Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/WaMvAQ3HpY8SfvH6W2HVJ5IIzyc.roa
File:                     WaMvAQ3HpY8SfvH6W2HVJ5IIzyc.roa (raw, json)
Hash identifier:          j3qcUnAqgZLZeEMnE+nQU6YjXiqwOvXDWCTuJ+NcWio=
Subject key identifier:   59:A3:2F:01:0D:C7:A5:8F:12:7E:F1:FA:5B:61:D5:27:92:08:CF:27
Certificate issuer:       /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial:       018CC425536DBBB369ACC43C2A2CEAD28B5D
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/WaMvAQ3HpY8SfvH6W2HVJ5IIzyc.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33902
IP address blocks:        217.172.16.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:53:6d:bb:b3:69:ac:c4:3c:2a:2c:ea:d2:8b:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59a32f010dc7a58f127ef1fa5b61d5279208cf27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:74:48:88:4e:61:1c:bb:fe:7c:ec:6b:89:1e:
                    14:f3:42:9b:f0:5a:8e:62:c5:15:7c:a3:41:c3:6d:
                    80:20:cb:ee:40:c0:c9:cf:ee:57:15:4c:59:61:72:
                    c6:87:35:9c:19:7d:9d:67:9d:83:bc:08:62:77:9d:
                    c9:ce:da:fe:7a:32:86:1a:e1:63:31:f9:2b:d5:84:
                    a7:a4:af:ed:ce:0b:46:80:ac:c9:1a:00:99:aa:40:
                    72:2d:a6:94:15:8d:20:cf:90:66:9a:02:8d:a5:7d:
                    a0:aa:b7:78:31:a2:fd:b5:d9:e9:e0:f4:39:00:75:
                    59:51:32:a4:95:8d:3b:78:e1:81:18:b3:8e:b4:bf:
                    23:5d:b6:fc:8d:69:e8:24:38:20:a3:a0:93:7a:84:
                    07:7e:97:5b:df:d9:10:94:ab:6b:8e:7c:6b:f0:da:
                    26:f9:5c:ae:34:38:0d:18:b1:4b:47:21:51:77:be:
                    a2:d3:82:e8:75:62:77:a9:99:85:b3:2c:cc:7b:ac:
                    cc:32:dc:12:ec:28:45:81:73:76:cd:7b:c5:b2:ab:
                    5d:52:cb:4e:c7:2c:c1:58:8d:61:be:ef:ac:bc:46:
                    e7:a1:a0:0d:84:7a:d8:29:28:de:76:0e:00:4b:9a:
                    4c:9e:db:01:fd:30:11:41:e4:d8:22:44:9a:4d:24:
                    3c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A3:2F:01:0D:C7:A5:8F:12:7E:F1:FA:5B:61:D5:27:92:08:CF:27
            X509v3 Authority Key Identifier:
                keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/WaMvAQ3HpY8SfvH6W2HVJ5IIzyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.172.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         82:e5:49:39:28:73:c7:58:4e:7e:f8:f4:ba:ba:49:44:d1:13:
         14:8c:b8:a1:41:6c:cd:b6:04:e2:2a:53:a8:58:c1:03:a2:77:
         93:4c:da:75:b3:d4:43:e8:57:dd:ca:13:ae:f2:97:b5:32:3d:
         55:7b:ba:44:90:ab:1b:80:7f:c6:d0:57:e3:f6:d7:ab:0d:c7:
         91:02:16:c1:88:11:e9:d3:d7:b1:cd:54:cf:75:10:67:e1:14:
         4c:2d:e7:32:6e:98:5e:d8:98:57:41:0c:4a:34:5e:6e:b4:da:
         88:f4:df:d7:fc:ed:ee:8e:a0:55:3f:cf:fb:85:c1:f5:85:a0:
         1a:2b:29:8e:c4:70:60:88:01:5c:23:e3:51:fd:0c:fb:01:89:
         c9:a8:ab:eb:2d:67:f4:3e:48:62:ff:e6:01:0f:31:87:00:05:
         20:33:76:56:40:64:c9:11:80:c4:8f:e2:af:89:1a:25:13:32:
         95:1b:b0:f7:9e:ed:0b:55:05:8a:55:21:27:fc:32:14:d4:21:
         fa:8c:c3:81:6a:c2:c0:fc:61:3c:6c:76:44:46:24:cb:28:cb:
         f1:42:15:64:12:1c:c6:2a:e1:60:fd:b9:26:7b:b9:20:65:23:
         8a:fa:a8:92:42:65:3f:5b:43:a6:bc:10:ab:32:92:d3:ec:51:
         50:04:a9:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVNtu7NprMQ8Kizq0otdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWEzMmYwMTBkYzdhNThmMTI3ZWYxZmE1YjYxZDUyNzkyMDhjZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3RIiE5hHLv+fOxriR4U80Kb8FqO
YsUVfKNBw22AIMvuQMDJz+5XFUxZYXLGhzWcGX2dZ52DvAhid53Jztr+ejKGGuFj
Mfkr1YSnpK/tzgtGgKzJGgCZqkByLaaUFY0gz5BmmgKNpX2gqrd4MaL9tdnp4PQ5
AHVZUTKklY07eOGBGLOOtL8jXbb8jWnoJDggo6CTeoQHfpdb39kQlKtrjnxr8Nom
+VyuNDgNGLFLRyFRd76i04LodWJ3qZmFsyzMe6zMMtwS7ChFgXN2zXvFsqtdUstO
xyzBWI1hvu+svEbnoaANhHrYKSjedg4AS5pMntsB/TARQeTYIkSaTSQ8cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmjLwENx6WPEn7x+lth1SeSCM8nMB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvV2FNdkFRM0hwWThTZnZINlcySFZKNUlJenljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2awQMA0G
CSqGSIb3DQEBCwUAA4IBAQCC5Uk5KHPHWE5++PS6uklE0RMUjLihQWzNtgTiKlOo
WMEDoneTTNp1s9RD6FfdyhOu8pe1Mj1Ve7pEkKsbgH/G0Ffj9terDceRAhbBiBHp
09exzVTPdRBn4RRMLecybphe2JhXQQxKNF5utNqI9N/X/O3ujqBVP8/7hcH1haAa
KymOxHBgiAFcI+NR/Qz7AYnJqKvrLWf0Pkhi/+YBDzGHAAUgM3ZWQGTJEYDEj+Kv
iRolEzKVG7D3nu0LVQWKVSEn/DIU1CH6jMOBasLA/GE8bHZERiTLKMvxQhVkEhzG
KuFg/bkme7kgZSOK+qiSQmU/W0OmvBCrMpLT7FFQBKnW
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:43:33 2024 by rpki-client on console-ams.rpki-client.org