Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/wkGYdhL0DXJxtvUqL6W8lqF5V50.roa
File:                     wkGYdhL0DXJxtvUqL6W8lqF5V50.roa (raw, json)
Hash identifier:          WYrPMT9s0Z7UyIEvob11ZzDXKDbXZ+UV04Rz6Op6VAU=
Subject key identifier:   C2:41:98:76:12:F4:0D:72:71:B6:F5:2A:2F:A5:BC:96:A1:79:57:9D
Certificate issuer:       /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial:       018CC49389324A4DDC5DD13FE4908F981E59
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/wkGYdhL0DXJxtvUqL6W8lqF5V50.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        146.66.210.0/24 maxlen: 24
                          178.157.109.0/24 maxlen: 24
                          188.74.131.0/24 maxlen: 24
                          188.74.130.0/24 maxlen: 24
                          188.119.161.0/24 maxlen: 24
                          188.119.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:89:32:4a:4d:dc:5d:d1:3f:e4:90:8f:98:1e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c241987612f40d7271b6f52a2fa5bc96a179579d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:72:c4:e3:39:e3:0e:2d:23:3a:da:99:3c:da:
                    05:23:61:34:dc:8d:d7:fe:6f:c8:e5:18:d5:9c:70:
                    7e:c3:57:0e:3b:ad:bb:10:b0:f8:64:7b:c0:3f:8f:
                    cf:3b:f1:e0:c3:16:cd:35:9d:a3:69:6d:76:95:ce:
                    63:0a:f6:d9:19:ec:ef:9b:bb:46:d8:db:41:b5:59:
                    05:4d:df:05:a1:52:c8:04:fe:61:72:d9:51:42:c5:
                    05:e5:e0:4b:b7:ff:c6:c2:e3:02:8e:3f:bc:b3:f1:
                    3f:63:ff:c1:86:ac:18:29:52:df:41:09:10:bd:2d:
                    61:fe:90:fd:94:30:68:01:98:89:2e:65:f3:48:52:
                    16:8c:c0:0b:88:8c:22:00:77:e9:7a:0a:13:20:8e:
                    56:1a:9e:91:6b:db:fd:be:55:4b:d8:9e:72:86:22:
                    c3:3c:6e:55:c2:02:9f:4e:e6:9c:18:f0:b8:f7:bf:
                    13:2f:7f:d8:9c:83:fc:97:d6:e1:42:fb:b4:82:fb:
                    a8:3f:4f:b2:57:34:b0:b2:3f:1b:07:d4:97:45:fd:
                    9c:e5:0d:34:70:23:df:38:60:e2:f5:30:f6:0e:e9:
                    7f:52:1c:d4:eb:55:7b:e0:25:54:07:68:be:ef:34:
                    da:3f:23:ac:d1:2a:36:4e:27:89:ac:35:f0:b3:37:
                    c2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:41:98:76:12:F4:0D:72:71:B6:F5:2A:2F:A5:BC:96:A1:79:57:9D
            X509v3 Authority Key Identifier:
                keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/wkGYdhL0DXJxtvUqL6W8lqF5V50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.66.210.0/24
                  178.157.109.0/24
                  188.74.130.0/23
                  188.119.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:63:85:4b:eb:b1:87:27:b6:7f:eb:19:a9:44:a1:d6:21:c4:
         07:8d:59:7f:81:67:92:c9:a2:00:10:12:2c:9a:20:26:b0:13:
         6a:cd:97:de:63:bd:f2:88:a1:8f:cc:a8:2f:ea:18:47:18:9a:
         5b:0b:dc:3c:4e:3d:ab:a2:c7:e1:08:06:e8:40:ba:0a:85:2a:
         b5:c7:ae:64:e8:e9:b2:40:eb:ed:47:0b:bb:c3:5e:d5:3a:aa:
         9c:7e:66:99:8f:58:70:5f:e6:ec:e5:40:a0:78:ae:34:85:55:
         d8:f9:f1:7b:31:ca:7e:db:8c:4a:1a:14:3d:0b:bf:5f:d1:3c:
         75:8e:60:45:ff:41:9a:e2:79:3a:c5:a1:5d:6f:6c:c5:65:96:
         20:1b:f7:85:4d:8a:17:25:71:ef:01:a9:a5:cf:53:a2:aa:d8:
         a1:e4:42:03:bd:ed:fa:d4:99:f7:8c:d7:30:ba:ba:bc:bf:31:
         63:3b:1f:e3:5b:25:50:84:36:81:ea:47:8e:5a:6b:ed:3a:b1:
         7e:a9:05:23:c2:8f:82:be:5e:b1:93:0f:1e:b2:93:78:ad:09:
         7f:0f:92:3a:88:d2:ef:86:f4:c3:5c:18:9a:52:5c:08:44:8c:
         3a:7a:91:58:88:b9:0c:b9:85:8b:eb:f0:40:f2:73:f6:6f:c1:
         1b:18:80:65
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEk4kySk3cXdE/5JCPmB5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjQxOTg3NjEyZjQwZDcyNzFiNmY1MmEyZmE1YmM5NmExNzk1NzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HLE4znjDi0jOtqZPNoFI2E03I3X
/m/I5RjVnHB+w1cOO627ELD4ZHvAP4/PO/HgwxbNNZ2jaW12lc5jCvbZGezvm7tG
2NtBtVkFTd8FoVLIBP5hctlRQsUF5eBLt//GwuMCjj+8s/E/Y//BhqwYKVLfQQkQ
vS1h/pD9lDBoAZiJLmXzSFIWjMALiIwiAHfpegoTII5WGp6Ra9v9vlVL2J5yhiLD
PG5VwgKfTuacGPC4978TL3/YnIP8l9bhQvu0gvuoP0+yVzSwsj8bB9SXRf2c5Q00
cCPfOGDi9TD2Dul/UhzU61V74CVUB2i+7zTaPyOs0So2TieJrDXwszfC3QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMJBmHYS9A1ycbb1Ki+lvJaheVedMB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvd2tHWWRoTDBEWEp4dHZVcUw2VzhscUY1VjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAkkLSAwQA
sp1tAwQBvEqCAwQBvHegMA0GCSqGSIb3DQEBCwUAA4IBAQANY4VL67GHJ7Z/6xmp
RKHWIcQHjVl/gWeSyaIAEBIsmiAmsBNqzZfeY73yiKGPzKgv6hhHGJpbC9w8Tj2r
osfhCAboQLoKhSq1x65k6OmyQOvtRwu7w17VOqqcfmaZj1hwX+bs5UCgeK40hVXY
+fF7Mcp+24xKGhQ9C79f0Tx1jmBF/0Ga4nk6xaFdb2zFZZYgG/eFTYoXJXHvAaml
z1Oiqtih5EIDve361Jn3jNcwurq8vzFjOx/jWyVQhDaB6keOWmvtOrF+qQUjwo+C
vl6xkw8espN4rQl/D5I6iNLvhvTDXBiaUlwIRIw6epFYiLkMuYWL6/BA8nP2b8Eb
GIBl
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:30:48 2024 by rpki-client on console-ams.rpki-client.org