Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/WfJaksAmXQQrDdzFH5nfx_2oTt8.roa
File:                     WfJaksAmXQQrDdzFH5nfx_2oTt8.roa (raw, json)
Hash identifier:          brNkwfutAXrSL8oQrUP2lzeSp9whMU3NCAB1wqUX96o=
Subject key identifier:   59:F2:5A:92:C0:26:5D:04:2B:0D:DC:C5:1F:99:DF:C7:FD:A8:4E:DF
Certificate issuer:       /CN=351c7b5607c536657fd5748f6f65b24ac12eb17d
Certificate serial:       018CC6B7C95D95D7320C19D32DE1F893CFCA
Authority key identifier: 35:1C:7B:56:07:C5:36:65:7F:D5:74:8F:6F:65:B2:4A:C1:2E:B1:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRx7VgfFNmV_1XSPb2WySsEusX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/WfJaksAmXQQrDdzFH5nfx_2oTt8.roa
Signing time:             Mon 01 Jan 2024 20:29:42 +0000
ROA not before:           Mon 01 Jan 2024 20:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        146.19.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/NRx7VgfFNmV_1XSPb2WySsEusX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/NRx7VgfFNmV_1XSPb2WySsEusX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRx7VgfFNmV_1XSPb2WySsEusX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c9:5d:95:d7:32:0c:19:d3:2d:e1:f8:93:cf:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351c7b5607c536657fd5748f6f65b24ac12eb17d
        Validity
            Not Before: Jan  1 20:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59f25a92c0265d042b0ddcc51f99dfc7fda84edf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0d:e3:17:09:45:49:77:88:ae:6b:d5:07:04:
                    55:cc:66:9b:69:70:b8:55:b1:d3:f1:5b:d1:cd:27:
                    0d:fa:8b:a3:19:fa:36:9b:42:37:85:11:26:9f:a9:
                    31:0a:d6:f7:bc:af:84:95:da:d3:1e:d0:ce:b5:de:
                    09:31:df:0e:1d:7e:29:c0:34:27:94:81:4a:ec:3b:
                    93:17:a2:41:17:8f:46:cc:7d:61:fa:49:73:c5:f8:
                    68:52:db:72:7b:70:d2:e0:d6:66:32:6a:f7:4c:74:
                    21:70:2d:11:67:ff:d3:08:c6:ea:aa:9a:ac:15:79:
                    5d:a2:00:ed:f9:c0:95:a1:25:7a:bb:2e:89:39:5b:
                    ad:dd:ed:cc:cc:62:c5:75:7b:d6:f1:36:98:79:55:
                    45:a8:56:49:ca:68:7a:17:cb:10:9b:d4:9c:c0:c2:
                    a0:d7:9e:b1:77:d6:c5:d6:e4:35:4a:97:f3:e4:07:
                    bd:f5:a9:fc:36:d8:27:4d:e9:8a:9f:09:4f:05:95:
                    b4:7e:38:a3:ae:65:9f:02:71:3c:cb:72:81:c0:8c:
                    2f:69:61:89:6b:73:9a:49:5d:1b:d1:62:ee:ca:a9:
                    a6:e8:1f:ad:1d:6d:ac:1f:9e:d3:ee:35:25:8b:f4:
                    2c:0a:7e:e8:21:84:3d:82:fa:54:f2:85:f6:54:b9:
                    92:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F2:5A:92:C0:26:5D:04:2B:0D:DC:C5:1F:99:DF:C7:FD:A8:4E:DF
            X509v3 Authority Key Identifier:
                keyid:35:1C:7B:56:07:C5:36:65:7F:D5:74:8F:6F:65:B2:4A:C1:2E:B1:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRx7VgfFNmV_1XSPb2WySsEusX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/WfJaksAmXQQrDdzFH5nfx_2oTt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/NRx7VgfFNmV_1XSPb2WySsEusX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:4c:56:1b:9b:6e:a0:03:20:31:a1:42:8a:d0:7a:6d:0f:9f:
         92:9e:44:70:98:12:70:2a:8c:2e:f3:21:9b:af:dc:ff:6b:e6:
         ae:f1:26:cc:e3:5f:7f:76:ee:e5:17:c0:bb:d2:9b:3b:06:7c:
         e0:61:74:31:95:83:25:6f:ae:d9:55:28:1c:f3:41:1d:e6:9f:
         57:c6:3f:b2:e4:dd:bf:02:9e:7a:a3:e6:f0:be:3e:12:d0:48:
         81:d9:b7:e4:66:8b:df:d8:97:43:46:db:2a:c2:cf:ee:75:d1:
         e3:67:bd:fd:cc:14:40:ab:e5:82:86:ac:68:e4:c5:8b:1c:00:
         a5:04:6e:73:50:6f:76:7a:5b:d7:de:73:4c:9e:ad:1c:0e:fd:
         b3:d9:b9:c7:4c:65:9a:8e:2c:c2:0d:b4:30:19:25:c3:f3:2f:
         1a:e7:ca:12:d8:60:b4:74:09:9b:16:02:56:c1:e2:a6:66:98:
         f7:50:08:e8:b2:eb:cf:ad:d3:f5:72:e1:9f:81:51:55:d9:88:
         7c:b9:c3:01:94:2b:f4:d3:59:dd:15:ce:96:c2:42:09:ae:0b:
         56:15:5f:da:c0:34:47:d1:91:16:5e:82:c2:b1:db:f6:60:5a:
         99:00:45:1e:0e:e8:fc:7b:d6:78:21:0e:bb:6c:f6:04:b8:6a:
         f5:58:12:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt8ldldcyDBnTLeH4k8/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWM3YjU2MDdjNTM2NjU3ZmQ1NzQ4ZjZmNjViMjRhYzEy
ZWIxN2QwHhcNMjQwMTAxMjAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWYyNWE5MmMwMjY1ZDA0MmIwZGRjYzUxZjk5ZGZjN2ZkYTg0ZWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvw3jFwlFSXeIrmvVBwRVzGabaXC4
VbHT8VvRzScN+oujGfo2m0I3hREmn6kxCtb3vK+EldrTHtDOtd4JMd8OHX4pwDQn
lIFK7DuTF6JBF49GzH1h+klzxfhoUttye3DS4NZmMmr3THQhcC0RZ//TCMbqqpqs
FXldogDt+cCVoSV6uy6JOVut3e3MzGLFdXvW8TaYeVVFqFZJymh6F8sQm9ScwMKg
156xd9bF1uQ1Spfz5Ae99an8NtgnTemKnwlPBZW0fjijrmWfAnE8y3KBwIwvaWGJ
a3OaSV0b0WLuyqmm6B+tHW2sH57T7jUli/QsCn7oIYQ9gvpU8oX2VLmSVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnyWpLAJl0EKw3cxR+Z38f9qE7fMB8GA1UdIwQY
MBaAFDUce1YHxTZlf9V0j29lskrBLrF9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJ4N1ZnZkZObVZfMVhTUGIyV3lTc0V1c1gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jMWZmMjEtNWFjMi00ZTUwLTkzNmMt
NjUxNzA3YzkxZmQzLzEvV2ZKYWtzQW1YUVFyRGR6Rkg1bmZ4XzJvVHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jMWZmMjEtNWFjMi00ZTUwLTkzNmMtNjUxNzA3YzkxZmQz
LzEvTlJ4N1ZnZkZObVZfMVhTUGIyV3lTc0V1c1gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhO/MA0G
CSqGSIb3DQEBCwUAA4IBAQAaTFYbm26gAyAxoUKK0HptD5+SnkRwmBJwKowu8yGb
r9z/a+au8SbM419/du7lF8C70ps7BnzgYXQxlYMlb67ZVSgc80Ed5p9Xxj+y5N2/
Ap56o+bwvj4S0EiB2bfkZovf2JdDRtsqws/uddHjZ739zBRAq+WChqxo5MWLHACl
BG5zUG92elvX3nNMnq0cDv2z2bnHTGWajizCDbQwGSXD8y8a58oS2GC0dAmbFgJW
weKmZpj3UAjosuvPrdP1cuGfgVFV2Yh8ucMBlCv001ndFc6WwkIJrgtWFV/awDRH
0ZEWXoLCsdv2YFqZAEUeDuj8e9Z4IQ67bPYEuGr1WBJA
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:42:54 2024 by rpki-client on console-ams.rpki-client.org