Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/wsFVFYnBMuGVq6Q8fIe1aUkeLoU.roa
File:                     wsFVFYnBMuGVq6Q8fIe1aUkeLoU.roa (raw, json)
Hash identifier:          dUGwor+VrIGw7hT20j6uafZzkcOb9SW2nKt+0NL0CGc=
Subject key identifier:   C2:C1:55:15:89:C1:32:E1:95:AB:A4:3C:7C:87:B5:69:49:1E:2E:85
Certificate issuer:       /CN=4afc7f0beac2260702d05b69dd7b7a3fb2ddd69e
Certificate serial:       018CC492940AA2D77BF9CAD5FB82582E9A5F
Authority key identifier: 4A:FC:7F:0B:EA:C2:26:07:02:D0:5B:69:DD:7B:7A:3F:B2:DD:D6:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Svx_C-rCJgcC0Ftp3Xt6P7Ld1p4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/wsFVFYnBMuGVq6Q8fIe1aUkeLoU.roa
Signing time:             Mon 01 Jan 2024 10:29:49 +0000
ROA not before:           Mon 01 Jan 2024 10:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31725
IP address blocks:        91.201.240.0/23 maxlen: 23
                          91.201.240.0/22 maxlen: 22
                          91.201.242.0/23 maxlen: 23
                          188.190.64.0/19 maxlen: 19
                          109.95.32.0/22 maxlen: 22
                          109.95.32.0/21 maxlen: 21
                          195.62.15.0/24 maxlen: 24
                          195.62.14.0/23 maxlen: 23
                          195.62.14.0/24 maxlen: 24
                          2001:67c:176c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/Svx_C-rCJgcC0Ftp3Xt6P7Ld1p4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/Svx_C-rCJgcC0Ftp3Xt6P7Ld1p4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Svx_C-rCJgcC0Ftp3Xt6P7Ld1p4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:94:0a:a2:d7:7b:f9:ca:d5:fb:82:58:2e:9a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4afc7f0beac2260702d05b69dd7b7a3fb2ddd69e
        Validity
            Not Before: Jan  1 10:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2c1551589c132e195aba43c7c87b569491e2e85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:01:73:7e:29:30:26:19:2d:8a:ac:12:8e:91:
                    ca:89:a5:ec:16:66:76:61:40:ef:19:c6:a2:3d:a1:
                    a7:13:1d:62:1e:70:ba:45:63:bc:fd:c6:5b:59:f6:
                    90:d1:ad:fc:f4:10:54:66:4d:84:f8:de:b7:8e:93:
                    16:9c:d2:ed:11:82:53:f7:cd:fd:88:b5:8a:7e:1a:
                    e7:07:25:99:50:08:0d:7f:41:e2:88:63:39:af:23:
                    75:83:fe:29:c5:d3:a6:94:94:ae:df:44:4a:ed:8a:
                    d0:d4:87:12:54:6e:66:4e:a1:a7:fa:5e:b8:1e:99:
                    78:2c:7b:c9:d0:1e:13:48:f8:52:16:fe:63:5b:07:
                    f6:dd:a4:13:05:7f:d4:94:6f:3e:90:e9:1b:cb:4d:
                    4c:3c:f5:17:7d:8e:42:d3:42:31:c9:c1:f1:87:6d:
                    19:0b:97:32:40:94:72:2b:8a:e1:8a:93:44:6d:d3:
                    fe:87:f1:e5:8c:07:dc:74:c1:fe:d3:91:41:6e:13:
                    ea:e5:31:9d:5c:d7:0d:02:57:2a:56:9b:a6:79:ee:
                    dc:13:be:33:c0:ab:90:65:ba:60:9b:f4:91:7c:42:
                    8c:87:a0:36:e9:eb:3b:00:95:e6:11:86:cf:11:ff:
                    06:e4:6b:98:9e:ec:99:ee:05:a4:28:f1:2a:ac:c8:
                    41:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C1:55:15:89:C1:32:E1:95:AB:A4:3C:7C:87:B5:69:49:1E:2E:85
            X509v3 Authority Key Identifier:
                keyid:4A:FC:7F:0B:EA:C2:26:07:02:D0:5B:69:DD:7B:7A:3F:B2:DD:D6:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Svx_C-rCJgcC0Ftp3Xt6P7Ld1p4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/wsFVFYnBMuGVq6Q8fIe1aUkeLoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/Svx_C-rCJgcC0Ftp3Xt6P7Ld1p4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.240.0/22
                  109.95.32.0/21
                  188.190.64.0/19
                  195.62.14.0/23
                IPv6:
                  2001:67c:176c::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:98:62:e7:3c:39:96:e8:79:0a:c6:e6:f3:2f:3d:bd:dc:23:
         8a:7d:1a:0e:2f:46:c9:c3:a8:11:ed:18:0f:3a:1a:1b:7e:af:
         ac:53:70:80:ce:0c:db:82:98:89:b1:4a:7d:21:fe:81:2a:be:
         96:40:79:7d:b9:d5:d8:91:48:61:23:b3:72:8f:23:0c:96:09:
         ff:e3:f4:7e:8e:8f:42:df:68:3e:a7:d3:5f:f7:41:d4:4d:f6:
         f9:57:d7:7b:ed:7b:fa:28:d6:5d:9b:cf:9d:fb:b4:52:cf:fe:
         e1:12:ac:db:2c:2b:bc:f9:57:74:f2:e3:75:8e:4b:8f:2e:0d:
         e4:e7:fd:c1:b6:c5:4c:c0:b6:86:6f:01:80:87:75:5e:f9:be:
         4d:e2:26:88:3f:31:a0:12:5a:d5:b2:32:d5:b0:5e:a3:a0:f3:
         fb:ff:ce:0a:bf:00:62:6f:83:fc:06:93:de:8e:08:cb:f0:fe:
         f2:c7:34:47:54:b5:56:7d:ad:d0:71:9c:d2:ed:89:ca:3e:8b:
         69:ee:f2:15:0d:51:f6:5f:86:9f:6b:fc:b8:95:0c:32:ff:72:
         72:dd:0b:1f:41:eb:32:8d:37:f2:95:c7:42:f8:c7:b2:e4:71:
         ea:60:61:f1:cf:de:37:01:87:7f:b3:78:77:fd:79:8e:b5:a3:
         a2:0d:20:18
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzEkpQKotd7+crV+4JYLppfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZmM3ZjBiZWFjMjI2MDcwMmQwNWI2OWRkN2I3YTNmYjJk
ZGQ2OWUwHhcNMjQwMTAxMTAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmMxNTUxNTg5YzEzMmUxOTVhYmE0M2M3Yzg3YjU2OTQ5MWUyZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAFzfikwJhktiqwSjpHKiaXsFmZ2
YUDvGcaiPaGnEx1iHnC6RWO8/cZbWfaQ0a389BBUZk2E+N63jpMWnNLtEYJT9839
iLWKfhrnByWZUAgNf0HiiGM5ryN1g/4pxdOmlJSu30RK7YrQ1IcSVG5mTqGn+l64
Hpl4LHvJ0B4TSPhSFv5jWwf23aQTBX/UlG8+kOkby01MPPUXfY5C00IxycHxh20Z
C5cyQJRyK4rhipNEbdP+h/HljAfcdMH+05FBbhPq5TGdXNcNAlcqVpumee7cE74z
wKuQZbpgm/SRfEKMh6A26es7AJXmEYbPEf8G5GuYnuyZ7gWkKPEqrMhBWwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFMLBVRWJwTLhlaukPHyHtWlJHi6FMB8GA1UdIwQY
MBaAFEr8fwvqwiYHAtBbad17ej+y3daeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Z4X0MtckNKZ2NDMEZ0cDNYdDZQN0xkMXA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC80ZjQwNmEtMjk4MS00YWFmLThiNjEt
ZjRjZTIyZWNhZTM0LzEvd3NGVkZZbkJNdUdWcTZROGZJZTFhVWtlTG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC80ZjQwNmEtMjk4MS00YWFmLThiNjEtZjRjZTIyZWNhZTM0
LzEvU3Z4X0MtckNKZ2NDMEZ0cDNYdDZQN0xkMXA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQCW8nwAwQD
bV8gAwQFvL5AAwQBwz4OMA8EAgACMAkDBwAgAQZ8F2wwDQYJKoZIhvcNAQELBQAD
ggEBACWYYuc8OZboeQrG5vMvPb3cI4p9Gg4vRsnDqBHtGA86Ght+r6xTcIDODNuC
mImxSn0h/oEqvpZAeX251diRSGEjs3KPIwyWCf/j9H6Oj0LfaD6n01/3QdRN9vlX
13vte/oo1l2bz537tFLP/uESrNssK7z5V3Ty43WOS48uDeTn/cG2xUzAtoZvAYCH
dV75vk3iJog/MaASWtWyMtWwXqOg8/v/zgq/AGJvg/wGk96OCMvw/vLHNEdUtVZ9
rdBxnNLtico+i2nu8hUNUfZfhp9r/LiVDDL/cnLdCx9B6zKNN/KVx0L4x7Lkcepg
YfHP3jcBh3+zeHf9eY61o6INIBg=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:12:05 2024 by rpki-client on console-ams.rpki-client.org