Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/4505ee-5fe0-448c-b621-8924850d95d6/1/wmsdqHYVG98HsZ4q304MVPj2OPI.roa
File:                     wmsdqHYVG98HsZ4q304MVPj2OPI.roa (raw, json)
Hash identifier:          cyeS+6VKd2KXaPKaK64feuEQAAfFcyo7E6TJQIZ7bBk=
Subject key identifier:   C2:6B:1D:A8:76:15:1B:DF:07:B1:9E:2A:DF:4E:0C:54:F8:F6:38:F2
Certificate issuer:       /CN=e8c3469d1e735ae4d60837b7709c33ff427c8e84
Certificate serial:       018CC794D9EB531CF127217E7841FE9E555E
Authority key identifier: E8:C3:46:9D:1E:73:5A:E4:D6:08:37:B7:70:9C:33:FF:42:7C:8E:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6MNGnR5zWuTWCDe3cJwz_0J8joQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/4505ee-5fe0-448c-b621-8924850d95d6/1/wmsdqHYVG98HsZ4q304MVPj2OPI.roa
Signing time:             Tue 02 Jan 2024 00:31:10 +0000
ROA not before:           Tue 02 Jan 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48903
IP address blocks:        185.140.4.0/24 maxlen: 24
                          185.140.4.0/22 maxlen: 22
                          185.92.4.0/22 maxlen: 22
                          185.140.5.0/24 maxlen: 24
                          185.140.7.0/24 maxlen: 24
                          185.140.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/4505ee-5fe0-448c-b621-8924850d95d6/1/6MNGnR5zWuTWCDe3cJwz_0J8joQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/4505ee-5fe0-448c-b621-8924850d95d6/1/6MNGnR5zWuTWCDe3cJwz_0J8joQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6MNGnR5zWuTWCDe3cJwz_0J8joQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d9:eb:53:1c:f1:27:21:7e:78:41:fe:9e:55:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8c3469d1e735ae4d60837b7709c33ff427c8e84
        Validity
            Not Before: Jan  2 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c26b1da876151bdf07b19e2adf4e0c54f8f638f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:ee:6c:48:71:31:6b:df:a3:98:17:34:d7:36:
                    97:1e:b9:d9:89:74:2d:af:7d:3f:45:e5:56:ab:d4:
                    f4:12:51:c1:b8:18:18:7d:34:fb:f4:64:f9:0b:af:
                    5e:31:3e:79:9f:66:ff:6f:0e:62:d3:c1:34:57:79:
                    56:9a:b6:1f:81:2a:65:36:ca:e6:cb:d4:50:66:a4:
                    86:46:3f:b2:b3:40:86:2b:83:7f:ca:a2:cd:75:75:
                    ef:f8:5b:e7:e8:5a:22:85:9f:a4:2c:07:b0:b5:c9:
                    b0:c3:da:f3:52:27:5e:86:ca:b9:74:5f:54:99:5c:
                    37:96:20:c6:d8:c5:0d:52:f7:86:9c:b0:6d:0b:37:
                    ad:25:35:92:d1:ac:17:0d:96:45:46:30:41:ed:1b:
                    c0:87:40:b2:01:cb:33:2b:6a:48:ef:ef:12:be:ac:
                    a7:d0:7e:76:77:01:04:d4:af:37:1f:6e:16:ce:58:
                    27:36:f2:9a:4d:eb:85:fa:5f:d1:5c:68:0e:96:2c:
                    ab:4e:a3:cb:88:39:e5:1d:57:2e:03:18:7e:7d:44:
                    1f:ff:52:82:9d:1f:5b:57:d4:d7:1f:91:94:f9:b7:
                    c1:24:b7:72:c7:9e:59:d1:35:ab:e6:79:8f:19:6f:
                    ae:40:49:7a:f0:62:23:0d:43:dd:c1:c1:89:79:6b:
                    00:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:6B:1D:A8:76:15:1B:DF:07:B1:9E:2A:DF:4E:0C:54:F8:F6:38:F2
            X509v3 Authority Key Identifier:
                keyid:E8:C3:46:9D:1E:73:5A:E4:D6:08:37:B7:70:9C:33:FF:42:7C:8E:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6MNGnR5zWuTWCDe3cJwz_0J8joQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/4505ee-5fe0-448c-b621-8924850d95d6/1/wmsdqHYVG98HsZ4q304MVPj2OPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/4505ee-5fe0-448c-b621-8924850d95d6/1/6MNGnR5zWuTWCDe3cJwz_0J8joQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.4.0/22
                  185.140.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:7f:54:2a:f0:c8:c1:35:17:33:f6:ca:4c:fc:32:3b:ef:13:
         4f:a2:2b:ae:32:12:a6:bf:1b:43:af:0f:db:f2:de:f4:0c:d9:
         ae:cd:73:27:d4:40:8d:14:0a:1b:41:db:e1:81:53:fd:32:90:
         40:33:1d:82:b5:c1:26:d5:15:20:5b:6f:23:aa:36:a2:fb:20:
         4b:2e:ac:ee:df:27:cc:9e:09:b7:b2:ad:e4:53:73:51:29:72:
         d3:eb:de:1c:a0:ec:8e:45:84:83:e3:15:31:c7:95:bf:f3:0c:
         b8:2b:d9:8e:8c:a9:eb:c2:e1:d6:d7:57:65:1a:12:88:41:8b:
         f1:13:32:47:76:86:d9:fc:85:f7:7e:b9:f9:0c:26:60:16:b7:
         e4:eb:67:5c:25:48:78:55:b1:9d:ae:ed:b9:e4:bc:cb:7e:ea:
         40:a0:e5:4c:e3:a0:17:db:ea:1b:40:4c:64:50:29:04:cc:a1:
         89:8c:01:49:77:20:d2:13:b8:63:8b:fb:6c:af:44:cc:34:d3:
         33:ff:6f:d4:34:c7:0c:75:9e:1d:59:77:4b:b5:e7:b1:9b:aa:
         72:d9:6f:89:a3:30:d5:3e:f7:44:95:5c:40:dc:83:36:c5:a8:
         a8:a4:eb:41:59:12:71:f6:10:92:46:fe:61:bd:a1:75:46:2c:
         dd:5e:6f:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlNnrUxzxJyF+eEH+nlVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YzM0NjlkMWU3MzVhZTRkNjA4MzdiNzcwOWMzM2ZmNDI3
YzhlODQwHhcNMjQwMTAyMDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjZiMWRhODc2MTUxYmRmMDdiMTllMmFkZjRlMGM1NGY4ZjYzOGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7O5sSHExa9+jmBc01zaXHrnZiXQt
r30/ReVWq9T0ElHBuBgYfTT79GT5C69eMT55n2b/bw5i08E0V3lWmrYfgSplNsrm
y9RQZqSGRj+ys0CGK4N/yqLNdXXv+Fvn6FoihZ+kLAewtcmww9rzUidehsq5dF9U
mVw3liDG2MUNUveGnLBtCzetJTWS0awXDZZFRjBB7RvAh0CyAcszK2pI7+8Svqyn
0H52dwEE1K83H24WzlgnNvKaTeuF+l/RXGgOliyrTqPLiDnlHVcuAxh+fUQf/1KC
nR9bV9TXH5GU+bfBJLdyx55Z0TWr5nmPGW+uQEl68GIjDUPdwcGJeWsA6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMJrHah2FRvfB7GeKt9ODFT49jjyMB8GA1UdIwQY
MBaAFOjDRp0ec1rk1gg3t3CcM/9CfI6EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk1OR25SNXpXdVRXQ0RlM2NKd3pfMEo4am9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS80NTA1ZWUtNWZlMC00NDhjLWI2MjEt
ODkyNDg1MGQ5NWQ2LzEvd21zZHFIWVZHOThIc1o0cTMwNE1WUGoyT1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS80NTA1ZWUtNWZlMC00NDhjLWI2MjEtODkyNDg1MGQ5NWQ2
LzEvNk1OR25SNXpXdVRXQ0RlM2NKd3pfMEo4am9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuVwEAwQC
uYwEMA0GCSqGSIb3DQEBCwUAA4IBAQCNf1Qq8MjBNRcz9spM/DI77xNPoiuuMhKm
vxtDrw/b8t70DNmuzXMn1ECNFAobQdvhgVP9MpBAMx2CtcEm1RUgW28jqjai+yBL
Lqzu3yfMngm3sq3kU3NRKXLT694coOyORYSD4xUxx5W/8wy4K9mOjKnrwuHW11dl
GhKIQYvxEzJHdobZ/IX3frn5DCZgFrfk62dcJUh4VbGdru255LzLfupAoOVM46AX
2+obQExkUCkEzKGJjAFJdyDSE7hji/tsr0TMNNMz/2/UNMcMdZ4dWXdLteexm6py
2W+JozDVPvdElVxA3IM2xaiopOtBWRJx9hCSRv5hvaF1RizdXm9d
-----END CERTIFICATE-----
Generated at Tue Nov 26 02:55:38 2024 by rpki-client on console-fra.rpki-client.org