Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/WsWf9GSA4L_JhEW23Ldr1Wm9FnA.roa
File:                     WsWf9GSA4L_JhEW23Ldr1Wm9FnA.roa (raw, json)
Hash identifier:          CoXTuo4ZMfCHvVlTfPlqrWyPXWxX/qX6BmAs6YGhQv4=
Subject key identifier:   5A:C5:9F:F4:64:80:E0:BF:C9:84:45:B6:DC:B7:6B:D5:69:BD:16:70
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214415F37D670217F3891B3F1274630C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/WsWf9GSA4L_JhEW23Ldr1Wm9FnA.roa
Signing time:             Wed 01 Jan 2025 09:48:17 +0000
ROA not before:           Wed 01 Jan 2025 09:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211975
IP address blocks:        82.152.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:15:f3:7d:67:02:17:f3:89:1b:3f:12:74:63:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ac59ff46480e0bfc98445b6dcb76bd569bd1670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:81:d2:c8:fd:4a:d5:57:ee:c5:f2:01:d0:fd:
                    e1:f6:8e:f8:66:d8:b2:3b:e2:f1:ed:c8:13:ad:bd:
                    3b:ae:52:e8:ee:92:8b:d0:0f:23:c1:69:3e:2c:70:
                    72:03:8f:ed:11:58:ae:42:ac:b0:63:2f:52:c1:74:
                    9e:2a:16:8a:01:3b:b0:56:64:d1:07:4c:08:75:ee:
                    2b:c4:7a:45:85:a6:78:1f:ff:d6:a5:69:1d:1f:c9:
                    d3:8f:c4:95:ab:45:5b:c5:23:2d:43:98:04:79:c0:
                    70:19:71:e2:6d:e3:f2:48:51:87:f0:b3:db:d8:16:
                    8b:9a:55:af:01:75:ce:84:92:cc:20:9d:b9:05:e7:
                    86:d0:c8:41:78:36:7d:81:84:f1:1e:e7:ac:73:c7:
                    c3:e2:31:4e:6c:41:bd:3c:c9:68:4c:ee:38:62:af:
                    1a:e7:ab:8d:3f:25:b0:9e:3c:f7:6d:2a:4a:72:24:
                    1b:ec:fa:b1:85:a7:55:86:b4:f9:c6:be:45:5c:d1:
                    a0:55:69:59:74:db:5a:0b:da:83:8a:5c:5a:80:59:
                    6e:ef:47:f5:8e:2f:8b:e1:9d:d6:28:96:9a:c1:9d:
                    42:93:3f:8e:53:65:d4:9f:0c:8b:e0:89:03:f9:13:
                    08:f3:7d:e4:e3:03:d6:1b:29:bb:20:03:9b:45:8b:
                    d7:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:C5:9F:F4:64:80:E0:BF:C9:84:45:B6:DC:B7:6B:D5:69:BD:16:70
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/WsWf9GSA4L_JhEW23Ldr1Wm9FnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:fb:e1:ff:1c:35:0a:53:37:66:2d:c3:8b:d8:52:17:06:81:
         a3:6f:6d:79:bf:72:7c:ef:dd:3c:fd:a2:59:63:70:ff:a1:51:
         56:dd:0b:99:75:e6:d8:91:fb:49:6b:dc:26:55:69:b5:9c:72:
         c2:75:5e:16:10:16:09:71:e4:d7:ed:24:48:90:bf:f7:30:75:
         72:ec:74:be:27:07:4f:6c:2e:46:1b:5e:7d:90:6d:84:a7:e1:
         c3:c6:48:3e:df:2f:e2:8a:e3:e7:b6:57:01:e0:d0:b0:7d:a5:
         91:ae:f3:23:6e:b2:7a:b7:43:65:d2:5c:8c:23:e2:72:30:7f:
         c9:0e:01:7c:6a:26:12:7d:b2:3c:a2:96:9c:91:e7:78:e0:3b:
         fc:62:95:c2:89:dc:ec:30:4e:22:54:28:51:d2:a0:49:91:e8:
         b4:33:4e:4b:64:15:5b:98:e8:02:18:23:85:c5:0f:95:cb:9a:
         78:71:65:79:ba:e2:08:cd:74:60:0b:74:8d:72:37:52:e5:c8:
         21:a3:2d:8e:65:24:2e:bc:fd:8d:c7:1c:a0:df:98:0a:cf:7e:
         cb:39:20:97:16:53:c1:e8:3e:80:90:7b:3b:4b:88:b1:7c:47:
         1a:f9:23:16:07:4c:5a:fc:62:fb:f6:76:58:5c:36:49:ac:c7:
         42:61:d9:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRBXzfWcCF/OJGz8SdGMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWM1OWZmNDY0ODBlMGJmYzk4NDQ1YjZkY2I3NmJkNTY5YmQxNjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IHSyP1K1VfuxfIB0P3h9o74Ztiy
O+Lx7cgTrb07rlLo7pKL0A8jwWk+LHByA4/tEViuQqywYy9SwXSeKhaKATuwVmTR
B0wIde4rxHpFhaZ4H//WpWkdH8nTj8SVq0VbxSMtQ5gEecBwGXHibePySFGH8LPb
2BaLmlWvAXXOhJLMIJ25BeeG0MhBeDZ9gYTxHuesc8fD4jFObEG9PMloTO44Yq8a
56uNPyWwnjz3bSpKciQb7PqxhadVhrT5xr5FXNGgVWlZdNtaC9qDilxagFlu70f1
ji+L4Z3WKJaawZ1Ckz+OU2XUnwyL4IkD+RMI833k4wPWGym7IAObRYvXTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrFn/RkgOC/yYRFtty3a9VpvRZwMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvV3NXZjlHU0E0TF9KaEVXMjNMZHIxV205Rm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpixMA0G
CSqGSIb3DQEBCwUAA4IBAQCb++H/HDUKUzdmLcOL2FIXBoGjb215v3J87908/aJZ
Y3D/oVFW3QuZdebYkftJa9wmVWm1nHLCdV4WEBYJceTX7SRIkL/3MHVy7HS+JwdP
bC5GG159kG2Ep+HDxkg+3y/iiuPntlcB4NCwfaWRrvMjbrJ6t0Nl0lyMI+JyMH/J
DgF8aiYSfbI8opacked44Dv8YpXCidzsME4iVChR0qBJkei0M05LZBVbmOgCGCOF
xQ+Vy5p4cWV5uuIIzXRgC3SNcjdS5cghoy2OZSQuvP2Nxxyg35gKz37LOSCXFlPB
6D6AkHs7S4ixfEca+SMWB0xa/GL79nZYXDZJrMdCYdlJ
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:54:28 2025 by rpki-client