Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/W7vY7n_mJIHJai9zoEHf-XDDwJg.roa
File:                     W7vY7n_mJIHJai9zoEHf-XDDwJg.roa (raw, json)
Hash identifier:          MR/eQBw2l/Q/ZrC+IMNQyM+GJcDIRU3l084ETIxnyIA=
Subject key identifier:   5B:BB:D8:EE:7F:E6:24:81:C9:6A:2F:73:A0:41:DF:F9:70:C3:C0:98
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A888E7CB6FF54A0BEA11009111724
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/W7vY7n_mJIHJai9zoEHf-XDDwJg.roa
Signing time:             Mon 01 Jan 2024 18:30:22 +0000
ROA not before:           Mon 01 Jan 2024 18:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207935
IP address blocks:        141.101.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:88:8e:7c:b6:ff:54:a0:be:a1:10:09:11:17:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bbbd8ee7fe62481c96a2f73a041dff970c3c098
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:66:8a:fa:d0:ea:57:46:45:48:54:ca:cb:c6:
                    1b:7c:28:31:86:db:d9:80:df:66:96:4b:91:b6:54:
                    ca:27:91:e8:c7:90:2d:ce:2e:98:52:6f:5f:c3:7b:
                    ad:6c:e6:20:ba:69:55:20:c9:c6:f2:78:61:a8:aa:
                    51:a0:23:3f:3b:11:f4:72:c8:fa:4f:70:0d:5f:7d:
                    1b:97:47:b2:56:73:cc:f4:69:4f:c5:df:9b:20:9e:
                    a9:fa:f7:a8:1e:41:31:f0:59:e2:8f:07:78:81:dd:
                    78:e2:27:17:ba:71:bc:30:da:e6:5b:23:46:e7:5d:
                    aa:d1:a6:18:c9:ce:d2:de:24:6f:bd:6e:da:ec:09:
                    64:25:e0:60:2b:56:b6:b5:15:76:7f:54:d3:8f:97:
                    7c:a6:c7:b5:21:05:ef:b2:13:29:aa:37:5e:9a:9e:
                    7d:2e:6a:e7:e8:49:ca:3f:60:69:6f:42:32:de:17:
                    de:4a:5f:09:df:c3:56:c2:80:dc:ee:7d:db:e5:d5:
                    9b:ad:36:85:21:43:51:b9:68:bb:74:ba:a5:0d:8d:
                    fe:e2:e3:22:cc:9f:30:5e:cb:7c:b5:9c:92:ea:5a:
                    d9:a6:b6:8f:e3:61:63:c0:bd:55:00:8b:c8:c4:4d:
                    9e:32:bd:0f:ce:18:fb:58:24:f8:23:d6:24:57:08:
                    10:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:BB:D8:EE:7F:E6:24:81:C9:6A:2F:73:A0:41:DF:F9:70:C3:C0:98
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/W7vY7n_mJIHJai9zoEHf-XDDwJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:46:17:33:e5:ea:85:2a:e8:74:7d:a4:37:df:f0:bc:b5:51:
         fa:ee:0f:31:31:16:4f:7a:12:15:b6:cd:1e:04:5c:e5:17:a1:
         7d:fa:cf:aa:e9:93:dd:d2:3e:3c:c3:66:23:fd:c8:00:43:d9:
         a9:3d:14:41:4e:3d:83:67:da:82:5c:9d:aa:02:37:07:58:81:
         6f:15:a7:40:16:96:0b:90:e9:7a:71:95:25:4c:eb:cc:ab:bd:
         56:33:c8:be:1f:de:62:f6:e4:74:ec:d2:fb:7d:1d:4c:b1:2c:
         8b:01:74:e4:10:89:15:0f:86:55:8c:d0:f2:c0:f7:9c:90:3b:
         59:0d:e5:1a:8d:ad:13:85:71:79:c4:e7:dd:e9:69:69:b6:cb:
         9d:dc:b3:46:8b:37:be:27:82:f6:67:42:39:c4:c4:1f:04:51:
         f8:96:07:e5:80:e7:d0:3b:7e:2b:9c:9c:51:d2:1e:3c:39:eb:
         d7:d7:a4:03:ce:aa:c9:4f:9f:98:66:f1:3b:64:30:8b:53:f0:
         63:e1:b6:68:38:30:f0:2a:c5:a0:87:3d:f8:42:34:37:bc:32:
         d0:21:36:0e:42:77:f9:00:71:c3:3c:2d:cb:95:a5:26:43:5d:
         44:7e:1c:a9:f9:ee:57:15:28:c9:3e:d0:a2:7d:7f:ea:9a:b4:
         cf:80:04:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSoiOfLb/VKC+oRAJERckMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmJiZDhlZTdmZTYyNDgxYzk2YTJmNzNhMDQxZGZmOTcwYzNjMDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0maK+tDqV0ZFSFTKy8YbfCgxhtvZ
gN9mlkuRtlTKJ5Hox5Atzi6YUm9fw3utbOYgumlVIMnG8nhhqKpRoCM/OxH0csj6
T3ANX30bl0eyVnPM9GlPxd+bIJ6p+veoHkEx8Fnijwd4gd144icXunG8MNrmWyNG
512q0aYYyc7S3iRvvW7a7AlkJeBgK1a2tRV2f1TTj5d8pse1IQXvshMpqjdemp59
Lmrn6EnKP2Bpb0Iy3hfeSl8J38NWwoDc7n3b5dWbrTaFIUNRuWi7dLqlDY3+4uMi
zJ8wXst8tZyS6lrZpraP42FjwL1VAIvIxE2eMr0Pzhj7WCT4I9YkVwgQsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFu72O5/5iSByWovc6BB3/lww8CYMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvVzd2WTduX21KSUhKYWk5em9FSGYtWEREd0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWXdMA0G
CSqGSIb3DQEBCwUAA4IBAQCCRhcz5eqFKuh0faQ33/C8tVH67g8xMRZPehIVts0e
BFzlF6F9+s+q6ZPd0j48w2Yj/cgAQ9mpPRRBTj2DZ9qCXJ2qAjcHWIFvFadAFpYL
kOl6cZUlTOvMq71WM8i+H95i9uR07NL7fR1MsSyLAXTkEIkVD4ZVjNDywPeckDtZ
DeUaja0ThXF5xOfd6Wlptsud3LNGize+J4L2Z0I5xMQfBFH4lgflgOfQO34rnJxR
0h48OevX16QDzqrJT5+YZvE7ZDCLU/Bj4bZoODDwKsWghz34QjQ3vDLQITYOQnf5
AHHDPC3LlaUmQ11Efhyp+e5XFSjJPtCifX/qmrTPgATA
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:50:17 2024 by rpki-client on console-fra.rpki-client.org