Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/4v12Gz02UhWJJUp7yl9P1yi1CmM.roa
File:                     4v12Gz02UhWJJUp7yl9P1yi1CmM.roa (raw, json)
Hash identifier:          Evaz9l8NFPWN8+JyCK4ZljT+YJnSDbkLGwqQeICJugQ=
Subject key identifier:   E2:FD:76:1B:3D:36:52:15:89:25:4A:7B:CA:5F:4F:D7:28:B5:0A:63
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A7D5E92D1B62D584E41B5C044961A
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/4v12Gz02UhWJJUp7yl9P1yi1CmM.roa
Signing time:             Mon 01 Jan 2024 18:30:19 +0000
ROA not before:           Mon 01 Jan 2024 18:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60062
IP address blocks:        37.230.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:7d:5e:92:d1:b6:2d:58:4e:41:b5:c0:44:96:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2fd761b3d36521589254a7bca5f4fd728b50a63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:9e:c8:db:16:91:e1:77:dc:51:49:38:5a:6a:
                    84:9c:e4:f0:19:f0:75:4b:45:bd:8d:03:2d:28:29:
                    55:26:6d:1f:71:bc:dd:4c:3f:03:f5:d2:fe:82:77:
                    4c:7e:d0:3c:9b:f5:a0:d8:c9:b4:a8:ec:81:05:b7:
                    16:01:4c:65:b2:7a:a3:4c:a7:15:b6:bc:4c:8f:bb:
                    09:4e:f4:29:d2:b5:51:41:5b:70:91:be:13:dc:2d:
                    62:bd:f1:fd:44:25:5a:cf:ef:0f:25:a9:0a:01:0f:
                    44:6f:e3:5e:d1:e6:f1:a1:14:e9:d4:63:ae:fa:c5:
                    26:fe:22:07:43:8a:7e:51:73:05:31:a0:02:b1:fc:
                    70:4c:3f:7d:00:52:61:94:6a:51:0b:a9:d3:ca:87:
                    66:f6:9f:19:26:d5:4d:c2:99:9d:00:07:fc:2d:6a:
                    2c:73:f2:30:1a:37:45:88:7c:2c:fe:95:3c:96:d5:
                    7b:c9:56:c5:b0:d5:4d:e5:9f:bb:a2:75:e9:e2:70:
                    ac:fe:66:3d:29:d8:75:cb:05:b7:15:b8:b6:4b:47:
                    6a:e4:ee:10:3c:1f:ce:b6:da:df:c9:07:cf:6c:4c:
                    62:49:c2:45:08:6f:5e:a7:86:86:32:96:6f:1e:31:
                    5f:99:b6:48:04:be:09:02:90:fa:f9:31:9f:39:83:
                    04:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:FD:76:1B:3D:36:52:15:89:25:4A:7B:CA:5F:4F:D7:28:B5:0A:63
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/4v12Gz02UhWJJUp7yl9P1yi1CmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:43:87:5b:58:5b:82:44:c6:a8:a7:60:1a:a1:9f:9d:be:74:
         aa:41:cc:fd:93:6c:96:7e:a8:a1:52:e5:51:42:d5:fd:39:c4:
         9b:cf:5f:8a:a4:ba:f4:94:07:27:96:36:b9:0b:ab:48:b4:68:
         34:0b:16:c1:c0:24:84:b4:8e:e4:7a:ab:df:a6:0b:6f:2f:39:
         fb:60:51:b5:03:2e:a0:a5:35:5b:b6:86:98:cf:2a:df:96:a8:
         08:0b:2f:05:4e:3b:bf:c0:d7:33:a6:cd:4a:b0:1a:45:e1:73:
         ca:5f:a6:d2:38:e3:2f:f4:76:86:7b:35:24:5e:e6:d9:c8:92:
         ea:be:5c:d5:ec:0c:ab:22:85:f5:be:de:3d:70:9a:88:28:d0:
         01:54:c1:16:a9:94:6f:1f:95:75:3c:e9:5e:2b:46:75:a1:d8:
         6b:e5:c1:77:17:63:9e:87:1e:8a:c3:a0:22:71:a8:bd:0e:b3:
         fe:21:30:06:c4:06:13:24:c4:2a:39:2a:5f:c0:65:49:ec:e0:
         93:22:7b:4f:bf:92:6f:b2:f2:24:4a:6f:e6:a4:4a:71:cd:85:
         04:15:54:90:85:e7:ce:af:6d:2e:cf:a1:71:22:46:f5:57:db:
         93:ef:3f:f0:01:f0:a4:d3:b9:a9:2d:8d:7b:ca:98:1c:2c:a4:
         05:11:57:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSn1ektG2LVhOQbXARJYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmZkNzYxYjNkMzY1MjE1ODkyNTRhN2JjYTVmNGZkNzI4YjUwYTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3p7I2xaR4XfcUUk4WmqEnOTwGfB1
S0W9jQMtKClVJm0fcbzdTD8D9dL+gndMftA8m/Wg2Mm0qOyBBbcWAUxlsnqjTKcV
trxMj7sJTvQp0rVRQVtwkb4T3C1ivfH9RCVaz+8PJakKAQ9Eb+Ne0ebxoRTp1GOu
+sUm/iIHQ4p+UXMFMaACsfxwTD99AFJhlGpRC6nTyodm9p8ZJtVNwpmdAAf8LWos
c/IwGjdFiHws/pU8ltV7yVbFsNVN5Z+7onXp4nCs/mY9Kdh1ywW3Fbi2S0dq5O4Q
PB/OttrfyQfPbExiScJFCG9ep4aGMpZvHjFfmbZIBL4JApD6+TGfOYMEJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOL9dhs9NlIViSVKe8pfT9cotQpjMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvNHYxMkd6MDJVaFdKSlVwN3lsOVAxeWkxQ21NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeagMA0G
CSqGSIb3DQEBCwUAA4IBAQCMQ4dbWFuCRMaop2AaoZ+dvnSqQcz9k2yWfqihUuVR
QtX9OcSbz1+KpLr0lAcnlja5C6tItGg0CxbBwCSEtI7keqvfpgtvLzn7YFG1Ay6g
pTVbtoaYzyrflqgICy8FTju/wNczps1KsBpF4XPKX6bSOOMv9HaGezUkXubZyJLq
vlzV7AyrIoX1vt49cJqIKNABVMEWqZRvH5V1POleK0Z1odhr5cF3F2Oehx6Kw6Ai
cai9DrP+ITAGxAYTJMQqOSpfwGVJ7OCTIntPv5JvsvIkSm/mpEpxzYUEFVSQhefO
r20uz6FxIkb1V9uT7z/wAfCk07mpLY17ypgcLKQFEVd1
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:45:12 2024 by rpki-client on console-ams.rpki-client.org