Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/29678f-c605-4655-9359-10fedccd2924/1/wHLema0UGStCVJFXioCOp9yM9Yk.roa
File:                     wHLema0UGStCVJFXioCOp9yM9Yk.roa (raw, json)
Hash identifier:          9o2chTlhKcvV8PSsEOhRoW59X68c/vtOe1+mp0bUcck=
Subject key identifier:   C0:72:DE:99:AD:14:19:2B:42:54:91:57:8A:80:8E:A7:DC:8C:F5:89
Certificate issuer:       /CN=706ffaa9b7fce40827181a5aa0acee99a4669156
Certificate serial:       019427B62294E90A4FAFC896442009E6A143
Authority key identifier: 70:6F:FA:A9:B7:FC:E4:08:27:18:1A:5A:A0:AC:EE:99:A4:66:91:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cG_6qbf85AgnGBpaoKzumaRmkVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/29678f-c605-4655-9359-10fedccd2924/1/wHLema0UGStCVJFXioCOp9yM9Yk.roa
Signing time:             Thu 02 Jan 2025 15:50:35 +0000
ROA not before:           Thu 02 Jan 2025 15:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39098
IP address blocks:        156.10.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/29678f-c605-4655-9359-10fedccd2924/1/cG_6qbf85AgnGBpaoKzumaRmkVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/29678f-c605-4655-9359-10fedccd2924/1/cG_6qbf85AgnGBpaoKzumaRmkVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cG_6qbf85AgnGBpaoKzumaRmkVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:22:94:e9:0a:4f:af:c8:96:44:20:09:e6:a1:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706ffaa9b7fce40827181a5aa0acee99a4669156
        Validity
            Not Before: Jan  2 15:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c072de99ad14192b425491578a808ea7dc8cf589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ca:84:5c:90:39:48:f4:ad:87:0c:a8:6d:b6:
                    ef:c7:c8:e8:2a:41:f3:49:20:bb:9c:cd:e6:d1:85:
                    85:32:94:a3:e7:63:c8:85:ea:50:15:ad:7b:5f:ae:
                    0f:bd:0c:3c:0c:aa:7a:5d:07:38:f3:b6:f1:2b:bb:
                    6b:e2:43:74:44:60:c1:ff:6a:0f:af:76:1f:b3:5c:
                    9d:bd:d9:10:b8:d4:0e:ba:38:be:9a:13:ec:e8:7c:
                    48:e2:13:b6:46:71:6d:2f:88:dd:ce:5d:f2:d8:1b:
                    a1:07:ae:2d:5b:e0:e4:27:42:69:1e:85:70:fa:57:
                    02:49:d8:59:4e:0c:08:30:c9:4f:48:fc:51:ce:32:
                    aa:f7:88:16:fd:dc:03:02:c1:4c:f6:c3:e4:b0:99:
                    d4:47:ef:3e:f5:1b:06:c8:22:e3:09:7b:23:46:8d:
                    65:f5:5e:6c:d2:51:d4:af:01:47:b6:e2:cc:bd:0f:
                    6c:d4:eb:fe:20:3a:b6:42:49:4f:b5:f8:c8:84:b1:
                    fa:ef:a7:36:3a:3a:26:51:7b:87:3a:65:ac:9c:8f:
                    56:f6:04:db:cc:44:b9:d6:51:ff:a2:2e:55:19:46:
                    a9:f3:b4:18:9e:42:a0:68:53:ed:50:46:7f:37:4d:
                    e6:b9:35:99:67:50:13:ea:0b:af:d2:b5:35:e1:f1:
                    6e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:72:DE:99:AD:14:19:2B:42:54:91:57:8A:80:8E:A7:DC:8C:F5:89
            X509v3 Authority Key Identifier:
                keyid:70:6F:FA:A9:B7:FC:E4:08:27:18:1A:5A:A0:AC:EE:99:A4:66:91:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG_6qbf85AgnGBpaoKzumaRmkVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/29678f-c605-4655-9359-10fedccd2924/1/wHLema0UGStCVJFXioCOp9yM9Yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/29678f-c605-4655-9359-10fedccd2924/1/cG_6qbf85AgnGBpaoKzumaRmkVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.10.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         65:b4:19:bf:1b:27:6e:d0:97:06:20:6f:e2:3b:4e:98:ac:93:
         29:d4:17:77:04:12:fb:a0:64:f4:86:58:81:57:7b:74:b3:5f:
         a9:9a:f8:ad:11:a9:27:01:a2:8d:e1:7a:b2:99:85:58:57:fa:
         72:68:ba:da:b9:2e:76:2a:54:69:15:4b:a0:b9:c1:16:36:d3:
         f0:20:d5:ce:e7:ab:ee:ad:ac:b3:40:a0:4d:53:14:9d:82:64:
         84:af:59:a0:f5:0b:ec:fd:cb:23:37:9c:04:7b:3e:2f:f1:f6:
         e1:0e:90:13:21:dc:09:9f:8d:01:34:c9:cb:7e:20:33:d1:f7:
         c2:5d:30:3a:bf:fa:c7:85:76:22:7a:ad:7d:49:2a:4a:89:8f:
         13:70:66:d0:d0:28:5b:89:3a:01:cb:50:1c:d3:7b:07:1e:7e:
         2e:5b:d7:89:65:2b:7b:8d:6c:a6:d0:48:3e:ce:02:6b:c8:71:
         aa:0a:44:07:23:67:95:63:34:f2:81:74:e0:9e:7d:16:fd:dc:
         ff:06:79:db:78:eb:58:a0:9f:7b:62:51:fc:64:b0:66:90:ac:
         f4:72:0c:78:85:61:bb:fa:b6:2f:8f:2d:61:42:c3:9d:a6:bf:
         4a:e1:33:8b:f7:89:1d:e0:75:e1:5a:f1:e5:42:ae:1a:84:dc:
         9c:78:40:03
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQntiKU6QpPr8iWRCAJ5qFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmZmYWE5YjdmY2U0MDgyNzE4MWE1YWEwYWNlZTk5YTQ2
NjkxNTYwHhcNMjUwMTAyMTU1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDcyZGU5OWFkMTQxOTJiNDI1NDkxNTc4YTgwOGVhN2RjOGNmNTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8qEXJA5SPSthwyobbbvx8joKkHz
SSC7nM3m0YWFMpSj52PIhepQFa17X64PvQw8DKp6XQc487bxK7tr4kN0RGDB/2oP
r3Yfs1ydvdkQuNQOuji+mhPs6HxI4hO2RnFtL4jdzl3y2BuhB64tW+DkJ0JpHoVw
+lcCSdhZTgwIMMlPSPxRzjKq94gW/dwDAsFM9sPksJnUR+8+9RsGyCLjCXsjRo1l
9V5s0lHUrwFHtuLMvQ9s1Ov+IDq2QklPtfjIhLH676c2OjomUXuHOmWsnI9W9gTb
zES51lH/oi5VGUap87QYnkKgaFPtUEZ/N03muTWZZ1AT6guv0rU14fFuGwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMBy3pmtFBkrQlSRV4qAjqfcjPWJMB8GA1UdIwQY
MBaAFHBv+qm3/OQIJxgaWqCs7pmkZpFWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0dfNnFiZjg1QWduR0JwYW9LenVtYVJta1ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yOTY3OGYtYzYwNS00NjU1LTkzNTkt
MTBmZWRjY2QyOTI0LzEvd0hMZW1hMFVHU3RDVkpGWGlvQ09wOXlNOVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yOTY3OGYtYzYwNS00NjU1LTkzNTktMTBmZWRjY2QyOTI0
LzEvY0dfNnFiZjg1QWduR0JwYW9LenVtYVJta1ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnAowDQYJ
KoZIhvcNAQELBQADggEBAGW0Gb8bJ27QlwYgb+I7TpiskynUF3cEEvugZPSGWIFX
e3SzX6ma+K0RqScBoo3herKZhVhX+nJoutq5LnYqVGkVS6C5wRY20/Ag1c7nq+6t
rLNAoE1TFJ2CZISvWaD1C+z9yyM3nAR7Pi/x9uEOkBMh3AmfjQE0yct+IDPR98Jd
MDq/+seFdiJ6rX1JKkqJjxNwZtDQKFuJOgHLUBzTewcefi5b14llK3uNbKbQSD7O
AmvIcaoKRAcjZ5VjNPKBdOCefRb93P8Gedt461ign3tiUfxksGaQrPRyDHiFYbv6
ti+PLWFCw52mv0rhM4v3iR3gdeFa8eVCrhqE3Jx4QAM=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:48:39 2025 by rpki-client