Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/WreLBkc7rCoDiGjmUZEEw758-rM.roa
File:                     WreLBkc7rCoDiGjmUZEEw758-rM.roa (raw, json)
Hash identifier:          pjUgFaOx8IohAMw+orN/aqs0pC4fgVVpSKqALqq5tXQ=
Subject key identifier:   5A:B7:8B:06:47:3B:AC:2A:03:88:68:E6:51:91:04:C3:BE:7C:FA:B3
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018CC5DD12AC49099C11D22A6277F2A4C226
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/WreLBkc7rCoDiGjmUZEEw758-rM.roa
Signing time:             Mon 01 Jan 2024 16:30:48 +0000
ROA not before:           Mon 01 Jan 2024 16:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31605
IP address blocks:        2a0f:56c4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:12:ac:49:09:9c:11:d2:2a:62:77:f2:a4:c2:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 16:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ab78b06473bac2a038868e6519104c3be7cfab3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bc:15:34:b3:2d:41:46:23:99:ca:e1:a1:c2:
                    4b:4d:c4:27:b5:a9:d7:79:76:a1:2f:1c:e0:ab:c2:
                    5f:95:8d:07:94:47:19:9c:c6:2f:10:c2:de:06:60:
                    93:0c:aa:b0:ed:17:f8:7b:03:56:04:53:35:25:f0:
                    eb:bd:ee:00:dc:4c:07:5c:4f:77:80:e3:0a:06:e6:
                    51:ad:da:ae:ff:e4:dc:2f:e0:22:50:f8:1a:af:fe:
                    00:e4:f6:d3:c4:0c:6d:26:de:ee:7f:e2:ca:24:eb:
                    30:7d:06:01:e9:be:81:cc:e1:c7:29:6d:5c:aa:a6:
                    b6:8c:5d:14:5d:30:49:da:e7:00:08:25:2a:25:86:
                    3a:ee:0e:69:19:aa:0a:08:86:b4:3f:6c:d0:e7:b6:
                    7c:7a:2c:78:44:22:47:db:ef:f3:4e:fe:39:3d:74:
                    54:cc:7d:10:5f:a4:57:aa:89:79:eb:c5:09:92:67:
                    16:7f:e4:e2:bc:c8:eb:52:58:7d:6c:aa:14:7a:80:
                    a8:08:94:cf:e1:5c:40:2d:19:85:b3:ba:e3:ca:50:
                    22:c7:09:98:cc:44:30:59:3a:a1:55:8b:21:44:cf:
                    ff:3d:c5:e5:0b:1c:04:3a:70:37:91:c1:8e:d2:97:
                    95:3c:4d:1f:4c:83:11:26:9f:b5:af:0b:d2:bd:f5:
                    5a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:B7:8B:06:47:3B:AC:2A:03:88:68:E6:51:91:04:C3:BE:7C:FA:B3
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/WreLBkc7rCoDiGjmUZEEw758-rM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:56c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:a4:74:dd:3d:8a:09:bd:a7:62:d4:c2:24:67:b6:95:df:33:
         3f:5a:09:41:f4:b1:56:f7:ca:be:b6:97:72:7e:13:16:66:52:
         d2:c1:7d:27:d6:f9:64:47:2a:9f:41:e4:b5:1c:4b:45:27:b6:
         78:40:65:9f:4d:16:d0:20:ab:57:0c:90:a9:04:91:fa:58:0c:
         55:b6:63:57:43:f7:2d:7c:22:05:6a:bd:99:0b:00:09:90:b2:
         04:e1:63:24:70:51:31:a3:04:93:f0:8e:c9:bc:04:7f:58:5c:
         d4:89:c1:f7:61:95:1e:bb:35:06:3a:0c:b6:e6:ab:ff:d8:df:
         23:c9:52:ed:b5:16:52:ff:f3:c4:a4:cf:04:a2:1e:53:5c:b1:
         62:8a:c3:25:51:a1:7e:7a:ac:26:f6:c9:5f:0e:c6:69:b7:d2:
         0c:44:57:bd:31:73:df:a0:9d:71:7f:09:4f:30:e3:1f:12:54:
         fd:1c:11:c3:95:e2:df:9a:99:75:67:6b:1b:2d:0b:1b:40:7d:
         02:22:e1:24:f4:28:40:b1:51:f3:d7:90:6c:8b:fa:60:4e:38:
         8d:b2:83:7e:3d:cb:d5:3e:ed:22:f2:a6:8f:06:90:03:2a:67:
         a4:15:80:cb:c6:66:79:26:37:f2:d0:7a:07:86:2c:39:c6:d5:
         8c:7d:2a:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3RKsSQmcEdIqYnfypMImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMTAxMTYzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWI3OGIwNjQ3M2JhYzJhMDM4ODY4ZTY1MTkxMDRjM2JlN2NmYWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07wVNLMtQUYjmcrhocJLTcQntanX
eXahLxzgq8JflY0HlEcZnMYvEMLeBmCTDKqw7Rf4ewNWBFM1JfDrve4A3EwHXE93
gOMKBuZRrdqu/+TcL+AiUPgar/4A5PbTxAxtJt7uf+LKJOswfQYB6b6BzOHHKW1c
qqa2jF0UXTBJ2ucACCUqJYY67g5pGaoKCIa0P2zQ57Z8eix4RCJH2+/zTv45PXRU
zH0QX6RXqol568UJkmcWf+TivMjrUlh9bKoUeoCoCJTP4VxALRmFs7rjylAixwmY
zEQwWTqhVYshRM//PcXlCxwEOnA3kcGO0peVPE0fTIMRJp+1rwvSvfVaxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFq3iwZHO6wqA4ho5lGRBMO+fPqzMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvV3JlTEJrYzdyQ29EaUdqbVVaRUV3NzU4LXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9WxAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQC/pHTdPYoJvadi1MIkZ7aV3zM/WglB9LFW98q+
tpdyfhMWZlLSwX0n1vlkRyqfQeS1HEtFJ7Z4QGWfTRbQIKtXDJCpBJH6WAxVtmNX
Q/ctfCIFar2ZCwAJkLIE4WMkcFExowST8I7JvAR/WFzUicH3YZUeuzUGOgy25qv/
2N8jyVLttRZS//PEpM8Eoh5TXLFiisMlUaF+eqwm9slfDsZpt9IMRFe9MXPfoJ1x
fwlPMOMfElT9HBHDleLfmpl1Z2sbLQsbQH0CIuEk9ChAsVHz15Bsi/pgTjiNsoN+
PcvVPu0i8qaPBpADKmekFYDLxmZ5Jjfy0HoHhiw5xtWMfSqc
-----END CERTIFICATE-----
Generated at Tue Nov 26 00:51:13 2024 by rpki-client on console-ams.rpki-client.org