Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/JBKZBh61F0zxICWg3iLuJQ2dPiE.roa
File:                     JBKZBh61F0zxICWg3iLuJQ2dPiE.roa (raw, json)
Hash identifier:          3BiwAxZrJ3LoTklXWNQnYuG+OtnQehCMIIksZyP3Ky8=
Subject key identifier:   24:12:99:06:1E:B5:17:4C:F1:20:25:A0:DE:22:EE:25:0D:9D:3E:21
Certificate issuer:       /CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Certificate serial:       018CC26D0BBEB74362E7486DC67AD0CA1AE0
Authority key identifier: 18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/JBKZBh61F0zxICWg3iLuJQ2dPiE.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.208.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0b:be:b7:43:62:e7:48:6d:c6:7a:d0:ca:1a:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=241299061eb5174cf12025a0de22ee250d9d3e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:54:25:d8:0e:45:fb:59:13:f4:95:14:78:df:
                    6a:9a:c1:81:9f:ac:24:15:1b:a1:d0:01:98:ae:49:
                    88:66:4e:dc:cd:da:c7:bb:db:08:a8:56:5c:19:1f:
                    87:25:3d:bf:93:8b:32:0c:93:18:69:a6:d1:dc:36:
                    18:87:83:0d:2e:5a:13:b9:9d:f8:41:50:1f:79:5b:
                    fa:28:73:24:3e:60:2f:7f:cd:67:79:53:bf:b1:ea:
                    5a:04:86:87:88:17:56:e8:73:39:45:71:e3:fa:f4:
                    71:af:2c:cf:12:eb:b5:d7:ef:d9:65:86:eb:a5:9c:
                    6a:1a:f9:15:af:d7:d5:25:ec:98:c4:01:7c:7e:cc:
                    6d:6d:ac:13:59:1b:a6:84:ad:8a:fd:6a:16:eb:1f:
                    80:54:dd:73:4d:6d:c5:b7:c3:e9:65:6b:04:5c:e1:
                    93:fc:af:68:c0:27:a1:aa:cf:5b:1b:f6:b9:ea:0d:
                    91:30:83:4b:90:0c:50:0e:1b:5d:af:7f:7a:45:e2:
                    01:24:4b:85:4f:ba:6c:2f:2a:f5:20:9f:f1:c6:40:
                    9e:57:14:9b:08:e5:4d:e9:d1:39:8c:a6:b9:9e:61:
                    59:62:8d:b6:dd:81:55:3c:e8:cf:a9:9d:18:fc:af:
                    03:b9:37:65:d7:fe:27:61:ba:13:74:8a:6c:dd:c3:
                    50:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:12:99:06:1E:B5:17:4C:F1:20:25:A0:DE:22:EE:25:0D:9D:3E:21
            X509v3 Authority Key Identifier:
                keyid:18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/JBKZBh61F0zxICWg3iLuJQ2dPiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:6c:cc:8a:f1:31:21:e4:c0:00:54:1a:a3:f6:0a:d3:b5:7d:
         1a:ea:60:d3:bc:71:2f:4e:09:33:13:eb:53:72:b0:40:25:e6:
         79:5d:d9:25:aa:d5:4c:75:34:f2:1a:ed:fe:30:56:97:5f:be:
         0b:26:5f:a2:06:40:12:7e:17:1c:dc:88:3d:e7:b0:51:f4:af:
         b5:b3:24:22:8f:cd:97:17:cf:22:ee:9d:2f:fa:cc:01:12:27:
         1a:78:0e:38:ab:06:95:e1:36:ce:80:d9:ea:61:8f:6e:c3:2e:
         d3:bf:aa:75:08:1f:35:84:22:39:ad:b6:97:ae:11:cc:03:f5:
         eb:bd:44:35:e3:65:23:2c:4a:6e:56:0b:0f:cf:1d:94:f6:6d:
         f2:bd:a6:47:98:8a:53:ea:07:51:e8:bc:c7:c1:18:b8:05:c0:
         1c:66:91:8c:bb:93:5f:27:3d:85:be:f6:fb:db:2d:ca:20:8f:
         f7:29:57:6f:b7:63:f0:49:1b:38:bb:e2:96:b1:d2:c8:5e:3e:
         a0:85:28:d7:76:01:02:05:3f:92:20:bd:3f:4d:44:b0:e4:ec:
         7a:c4:68:a6:b1:d7:6e:3e:69:29:b7:6c:83:31:eb:c4:55:28:
         cb:1f:76:87:9f:b3:9a:05:09:2c:55:a7:4e:8e:fc:85:88:bf:
         59:9b:3e:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQu+t0Ni50htxnrQyhrgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YTg0YThlNDc1ZjY2MDZlN2ExMmY5MmIzMzBkNjNkOGY4
ODBiZTAwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDEyOTkwNjFlYjUxNzRjZjEyMDI1YTBkZTIyZWUyNTBkOWQzZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlQl2A5F+1kT9JUUeN9qmsGBn6wk
FRuh0AGYrkmIZk7czdrHu9sIqFZcGR+HJT2/k4syDJMYaabR3DYYh4MNLloTuZ34
QVAfeVv6KHMkPmAvf81neVO/sepaBIaHiBdW6HM5RXHj+vRxryzPEuu11+/ZZYbr
pZxqGvkVr9fVJeyYxAF8fsxtbawTWRumhK2K/WoW6x+AVN1zTW3Ft8PpZWsEXOGT
/K9owCehqs9bG/a56g2RMINLkAxQDhtdr396ReIBJEuFT7psLyr1IJ/xxkCeVxSb
COVN6dE5jKa5nmFZYo223YFVPOjPqZ0Y/K8DuTdl1/4nYboTdIps3cNQrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQSmQYetRdM8SAloN4i7iUNnT4hMB8GA1UdIwQY
MBaAFBioSo5HX2YG56EvkrMw1j2PiAvgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEt
ODdmNWI2NDc5ZDFlLzEvSkJLWkJoNjFGMHp4SUNXZzNpTHVKUTJkUGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEtODdmNWI2NDc5ZDFl
LzEvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudAJMA0G
CSqGSIb3DQEBCwUAA4IBAQCqbMyK8TEh5MAAVBqj9grTtX0a6mDTvHEvTgkzE+tT
crBAJeZ5XdklqtVMdTTyGu3+MFaXX74LJl+iBkASfhcc3Ig957BR9K+1syQij82X
F88i7p0v+swBEicaeA44qwaV4TbOgNnqYY9uwy7Tv6p1CB81hCI5rbaXrhHMA/Xr
vUQ142UjLEpuVgsPzx2U9m3yvaZHmIpT6gdR6LzHwRi4BcAcZpGMu5NfJz2Fvvb7
2y3KII/3KVdvt2PwSRs4u+KWsdLIXj6ghSjXdgECBT+SIL0/TUSw5Ox6xGimsddu
Pmkpt2yDMevEVSjLH3aHn7OaBQksVadOjvyFiL9Zmz6E
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:31:54 2024 by rpki-client on console-ams.rpki-client.org