Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/WE3ZgAH3U6OdJAP_aWYHZs5_DEQ.roa
File:                     WE3ZgAH3U6OdJAP_aWYHZs5_DEQ.roa (raw, json)
Hash identifier:          ygr0gEmCJj28I7GqS0ARMCk1NF4XfvpwheayNRXZ2pg=
Subject key identifier:   58:4D:D9:80:01:F7:53:A3:9D:24:03:FF:69:66:07:66:CE:7F:0C:44
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC3D77356CAE3F2AFE111BEF8687DC
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/WE3ZgAH3U6OdJAP_aWYHZs5_DEQ.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     270
IP address blocks:        194.85.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3d:77:35:6c:ae:3f:2a:fe:11:1b:ef:86:87:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=584dd98001f753a39d2403ff69660766ce7f0c44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:50:e1:a3:16:20:83:23:83:c5:50:c8:9d:99:
                    9c:87:24:b2:58:14:c5:76:5e:16:0b:f1:c4:80:25:
                    46:2a:83:f3:b5:f5:85:18:9c:57:69:aa:9b:7a:4b:
                    ff:72:b2:57:c3:7c:94:2d:2b:2f:24:f2:80:68:2d:
                    cf:74:93:bf:ff:df:2e:68:65:d8:e1:71:fc:52:9d:
                    8e:95:de:71:a8:77:3a:fc:9d:20:71:ad:7a:e7:49:
                    5d:9e:94:3b:3b:2b:a8:11:9d:83:50:47:7a:32:7c:
                    de:40:c3:a4:6d:f3:56:dd:73:13:3a:6d:13:cc:e6:
                    1e:8c:f2:6d:91:35:04:e6:18:e5:11:ba:18:55:4d:
                    7c:49:f7:f7:8d:5b:22:70:3f:e2:f0:d2:c4:2b:e4:
                    45:8e:9d:79:2b:78:6d:8b:69:f4:71:e9:ed:a8:84:
                    55:d2:0d:17:12:a7:e8:a2:9e:f0:63:fe:56:5d:35:
                    bc:5f:60:68:31:7e:6f:14:1c:c7:c7:60:36:79:af:
                    b5:77:52:f2:60:97:08:19:09:98:fe:ae:42:36:2d:
                    d8:92:7b:ce:53:d8:c1:4d:43:3b:90:d9:4b:b5:60:
                    d4:40:5e:ec:f6:cd:76:77:5e:d4:5c:33:9a:17:ce:
                    65:21:a4:81:3d:6a:46:d9:bb:40:56:bd:76:28:31:
                    d4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:4D:D9:80:01:F7:53:A3:9D:24:03:FF:69:66:07:66:CE:7F:0C:44
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/WE3ZgAH3U6OdJAP_aWYHZs5_DEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:2b:7c:5c:c7:94:c6:d3:90:fd:9e:77:25:c9:18:bd:27:48:
         a0:59:c7:24:87:5c:0a:95:33:b3:a0:75:78:8d:d2:b2:24:af:
         ba:f4:de:62:f0:b5:3c:ff:87:36:c6:df:32:e7:af:91:35:c5:
         8a:43:b2:f6:85:b5:5a:d2:25:92:7c:92:b6:7b:0f:35:8c:00:
         0b:0c:8e:f6:a7:c6:bd:1a:07:00:7c:61:6a:24:72:7d:46:de:
         70:43:ef:cd:69:8a:40:f8:cb:85:a7:09:59:9c:87:2c:8a:c1:
         50:6b:41:fc:4d:f0:b1:75:3f:cc:d8:40:fc:ee:4f:6d:b9:6e:
         23:de:d2:49:e0:c5:86:44:b2:ea:bf:aa:3b:3f:2a:be:5b:08:
         85:ad:9d:99:30:ab:9e:34:a6:82:1b:02:e0:2a:84:d6:0f:38:
         da:15:91:04:a3:27:93:cd:b1:94:50:d5:63:78:d7:fc:91:bf:
         ef:22:06:ba:24:26:0b:f0:17:31:74:42:eb:8c:8f:d2:69:52:
         bd:47:77:de:ee:2d:e3:78:f8:da:dd:8e:73:6c:1f:eb:40:aa:
         da:ea:de:7f:75:43:6b:f2:eb:ec:b3:d3:c7:24:83:c4:b4:31:
         0a:bb:e0:28:53:60:62:86:7f:88:73:f6:73:03:1b:bf:de:03:
         73:b1:f6:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3D13NWyuPyr+ERvvhofcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODRkZDk4MDAxZjc1M2EzOWQyNDAzZmY2OTY2MDc2NmNlN2YwYzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklDhoxYggyODxVDInZmchySyWBTF
dl4WC/HEgCVGKoPztfWFGJxXaaqbekv/crJXw3yULSsvJPKAaC3PdJO//98uaGXY
4XH8Up2Old5xqHc6/J0gca1650ldnpQ7OyuoEZ2DUEd6MnzeQMOkbfNW3XMTOm0T
zOYejPJtkTUE5hjlEboYVU18Sff3jVsicD/i8NLEK+RFjp15K3hti2n0centqIRV
0g0XEqfoop7wY/5WXTW8X2BoMX5vFBzHx2A2ea+1d1LyYJcIGQmY/q5CNi3YknvO
U9jBTUM7kNlLtWDUQF7s9s12d17UXDOaF85lIaSBPWpG2btAVr12KDHULQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhN2YAB91OjnSQD/2lmB2bOfwxEMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvV0UzWmdBSDNVNk9kSkFQX2FXWUhaczVfREVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlUXMA0G
CSqGSIb3DQEBCwUAA4IBAQB/K3xcx5TG05D9nnclyRi9J0igWcckh1wKlTOzoHV4
jdKyJK+69N5i8LU8/4c2xt8y56+RNcWKQ7L2hbVa0iWSfJK2ew81jAALDI72p8a9
GgcAfGFqJHJ9Rt5wQ+/NaYpA+MuFpwlZnIcsisFQa0H8TfCxdT/M2ED87k9tuW4j
3tJJ4MWGRLLqv6o7Pyq+WwiFrZ2ZMKueNKaCGwLgKoTWDzjaFZEEoyeTzbGUUNVj
eNf8kb/vIga6JCYL8BcxdELrjI/SaVK9R3fe7i3jePja3Y5zbB/rQKra6t5/dUNr
8uvss9PHJIPEtDEKu+AoU2Bihn+Ic/ZzAxu/3gNzsfal
-----END CERTIFICATE-----
Generated at Mon Nov 25 20:43:03 2024 by rpki-client on console-fra.rpki-client.org