Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/e0559d-abe6-443b-a978-5e7ded1421da/1/twl2yQ6q80i2VNbhAewAc6VtSSI.roa
File:                     twl2yQ6q80i2VNbhAewAc6VtSSI.roa (raw, json)
Hash identifier:          zUzyxTIhtL/CxhhvKOxGg3efpk6H+8PAOA3JLO3TVuM=
Subject key identifier:   B7:09:76:C9:0E:AA:F3:48:B6:54:D6:E1:01:EC:00:73:A5:6D:49:22
Certificate issuer:       /CN=5b3825b48b3599effaa0bc81a8dddb98f1d802c4
Certificate serial:       018CC9BC55EF88EA8554C44D7DCA7B01867F
Authority key identifier: 5B:38:25:B4:8B:35:99:EF:FA:A0:BC:81:A8:DD:DB:98:F1:D8:02:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WzgltIs1me_6oLyBqN3bmPHYAsQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/e0559d-abe6-443b-a978-5e7ded1421da/1/twl2yQ6q80i2VNbhAewAc6VtSSI.roa
Signing time:             Tue 02 Jan 2024 10:33:32 +0000
ROA not before:           Tue 02 Jan 2024 10:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206859
IP address blocks:        185.173.252.0/22 maxlen: 22
                          2a0b:7500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/e0559d-abe6-443b-a978-5e7ded1421da/1/WzgltIs1me_6oLyBqN3bmPHYAsQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/e0559d-abe6-443b-a978-5e7ded1421da/1/WzgltIs1me_6oLyBqN3bmPHYAsQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WzgltIs1me_6oLyBqN3bmPHYAsQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:55:ef:88:ea:85:54:c4:4d:7d:ca:7b:01:86:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b3825b48b3599effaa0bc81a8dddb98f1d802c4
        Validity
            Not Before: Jan  2 10:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b70976c90eaaf348b654d6e101ec0073a56d4922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:58:a9:e0:2e:32:a2:9d:cd:e1:ff:ff:1e:9a:
                    17:38:17:dc:88:22:01:c9:67:af:5b:0e:37:b0:b8:
                    c6:c0:1b:b8:65:0d:b2:96:5c:80:50:bd:03:d5:83:
                    13:ef:0d:6e:1b:43:2f:95:31:31:0b:95:80:63:ac:
                    d9:c1:6c:73:c4:66:00:07:0c:ed:b5:f2:9b:33:7b:
                    31:d7:3d:fc:a7:46:aa:39:0e:ba:ae:23:49:fb:a4:
                    b9:63:1b:87:0d:cd:c2:bb:f9:6b:01:70:a2:37:67:
                    94:73:49:ac:be:17:af:08:81:49:f5:47:91:cc:f2:
                    4e:3f:9e:e3:50:96:73:a8:30:41:6a:39:b0:12:ce:
                    33:23:66:dc:29:72:87:e4:08:54:95:87:da:3e:f0:
                    b6:10:0f:b1:a3:0a:73:65:c5:c7:ef:9a:91:b9:2f:
                    2a:76:0a:2a:de:33:ce:5d:d0:fd:0c:b1:60:fa:36:
                    3f:58:95:24:28:5c:aa:de:bc:6f:e7:f8:09:b7:02:
                    1f:0c:88:f3:ae:01:72:80:b1:6a:eb:8c:81:fe:33:
                    8b:8c:3a:59:98:3d:c7:e9:5f:ec:b0:a0:86:49:f4:
                    4b:ed:0e:aa:d4:4a:ca:52:3c:14:99:e3:4c:fb:d3:
                    54:24:45:7e:50:23:07:fd:81:0e:55:13:36:58:4c:
                    11:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:09:76:C9:0E:AA:F3:48:B6:54:D6:E1:01:EC:00:73:A5:6D:49:22
            X509v3 Authority Key Identifier:
                keyid:5B:38:25:B4:8B:35:99:EF:FA:A0:BC:81:A8:DD:DB:98:F1:D8:02:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WzgltIs1me_6oLyBqN3bmPHYAsQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/e0559d-abe6-443b-a978-5e7ded1421da/1/twl2yQ6q80i2VNbhAewAc6VtSSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/e0559d-abe6-443b-a978-5e7ded1421da/1/WzgltIs1me_6oLyBqN3bmPHYAsQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.252.0/22
                IPv6:
                  2a0b:7500::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:dc:2d:d8:45:ce:aa:f8:93:71:62:9e:7c:84:41:6b:65:4b:
         e6:2e:5d:04:5a:55:84:f5:f1:f9:64:6f:66:06:66:27:06:59:
         c8:40:0b:10:cd:b6:a4:df:0f:5e:39:6d:52:bf:c4:67:11:f3:
         21:f7:8d:2b:a3:8a:a9:3d:9f:a6:04:73:36:96:83:bc:61:29:
         7d:e3:d7:04:c2:25:87:ea:19:73:6a:25:cb:43:e5:1c:23:aa:
         93:f4:cb:f0:6d:6a:aa:0e:b1:41:c6:43:4b:d9:f0:ac:26:6e:
         76:c7:b6:ff:9d:4a:72:3f:26:3b:cb:77:04:0c:9f:89:38:ad:
         be:d2:d6:22:ff:ed:d0:c3:bf:ec:0d:3f:8c:3b:54:9d:59:ed:
         6d:71:1f:b0:7e:32:ac:37:05:e3:4a:37:73:c9:52:f4:6a:b2:
         a4:9a:63:40:8b:f4:c6:9b:c3:b0:73:a6:92:ae:4b:6b:ce:4a:
         fd:eb:45:7d:de:7a:29:02:6b:26:6b:ad:1e:ef:d8:df:70:38:
         77:c7:6f:3f:c0:05:41:ea:17:38:49:38:2c:58:52:22:ea:04:
         84:bd:db:16:e0:ef:51:39:85:eb:d1:87:2f:1d:83:0a:4d:4f:
         a3:f2:4a:59:78:44:0a:4e:52:71:86:d6:ba:83:e5:39:0f:0d:
         fd:ed:d0:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvFXviOqFVMRNfcp7AYZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMzgyNWI0OGIzNTk5ZWZmYWEwYmM4MWE4ZGRkYjk4ZjFk
ODAyYzQwHhcNMjQwMTAyMTAzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzA5NzZjOTBlYWFmMzQ4YjY1NGQ2ZTEwMWVjMDA3M2E1NmQ0OTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFip4C4yop3N4f//HpoXOBfciCIB
yWevWw43sLjGwBu4ZQ2yllyAUL0D1YMT7w1uG0MvlTExC5WAY6zZwWxzxGYABwzt
tfKbM3sx1z38p0aqOQ66riNJ+6S5YxuHDc3Cu/lrAXCiN2eUc0msvhevCIFJ9UeR
zPJOP57jUJZzqDBBajmwEs4zI2bcKXKH5AhUlYfaPvC2EA+xowpzZcXH75qRuS8q
dgoq3jPOXdD9DLFg+jY/WJUkKFyq3rxv5/gJtwIfDIjzrgFygLFq64yB/jOLjDpZ
mD3H6V/ssKCGSfRL7Q6q1ErKUjwUmeNM+9NUJEV+UCMH/YEOVRM2WEwR+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLcJdskOqvNItlTW4QHsAHOlbUkiMB8GA1UdIwQY
MBaAFFs4JbSLNZnv+qC8gajd25jx2ALEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3pnbHRJczFtZV82b0x5QnFOM2JtUEhZQXNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9lMDU1OWQtYWJlNi00NDNiLWE5Nzgt
NWU3ZGVkMTQyMWRhLzEvdHdsMnlRNnE4MGkyVk5iaEFld0FjNlZ0U1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9lMDU1OWQtYWJlNi00NDNiLWE5NzgtNWU3ZGVkMTQyMWRh
LzEvV3pnbHRJczFtZV82b0x5QnFOM2JtUEhZQXNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCua38MA0E
AgACMAcDBQMqC3UAMA0GCSqGSIb3DQEBCwUAA4IBAQAM3C3YRc6q+JNxYp58hEFr
ZUvmLl0EWlWE9fH5ZG9mBmYnBlnIQAsQzbak3w9eOW1Sv8RnEfMh940ro4qpPZ+m
BHM2loO8YSl949cEwiWH6hlzaiXLQ+UcI6qT9MvwbWqqDrFBxkNL2fCsJm52x7b/
nUpyPyY7y3cEDJ+JOK2+0tYi/+3Qw7/sDT+MO1SdWe1tcR+wfjKsNwXjSjdzyVL0
arKkmmNAi/TGm8Owc6aSrktrzkr960V93nopAmsma60e79jfcDh3x28/wAVB6hc4
STgsWFIi6gSEvdsW4O9ROYXr0YcvHYMKTU+j8kpZeEQKTlJxhta6g+U5Dw397dA4
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:59:16 2024 by rpki-client on console-fra.rpki-client.org