Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/WkVDmgwVU1-N4A81_j0ACrVzO54.roa
File:                     WkVDmgwVU1-N4A81_j0ACrVzO54.roa (raw, json)
Hash identifier:          JYg6O430YjatSgllfgnM1tG/RZBv5K+v1ivPzRnXMC8=
Subject key identifier:   5A:45:43:9A:0C:15:53:5F:8D:E0:0F:35:FE:3D:00:0A:B5:73:3B:9E
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794E89CC2B68FCB6E3BB73AB92C6946
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/WkVDmgwVU1-N4A81_j0ACrVzO54.roa
Signing time:             Tue 02 Jan 2024 00:31:14 +0000
ROA not before:           Tue 02 Jan 2024 00:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        212.87.217.0/24 maxlen: 24
                          185.240.85.0/24 maxlen: 24
                          45.141.130.0/24 maxlen: 24
                          193.56.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e8:9c:c2:b6:8f:cb:6e:3b:b7:3a:b9:2c:69:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a45439a0c15535f8de00f35fe3d000ab5733b9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c5:a3:97:df:44:a4:78:03:cc:b2:78:47:e7:
                    b2:3c:70:ee:e2:a1:6b:26:d9:c0:24:c2:6c:08:53:
                    0d:80:38:30:b3:f9:9e:37:44:7d:44:f5:38:d1:b6:
                    a7:9f:a7:b4:4a:9d:49:12:64:b7:fb:52:29:56:e0:
                    60:f3:0f:b9:93:ce:65:3b:33:bb:7b:d5:1e:40:41:
                    35:b6:00:3a:46:27:70:ca:78:54:e4:fa:f7:9c:10:
                    6b:db:fb:56:53:80:a4:ac:b5:a6:20:62:91:7b:ce:
                    b3:c6:ab:42:e3:47:8e:c6:82:f0:7f:2d:11:c1:6d:
                    67:86:d3:f3:7b:fb:96:fc:15:29:de:0e:d0:52:3f:
                    18:4f:44:ae:c6:b6:6a:b5:6b:73:ad:03:45:84:f5:
                    e4:63:0b:36:c5:36:e8:b7:19:6f:1a:c2:d0:ed:82:
                    f6:25:df:db:bf:d8:3f:63:24:5b:2f:71:21:98:4c:
                    f7:87:dd:92:37:4f:1e:ed:b2:0c:98:3c:11:3b:14:
                    1b:8d:43:ab:e0:81:f4:ba:29:ba:3b:9e:01:c1:4a:
                    ad:69:46:7a:98:04:56:f8:b6:03:c4:85:21:b5:28:
                    67:57:6d:e4:63:fe:76:a6:60:16:25:5f:1d:17:9c:
                    3f:94:e0:76:d9:9e:db:c7:16:fe:fa:4a:da:d9:02:
                    a4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:45:43:9A:0C:15:53:5F:8D:E0:0F:35:FE:3D:00:0A:B5:73:3B:9E
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/WkVDmgwVU1-N4A81_j0ACrVzO54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.130.0/24
                  185.240.85.0/24
                  193.56.21.0/24
                  212.87.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:53:0c:ef:d4:70:7c:50:ec:3e:a5:8e:8e:78:40:73:32:df:
         bc:a9:c1:53:4f:b4:eb:5c:25:0b:71:20:73:04:af:f7:a4:6d:
         cb:9d:a2:4e:ec:04:dd:70:d3:cc:ab:8f:d8:0e:b0:77:bb:4c:
         d3:b8:24:79:01:ce:93:01:5e:23:c3:fb:82:87:c1:ab:1d:2a:
         dc:e1:a6:f7:1a:86:58:96:14:11:d6:41:17:bf:00:3a:7e:df:
         33:53:0e:e0:8b:3f:2e:ea:a2:15:16:17:89:ea:a9:4f:d7:31:
         40:0d:c7:ea:ff:23:b3:72:0e:ca:27:20:5a:4a:56:2d:96:bc:
         a8:51:e9:cd:08:21:eb:9a:0a:69:04:f5:0f:20:be:db:bb:77:
         e6:6a:d2:f3:ad:02:eb:59:d4:30:5d:c1:77:e3:9c:f1:49:d3:
         3e:22:8b:57:86:77:39:75:93:c2:bc:fa:f9:20:2b:ee:b6:af:
         71:be:c1:f6:ce:76:58:c6:e3:f7:bf:2b:b7:99:59:20:19:62:
         36:d3:48:96:3e:ab:6e:9b:1c:0e:ab:5f:9b:40:93:4f:88:58:
         1c:bd:14:01:3c:fa:2e:cf:46:91:04:36:3d:45:11:52:a3:5d:
         ad:25:e4:e0:44:79:97:40:88:9e:0d:38:eb:b5:56:8e:9d:f6:
         71:35:b9:b2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzHlOicwraPy247tzq5LGlGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTQ1NDM5YTBjMTU1MzVmOGRlMDBmMzVmZTNkMDAwYWI1NzMzYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8Wjl99EpHgDzLJ4R+eyPHDu4qFr
JtnAJMJsCFMNgDgws/meN0R9RPU40bann6e0Sp1JEmS3+1IpVuBg8w+5k85lOzO7
e9UeQEE1tgA6RidwynhU5Pr3nBBr2/tWU4CkrLWmIGKRe86zxqtC40eOxoLwfy0R
wW1nhtPze/uW/BUp3g7QUj8YT0SuxrZqtWtzrQNFhPXkYws2xTbotxlvGsLQ7YL2
Jd/bv9g/YyRbL3EhmEz3h92SN08e7bIMmDwROxQbjUOr4IH0uim6O54BwUqtaUZ6
mARW+LYDxIUhtShnV23kY/52pmAWJV8dF5w/lOB22Z7bxxb++kra2QKkbwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFpFQ5oMFVNfjeAPNf49AAq1czueMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvV2tWRG1nd1ZVMS1ONEE4MV9qMEFDclZ6TzU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALY2CAwQA
ufBVAwQAwTgVAwQA1FfZMA0GCSqGSIb3DQEBCwUAA4IBAQBBUwzv1HB8UOw+pY6O
eEBzMt+8qcFTT7TrXCULcSBzBK/3pG3LnaJO7ATdcNPMq4/YDrB3u0zTuCR5Ac6T
AV4jw/uCh8GrHSrc4ab3GoZYlhQR1kEXvwA6ft8zUw7giz8u6qIVFheJ6qlP1zFA
Dcfq/yOzcg7KJyBaSlYtlryoUenNCCHrmgppBPUPIL7bu3fmatLzrQLrWdQwXcF3
45zxSdM+IotXhnc5dZPCvPr5ICvutq9xvsH2znZYxuP3vyu3mVkgGWI200iWPqtu
mxwOq1+bQJNPiFgcvRQBPPouz0aRBDY9RRFSo12tJeTgRHmXQIieDTjrtVaOnfZx
Nbmy
-----END CERTIFICATE-----
Generated at Sun May 12 23:42:00 2024 by rpki-client on console-ams.rpki-client.org