Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/wg5GSd9-4eXD4qa6Tevh9Sf3120.roa
File:                     wg5GSd9-4eXD4qa6Tevh9Sf3120.roa (raw, json)
Hash identifier:          lOWgnNb1GjigXPSpujjlZB4eZj9RrVG+FxMIGkr5cs8=
Subject key identifier:   C2:0E:46:49:DF:7E:E1:E5:C3:E2:A6:BA:4D:EB:E1:F5:27:F7:D7:6D
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       018CC4923FEB870852DDB169A9DEE50C7435
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/wg5GSd9-4eXD4qa6Tevh9Sf3120.roa
Signing time:             Mon 01 Jan 2024 10:29:28 +0000
ROA not before:           Mon 01 Jan 2024 10:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397233
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3f:eb:87:08:52:dd:b1:69:a9:de:e5:0c:74:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 10:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c20e4649df7ee1e5c3e2a6ba4debe1f527f7d76d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:49:90:5f:43:fb:91:0e:99:50:32:39:70:24:
                    de:44:4b:90:d6:4c:25:4e:ff:bc:e5:09:3f:2c:cb:
                    69:d1:72:1d:a1:cc:c5:8b:47:d8:19:00:1b:8e:2d:
                    28:6e:e8:24:76:ae:89:2d:65:7e:25:e5:7b:98:c6:
                    d3:6e:5b:09:7a:e0:d3:3d:f9:82:94:a1:7d:0c:29:
                    7d:f1:8f:0c:3f:8f:e8:56:5e:67:8f:97:0a:28:b8:
                    28:78:71:66:17:4c:d5:2f:de:38:70:6f:31:91:fd:
                    93:e0:97:3d:9f:a6:2c:c9:61:22:e3:8d:a4:5f:89:
                    2b:99:0b:e6:08:2f:02:8f:12:51:75:8b:a2:dd:bc:
                    2e:25:f5:4e:59:73:c4:a4:d8:9c:2e:67:27:e2:b1:
                    d6:03:d5:ff:c9:5c:d4:71:3e:25:60:29:40:ba:fd:
                    a8:ba:56:fa:02:69:fa:2a:bd:10:af:1a:c6:a1:fc:
                    d3:63:eb:1e:49:98:b1:fe:13:45:f4:2a:3a:1b:30:
                    97:2d:31:1f:00:16:7f:50:42:fe:6a:85:f4:d8:df:
                    4f:4d:8b:3b:67:35:2a:28:b4:bc:70:4f:33:95:43:
                    7f:b8:91:b1:4e:8c:06:e0:30:b6:6f:fd:86:ea:f9:
                    2d:a1:b4:19:40:28:b7:ad:c5:8f:90:2c:d4:4c:56:
                    8a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:0E:46:49:DF:7E:E1:E5:C3:E2:A6:BA:4D:EB:E1:F5:27:F7:D7:6D
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/wg5GSd9-4eXD4qa6Tevh9Sf3120.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:7f:b1:94:79:12:66:75:a8:13:af:f0:c2:02:e4:93:80:22:
         01:ba:78:ef:66:b2:66:a9:da:ab:60:e4:01:76:0c:68:d5:11:
         9e:24:f4:80:82:a9:97:d9:aa:31:9a:75:17:5c:03:f5:84:85:
         7c:ee:7e:e7:b1:4b:5d:bc:50:d3:4f:6f:d4:f1:10:5a:43:24:
         4f:13:ee:8e:7b:8b:c2:d9:6d:3f:62:df:71:76:b9:c9:8b:a7:
         9a:5b:28:db:65:e5:04:c0:83:30:e7:bc:c2:41:2e:63:fc:9d:
         cf:03:a2:bd:0a:83:17:48:e6:39:6b:ca:a7:52:b0:64:fa:b0:
         47:58:26:0d:ff:b5:6f:19:72:26:57:c1:8b:81:bb:b3:2c:52:
         f3:16:d0:d4:5e:44:0e:36:9b:fd:87:3b:75:15:85:10:85:78:
         08:94:68:04:91:ae:d2:aa:ad:cf:6f:39:41:77:98:5a:a1:ac:
         65:31:09:8a:24:ae:b1:b5:46:82:d4:b9:d3:74:9c:85:e9:76:
         72:c5:4f:e3:2e:1c:60:9b:78:f2:e5:24:98:2e:99:61:d7:4b:
         d6:7a:6d:78:a8:d3:cb:18:56:3f:d8:75:3d:05:27:c9:87:f7:
         e0:84:ba:d6:67:0d:97:5b:a2:dd:06:f9:2f:7a:d0:55:c5:16:
         ff:c0:81:25
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEkj/rhwhS3bFpqd7lDHQ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjQwMTAxMTAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjBlNDY0OWRmN2VlMWU1YzNlMmE2YmE0ZGViZTFmNTI3ZjdkNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0mQX0P7kQ6ZUDI5cCTeREuQ1kwl
Tv+85Qk/LMtp0XIdoczFi0fYGQAbji0obugkdq6JLWV+JeV7mMbTblsJeuDTPfmC
lKF9DCl98Y8MP4/oVl5nj5cKKLgoeHFmF0zVL944cG8xkf2T4Jc9n6YsyWEi442k
X4krmQvmCC8CjxJRdYui3bwuJfVOWXPEpNicLmcn4rHWA9X/yVzUcT4lYClAuv2o
ulb6Amn6Kr0QrxrGofzTY+seSZix/hNF9Co6GzCXLTEfABZ/UEL+aoX02N9PTYs7
ZzUqKLS8cE8zlUN/uJGxTowG4DC2b/2G6vktobQZQCi3rcWPkCzUTFaKnQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMIORknffuHlw+Kmuk3r4fUn99dtMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvd2c1R1NkOS00ZVhENHFhNlRldmg5U2YzMTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQBQf7GUeRJmdagTr/DC
AuSTgCIBunjvZrJmqdqrYOQBdgxo1RGeJPSAgqmX2aoxmnUXXAP1hIV87n7nsUtd
vFDTT2/U8RBaQyRPE+6Oe4vC2W0/Yt9xdrnJi6eaWyjbZeUEwIMw57zCQS5j/J3P
A6K9CoMXSOY5a8qnUrBk+rBHWCYN/7VvGXImV8GLgbuzLFLzFtDUXkQONpv9hzt1
FYUQhXgIlGgEka7Sqq3PbzlBd5haoaxlMQmKJK6xtUaC1LnTdJyF6XZyxU/jLhxg
m3jy5SSYLplh10vWem14qNPLGFY/2HU9BSfJh/fghLrWZw2XW6LdBvkvetBVxRb/
wIEl
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:40:17 2024 by rpki-client on console-ams.rpki-client.org