4d:a6:86:b5:30:c1:3f:
         3a:2f:34:1f:77:83:55:f6:6e:0d:ba:94:6b:04:3f:6e:7d:5b:
         55:a3:5d:e8:f9:96:50:d3:f8:c1:80:fc:4a:c6:97:fa:44:3d:
         10:31:32:f6:03:94:c6:5a:ab:23:08:78:c7:57:06:07:ed:fa:
         6f:a2:a0:64:ef:8b:27:96:c9:e7:ae:c5:6f:b5:8f:30:b4:e3:
         56:ea:3a:bb:be:0e:8f:1b:f2:52:6c:9f:52:3e:a8:68:12:15:
         5d:78:91:b2:27:11:f4:cb:18:51:15:dd:c5:36:e2:12:ab:06:
         ea:1f:a3:32:7d:75:b1:8e:ec:d3:d3:02:a6:a4:e5:6b:5e:c7:
         16:dd:fd:c0:2d:ae:85:b7:47:c0:81:ee:73:b0:97:6f:07:b5:
         88:75:87:a7:35:5c:df:9a:f4:0f:f0:4d:5a:b3:3a:46:99:c6:
         fb:c8:29:eb:76:5a:0b:d6:a7:44:e2:8b:ec:67:18:84:69:0b:
         63:bb:97:bd:da:31:13:14:2e:8c:b2:be:e6:2c:db:40:60:09:
         a6:75:fe:da:30:47:fd:76:53:e9:63:d7:72:87:80:ae:03:47:
         ad:97:4f:5e
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAY+lluzxsDqwej3n4iGKrQxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNTE0MDI4MjU5MWY5OTEyZjk2MzllZTE0MTJiNmQxZGNm
ZjA4NjEwHhcNMjQwNTIzMTMxNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDAwMWVkMTQ0OGRkMzQ1ODM2NGU1YWNjMWNjMjA5ZTdmMTgzYTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHrzCQ7bhyP3APi+dhVLYQjz/0tE
8bS57cFpuYMLG/yCLU+9+abkxCIMeniWEaVGpX6iyObO8mvEGvmqpGOZ+Eb9+zvY
ffvNdUyu0QvBHUB+cDaac2facY4EvLIEcOHULQJxq/jyaAO7Cg10M58EGqm5fvOW
q932hKH8La6R1+IngnocPe8acNIwjV0AC7cGJlRBSZyJoOV97tG2IR8PBZm88bOk
JA0Wq32pkern625obdoycZ5mB/iF4wI4F3IITcOSM+uGonJBI1K2XL10jHJ+7wT9
2EENuQPlLPjXOaJbTkctJUCMh1bY6SwZTP8JAJVYX7PTDy06BWpKurpSawIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFI0AHtFEjdNFg2TlrMHMIJ5/GDoUMB8GA1UdIwQY
MBaAFAxRQCglkfmRL5Y57hQSttHc/whhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUt
ZGU5MTQ2OWQzNzcyLzEvalFBZTBVU04wMFdEWk9Xc3djd2dubjhZT2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTU0YTItZDNkOS00ZmM0LThlZDUtZGU5MTQ2OWQzNzcy
LzEvREZGQUtDV1ItWkV2bGpudUZCSzIwZHpfQ0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAC8SAkD
BAK8SAgwDAMEALxIDQMEALxIDjANBgkqhkiG9w0BAQsFAAOCAQEAjzhVnUE++1jp
rY5ie6U9r8gAHMIdOd48SZq1VIJNpoa1MME/Oi80H3eDVfZuDbqUawQ/bn1bVaNd
6PmWUNP4wYD8SsaX+kQ9EDEy9gOUxlqrIwh4x1cGB+36b6KgZO+LJ5bJ567Fb7WP
MLTjVuo6u74OjxvyUmyfUj6oaBIVXXiRsicR9MsYURXdxTbiEqsG6h+jMn11sY7s
09MCpqTla17HFt39wC2uhbdHwIHuc7CXbwe1iHWHpzVc35r0D/BNWrM6RpnG+8gp
63ZaC9anROKL7GcYhGkLY7uXvdoxExQujLK+5izbQGAJpnX+2jBH/XZT6WPXcoeA
rgNHrZdPXg==
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:22:54 2024 by rpki-client on console-ams.rpki-client.org