Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/waC-2wkD0WpD1_SdMpruzrKJ-Q4.roa
File:                     waC-2wkD0WpD1_SdMpruzrKJ-Q4.roa (raw, json)
Hash identifier:          ekxfA+KgAPqAO+8bLy+IRGo1OnsnKAibogSztRALzOI=
Subject key identifier:   C1:A0:BE:DB:09:03:D1:6A:43:D7:F4:9D:32:9A:EE:CE:B2:89:F9:0E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018E0E5D064CF41DDE619209BA056BDFFF42
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/waC-2wkD0WpD1_SdMpruzrKJ-Q4.roa
Signing time:             Tue 05 Mar 2024 11:26:01 +0000
ROA not before:           Tue 05 Mar 2024 11:26:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204769
IP address blocks:        195.133.78.0/24 maxlen: 24
                          212.192.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Oct 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:5d:06:4c:f4:1d:de:61:92:09:ba:05:6b:df:ff:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Mar  5 11:26:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1a0bedb0903d16a43d7f49d329aeeceb289f90e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6f:90:b7:74:61:f2:ae:96:bd:d9:13:8a:28:
                    07:b1:23:6b:8a:10:3f:04:cd:74:47:4d:59:cd:a7:
                    89:ff:10:37:e7:1e:c8:8a:cb:df:3a:91:74:88:92:
                    03:d7:28:ee:cd:ef:97:27:c3:52:1e:58:49:2a:9d:
                    9a:a9:24:a1:b5:89:98:dd:49:58:30:f9:a3:c4:71:
                    bb:ae:e2:dc:a0:7e:f2:d5:35:d4:4b:46:f2:e7:81:
                    c3:9d:59:f9:45:28:50:90:85:38:a2:48:69:8a:4f:
                    85:c3:87:62:a6:37:43:04:2d:97:0a:80:c9:b1:c5:
                    aa:ac:2a:f3:60:8f:46:20:f4:05:76:20:44:db:e1:
                    9f:91:e0:59:f8:14:d9:e1:27:80:c7:6d:fc:d0:02:
                    ca:8f:d8:91:92:81:8c:37:23:3a:f1:d2:3a:04:e2:
                    08:5f:fb:2d:0d:fb:fa:8b:d4:51:3e:da:09:87:72:
                    d8:44:39:1c:ce:59:9e:32:0d:4a:23:f6:90:14:e5:
                    75:7c:c1:63:56:d6:e4:c0:3a:6f:13:d6:38:cf:15:
                    74:82:83:92:4d:e9:73:ab:00:ec:66:8b:74:4a:48:
                    9a:6f:c1:eb:5f:48:35:87:89:7d:20:d3:e9:12:f4:
                    04:d5:62:74:99:35:0e:86:61:e4:68:2d:28:86:28:
                    a5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:A0:BE:DB:09:03:D1:6A:43:D7:F4:9D:32:9A:EE:CE:B2:89:F9:0E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/waC-2wkD0WpD1_SdMpruzrKJ-Q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.78.0/24
                  212.192.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:61:9b:6a:20:f1:e8:36:32:c4:ec:49:23:dc:6b:a7:48:63:
         67:a3:75:bc:fa:81:0c:86:e7:c3:d0:31:2f:76:9a:0f:3f:8e:
         e1:c7:86:05:84:5c:a2:98:57:ef:7b:6f:ea:20:57:8d:78:d3:
         9b:0b:06:71:55:a7:0f:d1:29:78:f0:dc:e8:4e:30:28:a7:e4:
         36:20:97:54:bb:2b:30:14:b1:d6:7c:14:0e:c6:ec:be:73:07:
         04:79:5f:b6:30:af:96:17:f1:97:10:a4:37:15:a9:72:55:4e:
         4c:3f:8c:75:14:2c:2c:53:02:ac:ac:40:69:01:94:14:7c:d0:
         8c:2f:3e:2c:7f:fb:30:ed:3d:56:11:f1:53:ac:1f:de:d5:06:
         47:db:14:8f:9c:37:04:32:4a:20:57:90:a1:f2:89:34:e8:98:
         8f:a5:7f:a3:97:21:bc:24:a4:59:23:da:d1:dd:41:91:73:a2:
         d6:be:6e:ee:18:11:a7:6c:69:80:8b:8e:03:ab:fc:d7:15:5e:
         1d:16:7e:78:b0:87:a6:6a:59:68:c7:61:22:a8:71:6a:9d:15:
         b3:f1:18:36:68:d2:d6:04:e4:7b:f2:69:3b:ac:55:15:6c:da:
         42:19:d5:64:ce:13:95:99:94:92:23:99:a4:a6:f0:68:41:d7:
         1d:a5:cf:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4OXQZM9B3eYZIJugVr3/9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMzA1MTEyNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWEwYmVkYjA5MDNkMTZhNDNkN2Y0OWQzMjlhZWVjZWIyODlmOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2+Qt3Rh8q6WvdkTiigHsSNrihA/
BM10R01ZzaeJ/xA35x7IisvfOpF0iJID1yjuze+XJ8NSHlhJKp2aqSShtYmY3UlY
MPmjxHG7ruLcoH7y1TXUS0by54HDnVn5RShQkIU4okhpik+Fw4dipjdDBC2XCoDJ
scWqrCrzYI9GIPQFdiBE2+GfkeBZ+BTZ4SeAx2380ALKj9iRkoGMNyM68dI6BOII
X/stDfv6i9RRPtoJh3LYRDkczlmeMg1KI/aQFOV1fMFjVtbkwDpvE9Y4zxV0goOS
TelzqwDsZot0Skiab8HrX0g1h4l9INPpEvQE1WJ0mTUOhmHkaC0ohiilZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMGgvtsJA9FqQ9f0nTKa7s6yifkOMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvd2FDLTJ3a0QwV3BEMV9TZE1wcnV6cktKLVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw4VOAwQA
1MDVMA0GCSqGSIb3DQEBCwUAA4IBAQAoYZtqIPHoNjLE7Ekj3GunSGNno3W8+oEM
hufD0DEvdpoPP47hx4YFhFyimFfve2/qIFeNeNObCwZxVacP0Sl48NzoTjAop+Q2
IJdUuyswFLHWfBQOxuy+cwcEeV+2MK+WF/GXEKQ3FalyVU5MP4x1FCwsUwKsrEBp
AZQUfNCMLz4sf/sw7T1WEfFTrB/e1QZH2xSPnDcEMkogV5Ch8ok06JiPpX+jlyG8
JKRZI9rR3UGRc6LWvm7uGBGnbGmAi44Dq/zXFV4dFn54sIemallox2EiqHFqnRWz
8Rg2aNLWBOR78mk7rFUVbNpCGdVkzhOVmZSSI5mkpvBoQdcdpc9O
-----END CERTIFICATE-----
Generated at Wed Oct 9 23:32:14 2024 by rpki-client on console-fra.rpki-client.org