Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/J0nJlAS8YWaeE8-CVsqMHSQOGGU.roa
File:                     J0nJlAS8YWaeE8-CVsqMHSQOGGU.roa (raw, json)
Hash identifier:          BgiZc518kP+rsId+whs8FGYn1k4gZxIJtCXkP/otmhg=
Subject key identifier:   27:49:C9:94:04:BC:61:66:9E:13:CF:82:56:CA:8C:1D:24:0E:18:65
Certificate issuer:       /CN=90f273a63c51eaf3f9e5ae7b9faafdb2931340df
Certificate serial:       018CC94E2862FBA755843CAE5ADAE9530FD6
Authority key identifier: 90:F2:73:A6:3C:51:EA:F3:F9:E5:AE:7B:9F:AA:FD:B2:93:13:40:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPJzpjxR6vP55a57n6r9spMTQN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/J0nJlAS8YWaeE8-CVsqMHSQOGGU.roa
Signing time:             Tue 02 Jan 2024 08:33:11 +0000
ROA not before:           Tue 02 Jan 2024 08:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212911
IP address blocks:        185.220.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/kPJzpjxR6vP55a57n6r9spMTQN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/kPJzpjxR6vP55a57n6r9spMTQN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPJzpjxR6vP55a57n6r9spMTQN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:28:62:fb:a7:55:84:3c:ae:5a:da:e9:53:0f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f273a63c51eaf3f9e5ae7b9faafdb2931340df
        Validity
            Not Before: Jan  2 08:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2749c99404bc61669e13cf8256ca8c1d240e1865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:80:f3:73:ef:20:92:d6:f7:94:68:26:8f:77:
                    e9:09:2e:e8:4b:4d:96:bb:18:65:de:7d:f9:b3:50:
                    24:24:ec:2b:35:5e:65:2b:a3:37:b9:bb:4f:a9:0f:
                    e5:9f:43:87:85:43:e8:6a:0e:f8:70:fe:d0:56:62:
                    d6:a1:93:81:82:57:14:9c:e1:42:70:51:15:21:5c:
                    08:04:1f:14:06:b0:13:c7:5b:3e:d0:ff:c0:53:94:
                    e1:f9:3c:81:b8:1f:28:ab:3b:61:ab:af:e5:97:0f:
                    57:a7:e0:50:06:4d:0f:5d:1b:c6:02:9f:1d:84:02:
                    2c:d9:b9:ce:27:76:3b:2c:5f:17:09:f1:66:07:af:
                    dc:e8:71:8b:18:c9:8b:6b:22:c7:03:3d:7b:90:5f:
                    63:df:79:6c:13:90:f2:d7:d4:70:4d:1a:98:a6:e3:
                    13:18:e7:9a:38:16:a7:0d:d0:fd:e0:c5:25:d6:88:
                    b3:55:d9:50:ae:e4:9a:c3:71:50:8a:c2:74:d5:55:
                    70:1a:36:4e:ee:e4:47:97:46:93:1a:e4:78:7b:b1:
                    01:3d:75:ea:09:7b:77:2e:77:3c:68:a0:a6:ed:86:
                    40:57:14:13:6e:26:47:0a:c0:58:22:c4:96:b5:37:
                    c9:36:c7:a1:94:a4:05:8e:e5:50:93:09:64:44:df:
                    ed:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:49:C9:94:04:BC:61:66:9E:13:CF:82:56:CA:8C:1D:24:0E:18:65
            X509v3 Authority Key Identifier:
                keyid:90:F2:73:A6:3C:51:EA:F3:F9:E5:AE:7B:9F:AA:FD:B2:93:13:40:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPJzpjxR6vP55a57n6r9spMTQN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/J0nJlAS8YWaeE8-CVsqMHSQOGGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/bc676b-c0b6-4fbb-933f-5082c28b715f/1/kPJzpjxR6vP55a57n6r9spMTQN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:21:ad:1f:2e:38:19:45:8c:6d:32:a7:29:dd:ab:05:94:bf:
         db:fc:eb:5b:87:00:e0:9d:cd:d1:6d:de:69:8a:24:4c:d4:52:
         84:f1:57:7a:b4:a6:f8:83:3b:8f:56:04:2e:8a:ab:8c:68:89:
         31:08:eb:fd:4d:00:af:e3:f4:a2:5a:d4:dd:c9:0f:e0:42:e7:
         4c:78:49:bd:fb:ee:10:63:c2:1a:3a:68:41:1c:49:ad:dd:33:
         5e:f5:b3:08:14:fe:52:4a:84:87:2e:6d:d5:d8:02:31:4a:3a:
         02:d5:aa:b2:16:70:f9:58:b7:8a:65:10:b0:d3:ee:50:60:42:
         47:b8:42:dc:fd:a7:58:bc:01:01:a2:29:35:82:ea:03:96:1f:
         6f:a5:b6:24:3c:bf:aa:2f:c1:ce:fb:0e:6b:7e:a4:fb:91:e5:
         e8:0e:4a:31:37:09:1a:f3:8c:94:e5:e3:a4:01:b7:f4:ef:8c:
         a4:cb:19:02:fe:74:a7:46:e6:dd:4d:83:d7:0d:cb:1a:e3:35:
         94:13:9a:c0:9d:a8:21:57:64:af:44:af:75:15:77:91:f9:a4:
         e2:fd:49:62:0b:fd:5d:73:0e:0a:ec:64:9c:83:2c:22:43:4c:
         17:6c:63:6e:b7:07:58:cf:38:11:05:2b:00:9c:9e:65:b7:a1:
         72:ac:aa:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTihi+6dVhDyuWtrpUw/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjI3M2E2M2M1MWVhZjNmOWU1YWU3YjlmYWFmZGIyOTMx
MzQwZGYwHhcNMjQwMTAyMDgzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzQ5Yzk5NDA0YmM2MTY2OWUxM2NmODI1NmNhOGMxZDI0MGUxODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4Dzc+8gktb3lGgmj3fpCS7oS02W
uxhl3n35s1AkJOwrNV5lK6M3ubtPqQ/ln0OHhUPoag74cP7QVmLWoZOBglcUnOFC
cFEVIVwIBB8UBrATx1s+0P/AU5Th+TyBuB8oqzthq6/llw9Xp+BQBk0PXRvGAp8d
hAIs2bnOJ3Y7LF8XCfFmB6/c6HGLGMmLayLHAz17kF9j33lsE5Dy19RwTRqYpuMT
GOeaOBanDdD94MUl1oizVdlQruSaw3FQisJ01VVwGjZO7uRHl0aTGuR4e7EBPXXq
CXt3Lnc8aKCm7YZAVxQTbiZHCsBYIsSWtTfJNsehlKQFjuVQkwlkRN/tJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdJyZQEvGFmnhPPglbKjB0kDhhlMB8GA1UdIwQY
MBaAFJDyc6Y8Uerz+eWue5+q/bKTE0DfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BKenBqeFI2dlA1NWE1N242cjlzcE1UUU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9iYzY3NmItYzBiNi00ZmJiLTkzM2Yt
NTA4MmMyOGI3MTVmLzEvSjBuSmxBUzhZV2FlRTgtQ1ZzcU1IU1FPR0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9iYzY3NmItYzBiNi00ZmJiLTkzM2YtNTA4MmMyOGI3MTVm
LzEva1BKenBqeFI2dlA1NWE1N242cjlzcE1UUU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudx3MA0G
CSqGSIb3DQEBCwUAA4IBAQALIa0fLjgZRYxtMqcp3asFlL/b/OtbhwDgnc3Rbd5p
iiRM1FKE8Vd6tKb4gzuPVgQuiquMaIkxCOv9TQCv4/SiWtTdyQ/gQudMeEm9++4Q
Y8IaOmhBHEmt3TNe9bMIFP5SSoSHLm3V2AIxSjoC1aqyFnD5WLeKZRCw0+5QYEJH
uELc/adYvAEBoik1guoDlh9vpbYkPL+qL8HO+w5rfqT7keXoDkoxNwka84yU5eOk
Abf074ykyxkC/nSnRubdTYPXDcsa4zWUE5rAnaghV2SvRK91FXeR+aTi/UliC/1d
cw4K7GScgywiQ0wXbGNutwdYzzgRBSsAnJ5lt6FyrKov
-----END CERTIFICATE-----
Generated at Sun Jun 16 05:01:13 2024 by rpki-client on console-ams.rpki-client.org