Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/JBj8FsplA-MBUc0zqf4_NLYuJ-Q.roa
File:                     JBj8FsplA-MBUc0zqf4_NLYuJ-Q.roa (raw, json)
Hash identifier:          ecVjlw+CLQrBEbrHY/WkvclcM5Zgixit06zD/ClEBGI=
Subject key identifier:   24:18:FC:16:CA:65:03:E3:01:51:CD:33:A9:FE:3F:34:B6:2E:27:E4
Certificate issuer:       /CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
Certificate serial:       0197F3E398B21EEC69F6CB1853F1F9347B63
Authority key identifier: E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/JBj8FsplA-MBUc0zqf4_NLYuJ-Q.roa
Signing time:             Thu 10 Jul 2025 10:31:08 +0000
ROA not before:           Thu 10 Jul 2025 10:31:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18811
IP address blocks:        185.129.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:e3:98:b2:1e:ec:69:f6:cb:18:53:f1:f9:34:7b:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e61bd7dd1f8ac8b4192ba78a592348b5dd0a1a66
        Validity
            Not Before: Jul 10 10:31:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2418fc16ca6503e30151cd33a9fe3f34b62e27e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:22:5f:47:d8:8e:3f:85:73:96:3f:75:24:5d:
                    56:a7:e8:04:70:33:07:a7:66:98:d1:68:3f:05:38:
                    57:1a:36:01:7a:60:a3:39:97:6d:32:8b:e0:c5:c6:
                    30:9b:58:d9:70:89:27:c1:92:cd:3c:cc:d5:88:74:
                    8d:53:dd:2a:17:5e:bd:87:62:d7:82:b6:be:c6:83:
                    a4:35:9a:0b:ab:7f:a8:86:35:d4:06:7f:3d:04:48:
                    cd:dd:02:35:39:a5:9d:59:6d:1c:02:e0:29:fe:96:
                    61:29:56:7a:9f:02:ac:56:07:2c:d5:5b:6a:0d:c6:
                    e9:b4:0b:0f:7e:08:6d:91:62:e6:3e:c9:d4:b5:86:
                    c6:14:1b:61:5a:a6:8c:71:db:42:80:41:03:55:48:
                    cc:e4:30:a2:db:68:b2:b4:90:9b:e7:cd:2b:a4:4a:
                    c3:ab:70:08:c7:77:35:83:d7:18:e2:3b:ca:b1:b2:
                    e7:02:fa:12:17:83:a7:18:8c:ae:e0:d7:f8:b1:cc:
                    b5:04:8f:40:d9:e4:a7:74:c1:e3:3a:35:0d:9b:e2:
                    f6:b8:47:59:86:36:13:e1:11:04:fe:bf:c1:d1:2b:
                    cf:28:8e:5c:25:60:71:3b:5f:70:37:7d:ce:28:d4:
                    92:7a:f5:18:b0:24:67:f7:21:46:16:28:10:95:46:
                    0b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:18:FC:16:CA:65:03:E3:01:51:CD:33:A9:FE:3F:34:B6:2E:27:E4
            X509v3 Authority Key Identifier:
                keyid:E6:1B:D7:DD:1F:8A:C8:B4:19:2B:A7:8A:59:23:48:B5:DD:0A:1A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5hvX3R-KyLQZK6eKWSNItd0KGmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/JBj8FsplA-MBUc0zqf4_NLYuJ-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/4acc15-bba0-4459-9667-de9b2f8f7e29/1/5hvX3R-KyLQZK6eKWSNItd0KGmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:c3:9a:27:9b:67:c4:53:f9:0b:25:f5:f0:aa:4f:6c:13:22:
         b0:41:1f:77:80:c8:e1:bf:7a:4e:f2:99:c1:1b:81:15:f3:70:
         e2:54:6e:37:a0:a6:f3:07:48:00:77:9b:f2:2c:2f:ae:d0:f1:
         16:32:43:e4:b9:e8:29:c8:c4:f6:f8:88:50:d9:49:e8:02:60:
         c0:80:b2:45:b9:d0:e8:03:f9:e0:f4:61:1d:d3:06:72:85:92:
         f1:29:ee:3e:f1:54:23:47:82:1f:69:94:63:c6:60:89:1f:7f:
         b7:e2:87:e7:9b:74:75:71:6c:98:da:0a:4e:e5:11:c8:9c:00:
         e8:a9:d9:e0:f6:f5:fe:f4:cd:ac:68:f7:93:d0:8a:94:54:e0:
         b9:ac:69:8a:b1:3e:c0:e3:8c:c5:29:84:d4:50:0f:18:64:42:
         26:cc:d0:5d:cc:e7:88:0a:81:3a:54:f1:3a:61:a3:ef:19:bd:
         07:c1:ed:53:a2:ff:1e:0e:d5:9b:74:37:25:47:c3:97:ec:5d:
         f2:45:43:8f:20:05:1a:9e:c7:3b:9c:64:55:63:51:1e:fd:4a:
         9e:0a:19:0c:29:2f:0c:ec:1f:12:78:ec:fb:41:ee:21:69:a7:
         bc:10:fb:22:be:c8:b6:f9:36:41:dc:c8:46:3e:0c:90:23:20:
         16:d0:f2:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfz45iyHuxp9ssYU/H5NHtjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MWJkN2RkMWY4YWM4YjQxOTJiYTc4YTU5MjM0OGI1ZGQw
YTFhNjYwHhcNMjUwNzEwMTAzMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDE4ZmMxNmNhNjUwM2UzMDE1MWNkMzNhOWZlM2YzNGI2MmUyN2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSJfR9iOP4Vzlj91JF1Wp+gEcDMH
p2aY0Wg/BThXGjYBemCjOZdtMovgxcYwm1jZcIknwZLNPMzViHSNU90qF169h2LX
gra+xoOkNZoLq3+ohjXUBn89BEjN3QI1OaWdWW0cAuAp/pZhKVZ6nwKsVgcs1Vtq
DcbptAsPfghtkWLmPsnUtYbGFBthWqaMcdtCgEEDVUjM5DCi22iytJCb580rpErD
q3AIx3c1g9cY4jvKsbLnAvoSF4OnGIyu4Nf4scy1BI9A2eSndMHjOjUNm+L2uEdZ
hjYT4REE/r/B0SvPKI5cJWBxO19wN33OKNSSevUYsCRn9yFGFigQlUYLNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQY/BbKZQPjAVHNM6n+PzS2LifkMB8GA1UdIwQY
MBaAFOYb190fisi0GSunilkjSLXdChpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2Njct
ZGU5YjJmOGY3ZTI5LzEvSkJqOEZzcGxBLU1CVWMwenFmNF9OTFl1Si1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80YWNjMTUtYmJhMC00NDU5LTk2NjctZGU5YjJmOGY3ZTI5
LzEvNWh2WDNSLUt5TFFaSzZlS1dTTkl0ZDBLR21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYHQMA0G
CSqGSIb3DQEBCwUAA4IBAQCQw5onm2fEU/kLJfXwqk9sEyKwQR93gMjhv3pO8pnB
G4EV83DiVG43oKbzB0gAd5vyLC+u0PEWMkPkuegpyMT2+IhQ2UnoAmDAgLJFudDo
A/ng9GEd0wZyhZLxKe4+8VQjR4IfaZRjxmCJH3+34ofnm3R1cWyY2gpO5RHInADo
qdng9vX+9M2saPeT0IqUVOC5rGmKsT7A44zFKYTUUA8YZEImzNBdzOeICoE6VPE6
YaPvGb0Hwe1Tov8eDtWbdDclR8OX7F3yRUOPIAUansc7nGRVY1Ee/UqeChkMKS8M
7B8SeOz7Qe4haae8EPsivsi2+TZB3MhGPgyQIyAW0PJf
-----END CERTIFICATE-----
Generated at Mon Jul 21 01:36:09 2025 by rpki-client