Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/kRGf0bWxjWUh8sdGXabcomhWjno.roa
File:                     kRGf0bWxjWUh8sdGXabcomhWjno.roa (raw, json)
Hash identifier:          9dSAfgPcrU0QfkObtWRj3oGya1C5FzdCWWHZarkr0hs=
Subject key identifier:   91:11:9F:D1:B5:B1:8D:65:21:F2:C7:46:5D:A6:DC:A2:68:56:8E:7A
Certificate issuer:       /CN=191e27b29f65a24d9f94215715cd3671825a9eae
Certificate serial:       0194258F37912694F1596E7A6367E7860882
Authority key identifier: 19:1E:27:B2:9F:65:A2:4D:9F:94:21:57:15:CD:36:71:82:5A:9E:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GR4nsp9lok2flCFXFc02cYJanq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/kRGf0bWxjWUh8sdGXabcomhWjno.roa
Signing time:             Thu 02 Jan 2025 05:48:50 +0000
ROA not before:           Thu 02 Jan 2025 05:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        185.102.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/GR4nsp9lok2flCFXFc02cYJanq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/GR4nsp9lok2flCFXFc02cYJanq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GR4nsp9lok2flCFXFc02cYJanq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:37:91:26:94:f1:59:6e:7a:63:67:e7:86:08:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=191e27b29f65a24d9f94215715cd3671825a9eae
        Validity
            Not Before: Jan  2 05:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91119fd1b5b18d6521f2c7465da6dca268568e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0d:cc:b5:35:4f:21:bb:47:81:ea:b6:17:2a:
                    74:cf:ee:ca:e9:95:9e:a2:49:a7:64:36:85:9b:b4:
                    f0:f4:14:3e:0e:0d:b2:c1:eb:c7:38:7f:c7:99:1d:
                    cb:bc:71:bd:95:af:80:89:63:e4:b9:8d:97:1e:9d:
                    e6:79:ba:5c:bf:ec:89:b5:76:f9:54:61:28:4a:87:
                    89:7e:df:74:06:a0:96:86:05:20:82:19:58:94:a0:
                    38:77:19:31:9e:8f:8d:24:2d:53:53:4e:14:61:8a:
                    99:8a:00:a0:3a:ce:d3:74:8e:50:c2:f3:b2:ea:b0:
                    fe:44:c6:9d:e1:ce:4b:49:3f:06:73:0e:8a:30:eb:
                    c0:d8:35:a5:15:9e:cc:45:3e:bf:c7:64:a3:1f:d1:
                    55:ad:64:b2:d6:4e:05:cb:83:e7:f2:6f:79:c4:57:
                    a7:4b:68:31:17:11:52:bd:25:a1:26:98:05:54:cb:
                    df:fa:c2:e9:05:e5:55:cf:0e:d8:15:bc:f3:89:c0:
                    f8:34:f5:32:68:60:26:ce:97:89:3d:fa:83:42:19:
                    70:c1:da:2d:41:19:3a:de:2a:9e:95:24:ba:77:d2:
                    85:3b:94:81:83:0a:76:e5:2a:62:b8:3a:19:ac:f4:
                    dc:e7:d7:c6:41:a7:07:07:1d:91:1b:a3:88:cb:55:
                    94:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:11:9F:D1:B5:B1:8D:65:21:F2:C7:46:5D:A6:DC:A2:68:56:8E:7A
            X509v3 Authority Key Identifier:
                keyid:19:1E:27:B2:9F:65:A2:4D:9F:94:21:57:15:CD:36:71:82:5A:9E:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GR4nsp9lok2flCFXFc02cYJanq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/kRGf0bWxjWUh8sdGXabcomhWjno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a89801-c721-41bb-b517-b8c666e6d351/1/GR4nsp9lok2flCFXFc02cYJanq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:ad:df:68:36:8d:6c:b7:48:84:06:4e:b2:18:08:31:64:b5:
         0d:05:07:6c:f4:38:75:13:29:de:d8:e0:f0:a2:a7:3d:66:22:
         45:8a:36:dc:6b:57:22:09:09:66:c4:8d:12:2f:8f:ab:1b:8c:
         a1:99:61:b3:e9:da:b9:c5:23:c8:b7:0c:9f:34:89:81:f0:b5:
         00:61:f0:d4:0d:59:a9:2c:4b:19:58:94:65:06:cf:cc:e7:83:
         7a:77:79:25:7f:4a:a4:ed:71:3d:d7:c9:b4:72:13:8b:33:eb:
         07:81:ff:45:e7:73:7f:ca:22:bf:e1:f3:b7:46:dc:19:7e:b9:
         a7:25:b6:aa:f0:86:ea:5a:b2:c6:0e:52:a2:dd:01:36:09:3d:
         61:3f:38:3d:ce:ac:3c:51:fc:ff:c9:6b:1e:8e:80:8b:0d:c4:
         84:06:29:db:dd:46:0c:48:7a:5d:fb:d9:28:ba:7b:a1:1e:f5:
         5a:41:c9:08:ce:e8:9a:88:c1:94:5c:4f:67:1a:6d:dd:6d:ca:
         39:50:37:67:71:a3:a4:cf:f8:f6:3d:92:17:c5:90:c6:09:32:
         c0:c9:7e:12:79:cd:84:67:e8:da:62:d7:f9:4e:4f:40:3b:15:
         59:35:59:d6:56:b6:58:91:9c:83:20:32:c2:d6:59:2f:b4:b7:
         01:51:19:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljzeRJpTxWW56Y2fnhgiCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MWUyN2IyOWY2NWEyNGQ5Zjk0MjE1NzE1Y2QzNjcxODI1
YTllYWUwHhcNMjUwMTAyMDU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTExOWZkMWI1YjE4ZDY1MjFmMmM3NDY1ZGE2ZGNhMjY4NTY4ZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQ3MtTVPIbtHgeq2Fyp0z+7K6ZWe
okmnZDaFm7Tw9BQ+Dg2ywevHOH/HmR3LvHG9la+AiWPkuY2XHp3mebpcv+yJtXb5
VGEoSoeJft90BqCWhgUgghlYlKA4dxkxno+NJC1TU04UYYqZigCgOs7TdI5QwvOy
6rD+RMad4c5LST8Gcw6KMOvA2DWlFZ7MRT6/x2SjH9FVrWSy1k4Fy4Pn8m95xFen
S2gxFxFSvSWhJpgFVMvf+sLpBeVVzw7YFbzzicD4NPUyaGAmzpeJPfqDQhlwwdot
QRk63iqelSS6d9KFO5SBgwp25SpiuDoZrPTc59fGQacHBx2RG6OIy1WUwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJERn9G1sY1lIfLHRl2m3KJoVo56MB8GA1UdIwQY
MBaAFBkeJ7KfZaJNn5QhVxXNNnGCWp6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1I0bnNwOWxvazJmbENGWEZjMDJjWUphbnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hODk4MDEtYzcyMS00MWJiLWI1MTct
YjhjNjY2ZTZkMzUxLzEva1JHZjBiV3hqV1VoOHNkR1hhYmNvbWhXam5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hODk4MDEtYzcyMS00MWJiLWI1MTctYjhjNjY2ZTZkMzUx
LzEvR1I0bnNwOWxvazJmbENGWEZjMDJjWUphbnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWYbMA0G
CSqGSIb3DQEBCwUAA4IBAQB6rd9oNo1st0iEBk6yGAgxZLUNBQds9Dh1Eyne2ODw
oqc9ZiJFijbca1ciCQlmxI0SL4+rG4yhmWGz6dq5xSPItwyfNImB8LUAYfDUDVmp
LEsZWJRlBs/M54N6d3klf0qk7XE918m0chOLM+sHgf9F53N/yiK/4fO3RtwZfrmn
Jbaq8IbqWrLGDlKi3QE2CT1hPzg9zqw8Ufz/yWsejoCLDcSEBinb3UYMSHpd+9ko
unuhHvVaQckIzuiaiMGUXE9nGm3dbco5UDdncaOkz/j2PZIXxZDGCTLAyX4Sec2E
Z+jaYtf5Tk9AOxVZNVnWVrZYkZyDIDLC1lkvtLcBURlS
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:41:27 2025 by rpki-client