Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/wTi7Rzww3EZXhgQOBREzY1ltru8.roa
File:                     wTi7Rzww3EZXhgQOBREzY1ltru8.roa (raw, json)
Hash identifier:          gxxJFgecVYxEQehjaeKI+l34uL+Gr3bpgbzFlOSfauU=
Subject key identifier:   C1:38:BB:47:3C:30:DC:46:57:86:04:0E:05:11:33:63:59:6D:AE:EF
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       01974ADEFFBD72C1D2E96EDA1A4BAFB19375
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/wTi7Rzww3EZXhgQOBREzY1ltru8.roa
Signing time:             Sat 07 Jun 2025 14:50:17 +0000
ROA not before:           Sat 07 Jun 2025 14:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9232
IP address blocks:        144.56.35.0/24 maxlen: 24
                          144.56.37.0/24 maxlen: 24
                          144.56.39.0/24 maxlen: 24
                          144.56.41.0/24 maxlen: 24
                          144.56.50.0/24 maxlen: 24
                          144.56.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4a:de:ff:bd:72:c1:d2:e9:6e:da:1a:4b:af:b1:93:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Jun  7 14:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c138bb473c30dc465786040e05113363596daeef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:68:54:e8:fa:75:ef:83:8f:37:73:e2:93:c7:
                    b6:80:ee:3f:d2:fa:a0:f2:15:2d:9a:a3:85:a4:1b:
                    0c:9d:4b:25:7b:a5:8b:f9:75:73:ed:de:97:93:eb:
                    b0:02:5e:54:1a:6a:ef:93:6c:c8:ca:51:5e:8d:8d:
                    48:41:c6:ab:8a:8e:dc:e3:56:95:84:e2:55:85:33:
                    dd:f6:33:14:41:d9:18:c0:e5:3d:28:15:b3:64:41:
                    b1:e5:3a:87:06:73:95:34:70:b1:8f:01:86:d5:40:
                    c3:78:95:fd:22:10:c2:d7:d1:08:17:2b:9f:f9:bb:
                    68:f3:1b:d0:95:c0:f2:23:19:a7:45:1e:d3:14:bd:
                    5a:80:ac:18:34:7c:cd:f6:62:0a:65:04:81:53:22:
                    b5:35:33:45:7a:de:3b:ea:e5:82:7c:3e:be:9b:22:
                    87:48:87:21:b9:0c:e7:f8:3e:02:78:33:71:2b:7c:
                    6f:bb:e6:49:d8:f5:e6:ad:28:99:6b:3d:10:8f:2e:
                    eb:6a:c3:bd:17:57:1b:1a:59:c6:ff:84:00:d2:be:
                    d3:64:f7:5e:89:91:b6:e4:13:31:68:91:cc:37:a7:
                    9b:6e:7f:e7:d2:df:c3:0a:b4:36:89:44:95:35:3a:
                    7f:ed:43:76:4f:f6:5b:25:a6:6d:85:29:57:85:2f:
                    b6:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:38:BB:47:3C:30:DC:46:57:86:04:0E:05:11:33:63:59:6D:AE:EF
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/wTi7Rzww3EZXhgQOBREzY1ltru8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.35.0/24
                  144.56.37.0/24
                  144.56.39.0/24
                  144.56.41.0/24
                  144.56.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:3c:89:31:ba:d5:f1:10:d7:7b:6e:1d:60:70:51:4e:c9:73:
         82:64:1c:2d:a2:bf:b5:c4:e1:40:0b:00:23:f5:04:15:cf:20:
         2f:a7:02:61:97:6c:36:74:ce:90:fd:d7:51:4c:c4:b0:5d:00:
         ed:5b:24:28:bd:21:c2:93:86:46:82:05:78:40:69:a3:74:38:
         5b:a6:42:39:0e:d0:cc:73:1d:a1:a6:d7:22:bf:86:62:c2:61:
         43:49:e8:c3:ee:f3:64:02:5b:c1:54:07:9e:32:58:4f:c0:85:
         28:52:9b:5e:31:14:1b:99:4e:6f:6d:03:aa:18:ef:49:59:18:
         e4:ae:95:1b:7a:a0:88:2a:37:d9:97:6a:5e:04:8d:cb:29:75:
         7f:11:c9:b3:b4:de:34:35:66:fa:6d:29:c9:e3:a9:26:a4:a4:
         77:a1:5a:62:28:7d:de:7d:21:3c:a5:0c:b5:9f:13:4c:7f:2c:
         06:5d:00:55:2b:6f:54:d5:ea:8a:ad:90:e4:09:cc:54:a0:e4:
         7f:03:54:3e:62:b1:79:a7:49:fb:b9:a2:14:2c:ac:3f:1b:9d:
         13:9d:2a:1f:47:34:d8:3c:b2:20:3f:4b:c2:02:ff:68:99:35:
         0c:a1:e5:39:00:78:16:09:48:1c:8c:06:8c:cf:c6:6d:97:d6:
         6b:6c:b4:ed
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZdK3v+9csHS6W7aGkuvsZN1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjUwNjA3MTQ1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTM4YmI0NzNjMzBkYzQ2NTc4NjA0MGUwNTExMzM2MzU5NmRhZWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WhU6Pp174OPN3Pik8e2gO4/0vqg
8hUtmqOFpBsMnUsle6WL+XVz7d6Xk+uwAl5UGmrvk2zIylFejY1IQcario7c41aV
hOJVhTPd9jMUQdkYwOU9KBWzZEGx5TqHBnOVNHCxjwGG1UDDeJX9IhDC19EIFyuf
+bto8xvQlcDyIxmnRR7TFL1agKwYNHzN9mIKZQSBUyK1NTNFet476uWCfD6+myKH
SIchuQzn+D4CeDNxK3xvu+ZJ2PXmrSiZaz0Qjy7rasO9F1cbGlnG/4QA0r7TZPde
iZG25BMxaJHMN6ebbn/n0t/DCrQ2iUSVNTp/7UN2T/ZbJaZthSlXhS+2FQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFME4u0c8MNxGV4YEDgURM2NZba7vMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvd1RpN1J6d3czRVpYaGdRT0JSRXpZMWx0cnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAkDgjAwQA
kDglAwQAkDgnAwQAkDgpAwQBkDgyMA0GCSqGSIb3DQEBCwUAA4IBAQBHPIkxutXx
ENd7bh1gcFFOyXOCZBwtor+1xOFACwAj9QQVzyAvpwJhl2w2dM6Q/ddRTMSwXQDt
WyQovSHCk4ZGggV4QGmjdDhbpkI5DtDMcx2hptciv4ZiwmFDSejD7vNkAlvBVAee
MlhPwIUoUpteMRQbmU5vbQOqGO9JWRjkrpUbeqCIKjfZl2peBI3LKXV/EcmztN40
NWb6bSnJ46kmpKR3oVpiKH3efSE8pQy1nxNMfywGXQBVK29U1eqKrZDkCcxUoOR/
A1Q+YrF5p0n7uaIULKw/G50TnSofRzTYPLIgP0vCAv9omTUMoeU5AHgWCUgcjAaM
z8Ztl9ZrbLTt
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:36:11 2025 by rpki-client