Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/WssNs6mV8ip3Zlnce41rdSufU28.roa
File:                     WssNs6mV8ip3Zlnce41rdSufU28.roa (raw, json)
Hash identifier:          kaCOT+hzQiywBfO1KLxjvcD16pC0nCpv8JmvwTT7GO8=
Subject key identifier:   5A:CB:0D:B3:A9:95:F2:2A:77:66:59:DC:7B:8D:6B:75:2B:9F:53:6F
Certificate issuer:       /CN=b799ac989c44b2e1cdabc258e96ca93caad4bd64
Certificate serial:       018CC6B7B865A1FF0409D5B88291720903BE
Authority key identifier: B7:99:AC:98:9C:44:B2:E1:CD:AB:C2:58:E9:6C:A9:3C:AA:D4:BD:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5msmJxEsuHNq8JY6WypPKrUvWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/WssNs6mV8ip3Zlnce41rdSufU28.roa
Signing time:             Mon 01 Jan 2024 20:29:38 +0000
ROA not before:           Mon 01 Jan 2024 20:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.242.137.0/24 maxlen: 24
                          185.242.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/t5msmJxEsuHNq8JY6WypPKrUvWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/t5msmJxEsuHNq8JY6WypPKrUvWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5msmJxEsuHNq8JY6WypPKrUvWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b8:65:a1:ff:04:09:d5:b8:82:91:72:09:03:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b799ac989c44b2e1cdabc258e96ca93caad4bd64
        Validity
            Not Before: Jan  1 20:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5acb0db3a995f22a776659dc7b8d6b752b9f536f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fc:47:fa:a0:e1:33:a4:bb:8c:a3:53:98:83:
                    3f:8c:6e:49:66:89:50:b6:59:17:f9:1e:55:4b:5e:
                    22:f3:cd:6c:8b:2f:a3:4e:21:8a:32:84:21:a7:27:
                    5d:36:fc:5f:e8:0b:3b:b9:59:77:49:22:ed:bf:72:
                    90:6a:17:8a:2a:36:2d:cc:6b:8f:79:14:a9:df:f1:
                    3c:fb:1d:86:ab:a4:3d:3b:3e:24:28:80:4c:20:30:
                    47:44:52:ac:a8:c5:26:27:6d:58:e1:95:60:b9:2a:
                    a1:fc:99:c6:b2:49:07:12:00:69:bd:69:49:a8:9e:
                    48:65:c1:16:55:23:70:3a:12:48:82:ba:e1:7d:a6:
                    00:4d:bb:1a:79:bd:8b:f5:4b:2b:7f:08:92:38:29:
                    a5:fb:cd:b3:5f:65:dd:a0:fa:0f:8e:61:c8:04:d4:
                    6d:25:da:b3:df:66:77:91:e8:be:7a:dd:ca:59:28:
                    6d:52:4c:83:fe:05:26:ee:a5:37:d4:4a:9a:17:fb:
                    88:3f:47:99:a0:c1:49:6a:18:8d:4b:35:63:47:fe:
                    a0:ae:f8:89:ea:5b:fd:50:21:68:ab:7c:80:f9:34:
                    4d:98:9d:6b:31:8e:de:29:11:bb:57:f4:8d:7a:4c:
                    6f:e5:be:7c:b9:ca:22:c8:6c:33:f1:bf:7a:20:7c:
                    3f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:CB:0D:B3:A9:95:F2:2A:77:66:59:DC:7B:8D:6B:75:2B:9F:53:6F
            X509v3 Authority Key Identifier:
                keyid:B7:99:AC:98:9C:44:B2:E1:CD:AB:C2:58:E9:6C:A9:3C:AA:D4:BD:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5msmJxEsuHNq8JY6WypPKrUvWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/WssNs6mV8ip3Zlnce41rdSufU28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2e5c49-0d74-487a-a81c-9174df4ddb9a/1/t5msmJxEsuHNq8JY6WypPKrUvWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.137.0/24
                  185.242.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:fe:81:fb:4e:dd:09:db:f0:98:3b:7c:c9:80:2e:f6:b3:e2:
         43:5d:54:e8:9b:7e:f8:9f:7e:92:cc:f1:71:eb:14:26:f4:6b:
         64:97:a8:25:bd:c0:9e:f6:ed:26:2f:4d:ad:df:c0:67:19:14:
         7b:53:e8:97:d0:38:90:2d:75:46:5c:c6:fc:8c:79:89:52:11:
         96:e2:07:e7:32:77:2a:b1:0e:1d:a8:44:95:e8:e6:38:bb:8d:
         48:39:ec:92:da:63:2f:be:1d:c0:22:53:bd:62:8c:d7:78:dc:
         9a:82:2a:e9:06:45:eb:ee:44:be:ed:57:b5:7a:fe:5a:35:bb:
         31:b9:1c:0c:5a:27:0e:f3:42:45:52:e0:8a:4c:d8:9c:35:5a:
         67:11:f1:89:a9:3c:96:c6:39:a8:62:64:f9:07:ae:99:1f:6b:
         bc:43:aa:f4:d2:14:02:fd:58:01:62:8d:2b:c6:f6:24:46:5d:
         42:c6:f5:d1:1f:9c:42:ae:ed:f5:54:17:d0:02:fe:16:a1:58:
         ee:55:a1:8d:77:c9:b7:0e:68:50:85:66:f0:be:03:34:e2:f2:
         45:7a:e5:a7:f1:7d:e8:5b:3c:7f:4a:da:85:bb:b9:fc:a4:a6:
         77:c8:b7:0c:a7:d8:ae:b9:90:bd:fe:3e:c6:12:fe:aa:0f:58:
         f2:bd:79:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt7hlof8ECdW4gpFyCQO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTlhYzk4OWM0NGIyZTFjZGFiYzI1OGU5NmNhOTNjYWFk
NGJkNjQwHhcNMjQwMTAxMjAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWNiMGRiM2E5OTVmMjJhNzc2NjU5ZGM3YjhkNmI3NTJiOWY1MzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/xH+qDhM6S7jKNTmIM/jG5JZolQ
tlkX+R5VS14i881siy+jTiGKMoQhpyddNvxf6As7uVl3SSLtv3KQaheKKjYtzGuP
eRSp3/E8+x2Gq6Q9Oz4kKIBMIDBHRFKsqMUmJ21Y4ZVguSqh/JnGskkHEgBpvWlJ
qJ5IZcEWVSNwOhJIgrrhfaYATbsaeb2L9UsrfwiSOCml+82zX2XdoPoPjmHIBNRt
Jdqz32Z3kei+et3KWShtUkyD/gUm7qU31EqaF/uIP0eZoMFJahiNSzVjR/6grviJ
6lv9UCFoq3yA+TRNmJ1rMY7eKRG7V/SNekxv5b58ucoiyGwz8b96IHw/VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFrLDbOplfIqd2ZZ3HuNa3Urn1NvMB8GA1UdIwQY
MBaAFLeZrJicRLLhzavCWOlsqTyq1L1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVtc21KeEVzdUhOcThKWTZXeXBQS3JVdldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yZTVjNDktMGQ3NC00ODdhLWE4MWMt
OTE3NGRmNGRkYjlhLzEvV3NzTnM2bVY4aXAzWmxuY2U0MXJkU3VmVTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yZTVjNDktMGQ3NC00ODdhLWE4MWMtOTE3NGRmNGRkYjlh
LzEvdDVtc21KeEVzdUhOcThKWTZXeXBQS3JVdldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufKJAwQA
ufKLMA0GCSqGSIb3DQEBCwUAA4IBAQCm/oH7Tt0J2/CYO3zJgC72s+JDXVTom374
n36SzPFx6xQm9Gtkl6glvcCe9u0mL02t38BnGRR7U+iX0DiQLXVGXMb8jHmJUhGW
4gfnMncqsQ4dqESV6OY4u41IOeyS2mMvvh3AIlO9YozXeNyagirpBkXr7kS+7Ve1
ev5aNbsxuRwMWicO80JFUuCKTNicNVpnEfGJqTyWxjmoYmT5B66ZH2u8Q6r00hQC
/VgBYo0rxvYkRl1CxvXRH5xCru31VBfQAv4WoVjuVaGNd8m3DmhQhWbwvgM04vJF
euWn8X3oWzx/StqFu7n8pKZ3yLcMp9iuuZC9/j7GEv6qD1jyvXlG
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:17:45 2024 by rpki-client on console-ams.rpki-client.org