Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/0WED1QltM3WO5oE7shkXjBns7_w.roa
File:                     0WED1QltM3WO5oE7shkXjBns7_w.roa (raw, json)
Hash identifier:          LFI0+E6nv1ixYpC9dVTZK+S6453vLWQJaWTt6x3khoM=
Subject key identifier:   D1:61:03:D5:09:6D:33:75:8E:E6:81:3B:B2:19:17:8C:19:EC:EF:FC
Certificate issuer:       /CN=7913f8c13ba8290f60da63ba89e935b275893adb
Certificate serial:       0190CD572611EC89230F0AE9127DE74BB13A
Authority key identifier: 79:13:F8:C1:3B:A8:29:0F:60:DA:63:BA:89:E9:35:B2:75:89:3A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/0WED1QltM3WO5oE7shkXjBns7_w.roa
Signing time:             Fri 19 Jul 2024 23:32:38 +0000
ROA not before:           Fri 19 Jul 2024 23:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.78.200.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cd:57:26:11:ec:89:23:0f:0a:e9:12:7d:e7:4b:b1:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7913f8c13ba8290f60da63ba89e935b275893adb
        Validity
            Not Before: Jul 19 23:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d16103d5096d33758ee6813bb219178c19eceffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f6:ea:43:68:b9:49:67:93:71:06:1f:98:0c:
                    eb:26:bf:f0:38:47:48:57:1d:e3:5b:2f:ee:3a:22:
                    8f:d0:ca:a3:d4:14:33:b3:11:39:df:a8:d9:f8:c1:
                    50:36:82:3c:9b:e8:86:98:14:39:6a:12:40:a6:08:
                    ab:99:12:d2:da:96:6d:43:95:ea:c3:91:53:9d:d0:
                    de:e8:c7:c2:3e:9d:c7:1a:9b:39:6d:5e:a1:fc:a1:
                    67:f9:21:90:c7:da:f5:6e:ae:4a:39:5e:00:4c:7c:
                    1d:8e:51:23:f9:03:2f:8d:a6:6e:51:a4:12:15:34:
                    0e:cb:d3:01:0c:6c:f2:f9:65:7b:92:2d:f5:5d:b2:
                    eb:90:92:a7:11:e6:94:3c:c9:7d:ac:42:0e:c9:05:
                    eb:d7:62:0d:66:1e:25:f7:70:02:88:40:3e:fc:e1:
                    3c:47:0b:0b:47:1f:07:fb:e9:86:a7:0f:8a:e0:2b:
                    8b:92:39:3e:37:1c:12:b1:41:b7:18:63:05:1d:07:
                    aa:1a:b5:5f:e7:d1:8a:58:a2:77:b6:3c:9d:17:2d:
                    10:35:72:38:fc:e7:49:ef:4c:d7:2e:47:52:6c:c5:
                    35:89:f4:42:b0:d4:df:dd:28:0b:63:55:de:71:77:
                    55:74:7f:a6:ee:bc:8e:53:b2:73:c6:1b:f2:96:ff:
                    c6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:61:03:D5:09:6D:33:75:8E:E6:81:3B:B2:19:17:8C:19:EC:EF:FC
            X509v3 Authority Key Identifier:
                keyid:79:13:F8:C1:3B:A8:29:0F:60:DA:63:BA:89:E9:35:B2:75:89:3A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/0WED1QltM3WO5oE7shkXjBns7_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:20:84:bf:56:3c:6f:94:ca:3d:20:c0:35:3f:4e:53:66:7f:
         73:6a:3c:01:1c:a2:c4:e5:ee:08:7e:5e:ad:fa:7c:6d:66:61:
         23:ac:3a:29:93:f1:f2:e2:df:cb:0c:d5:df:bc:18:c1:ad:a1:
         3d:6e:28:37:93:fa:9e:58:06:75:86:8d:8c:45:61:6e:7b:1d:
         c3:35:31:8d:21:60:6c:d9:82:c3:d3:ac:dc:76:43:27:9d:d4:
         1a:e3:c4:3d:02:bf:fb:58:97:52:5a:69:07:2e:5f:f4:a1:3b:
         9a:aa:06:08:5d:ca:2c:ac:8d:38:50:a5:78:1f:78:b9:06:9e:
         ea:1a:a8:7d:ad:aa:26:21:13:c9:10:e3:a8:d0:70:55:6a:9c:
         7a:f8:ac:12:15:b0:e4:04:e5:b6:96:94:63:c3:69:77:50:84:
         41:ae:fc:ba:f9:e4:43:ee:f7:ee:04:99:f2:98:de:74:c9:0e:
         1d:ac:70:64:43:b4:6f:f3:cf:80:d2:17:89:99:6c:73:a7:e6:
         93:4f:b4:fb:08:71:9f:e0:63:33:15:07:e9:8e:a4:8d:ae:06:
         b6:05:e0:2c:6e:51:1a:de:6c:c9:59:01:4d:4f:cc:18:2b:1c:
         e4:58:cb:8b:47:d9:ed:71:09:60:14:16:2c:cb:0c:7f:93:53:
         03:db:a6:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDNVyYR7IkjDwrpEn3nS7E6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTNmOGMxM2JhODI5MGY2MGRhNjNiYTg5ZTkzNWIyNzU4
OTNhZGIwHhcNMjQwNzE5MjMzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTYxMDNkNTA5NmQzMzc1OGVlNjgxM2JiMjE5MTc4YzE5ZWNlZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPbqQ2i5SWeTcQYfmAzrJr/wOEdI
Vx3jWy/uOiKP0Mqj1BQzsxE536jZ+MFQNoI8m+iGmBQ5ahJApgirmRLS2pZtQ5Xq
w5FTndDe6MfCPp3HGps5bV6h/KFn+SGQx9r1bq5KOV4ATHwdjlEj+QMvjaZuUaQS
FTQOy9MBDGzy+WV7ki31XbLrkJKnEeaUPMl9rEIOyQXr12INZh4l93ACiEA+/OE8
RwsLRx8H++mGpw+K4CuLkjk+NxwSsUG3GGMFHQeqGrVf59GKWKJ3tjydFy0QNXI4
/OdJ70zXLkdSbMU1ifRCsNTf3SgLY1XecXdVdH+m7ryOU7Jzxhvylv/GTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFhA9UJbTN1juaBO7IZF4wZ7O/8MB8GA1UdIwQY
MBaAFHkT+ME7qCkPYNpjuonpNbJ1iTrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJQNHdUdW9LUTlnMm1PNmllazFzbldKT3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jZTFjOTktMGFiZS00Mjc3LWFjYTIt
ZmUxY2YzMDhhMDA4LzEvMFdFRDFRbHRNM1dPNW9FN3Noa1hqQm5zN193LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jZTFjOTktMGFiZS00Mjc3LWFjYTItZmUxY2YzMDhhMDA4
LzEvZVJQNHdUdW9LUTlnMm1PNmllazFzbldKT3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuU7IMA0G
CSqGSIb3DQEBCwUAA4IBAQAQIIS/VjxvlMo9IMA1P05TZn9zajwBHKLE5e4Ifl6t
+nxtZmEjrDopk/Hy4t/LDNXfvBjBraE9big3k/qeWAZ1ho2MRWFuex3DNTGNIWBs
2YLD06zcdkMnndQa48Q9Ar/7WJdSWmkHLl/0oTuaqgYIXcosrI04UKV4H3i5Bp7q
Gqh9raomIRPJEOOo0HBVapx6+KwSFbDkBOW2lpRjw2l3UIRBrvy6+eRD7vfuBJny
mN50yQ4drHBkQ7Rv88+A0heJmWxzp+aTT7T7CHGf4GMzFQfpjqSNrga2BeAsblEa
3mzJWQFNT8wYKxzkWMuLR9ntcQlgFBYsywx/k1MD26bH
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:34:31 2024 by rpki-client on console-fra.rpki-client.org