Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/wkhQTrqFL7lW3yeieblcavMJV6Q.roa
File:                     wkhQTrqFL7lW3yeieblcavMJV6Q.roa (raw, json)
Hash identifier:          /f8pFcT2zh2lsCPF+tu/6qHTtA8Y/Aws+qQisHbk7cE=
Subject key identifier:   C2:48:50:4E:BA:85:2F:B9:56:DF:27:A2:79:B9:5C:6A:F3:09:57:A4
Certificate issuer:       /CN=c8531ae2ce57c95f5a398930ea45503542801ba1
Certificate serial:       018CC493991D5329233C92EEC24D76A0FC0F
Authority key identifier: C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/wkhQTrqFL7lW3yeieblcavMJV6Q.roa
Signing time:             Mon 01 Jan 2024 10:30:56 +0000
ROA not before:           Mon 01 Jan 2024 10:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3491
IP address blocks:        217.113.64.0/19 maxlen: 19
                          217.113.65.0/24 maxlen: 24
                          217.113.86.0/24 maxlen: 24
                          217.113.88.0/24 maxlen: 24
                          217.113.92.0/24 maxlen: 24
                          185.77.60.0/22 maxlen: 22
                          185.77.60.0/24 maxlen: 24
                          2a03:5400::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:01:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:99:1d:53:29:23:3c:92:ee:c2:4d:76:a0:fc:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8531ae2ce57c95f5a398930ea45503542801ba1
        Validity
            Not Before: Jan  1 10:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c248504eba852fb956df27a279b95c6af30957a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:49:02:d6:ab:22:ba:ca:fb:51:e6:f9:93:f7:
                    f0:ba:73:c7:4d:0d:4e:5f:15:aa:af:3a:ec:8f:7e:
                    08:13:89:11:43:3a:f5:df:1c:36:91:3a:0a:fd:41:
                    a9:7d:09:54:fa:e7:2d:87:14:dd:63:a2:1d:6a:97:
                    95:0f:da:e5:ec:bc:45:dd:10:1a:3a:ce:0c:d5:88:
                    cf:2a:79:7b:62:c5:17:07:4a:14:e0:80:c4:8b:a2:
                    10:a3:ef:b8:85:3a:36:7b:37:82:f5:23:a8:7a:f6:
                    79:b8:a6:f0:ed:df:ce:53:02:0c:17:da:0c:ba:be:
                    1f:60:dd:15:25:4c:ea:c5:f0:59:cc:d6:26:66:a8:
                    e6:c6:34:33:d7:4b:3a:49:d2:8a:35:b1:9d:35:c6:
                    49:2a:0f:57:a0:22:35:5d:1a:7a:f3:fe:c0:d9:0a:
                    c9:c6:cf:ea:27:cd:fb:b8:5a:a0:38:46:62:64:66:
                    8a:af:18:ed:e7:cb:86:98:99:e4:fc:30:1e:55:69:
                    d3:2b:11:05:a4:74:91:3e:f3:53:51:5e:d3:b8:b0:
                    59:02:0a:91:04:25:1c:6f:34:03:3b:59:2c:01:1f:
                    1e:52:db:8c:39:67:e1:a2:dd:81:8b:a7:77:9a:96:
                    ba:76:d3:b1:80:03:a9:aa:8c:06:4d:3e:d4:59:2a:
                    c3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:48:50:4E:BA:85:2F:B9:56:DF:27:A2:79:B9:5C:6A:F3:09:57:A4
            X509v3 Authority Key Identifier:
                keyid:C8:53:1A:E2:CE:57:C9:5F:5A:39:89:30:EA:45:50:35:42:80:1B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFMa4s5XyV9aOYkw6kVQNUKAG6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/wkhQTrqFL7lW3yeieblcavMJV6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c4c32c-322e-4ed7-8a29-45d542d5f55f/1/yFMa4s5XyV9aOYkw6kVQNUKAG6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.60.0/22
                  217.113.64.0/19
                IPv6:
                  2a03:5400::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:5e:43:5a:7a:e0:85:3e:7a:62:ff:5b:9d:c6:2b:43:e9:c3:
         e6:b2:95:bd:10:42:03:c5:68:64:58:b8:11:be:08:8a:eb:9e:
         ca:42:61:87:53:68:b6:f0:ec:11:74:23:06:85:53:43:66:cd:
         f8:95:bf:cb:9e:df:b9:ed:fb:26:71:dd:ea:da:1d:b3:92:67:
         ac:56:90:b9:5d:7a:a2:02:1b:59:1f:61:2f:c0:4c:b2:d7:5a:
         d6:9f:e7:6d:d7:09:83:0c:bb:be:55:8d:4c:b2:cc:c2:86:4d:
         8a:bb:a4:73:52:36:aa:f8:cd:01:d2:8e:ec:31:bf:e3:f6:15:
         d5:f3:3a:9f:3a:ac:47:b1:99:37:1b:85:e9:2f:4c:36:fb:be:
         69:b5:4b:b8:6a:c7:51:bc:67:97:00:29:a4:4f:3a:f2:bb:4a:
         32:74:d6:a8:3e:0c:97:97:8d:56:30:2e:da:c8:e1:d3:1d:6c:
         8e:28:ca:0d:56:c5:f1:1a:83:3c:88:91:dc:06:16:b0:50:ce:
         d4:bc:93:55:8e:27:43:c6:ae:ea:5e:d4:f9:b5:ce:49:70:2b:
         00:95:af:40:ad:1f:7f:66:25:1c:e9:cc:fe:1d:21:c0:33:7f:
         92:fe:9c:5f:06:6f:c0:51:f8:27:05:93:08:e3:4b:a6:e0:81:
         0e:9a:af:1a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk5kdUykjPJLuwk12oPwPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTMxYWUyY2U1N2M5NWY1YTM5ODkzMGVhNDU1MDM1NDI4
MDFiYTEwHhcNMjQwMTAxMTAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjQ4NTA0ZWJhODUyZmI5NTZkZjI3YTI3OWI5NWM2YWYzMDk1N2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUkC1qsiusr7Ueb5k/fwunPHTQ1O
XxWqrzrsj34IE4kRQzr13xw2kToK/UGpfQlU+ucthxTdY6IdapeVD9rl7LxF3RAa
Os4M1YjPKnl7YsUXB0oU4IDEi6IQo++4hTo2ezeC9SOoevZ5uKbw7d/OUwIMF9oM
ur4fYN0VJUzqxfBZzNYmZqjmxjQz10s6SdKKNbGdNcZJKg9XoCI1XRp68/7A2QrJ
xs/qJ837uFqgOEZiZGaKrxjt58uGmJnk/DAeVWnTKxEFpHSRPvNTUV7TuLBZAgqR
BCUcbzQDO1ksAR8eUtuMOWfhot2Bi6d3mpa6dtOxgAOpqowGTT7UWSrDZQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMJIUE66hS+5Vt8nonm5XGrzCVekMB8GA1UdIwQY
MBaAFMhTGuLOV8lfWjmJMOpFUDVCgBuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjkt
NDVkNTQyZDVmNTVmLzEvd2toUVRycUZMN2xXM3llaWVibGNhdk1KVjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9jNGMzMmMtMzIyZS00ZWQ3LThhMjktNDVkNTQyZDVmNTVm
LzEveUZNYTRzNVh5VjlhT1lrdzZrVlFOVUtBRzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuU08AwQF
2XFAMA0EAgACMAcDBQAqA1QAMA0GCSqGSIb3DQEBCwUAA4IBAQCBXkNaeuCFPnpi
/1udxitD6cPmspW9EEIDxWhkWLgRvgiK657KQmGHU2i28OwRdCMGhVNDZs34lb/L
nt+57fsmcd3q2h2zkmesVpC5XXqiAhtZH2EvwEyy11rWn+dt1wmDDLu+VY1MsszC
hk2Ku6RzUjaq+M0B0o7sMb/j9hXV8zqfOqxHsZk3G4XpL0w2+75ptUu4asdRvGeX
ACmkTzryu0oydNaoPgyXl41WMC7ayOHTHWyOKMoNVsXxGoM8iJHcBhawUM7UvJNV
jidDxq7qXtT5tc5JcCsAla9ArR9/ZiUc6cz+HSHAM3+S/pxfBm/AUfgnBZMI40um
4IEOmq8a
-----END CERTIFICATE-----
Generated at Sat Jun 15 21:31:07 2024 by rpki-client on console-ams.rpki-client.org