Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/chUFIeysM8uMaZWDLRNR5_TUDVw.roa
File:                     chUFIeysM8uMaZWDLRNR5_TUDVw.roa (raw, json)
Hash identifier:          B2XB1lAxNUe9MT/mbk6Yja1qrVo/ByydRjfl7lwNKbs=
Subject key identifier:   72:15:05:21:EC:AC:33:CB:8C:69:95:83:2D:13:51:E7:F4:D4:0D:5C
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A77C13A795B7F226DCE596A4F54A6
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/chUFIeysM8uMaZWDLRNR5_TUDVw.roa
Signing time:             Mon 01 Jan 2024 18:30:18 +0000
ROA not before:           Mon 01 Jan 2024 18:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        128.0.68.0/23 maxlen: 23
                          188.72.68.0/23 maxlen: 23
                          46.243.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:77:c1:3a:79:5b:7f:22:6d:ce:59:6a:4f:54:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72150521ecac33cb8c6995832d1351e7f4d40d5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:65:89:be:14:21:38:b1:32:c1:14:5f:8f:81:
                    73:b7:d6:50:e7:57:c4:6b:15:2e:61:6b:57:f9:72:
                    f7:28:e0:68:58:8f:eb:00:c1:13:9b:ae:a2:e6:39:
                    7a:ee:4a:58:4f:8d:fb:6c:f2:d2:a8:e6:b9:53:6c:
                    97:bc:e5:f5:e2:5e:aa:9a:2d:1e:38:ff:2e:ed:57:
                    64:e8:a6:46:83:cc:2a:fa:d4:0d:3d:8f:c2:3c:03:
                    32:a7:af:7d:6f:8f:1b:50:7c:0d:6d:cc:95:da:18:
                    46:eb:75:a0:b7:7c:c7:4b:26:bd:51:d9:94:42:b8:
                    f8:ea:58:ae:f8:04:25:8d:b5:a6:cb:2d:97:40:15:
                    17:d7:7f:e8:8a:ab:a3:86:3f:24:d6:7d:19:b1:74:
                    66:89:39:7c:2e:5f:2b:38:06:96:a8:29:f0:62:6a:
                    91:cd:77:2f:71:06:b4:bf:98:44:d0:f0:62:73:e1:
                    99:2b:85:f3:7c:5d:d8:2e:14:9c:a1:d8:58:55:e8:
                    61:b1:aa:41:67:3f:76:2c:20:ed:7d:bd:86:07:57:
                    2c:bf:4d:74:65:94:33:9a:c2:ad:78:2d:d8:2e:44:
                    96:cf:49:65:64:dc:d4:56:f6:5f:4b:16:86:8d:8e:
                    c3:7f:87:19:1a:66:39:e7:c0:f1:82:85:61:15:8a:
                    c7:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:15:05:21:EC:AC:33:CB:8C:69:95:83:2D:13:51:E7:F4:D4:0D:5C
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/chUFIeysM8uMaZWDLRNR5_TUDVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.188.0/22
                  128.0.68.0/23
                  188.72.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:c7:cd:80:49:0d:61:f6:34:e2:d6:7e:ec:a6:d5:09:4f:92:
         73:bd:52:54:ba:89:7f:b6:00:71:1e:af:64:3f:4d:e1:c0:b4:
         d5:a4:03:99:dd:a6:8c:08:6f:77:50:07:12:49:2a:ea:e3:ed:
         39:67:59:37:eb:fe:ac:e4:59:67:bc:fd:2e:3a:a9:5f:58:b3:
         1a:f7:ca:68:c2:1b:d4:36:9e:17:63:d6:27:23:43:79:4a:cf:
         ea:f3:e8:f0:53:83:3d:67:b0:05:b9:a8:21:7a:46:fa:0f:03:
         f3:7c:be:de:ac:66:35:13:fb:df:10:09:35:a1:11:b9:a7:90:
         3c:d0:c7:0b:90:f4:bd:a5:fc:46:08:9c:53:0a:ae:a5:20:0d:
         73:df:e3:53:ae:f5:0f:c0:c8:6c:35:63:dd:59:f9:e9:9a:ec:
         af:67:03:ee:ca:04:8a:81:3f:a0:e8:12:e4:d8:1a:e1:81:ac:
         d2:13:51:b6:b5:a6:40:7a:4f:8f:a2:35:43:aa:fd:6b:f4:3a:
         d1:6e:01:a3:ca:40:db:da:c5:c6:4f:c0:ba:50:63:3d:be:23:
         b0:28:51:13:61:83:99:b4:6f:d0:51:7c:cf:4f:a9:04:66:5f:
         98:e5:0c:99:d9:0e:48:be:72:6f:44:16:ef:8b:64:31:1b:00:
         97:45:3e:ab
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGSnfBOnlbfyJtzllqT1SmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjE1MDUyMWVjYWMzM2NiOGM2OTk1ODMyZDEzNTFlN2Y0ZDQwZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGWJvhQhOLEywRRfj4Fzt9ZQ51fE
axUuYWtX+XL3KOBoWI/rAMETm66i5jl67kpYT437bPLSqOa5U2yXvOX14l6qmi0e
OP8u7Vdk6KZGg8wq+tQNPY/CPAMyp699b48bUHwNbcyV2hhG63Wgt3zHSya9UdmU
Qrj46liu+AQljbWmyy2XQBUX13/oiqujhj8k1n0ZsXRmiTl8Ll8rOAaWqCnwYmqR
zXcvcQa0v5hE0PBic+GZK4XzfF3YLhScodhYVehhsapBZz92LCDtfb2GB1csv010
ZZQzmsKteC3YLkSWz0llZNzUVvZfSxaGjY7Df4cZGmY558DxgoVhFYrHUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHIVBSHsrDPLjGmVgy0TUef01A1cMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvY2hVRklleXNNOHVNYVpXRExSTlI1X1RVRFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLvO8AwQB
gABEAwQBvEhEMA0GCSqGSIb3DQEBCwUAA4IBAQCBx82ASQ1h9jTi1n7sptUJT5Jz
vVJUuol/tgBxHq9kP03hwLTVpAOZ3aaMCG93UAcSSSrq4+05Z1k36/6s5FlnvP0u
OqlfWLMa98powhvUNp4XY9YnI0N5Ss/q8+jwU4M9Z7AFuaghekb6DwPzfL7erGY1
E/vfEAk1oRG5p5A80McLkPS9pfxGCJxTCq6lIA1z3+NTrvUPwMhsNWPdWfnpmuyv
ZwPuygSKgT+g6BLk2BrhgazSE1G2taZAek+PojVDqv1r9DrRbgGjykDb2sXGT8C6
UGM9viOwKFETYYOZtG/QUXzPT6kEZl+Y5QyZ2Q5IvnJvRBbvi2QxGwCXRT6r
-----END CERTIFICATE-----
Generated at Mon Jun 17 10:07:39 2024 by rpki-client on console-fra.rpki-client.org