Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wYpyjGqZgOLvdxHzTDcvP-NDRWs.roa
File:                     wYpyjGqZgOLvdxHzTDcvP-NDRWs.roa (raw, json)
Hash identifier:          T0b0I1+KCgMAI5xmLh/NE+yy9tEaDwRBffeS45J4qa8=
Subject key identifier:   C1:8A:72:8C:6A:99:80:E2:EF:77:11:F3:4C:37:2F:3F:E3:43:45:6B
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0190B539AE04D8EF06A6A853C443E2CBB4AD
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wYpyjGqZgOLvdxHzTDcvP-NDRWs.roa
Signing time:             Mon 15 Jul 2024 07:09:34 +0000
ROA not before:           Mon 15 Jul 2024 07:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210715
IP address blocks:        45.43.163.0/24 maxlen: 24
                          216.173.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b5:39:ae:04:d8:ef:06:a6:a8:53:c4:43:e2:cb:b4:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jul 15 07:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c18a728c6a9980e2ef7711f34c372f3fe343456b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:48:05:4b:ae:18:84:30:96:b5:50:05:65:d3:
                    fc:ce:b2:da:30:47:37:44:fc:76:0a:ec:44:90:70:
                    32:f6:96:49:ed:8f:b7:1a:b8:f5:d5:e1:18:b3:db:
                    b8:f4:c7:06:f2:b2:07:fd:cf:2e:8d:f3:9a:da:70:
                    60:39:1b:39:50:3f:98:a6:78:a1:5f:a1:7a:6b:a5:
                    a4:60:7f:3f:94:e3:88:8a:a2:f7:6e:9c:c6:14:17:
                    c5:bc:ad:ee:b2:b6:f0:ae:b2:14:54:79:ba:8a:1f:
                    d1:7b:9d:76:6d:69:57:18:d0:d8:02:53:9b:3c:cc:
                    b2:b6:ef:5c:70:d7:95:2c:bd:3a:4e:7c:60:3a:cb:
                    cb:eb:bf:ba:0c:65:8c:b1:26:26:08:7b:21:aa:7c:
                    f2:90:26:41:52:a0:e0:cf:10:bd:0d:f4:2e:dc:40:
                    c4:6d:37:46:40:81:78:e1:47:b4:7e:db:71:78:76:
                    1b:6b:26:45:2f:cd:8e:76:fb:48:17:54:d1:4a:23:
                    f2:65:5f:eb:b8:b6:33:75:4b:5a:1a:6f:89:d0:08:
                    9e:0f:db:9c:e5:4c:d7:cd:46:df:80:7b:5f:f5:07:
                    30:8f:03:43:27:6a:91:e6:bc:5b:08:13:31:d5:e2:
                    38:0a:f5:e7:05:da:fc:45:4b:c5:b2:f8:69:71:eb:
                    42:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:8A:72:8C:6A:99:80:E2:EF:77:11:F3:4C:37:2F:3F:E3:43:45:6B
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wYpyjGqZgOLvdxHzTDcvP-NDRWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.163.0/24
                  216.173.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a5:b6:f7:13:42:f2:1f:6e:51:52:56:73:fc:74:01:9a:c4:
         58:45:ff:20:73:64:46:2b:05:de:c8:dc:77:3d:c5:42:a1:f6:
         a6:d4:d3:a1:0d:98:f2:cf:26:3b:45:9e:69:5c:25:9e:3e:5e:
         7a:da:25:8f:32:25:f2:78:ba:b0:89:3a:19:74:d4:93:4b:e9:
         b8:ba:30:82:41:fc:39:28:c1:4f:6e:39:fc:9c:28:0f:21:1b:
         38:85:8d:e1:0a:a1:a5:14:29:94:a6:df:97:fe:d4:56:2f:da:
         f3:77:e5:78:35:99:93:33:d5:d2:68:d6:c8:ee:f9:71:ba:95:
         87:bf:23:0f:cf:1c:a1:ee:57:1e:96:e5:ff:fe:6e:09:0f:d7:
         a0:4d:05:48:31:f7:74:44:08:06:5c:64:1a:cb:ca:5b:93:a2:
         e0:75:d7:bd:ec:90:cb:fd:70:0a:f8:7f:f1:40:e2:92:3e:7e:
         42:68:61:ac:19:ff:b7:23:1d:16:f5:ce:d9:93:20:e1:78:49:
         cf:4a:43:9b:09:8a:79:50:41:f5:19:ce:88:96:67:a3:1f:ff:
         22:5f:97:7f:3c:7a:03:ab:ed:73:d9:19:71:6c:d8:67:95:34:
         ac:1c:2c:9a:f8:5c:0d:da:4f:d0:ee:f1:26:25:08:93:0e:68:
         8b:4c:37:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZC1Oa4E2O8GpqhTxEPiy7StMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNzE1MDcwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMThhNzI4YzZhOTk4MGUyZWY3NzExZjM0YzM3MmYzZmUzNDM0NTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0gFS64YhDCWtVAFZdP8zrLaMEc3
RPx2CuxEkHAy9pZJ7Y+3Grj11eEYs9u49McG8rIH/c8ujfOa2nBgORs5UD+Ypnih
X6F6a6WkYH8/lOOIiqL3bpzGFBfFvK3usrbwrrIUVHm6ih/Re512bWlXGNDYAlOb
PMyytu9ccNeVLL06TnxgOsvL67+6DGWMsSYmCHshqnzykCZBUqDgzxC9DfQu3EDE
bTdGQIF44Ue0fttxeHYbayZFL82OdvtIF1TRSiPyZV/ruLYzdUtaGm+J0AieD9uc
5UzXzUbfgHtf9QcwjwNDJ2qR5rxbCBMx1eI4CvXnBdr8RUvFsvhpcetC8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMGKcoxqmYDi73cR80w3Lz/jQ0VrMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvd1lweWpHcVpnT0x2ZHhIelREY3ZQLU5EUldzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALSujAwQA
2K1NMA0GCSqGSIb3DQEBCwUAA4IBAQBOpbb3E0LyH25RUlZz/HQBmsRYRf8gc2RG
KwXeyNx3PcVCofam1NOhDZjyzyY7RZ5pXCWePl562iWPMiXyeLqwiToZdNSTS+m4
ujCCQfw5KMFPbjn8nCgPIRs4hY3hCqGlFCmUpt+X/tRWL9rzd+V4NZmTM9XSaNbI
7vlxupWHvyMPzxyh7lceluX//m4JD9egTQVIMfd0RAgGXGQay8pbk6Lgdde97JDL
/XAK+H/xQOKSPn5CaGGsGf+3Ix0W9c7ZkyDheEnPSkObCYp5UEH1Gc6IlmejH/8i
X5d/PHoDq+1z2RlxbNhnlTSsHCya+FwN2k/Q7vEmJQiTDmiLTDc1
-----END CERTIFICATE-----
Generated at Fri Nov 22 11:53:15 2024 by rpki-client on console-fra.rpki-client.org