Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/c071a8-54aa-4abd-8127-edf7bb653f13/1/wyiBFKsG7mhieb9Aca9FzDZ_Sl0.roa
File:                     wyiBFKsG7mhieb9Aca9FzDZ_Sl0.roa (raw, json)
Hash identifier:          a2wBSTdy+4JP7tb65w7vsC2KCZCYJCeTlMmF/ryiLlY=
Subject key identifier:   C3:28:81:14:AB:06:EE:68:62:79:BF:40:71:AF:45:CC:36:7F:4A:5D
Certificate issuer:       /CN=bbe128dcb6810ffdc502ba3047cd419132da2274
Certificate serial:       018CC64B5FCA839F361D90D135565D30D143
Authority key identifier: BB:E1:28:DC:B6:81:0F:FD:C5:02:BA:30:47:CD:41:91:32:DA:22:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u-Eo3LaBD_3FArowR81BkTLaInQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/c071a8-54aa-4abd-8127-edf7bb653f13/1/wyiBFKsG7mhieb9Aca9FzDZ_Sl0.roa
Signing time:             Mon 01 Jan 2024 18:31:17 +0000
ROA not before:           Mon 01 Jan 2024 18:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25460
IP address blocks:        185.118.28.0/22 maxlen: 22
                          45.154.208.0/22 maxlen: 22
                          5.61.120.0/21 maxlen: 21
                          2a01:5ac0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/c071a8-54aa-4abd-8127-edf7bb653f13/1/u-Eo3LaBD_3FArowR81BkTLaInQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/c071a8-54aa-4abd-8127-edf7bb653f13/1/u-Eo3LaBD_3FArowR81BkTLaInQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u-Eo3LaBD_3FArowR81BkTLaInQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:5f:ca:83:9f:36:1d:90:d1:35:56:5d:30:d1:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbe128dcb6810ffdc502ba3047cd419132da2274
        Validity
            Not Before: Jan  1 18:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3288114ab06ee686279bf4071af45cc367f4a5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:83:d9:bc:49:7c:f8:b4:a3:15:d2:8b:b1:26:
                    25:51:1d:c4:fd:f0:15:86:7c:4a:bd:77:e3:97:85:
                    70:fd:16:99:24:f7:f6:de:56:2f:9e:e2:51:17:02:
                    9f:3c:0c:be:93:ba:e9:b1:c4:f4:6f:88:90:ea:3c:
                    74:fc:f1:87:42:85:fb:a7:0e:fc:62:56:53:19:73:
                    3c:14:df:2e:1a:6f:52:aa:c0:d2:69:9f:b5:59:8c:
                    d4:9c:79:21:e2:5b:b4:dc:43:eb:15:a5:2f:ed:ee:
                    fb:87:70:23:bd:da:8e:e6:24:2c:a8:74:40:e7:bd:
                    6f:33:9c:15:a9:0a:e6:81:99:8f:d9:09:d2:5b:1d:
                    9a:80:00:41:b9:e6:8b:4b:42:92:27:68:6d:dc:46:
                    1a:35:17:90:21:f9:05:1b:d3:c7:12:f8:26:a2:11:
                    b6:b6:8c:3c:c3:4b:3d:42:9c:15:68:d3:5b:d8:6e:
                    a1:38:02:3d:b1:83:6f:6b:50:e1:5c:d3:20:a0:3c:
                    81:98:bc:dc:86:19:ae:7c:0c:c5:f3:cc:f3:a4:5a:
                    d9:4b:de:89:27:dd:77:2f:a9:7f:be:24:90:e4:12:
                    18:99:a6:23:31:fa:b5:07:d2:57:29:79:51:41:d7:
                    a8:d1:a6:63:6d:e4:ea:50:fa:38:0c:fb:d3:57:d0:
                    1c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:28:81:14:AB:06:EE:68:62:79:BF:40:71:AF:45:CC:36:7F:4A:5D
            X509v3 Authority Key Identifier:
                keyid:BB:E1:28:DC:B6:81:0F:FD:C5:02:BA:30:47:CD:41:91:32:DA:22:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u-Eo3LaBD_3FArowR81BkTLaInQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/c071a8-54aa-4abd-8127-edf7bb653f13/1/wyiBFKsG7mhieb9Aca9FzDZ_Sl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/c071a8-54aa-4abd-8127-edf7bb653f13/1/u-Eo3LaBD_3FArowR81BkTLaInQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.120.0/21
                  45.154.208.0/22
                  185.118.28.0/22
                IPv6:
                  2a01:5ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         da:c9:ef:bd:3d:ea:b1:fc:d0:a6:92:05:80:ac:3f:36:4f:3b:
         4d:e9:95:bf:85:b5:f3:8b:5e:04:49:4d:92:7b:e8:8b:39:c7:
         c2:84:40:b1:57:2b:5f:4c:86:17:27:0c:bc:8c:74:2d:db:d5:
         cc:a5:b6:93:82:b9:aa:bf:1b:f8:dc:68:bd:f1:64:4c:e5:c1:
         c2:14:c6:f0:ab:78:27:35:51:ba:09:13:a2:b8:4e:e7:70:5c:
         23:7b:77:62:5a:b4:c0:96:8f:ef:8f:15:29:97:f7:c7:88:5d:
         64:bf:6a:06:42:e1:e9:f0:6a:31:ad:6d:4e:f2:2d:2e:d2:bc:
         c1:4e:aa:91:fa:12:16:6c:45:9d:2f:a2:66:52:72:96:1a:ba:
         b7:81:de:49:e0:be:4b:4c:03:76:8f:16:5a:84:6c:bf:56:cf:
         f9:b9:33:e9:8b:be:4d:67:94:bf:f8:54:69:1b:30:cf:14:95:
         e9:82:21:c7:f0:fb:1b:03:97:cb:5f:14:6c:1e:a9:ad:96:a7:
         a2:b0:80:34:1f:e1:f8:5e:65:38:e9:89:93:47:0b:fa:30:4e:
         59:44:7b:d2:8c:ff:30:6c:b7:61:c8:ae:56:79:a6:e8:07:64:
         f6:4e:ba:5d:87:4c:bc:82:a8:65:6b:31:05:2b:2b:99:c1:87:
         35:44:9e:7e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzGS1/Kg582HZDRNVZdMNFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZTEyOGRjYjY4MTBmZmRjNTAyYmEzMDQ3Y2Q0MTkxMzJk
YTIyNzQwHhcNMjQwMTAxMTgzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzI4ODExNGFiMDZlZTY4NjI3OWJmNDA3MWFmNDVjYzM2N2Y0YTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIPZvEl8+LSjFdKLsSYlUR3E/fAV
hnxKvXfjl4Vw/RaZJPf23lYvnuJRFwKfPAy+k7rpscT0b4iQ6jx0/PGHQoX7pw78
YlZTGXM8FN8uGm9SqsDSaZ+1WYzUnHkh4lu03EPrFaUv7e77h3AjvdqO5iQsqHRA
571vM5wVqQrmgZmP2QnSWx2agABBueaLS0KSJ2ht3EYaNReQIfkFG9PHEvgmohG2
tow8w0s9QpwVaNNb2G6hOAI9sYNva1DhXNMgoDyBmLzchhmufAzF88zzpFrZS96J
J913L6l/viSQ5BIYmaYjMfq1B9JXKXlRQdeo0aZjbeTqUPo4DPvTV9AckwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMMogRSrBu5oYnm/QHGvRcw2f0pdMB8GA1UdIwQY
MBaAFLvhKNy2gQ/9xQK6MEfNQZEy2iJ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdS1FbzNMYUJEXzNGQXJvd1I4MUJrVExhSW5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9jMDcxYTgtNTRhYS00YWJkLTgxMjct
ZWRmN2JiNjUzZjEzLzEvd3lpQkZLc0c3bWhpZWI5QWNhOUZ6RFpfU2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9jMDcxYTgtNTRhYS00YWJkLTgxMjctZWRmN2JiNjUzZjEz
LzEvdS1FbzNMYUJEXzNGQXJvd1I4MUJrVExhSW5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBT14AwQC
LZrQAwQCuXYcMA0EAgACMAcDBQAqAVrAMA0GCSqGSIb3DQEBCwUAA4IBAQDaye+9
Peqx/NCmkgWArD82TztN6ZW/hbXzi14ESU2Se+iLOcfChECxVytfTIYXJwy8jHQt
29XMpbaTgrmqvxv43Gi98WRM5cHCFMbwq3gnNVG6CROiuE7ncFwje3diWrTAlo/v
jxUpl/fHiF1kv2oGQuHp8GoxrW1O8i0u0rzBTqqR+hIWbEWdL6JmUnKWGrq3gd5J
4L5LTAN2jxZahGy/Vs/5uTPpi75NZ5S/+FRpGzDPFJXpgiHH8PsbA5fLXxRsHqmt
lqeisIA0H+H4XmU46YmTRwv6ME5ZRHvSjP8wbLdhyK5WeaboB2T2Trpdh0y8gqhl
azEFKyuZwYc1RJ5+
-----END CERTIFICATE-----
Generated at Mon Jun 17 02:38:11 2024 by rpki-client on console-ams.rpki-client.org