Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/wHPEsSdq5SWr9iVg352Zd-_v3rk.roa
File:                     wHPEsSdq5SWr9iVg352Zd-_v3rk.roa (raw, json)
Hash identifier:          BYR7b7wVw3Qks51TtUT4ZzEcUpm86k+JwDhBhxp0AcU=
Subject key identifier:   C0:73:C4:B1:27:6A:E5:25:AB:F6:25:60:DF:9D:99:77:EF:EF:DE:B9
Certificate issuer:       /CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
Certificate serial:       018CC94BE588EEFA95BA872345B9D8A3AAC0
Authority key identifier: B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/wHPEsSdq5SWr9iVg352Zd-_v3rk.roa
Signing time:             Tue 02 Jan 2024 08:30:43 +0000
ROA not before:           Tue 02 Jan 2024 08:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20714
IP address blocks:        195.177.124.0/22 maxlen: 22
                          195.214.196.0/22 maxlen: 22
                          31.128.224.0/20 maxlen: 20
                          31.42.48.0/21 maxlen: 21
                          31.128.240.0/23 maxlen: 23
                          31.42.56.0/24 maxlen: 24
                          31.128.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e5:88:ee:fa:95:ba:87:23:45:b9:d8:a3:aa:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
        Validity
            Not Before: Jan  2 08:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c073c4b1276ae525abf62560df9d9977efefdeb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e8:08:31:84:03:34:d1:ad:2f:9b:10:e3:f7:
                    e2:9f:d9:c6:85:22:43:e0:47:06:0a:bc:3e:ac:12:
                    72:e9:51:f8:1a:53:f0:3d:c2:22:13:e9:ea:ac:b6:
                    85:e9:e6:25:51:b0:26:a8:ea:c1:1d:e2:6f:93:35:
                    41:73:1c:4a:d6:5b:ab:e3:7d:06:77:5a:55:f2:57:
                    5a:e6:de:11:02:2f:9d:4e:c8:d4:4b:78:35:5e:c8:
                    51:6c:37:8b:14:38:ec:16:24:5d:a7:5a:1e:59:fc:
                    3e:22:07:dc:71:1f:e7:fa:d4:3a:87:1c:56:8e:bb:
                    58:db:47:c2:a4:00:37:f6:f3:7b:65:04:cf:79:23:
                    c6:c4:bf:e7:8e:7a:8d:47:43:9b:96:41:09:a8:1f:
                    75:d2:b5:94:bc:39:95:a0:1d:db:8f:b2:b2:70:15:
                    89:8e:a8:08:ce:25:4e:19:80:94:45:1d:3d:70:a6:
                    2e:16:f3:84:c5:03:0f:31:d1:77:19:0e:75:bc:36:
                    b7:e8:2f:55:79:80:e8:7f:67:65:65:86:35:f4:a5:
                    c7:10:1e:9d:43:db:3a:59:83:d2:b8:98:3a:72:15:
                    b4:74:8c:e6:a0:cd:af:15:63:df:28:71:99:98:16:
                    f7:62:6a:d1:73:03:b5:c2:df:80:90:75:51:32:06:
                    d3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:73:C4:B1:27:6A:E5:25:AB:F6:25:60:DF:9D:99:77:EF:EF:DE:B9
            X509v3 Authority Key Identifier:
                keyid:B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/wHPEsSdq5SWr9iVg352Zd-_v3rk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.48.0-31.42.56.255
                  31.128.224.0-31.128.241.255
                  31.128.255.0/24
                  195.177.124.0/22
                  195.214.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:01:27:17:39:96:b1:61:e5:0d:b6:34:a8:7f:de:3e:f7:cd:
         f5:4b:83:78:77:57:2f:1a:41:9b:d6:6b:79:36:b5:ae:34:ac:
         40:e8:cc:e3:74:2b:89:db:de:8a:76:2b:12:e1:84:9a:6d:51:
         fd:5d:67:93:d7:01:aa:7f:11:14:fe:08:3e:f4:ca:93:74:1c:
         18:68:f5:3a:f4:8e:bd:3f:67:9f:8b:a6:70:cf:9c:5d:a4:b7:
         67:1e:46:64:80:07:43:a2:2c:04:78:2c:f7:1a:27:bf:6f:18:
         75:57:88:06:64:1f:83:f0:fe:e1:13:b0:4f:7c:48:44:e2:05:
         e1:0f:dd:62:9e:74:dc:52:56:55:07:23:e3:27:94:62:42:40:
         f3:43:b6:1e:3e:2d:d6:b1:23:88:57:25:94:af:be:84:f0:4d:
         e7:11:a1:27:a9:86:40:18:2d:fb:52:44:ec:8f:f7:8b:85:fd:
         7e:45:55:82:0e:93:5d:b1:0f:0a:35:84:f8:31:5c:9f:6f:9d:
         b5:46:82:d0:3e:fd:77:bd:bd:ca:5d:e7:01:6d:6b:f2:75:3b:
         82:50:1e:0b:a2:1f:ad:b2:1e:b1:37:32:ed:fa:cf:77:2b:a4:
         90:4e:a4:db:2b:d9:1b:0d:a0:0b:37:5e:74:e7:fd:9b:f7:89:
         ad:71:cc:5c
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzJS+WI7vqVuocjRbnYo6rAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NWVhZGMyZWM3MGIzMGZhNDIyNWVkN2ZjZDU3MzBmMGM3
YmM2MTYwHhcNMjQwMTAyMDgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDczYzRiMTI3NmFlNTI1YWJmNjI1NjBkZjlkOTk3N2VmZWZkZWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkugIMYQDNNGtL5sQ4/fin9nGhSJD
4EcGCrw+rBJy6VH4GlPwPcIiE+nqrLaF6eYlUbAmqOrBHeJvkzVBcxxK1lur430G
d1pV8lda5t4RAi+dTsjUS3g1XshRbDeLFDjsFiRdp1oeWfw+IgfccR/n+tQ6hxxW
jrtY20fCpAA39vN7ZQTPeSPGxL/njnqNR0OblkEJqB910rWUvDmVoB3bj7KycBWJ
jqgIziVOGYCURR09cKYuFvOExQMPMdF3GQ51vDa36C9VeYDof2dlZYY19KXHEB6d
Q9s6WYPSuJg6chW0dIzmoM2vFWPfKHGZmBb3YmrRcwO1wt+AkHVRMgbTUwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFMBzxLEnauUlq/YlYN+dmXfv7965MB8GA1UdIwQY
MBaAFLhercLscLMPpCJe1/zVcw8Me8YWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmIt
YmM3YTIwOGE1ZTJlLzEvd0hQRXNTZHE1U1dyOWlWZzM1MlpkLV92M3JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmItYmM3YTIwOGE1ZTJl
LzEvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAQfKjAD
BAAfKjgwDAMEBR+A4AMEAR+A8AMEAB+A/wMEAsOxfAMEAsPWxDANBgkqhkiG9w0B
AQsFAAOCAQEAJgEnFzmWsWHlDbY0qH/ePvfN9UuDeHdXLxpBm9ZreTa1rjSsQOjM
43QridveinYrEuGEmm1R/V1nk9cBqn8RFP4IPvTKk3QcGGj1OvSOvT9nn4umcM+c
XaS3Zx5GZIAHQ6IsBHgs9xonv28YdVeIBmQfg/D+4ROwT3xIROIF4Q/dYp503FJW
VQcj4yeUYkJA80O2Hj4t1rEjiFcllK++hPBN5xGhJ6mGQBgt+1JE7I/3i4X9fkVV
gg6TXbEPCjWE+DFcn2+dtUaC0D79d729yl3nAW1r8nU7glAeC6IfrbIesTcy7frP
dyukkE6k2yvZGw2gCzdedOf9m/eJrXHMXA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:16:45 2024 by rpki-client on console-ams.rpki-client.org