Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/WaS6M2hhcTNRLCEtQDDcjBHJ_7A.roa
File:                     WaS6M2hhcTNRLCEtQDDcjBHJ_7A.roa (raw, json)
Hash identifier:          kH4kudVYtsIGlmaiMJBrP/8zibEZ4/EipTi76iPNPKU=
Subject key identifier:   59:A4:BA:33:68:61:71:33:51:2C:21:2D:40:30:DC:8C:11:C9:FF:B0
Certificate issuer:       /CN=ab1c800aa1b78a17a43e19fd9938355d0411e94a
Certificate serial:       018CC50043212A082652FEA6D8F4CDBC9502
Authority key identifier: AB:1C:80:0A:A1:B7:8A:17:A4:3E:19:FD:99:38:35:5D:04:11:E9:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qxyACqG3ihekPhn9mTg1XQQR6Uo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/WaS6M2hhcTNRLCEtQDDcjBHJ_7A.roa
Signing time:             Mon 01 Jan 2024 12:29:37 +0000
ROA not before:           Mon 01 Jan 2024 12:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21182
IP address blocks:        217.173.192.0/21 maxlen: 21
                          217.173.200.0/23 maxlen: 23
                          217.173.206.0/23 maxlen: 23
                          185.178.158.0/24 maxlen: 24
                          185.178.156.0/23 maxlen: 23
                          185.178.156.0/22 maxlen: 22
                          2a04:9440::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/qxyACqG3ihekPhn9mTg1XQQR6Uo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/qxyACqG3ihekPhn9mTg1XQQR6Uo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qxyACqG3ihekPhn9mTg1XQQR6Uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:43:21:2a:08:26:52:fe:a6:d8:f4:cd:bc:95:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab1c800aa1b78a17a43e19fd9938355d0411e94a
        Validity
            Not Before: Jan  1 12:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59a4ba3368617133512c212d4030dc8c11c9ffb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bd:14:e5:4a:16:30:ab:51:7c:6f:00:e5:06:
                    28:04:61:e9:0c:7d:71:d4:49:d8:23:b5:30:41:d2:
                    21:c7:99:e8:e2:7e:f2:de:7c:3c:96:73:f6:ac:17:
                    36:f5:05:e3:dd:21:89:eb:52:a7:08:27:08:05:c0:
                    26:cc:1f:bd:fb:a1:e0:1e:a3:a3:96:63:fe:a6:6a:
                    21:7b:d9:78:15:35:e4:76:bf:52:87:6c:58:48:4b:
                    cd:fd:a9:1d:16:66:e7:5e:2a:cb:a1:42:5e:4d:00:
                    cf:69:23:9e:d6:44:4e:30:37:f0:a7:f3:a5:61:8a:
                    6a:b1:5b:6b:da:ff:56:3b:d1:b8:eb:3d:44:e6:e8:
                    4c:1e:5b:33:3c:81:26:4e:2c:11:19:ea:24:4e:25:
                    55:d2:fa:c9:c2:06:58:98:ef:5a:60:76:4e:24:92:
                    5c:d6:67:4a:17:04:2a:21:d1:22:84:d3:fa:05:8b:
                    3e:65:4b:03:ad:74:25:98:0e:ec:15:0b:92:2c:77:
                    8c:c1:38:57:ca:52:bc:bc:04:c5:1d:ea:7f:4a:e9:
                    82:1c:5c:a2:55:4a:b2:95:e6:f8:71:ee:5c:e3:c6:
                    14:3d:bf:d8:f1:29:13:4b:ce:00:55:de:80:a7:46:
                    6e:e3:2c:0e:43:1c:1f:da:92:84:92:b1:00:0e:c7:
                    17:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A4:BA:33:68:61:71:33:51:2C:21:2D:40:30:DC:8C:11:C9:FF:B0
            X509v3 Authority Key Identifier:
                keyid:AB:1C:80:0A:A1:B7:8A:17:A4:3E:19:FD:99:38:35:5D:04:11:E9:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qxyACqG3ihekPhn9mTg1XQQR6Uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/WaS6M2hhcTNRLCEtQDDcjBHJ_7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1b1ca0-bbf2-4419-8a0c-50cbcb5b19c2/1/qxyACqG3ihekPhn9mTg1XQQR6Uo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.156.0/22
                  217.173.192.0-217.173.201.255
                  217.173.206.0/23
                IPv6:
                  2a04:9440::/30

    Signature Algorithm: sha256WithRSAEncryption
         5b:30:46:48:9e:64:d5:99:d1:7a:53:8d:f6:23:5a:3f:f5:a3:
         f8:bc:5d:4e:31:09:3e:e6:ac:4e:eb:fe:e0:f9:bd:8b:c2:e5:
         65:c1:82:0c:fb:53:05:eb:35:4a:2f:b7:96:ee:bc:c5:42:e4:
         27:3a:3b:b2:55:fc:86:79:d3:68:54:4b:78:9b:63:81:73:db:
         94:52:9c:d5:6b:21:18:56:15:48:c3:cd:cb:55:f7:3a:2d:b9:
         15:20:df:b0:22:37:95:d5:65:4c:b5:be:cb:8c:cc:5e:ef:49:
         ff:ce:7b:61:ec:fc:0b:14:17:8b:14:3c:ba:99:ff:76:62:ff:
         e2:f2:69:3c:46:31:f2:55:a1:9a:c6:08:01:1c:77:b9:20:1c:
         09:fc:e5:69:7b:c3:9e:3d:b5:df:c5:40:43:87:fa:fd:ad:0d:
         69:d4:98:8c:1e:00:0b:47:7c:e0:44:60:87:68:b0:74:16:12:
         b2:d6:62:e7:e7:cf:5f:b1:7b:95:bc:49:4e:52:92:3e:bd:76:
         e7:33:28:2b:d3:6f:1e:ab:31:60:cb:48:5e:5f:d9:78:d6:38:
         d4:7e:34:79:54:e5:78:7a:9e:b2:de:71:13:e3:95:2e:8b:c2:
         e9:fa:b4:2d:b4:ef:92:12:fd:d4:69:2f:47:44:94:59:1e:6d:
         a4:a8:9d:eb
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzFAEMhKggmUv6m2PTNvJUCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWM4MDBhYTFiNzhhMTdhNDNlMTlmZDk5MzgzNTVkMDQx
MWU5NGEwHhcNMjQwMTAxMTIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWE0YmEzMzY4NjE3MTMzNTEyYzIxMmQ0MDMwZGM4YzExYzlmZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoL0U5UoWMKtRfG8A5QYoBGHpDH1x
1EnYI7UwQdIhx5no4n7y3nw8lnP2rBc29QXj3SGJ61KnCCcIBcAmzB+9+6HgHqOj
lmP+pmohe9l4FTXkdr9Sh2xYSEvN/akdFmbnXirLoUJeTQDPaSOe1kROMDfwp/Ol
YYpqsVtr2v9WO9G46z1E5uhMHlszPIEmTiwRGeokTiVV0vrJwgZYmO9aYHZOJJJc
1mdKFwQqIdEihNP6BYs+ZUsDrXQlmA7sFQuSLHeMwThXylK8vATFHep/SumCHFyi
VUqyleb4ce5c48YUPb/Y8SkTS84AVd6Ap0Zu4ywOQxwf2pKEkrEADscXKQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFFmkujNoYXEzUSwhLUAw3IwRyf+wMB8GA1UdIwQY
MBaAFKscgAqht4oXpD4Z/Zk4NV0EEelKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXh5QUNxRzNpaGVrUGhuOW1UZzFYUVFSNlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8xYjFjYTAtYmJmMi00NDE5LThhMGMt
NTBjYmNiNWIxOWMyLzEvV2FTNk0yaGhjVE5STENFdFFERGNqQkhKXzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8xYjFjYTAtYmJmMi00NDE5LThhMGMtNTBjYmNiNWIxOWMy
LzEvcXh5QUNxRzNpaGVrUGhuOW1UZzFYUVFSNlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQCubKcMAwD
BAbZrcADBAHZrcgDBAHZrc4wDQQCAAIwBwMFAioElEAwDQYJKoZIhvcNAQELBQAD
ggEBAFswRkieZNWZ0XpTjfYjWj/1o/i8XU4xCT7mrE7r/uD5vYvC5WXBggz7UwXr
NUovt5buvMVC5Cc6O7JV/IZ502hUS3ibY4Fz25RSnNVrIRhWFUjDzctV9zotuRUg
37AiN5XVZUy1vsuMzF7vSf/Oe2Hs/AsUF4sUPLqZ/3Zi/+LyaTxGMfJVoZrGCAEc
d7kgHAn85Wl7w549td/FQEOH+v2tDWnUmIweAAtHfOBEYIdosHQWErLWYufnz1+x
e5W8SU5Skj69duczKCvTbx6rMWDLSF5f2XjWONR+NHlU5Xh6nrLecRPjlS6Lwun6
tC2075IS/dRpL0dElFkebaSones=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:41:55 2024 by rpki-client on console-ams.rpki-client.org