Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/WYKizgGcoUCdlTOYIVFfr8oO6lw.roa
File:                     WYKizgGcoUCdlTOYIVFfr8oO6lw.roa (raw, json)
Hash identifier:          ESlsm2IYQJpi7Qs72+wrqrRHh6jzZNuhitMZQ8Yhg1o=
Subject key identifier:   59:82:A2:CE:01:9C:A1:40:9D:95:33:98:21:51:5F:AF:CA:0E:EA:5C
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       018CC9BC0760486E378F85C15D39C80CE95B
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/WYKizgGcoUCdlTOYIVFfr8oO6lw.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        77.91.75.0/24 maxlen: 24
                          77.91.74.0/24 maxlen: 24
                          77.91.73.0/24 maxlen: 24
                          77.91.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:07:60:48:6e:37:8f:85:c1:5d:39:c8:0c:e9:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5982a2ce019ca1409d95339821515fafca0eea5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:28:3c:a9:ba:ef:d9:b2:62:44:8d:f4:b9:2f:
                    2a:69:0f:11:88:a6:af:d2:0b:c5:5f:33:a5:87:5a:
                    ea:9b:f0:de:87:19:71:34:78:be:a2:8f:37:c5:05:
                    f6:01:f0:ea:d0:76:c3:85:ab:c9:70:b7:c9:98:50:
                    fa:66:b1:e9:d4:60:09:a1:28:f2:42:9f:c3:8e:da:
                    a5:88:3f:17:96:04:08:62:eb:2d:1f:ce:f0:82:d9:
                    10:78:4a:dc:34:25:92:86:1d:e4:6d:ee:ef:3a:ac:
                    4d:80:9a:36:00:8a:6f:d6:84:62:05:95:69:9a:4d:
                    31:2a:3d:35:e6:f4:a2:b4:7c:0e:a6:ff:56:f0:41:
                    26:91:9b:bb:e7:9f:83:70:da:6e:3c:1b:67:51:be:
                    ed:af:3e:12:c5:c0:f6:9b:6f:d0:5c:27:64:6c:35:
                    aa:27:3e:31:41:92:56:61:7e:17:f9:13:99:0a:49:
                    53:2d:7c:5b:09:a8:cd:75:c1:d4:23:7f:f4:d3:7c:
                    a0:b6:98:89:7e:e8:c3:5b:98:c4:2a:27:51:bf:0d:
                    30:d2:00:84:47:0c:36:12:3b:9d:cb:62:77:ea:4d:
                    f3:f4:c2:2b:93:3e:60:de:89:52:f7:de:1e:58:77:
                    e3:1f:21:02:e9:1e:1b:2c:ea:10:dd:a2:ca:27:22:
                    5b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:82:A2:CE:01:9C:A1:40:9D:95:33:98:21:51:5F:AF:CA:0E:EA:5C
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/WYKizgGcoUCdlTOYIVFfr8oO6lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:bc:74:ac:cf:1a:03:d2:39:c9:8e:c6:92:a5:0c:aa:6e:73:
         5b:6c:b7:e8:06:4b:39:9c:03:64:eb:75:04:cb:4b:b2:09:3c:
         a7:94:1c:b3:3c:c0:d8:0c:f3:6b:04:e6:09:66:bd:a4:41:13:
         c3:2e:8e:95:f9:c7:0d:a9:8d:69:61:a4:1c:27:02:6f:35:f6:
         2b:35:41:74:cd:3b:e2:34:0f:7b:ef:d6:1a:fd:a8:d7:18:5c:
         10:fc:22:0a:21:0d:e7:37:1c:45:07:6a:fa:e9:75:39:d5:03:
         30:5e:b6:9d:8e:0e:2b:e8:1b:4c:d4:36:01:76:50:40:85:3f:
         e0:5c:52:b0:56:85:62:aa:45:40:1b:c7:da:93:dd:b4:92:0b:
         6d:4a:bf:9b:0f:20:66:e5:e0:51:71:8b:36:37:80:ac:3f:15:
         60:84:27:ff:13:e3:bb:d6:46:8a:61:7f:18:45:15:e9:4b:23:
         a1:01:2c:d3:05:95:d5:63:20:3b:c8:7f:3f:42:ac:20:81:e9:
         6a:f6:68:af:6a:c6:24:9f:8f:28:88:a3:98:8b:35:6d:4b:3b:
         4c:66:95:de:bf:2d:db:36:0e:b1:52:d0:25:15:0e:bf:5d:a2:
         c9:07:67:0e:89:6c:d2:af:6d:9e:08:b9:a1:13:3c:8e:02:47:
         57:db:9e:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAdgSG43j4XBXTnIDOlbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTgyYTJjZTAxOWNhMTQwOWQ5NTMzOTgyMTUxNWZhZmNhMGVlYTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSg8qbrv2bJiRI30uS8qaQ8RiKav
0gvFXzOlh1rqm/DehxlxNHi+oo83xQX2AfDq0HbDhavJcLfJmFD6ZrHp1GAJoSjy
Qp/DjtqliD8XlgQIYustH87wgtkQeErcNCWShh3kbe7vOqxNgJo2AIpv1oRiBZVp
mk0xKj015vSitHwOpv9W8EEmkZu755+DcNpuPBtnUb7trz4SxcD2m2/QXCdkbDWq
Jz4xQZJWYX4X+ROZCklTLXxbCajNdcHUI3/003ygtpiJfujDW5jEKidRvw0w0gCE
Rww2Ejudy2J36k3z9MIrkz5g3olS994eWHfjHyEC6R4bLOoQ3aLKJyJbKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmCos4BnKFAnZUzmCFRX6/KDupcMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvV1lLaXpnR2NvVUNkbFRPWUlWRmZyOG9PNmx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTVtIMA0G
CSqGSIb3DQEBCwUAA4IBAQCHvHSszxoD0jnJjsaSpQyqbnNbbLfoBks5nANk63UE
y0uyCTynlByzPMDYDPNrBOYJZr2kQRPDLo6V+ccNqY1pYaQcJwJvNfYrNUF0zTvi
NA9779Ya/ajXGFwQ/CIKIQ3nNxxFB2r66XU51QMwXradjg4r6BtM1DYBdlBAhT/g
XFKwVoViqkVAG8fak920kgttSr+bDyBm5eBRcYs2N4CsPxVghCf/E+O71kaKYX8Y
RRXpSyOhASzTBZXVYyA7yH8/Qqwggelq9mivasYkn48oiKOYizVtSztMZpXevy3b
Ng6xUtAlFQ6/XaLJB2cOiWzSr22eCLmhEzyOAkdX254v
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:44:02 2024 by rpki-client on console-fra.rpki-client.org