Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/a39496-99a1-4c18-94a3-c170c65f0938/1/wStZK4JZWodTa8QJ27lZey8VOZk.roa
File:                     wStZK4JZWodTa8QJ27lZey8VOZk.roa (raw, json)
Hash identifier:          M5R4ouVoFcf9NfDVJpf1ocBgYj+iPRvbg122A3j7Pos=
Subject key identifier:   C1:2B:59:2B:82:59:5A:87:53:6B:C4:09:DB:B9:59:7B:2F:15:39:99
Certificate issuer:       /CN=e5484ab7509bcbbda351e200091742d43366b347
Certificate serial:       018CCA96CC5D6C56245DEE864BC263EB74DC
Authority key identifier: E5:48:4A:B7:50:9B:CB:BD:A3:51:E2:00:09:17:42:D4:33:66:B3:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5UhKt1Cby72jUeIACRdC1DNms0c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/a39496-99a1-4c18-94a3-c170c65f0938/1/wStZK4JZWodTa8QJ27lZey8VOZk.roa
Signing time:             Tue 02 Jan 2024 14:32:09 +0000
ROA not before:           Tue 02 Jan 2024 14:32:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42394
IP address blocks:        193.33.85.0/24 maxlen: 24
                          195.62.92.0/23 maxlen: 23
                          195.62.92.0/24 maxlen: 24
                          193.33.84.0/24 maxlen: 24
                          193.33.84.0/23 maxlen: 23
                          193.33.85.240/28 maxlen: 28

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/a39496-99a1-4c18-94a3-c170c65f0938/1/5UhKt1Cby72jUeIACRdC1DNms0c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/a39496-99a1-4c18-94a3-c170c65f0938/1/5UhKt1Cby72jUeIACRdC1DNms0c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5UhKt1Cby72jUeIACRdC1DNms0c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:cc:5d:6c:56:24:5d:ee:86:4b:c2:63:eb:74:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5484ab7509bcbbda351e200091742d43366b347
        Validity
            Not Before: Jan  2 14:32:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c12b592b82595a87536bc409dbb9597b2f153999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:91:fa:55:62:64:c3:e6:6e:3f:06:d4:5b:ac:
                    a0:9c:4d:79:8e:3a:9d:1b:da:d7:c3:bb:2b:68:c5:
                    75:ea:8d:ce:31:64:90:32:c0:2d:f1:23:92:7a:61:
                    02:f2:06:ad:26:7a:9f:34:47:6c:c7:8c:5b:ec:11:
                    28:cd:7d:1c:c1:a8:3b:0d:0c:82:26:df:88:88:8a:
                    ca:a8:79:83:16:45:b4:6b:bd:be:8d:37:f6:4d:37:
                    f0:2a:3a:6f:a0:08:54:62:76:ca:31:27:cb:8f:78:
                    81:9a:88:5c:97:10:fa:b8:dc:2a:9a:bf:86:0c:97:
                    f3:29:2c:cf:aa:2b:ff:19:e2:3e:e2:97:28:f5:e0:
                    b6:a8:70:41:73:3e:dd:93:23:c1:b2:ec:dc:a4:bf:
                    dd:22:0d:21:28:51:00:ca:ed:0c:19:10:b7:0c:2c:
                    22:44:33:75:a1:52:45:d9:99:ce:8e:a5:b8:54:fa:
                    8e:c7:f6:e4:a1:60:e7:fd:34:52:30:ae:4b:e5:93:
                    32:9b:36:bc:67:66:eb:da:93:06:f6:96:e8:88:8b:
                    7b:58:c5:06:bc:55:cd:9a:fb:2d:2b:96:6e:3b:6c:
                    cc:07:8f:2f:65:e2:27:21:e6:87:1b:d5:30:24:02:
                    12:00:ff:c1:c1:35:33:f1:b0:2b:15:74:4d:f1:b6:
                    b5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:2B:59:2B:82:59:5A:87:53:6B:C4:09:DB:B9:59:7B:2F:15:39:99
            X509v3 Authority Key Identifier:
                keyid:E5:48:4A:B7:50:9B:CB:BD:A3:51:E2:00:09:17:42:D4:33:66:B3:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5UhKt1Cby72jUeIACRdC1DNms0c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a39496-99a1-4c18-94a3-c170c65f0938/1/wStZK4JZWodTa8QJ27lZey8VOZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a39496-99a1-4c18-94a3-c170c65f0938/1/5UhKt1Cby72jUeIACRdC1DNms0c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.84.0/23
                  195.62.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:ab:4e:3d:c5:9d:26:96:e8:85:82:54:52:93:cc:c4:14:0c:
         95:69:30:9f:9e:51:91:0a:d1:a3:b5:ca:c4:2d:85:fa:e8:91:
         bc:8d:0e:be:04:9b:f1:c8:44:ff:f0:d1:02:f2:6e:22:ab:40:
         76:ed:94:5d:f3:06:44:ab:ee:59:b1:0f:41:0e:ab:5c:57:db:
         e9:7a:18:73:8f:85:e1:7c:d6:c5:ac:a4:70:5d:51:a3:27:96:
         74:a7:58:33:bb:9a:ed:54:d2:1c:c0:2e:14:cc:f6:c7:bb:b1:
         e8:ac:cc:3b:57:a5:52:d2:82:56:6d:25:35:60:5f:d0:13:6d:
         2d:0c:d2:2f:62:1f:3d:70:09:04:4a:89:6f:1c:0f:a4:a8:c2:
         34:c0:49:0c:16:25:a5:b5:22:05:ce:c4:ed:93:c1:25:b8:ac:
         78:9d:60:d1:bf:c6:b7:94:c8:df:e0:dc:86:95:6b:80:4e:3b:
         09:10:08:0d:3f:13:96:95:ac:62:3c:25:7e:fe:e6:93:5c:b3:
         59:70:ba:20:3b:65:b1:5b:ab:b0:24:27:c2:24:a6:f9:ca:3f:
         94:62:ce:2b:6b:19:d9:39:14:08:13:7f:c0:f0:3d:45:91:b9:
         69:96:65:0b:8e:98:02:4a:be:d5:f5:7a:8d:c4:b6:73:de:48:
         9d:38:5c:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKlsxdbFYkXe6GS8Jj63TcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NDg0YWI3NTA5YmNiYmRhMzUxZTIwMDA5MTc0MmQ0MzM2
NmIzNDcwHhcNMjQwMTAyMTQzMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTJiNTkyYjgyNTk1YTg3NTM2YmM0MDlkYmI5NTk3YjJmMTUzOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5H6VWJkw+ZuPwbUW6ygnE15jjqd
G9rXw7sraMV16o3OMWSQMsAt8SOSemEC8gatJnqfNEdsx4xb7BEozX0cwag7DQyC
Jt+IiIrKqHmDFkW0a72+jTf2TTfwKjpvoAhUYnbKMSfLj3iBmohclxD6uNwqmr+G
DJfzKSzPqiv/GeI+4pco9eC2qHBBcz7dkyPBsuzcpL/dIg0hKFEAyu0MGRC3DCwi
RDN1oVJF2ZnOjqW4VPqOx/bkoWDn/TRSMK5L5ZMymza8Z2br2pMG9pboiIt7WMUG
vFXNmvstK5ZuO2zMB48vZeInIeaHG9UwJAISAP/BwTUz8bArFXRN8ba1BQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMErWSuCWVqHU2vECdu5WXsvFTmZMB8GA1UdIwQY
MBaAFOVISrdQm8u9o1HiAAkXQtQzZrNHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVVoS3QxQ2J5NzJqVWVJQUNSZEMxRE5tczBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hMzk0OTYtOTlhMS00YzE4LTk0YTMt
YzE3MGM2NWYwOTM4LzEvd1N0Wks0SlpXb2RUYThRSjI3bFpleThWT1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hMzk0OTYtOTlhMS00YzE4LTk0YTMtYzE3MGM2NWYwOTM4
LzEvNVVoS3QxQ2J5NzJqVWVJQUNSZEMxRE5tczBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwSFUAwQB
wz5cMA0GCSqGSIb3DQEBCwUAA4IBAQBVq049xZ0mluiFglRSk8zEFAyVaTCfnlGR
CtGjtcrELYX66JG8jQ6+BJvxyET/8NEC8m4iq0B27ZRd8wZEq+5ZsQ9BDqtcV9vp
ehhzj4XhfNbFrKRwXVGjJ5Z0p1gzu5rtVNIcwC4UzPbHu7HorMw7V6VS0oJWbSU1
YF/QE20tDNIvYh89cAkESolvHA+kqMI0wEkMFiWltSIFzsTtk8EluKx4nWDRv8a3
lMjf4NyGlWuATjsJEAgNPxOWlaxiPCV+/uaTXLNZcLogO2WxW6uwJCfCJKb5yj+U
Ys4raxnZORQIE3/A8D1FkblplmULjpgCSr7V9XqNxLZz3kidOFxe
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:53:16 2024 by rpki-client on console-ams.rpki-client.org