Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/wUZyEfPqqMtCkxwv4yCr7P3vcMI.roa
File:                     wUZyEfPqqMtCkxwv4yCr7P3vcMI.roa (raw, json)
Hash identifier:          rqI9RXuaeBPPnm707nqkBSoIKtS7CGH1QcHy80Nnlwg=
Subject key identifier:   C1:46:72:11:F3:EA:A8:CB:42:93:1C:2F:E3:20:AB:EC:FD:EF:70:C2
Certificate issuer:       /CN=5f7da568ad027b9e249c13e223d322769881a29f
Certificate serial:       018CC493230897C83F0E053E273FFAD997B8
Authority key identifier: 5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/wUZyEfPqqMtCkxwv4yCr7P3vcMI.roa
Signing time:             Mon 01 Jan 2024 10:30:26 +0000
ROA not before:           Mon 01 Jan 2024 10:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204962
IP address blocks:        185.233.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:23:08:97:c8:3f:0e:05:3e:27:3f:fa:d9:97:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f7da568ad027b9e249c13e223d322769881a29f
        Validity
            Not Before: Jan  1 10:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1467211f3eaa8cb42931c2fe320abecfdef70c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:76:1d:33:63:38:81:2a:bc:f9:ff:58:5a:13:
                    60:43:fc:ab:c5:e9:23:c9:22:62:2e:47:1f:27:f9:
                    3f:ea:8b:a6:25:14:aa:2d:6f:2d:0a:e3:30:23:8b:
                    b6:5a:a3:27:9b:20:4d:f6:ed:c2:90:80:29:13:31:
                    7d:42:28:a9:97:ea:8e:9f:f3:60:fb:b4:39:61:b9:
                    39:e3:f2:e4:04:c0:2c:c1:fa:f1:b1:15:0e:ad:3d:
                    eb:d6:91:d0:7a:47:5b:65:dc:13:22:6f:54:bd:93:
                    49:45:f1:70:0a:09:25:7e:08:35:8a:9c:e5:dc:dd:
                    91:f0:f0:c5:48:ca:be:aa:ef:11:a2:29:74:57:fc:
                    fa:f1:b6:76:49:31:79:5b:41:c4:62:62:a9:d4:a3:
                    31:a1:e7:fb:06:75:7d:9e:b4:15:8f:12:9c:09:0a:
                    07:ab:65:2b:fd:bb:db:48:af:60:2c:fd:50:3f:77:
                    9a:6f:8a:37:e8:20:65:57:43:6b:6a:07:a0:6a:29:
                    8c:4a:95:9e:eb:7b:7b:5a:85:e8:85:3f:14:23:71:
                    43:0d:d7:64:78:39:35:0f:43:60:aa:4c:5f:fa:73:
                    8b:6a:d5:db:f8:e4:61:8e:6e:29:55:49:60:d9:97:
                    6b:0f:49:9c:c7:5f:a2:69:a7:ce:b7:ab:3d:fc:6f:
                    59:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:46:72:11:F3:EA:A8:CB:42:93:1C:2F:E3:20:AB:EC:FD:EF:70:C2
            X509v3 Authority Key Identifier:
                keyid:5F:7D:A5:68:AD:02:7B:9E:24:9C:13:E2:23:D3:22:76:98:81:A2:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X32laK0Ce54knBPiI9MidpiBop8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/wUZyEfPqqMtCkxwv4yCr7P3vcMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/05488f-f4e0-4e6c-94f5-3757539c2ac9/1/X32laK0Ce54knBPiI9MidpiBop8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:b3:43:3c:89:4b:e0:29:bd:a8:1e:68:89:08:4c:90:b3:aa:
         d0:94:18:26:49:33:2f:c7:66:ba:88:b6:f8:7b:5d:e8:5f:d1:
         ed:37:83:3d:3f:27:99:cc:17:f3:d5:31:0b:ec:db:f0:a5:02:
         ea:19:c5:6d:b6:26:e6:33:3a:60:ea:9f:ad:3d:34:9d:0e:82:
         d3:5f:fc:90:b5:3d:69:78:3e:e4:e3:74:64:c3:bd:6d:a3:12:
         54:d8:13:4e:15:b8:18:7d:2f:c7:43:49:c0:c1:25:00:65:99:
         da:2a:ca:4f:b6:f4:da:cf:3b:15:ad:ec:9b:28:67:d9:7d:34:
         d2:24:d5:59:9e:5f:4f:7b:7a:9c:48:f5:19:cd:1e:91:c2:5b:
         ee:10:ea:04:7d:6d:0d:09:5c:b6:b5:17:ac:b9:44:43:25:d8:
         85:cf:14:05:49:fd:5c:58:7b:e7:7b:22:0e:65:d2:e8:cb:20:
         1d:1d:f9:2d:e9:15:c2:69:48:93:62:70:b1:22:d0:0d:c5:14:
         52:5c:00:c7:f1:fb:06:d6:e9:ea:33:47:ce:bc:40:bf:27:79:
         43:f0:78:dd:ea:6d:f5:71:60:0b:ed:58:aa:fc:0b:4a:c5:a8:
         ed:1f:f1:8a:16:60:f6:3d:20:7c:91:52:6c:6b:48:23:eb:0e:
         1c:93:58:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkyMIl8g/DgU+Jz/62Ze4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmN2RhNTY4YWQwMjdiOWUyNDljMTNlMjIzZDMyMjc2OTg4
MWEyOWYwHhcNMjQwMTAxMTAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTQ2NzIxMWYzZWFhOGNiNDI5MzFjMmZlMzIwYWJlY2ZkZWY3MGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHYdM2M4gSq8+f9YWhNgQ/yrxekj
ySJiLkcfJ/k/6oumJRSqLW8tCuMwI4u2WqMnmyBN9u3CkIApEzF9Qiipl+qOn/Ng
+7Q5Ybk54/LkBMAswfrxsRUOrT3r1pHQekdbZdwTIm9UvZNJRfFwCgklfgg1ipzl
3N2R8PDFSMq+qu8Roil0V/z68bZ2STF5W0HEYmKp1KMxoef7BnV9nrQVjxKcCQoH
q2Ur/bvbSK9gLP1QP3eab4o36CBlV0NragegaimMSpWe63t7WoXohT8UI3FDDddk
eDk1D0Ngqkxf+nOLatXb+ORhjm4pVUlg2ZdrD0mcx1+iaafOt6s9/G9ZUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFGchHz6qjLQpMcL+Mgq+z973DCMB8GA1UdIwQY
MBaAFF99pWitAnueJJwT4iPTInaYgaKfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUt
Mzc1NzUzOWMyYWM5LzEvd1VaeUVmUHFxTXRDa3h3djR5Q3I3UDN2Y01JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wNTQ4OGYtZjRlMC00ZTZjLTk0ZjUtMzc1NzUzOWMyYWM5
LzEvWDMybGFLMENlNTRrbkJQaUk5TWlkcGlCb3A4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuemcMA0G
CSqGSIb3DQEBCwUAA4IBAQBOs0M8iUvgKb2oHmiJCEyQs6rQlBgmSTMvx2a6iLb4
e13oX9HtN4M9PyeZzBfz1TEL7NvwpQLqGcVttibmMzpg6p+tPTSdDoLTX/yQtT1p
eD7k43Rkw71toxJU2BNOFbgYfS/HQ0nAwSUAZZnaKspPtvTazzsVreybKGfZfTTS
JNVZnl9Pe3qcSPUZzR6RwlvuEOoEfW0NCVy2tResuURDJdiFzxQFSf1cWHvneyIO
ZdLoyyAdHfkt6RXCaUiTYnCxItANxRRSXADH8fsG1unqM0fOvEC/J3lD8Hjd6m31
cWAL7Viq/AtKxajtH/GKFmD2PSB8kVJsa0gj6w4ck1gs
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:04:39 2024 by rpki-client on console-ams.rpki-client.org