Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/wIjBZHtf004HhorzSN0Qy5HU7zQ.roa
File:                     wIjBZHtf004HhorzSN0Qy5HU7zQ.roa (raw, json)
Hash identifier:          E/0gjb0cOQo2UUznivpL3vJOWOfHbTVfwV/HRvDOQdk=
Subject key identifier:   C0:88:C1:64:7B:5F:D3:4E:07:86:8A:F3:48:DD:10:CB:91:D4:EF:34
Certificate issuer:       /CN=ad80679b96ca322bfa85500cab206c6d47412edf
Certificate serial:       018CC26D7530B0C18D429A62F8BC1F73EDCE
Authority key identifier: AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/wIjBZHtf004HhorzSN0Qy5HU7zQ.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48096
IP address blocks:        195.42.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 22:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:75:30:b0:c1:8d:42:9a:62:f8:bc:1f:73:ed:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad80679b96ca322bfa85500cab206c6d47412edf
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c088c1647b5fd34e07868af348dd10cb91d4ef34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:32:9e:ce:cf:ec:e6:7d:b8:f9:57:cd:ec:03:
                    60:96:30:1b:e4:a4:45:ad:db:3c:2f:11:84:38:25:
                    b6:04:e6:ab:d4:3a:7a:19:7d:bb:cc:93:89:23:e9:
                    45:03:11:a7:26:ee:a0:e2:80:8f:c4:35:e3:36:e8:
                    f9:87:a1:b0:7c:ef:34:14:c5:f6:cc:bc:be:37:09:
                    52:ac:89:1f:47:d0:f9:7a:e4:eb:e1:49:8f:47:25:
                    6d:84:b3:94:aa:02:fe:48:d2:59:2d:c1:af:5a:ab:
                    23:8f:cb:1a:fe:2b:d2:6b:46:cc:03:db:65:e9:d5:
                    fd:86:f8:83:05:05:cb:ef:2c:5e:79:08:37:37:30:
                    b9:e3:70:b6:7d:9c:b0:1c:e6:e8:ec:50:8e:95:27:
                    06:57:03:7d:c5:fb:da:5f:d3:df:77:32:08:63:4b:
                    40:d4:76:a0:eb:93:8e:f6:bb:92:2d:d4:f1:76:81:
                    90:e5:b9:af:d0:0b:fd:24:7b:90:1b:65:43:e7:d0:
                    fb:c2:0e:2f:1f:56:c8:97:0f:c3:c3:5c:4d:2c:15:
                    e5:9b:c4:58:f5:b4:87:8e:93:af:0d:a3:e8:a6:bd:
                    28:dc:ee:3c:cc:3a:fd:67:7b:0e:a0:63:a4:ae:bd:
                    ab:a6:8a:26:02:11:30:db:cd:3c:64:07:2b:61:02:
                    24:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:88:C1:64:7B:5F:D3:4E:07:86:8A:F3:48:DD:10:CB:91:D4:EF:34
            X509v3 Authority Key Identifier:
                keyid:AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/wIjBZHtf004HhorzSN0Qy5HU7zQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:50:54:49:ed:16:b0:50:0d:a7:7a:a1:73:81:8e:d9:88:df:
         8f:a0:d5:a5:df:d2:eb:05:3c:25:8f:c4:70:cb:9f:cd:df:c0:
         57:bc:b9:1a:a1:01:c9:9e:05:85:43:cb:e6:3a:28:78:ec:1d:
         d4:d5:00:96:03:a8:6e:ed:14:ea:d2:a1:f6:5e:2d:4d:80:73:
         6e:30:97:1a:6c:5c:f3:6b:bf:91:9e:75:78:aa:47:8e:29:ca:
         d6:bd:bb:9c:61:5f:72:c9:ba:51:4c:03:4d:9b:cc:bd:6e:80:
         6c:b0:c7:c6:dd:07:09:12:cb:5a:68:8e:8c:92:bb:2a:e6:80:
         35:a5:63:94:b1:1c:9a:c0:9a:7f:2c:cd:99:d9:02:69:4f:8d:
         f4:37:f6:38:f2:c1:d6:25:89:4a:31:1c:c9:ec:8d:41:99:79:
         19:7e:a5:3f:e0:d6:17:e5:d0:04:3f:95:e3:ad:5b:e8:ea:91:
         bf:48:4b:84:f2:2e:09:93:4b:d4:55:39:43:35:a7:7b:ed:11:
         f4:8a:7a:e9:16:e2:35:ec:f4:83:df:cb:a1:28:c5:73:82:01:
         c9:8c:14:56:2e:74:a5:60:6b:ae:e3:4c:cc:ec:9b:59:be:aa:
         b4:4d:7e:ef:09:44:32:bd:8b:02:fa:40:cc:21:a6:e5:b4:0f:
         07:69:c6:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXUwsMGNQppi+Lwfc+3OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkODA2NzliOTZjYTMyMmJmYTg1NTAwY2FiMjA2YzZkNDc0
MTJlZGYwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDg4YzE2NDdiNWZkMzRlMDc4NjhhZjM0OGRkMTBjYjkxZDRlZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojKezs/s5n24+VfN7ANgljAb5KRF
rds8LxGEOCW2BOar1Dp6GX27zJOJI+lFAxGnJu6g4oCPxDXjNuj5h6GwfO80FMX2
zLy+NwlSrIkfR9D5euTr4UmPRyVthLOUqgL+SNJZLcGvWqsjj8sa/ivSa0bMA9tl
6dX9hviDBQXL7yxeeQg3NzC543C2fZywHObo7FCOlScGVwN9xfvaX9PfdzIIY0tA
1Hag65OO9ruSLdTxdoGQ5bmv0Av9JHuQG2VD59D7wg4vH1bIlw/Dw1xNLBXlm8RY
9bSHjpOvDaPopr0o3O48zDr9Z3sOoGOkrr2rpoomAhEw2808ZAcrYQIkGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCIwWR7X9NOB4aK80jdEMuR1O80MB8GA1UdIwQY
MBaAFK2AZ5uWyjIr+oVQDKsgbG1HQS7fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAt
OTBjMGJkZTA5ODY5LzEvd0lqQlpIdGYwMDRIaG9yelNOMFF5NUhVN3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAtOTBjMGJkZTA5ODY5
LzEvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyrzMA0G
CSqGSIb3DQEBCwUAA4IBAQCfUFRJ7RawUA2neqFzgY7ZiN+PoNWl39LrBTwlj8Rw
y5/N38BXvLkaoQHJngWFQ8vmOih47B3U1QCWA6hu7RTq0qH2Xi1NgHNuMJcabFzz
a7+RnnV4qkeOKcrWvbucYV9yybpRTANNm8y9boBssMfG3QcJEstaaI6Mkrsq5oA1
pWOUsRyawJp/LM2Z2QJpT430N/Y48sHWJYlKMRzJ7I1BmXkZfqU/4NYX5dAEP5Xj
rVvo6pG/SEuE8i4Jk0vUVTlDNad77RH0inrpFuI17PSD38uhKMVzggHJjBRWLnSl
YGuu40zM7JtZvqq0TX7vCUQyvYsC+kDMIabltA8HacbE
-----END CERTIFICATE-----
Generated at Mon Nov 25 07:22:35 2024 by rpki-client on console-fra.rpki-client.org