Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/atWHpOFeEYMWLBfvjNjMhYPhB8k.roa
File:                     atWHpOFeEYMWLBfvjNjMhYPhB8k.roa (raw, json)
Hash identifier:          w+qX1Hfat3wALY7pwj9sFlxwQwNb0F8eEIYUPYTUffk=
Subject key identifier:   6A:D5:87:A4:E1:5E:11:83:16:2C:17:EF:8C:D8:CC:85:83:E1:07:C9
Certificate issuer:       /CN=2b003e583bdb2511ff57ab7a32fce741334b343b
Certificate serial:       018CCA99861416E433FEB74D1A9495D684C1
Authority key identifier: 2B:00:3E:58:3B:DB:25:11:FF:57:AB:7A:32:FC:E7:41:33:4B:34:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/atWHpOFeEYMWLBfvjNjMhYPhB8k.roa
Signing time:             Tue 02 Jan 2024 14:35:08 +0000
ROA not before:           Tue 02 Jan 2024 14:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51349
IP address blocks:        195.43.86.0/23 maxlen: 23
                          185.83.4.0/24 maxlen: 24
                          185.83.4.0/22 maxlen: 22
                          2a00:c3a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:86:14:16:e4:33:fe:b7:4d:1a:94:95:d6:84:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b003e583bdb2511ff57ab7a32fce741334b343b
        Validity
            Not Before: Jan  2 14:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad587a4e15e1183162c17ef8cd8cc8583e107c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f8:3d:31:ca:76:71:55:13:4b:fb:2c:92:b6:
                    ce:5b:47:08:c0:47:84:ff:91:77:90:a9:53:74:fb:
                    59:12:e2:ca:89:72:d3:6d:ae:4c:49:13:f2:b0:69:
                    1a:66:4a:e3:c5:ff:09:70:fe:f7:3f:45:93:80:67:
                    50:d6:dc:da:98:40:78:d1:73:28:70:a7:34:85:70:
                    56:d2:05:85:7d:7b:ea:c6:f3:e2:1f:bc:f8:5a:6e:
                    f0:3b:4a:c4:94:f0:bd:b0:d7:ed:ba:d1:fb:e2:cd:
                    b8:0a:77:76:53:ba:83:97:ed:5a:2d:c6:cf:a2:45:
                    09:d4:1c:f2:36:70:36:f6:c9:ad:0f:7d:1b:bf:8d:
                    bc:db:10:7e:dc:9b:d2:e8:5d:fe:10:ce:74:39:d4:
                    51:0a:67:89:5b:3c:fb:ea:7b:60:ba:3e:89:48:d6:
                    cb:5a:9c:dc:27:58:2d:46:f0:7d:56:94:dd:0b:15:
                    e7:b0:32:8e:51:f8:ac:57:ca:5b:34:03:1a:53:1c:
                    3e:36:66:77:39:87:a1:0e:49:3d:42:85:52:b1:25:
                    71:42:aa:14:c2:46:d8:0a:9c:c9:08:d9:92:6b:4c:
                    3e:4a:03:31:99:67:69:ba:d6:01:8f:7c:c0:9a:73:
                    29:7f:38:f6:87:e6:91:92:36:f6:04:de:d4:c5:00:
                    6f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D5:87:A4:E1:5E:11:83:16:2C:17:EF:8C:D8:CC:85:83:E1:07:C9
            X509v3 Authority Key Identifier:
                keyid:2B:00:3E:58:3B:DB:25:11:FF:57:AB:7A:32:FC:E7:41:33:4B:34:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/atWHpOFeEYMWLBfvjNjMhYPhB8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.4.0/22
                  195.43.86.0/23
                IPv6:
                  2a00:c3a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:40:23:ac:a8:e3:4e:44:62:1d:a2:c4:6c:04:48:e7:80:d9:
         b7:40:9c:28:8c:07:3d:14:e4:26:ad:a0:a7:c1:e8:d1:b3:98:
         14:a2:01:26:81:d4:15:1e:30:10:2f:1c:25:58:bf:b3:27:83:
         21:25:30:16:9d:55:83:4c:23:95:7f:d8:bf:5c:84:b0:29:95:
         92:d3:05:4b:18:aa:e3:ab:2b:37:89:81:ad:7c:ee:a9:18:e3:
         15:9b:af:c0:00:dc:2f:07:ba:9d:42:b8:00:88:d7:61:57:17:
         a3:d9:08:f8:13:45:f3:ab:51:18:fe:55:ae:74:2e:93:ba:ab:
         36:4a:ed:36:e8:40:1f:c0:92:90:cc:2d:81:85:71:88:09:bf:
         a3:85:17:83:ee:3c:c9:eb:a4:c7:ba:51:5a:c7:41:f9:67:8f:
         c1:40:3e:94:f9:f5:4b:7d:ca:db:29:88:dd:ee:db:04:1c:3c:
         16:2f:b5:43:82:32:9e:15:ea:01:f3:b3:f0:42:d9:5c:9a:79:
         da:2f:da:4d:5a:ab:d7:02:0b:7c:21:47:a7:dc:b6:cd:90:d8:
         89:f3:15:49:7a:21:4d:3c:65:3e:a1:53:cc:20:f6:e8:b5:72:
         5d:82:2b:4d:51:02:93:3c:d2:e2:13:6b:9d:18:dd:ef:af:25:
         3e:37:89:c2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKmYYUFuQz/rdNGpSV1oTBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMDAzZTU4M2JkYjI1MTFmZjU3YWI3YTMyZmNlNzQxMzM0
YjM0M2IwHhcNMjQwMTAyMTQzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ1ODdhNGUxNWUxMTgzMTYyYzE3ZWY4Y2Q4Y2M4NTgzZTEwN2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPg9Mcp2cVUTS/sskrbOW0cIwEeE
/5F3kKlTdPtZEuLKiXLTba5MSRPysGkaZkrjxf8JcP73P0WTgGdQ1tzamEB40XMo
cKc0hXBW0gWFfXvqxvPiH7z4Wm7wO0rElPC9sNftutH74s24Cnd2U7qDl+1aLcbP
okUJ1BzyNnA29smtD30bv4282xB+3JvS6F3+EM50OdRRCmeJWzz76ntguj6JSNbL
WpzcJ1gtRvB9VpTdCxXnsDKOUfisV8pbNAMaUxw+NmZ3OYehDkk9QoVSsSVxQqoU
wkbYCpzJCNmSa0w+SgMxmWdputYBj3zAmnMpfzj2h+aRkjb2BN7UxQBvIwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGrVh6ThXhGDFiwX74zYzIWD4QfJMB8GA1UdIwQY
MBaAFCsAPlg72yUR/1erejL850EzSzQ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3dBLVdEdmJKUkhfVjZ0Nk12em5RVE5MTkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8xOTRmMjItODY4OS00ZmRiLTljNDEt
MDU4YmJmOWQ1ZTI3LzEvYXRXSHBPRmVFWU1XTEJmdmpOak1oWVBoQjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8xOTRmMjItODY4OS00ZmRiLTljNDEtMDU4YmJmOWQ1ZTI3
LzEvS3dBLVdEdmJKUkhfVjZ0Nk12em5RVE5MTkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuVMEAwQB
wytWMA0EAgACMAcDBQAqAMOgMA0GCSqGSIb3DQEBCwUAA4IBAQA4QCOsqONORGId
osRsBEjngNm3QJwojAc9FOQmraCnwejRs5gUogEmgdQVHjAQLxwlWL+zJ4MhJTAW
nVWDTCOVf9i/XISwKZWS0wVLGKrjqys3iYGtfO6pGOMVm6/AANwvB7qdQrgAiNdh
Vxej2Qj4E0Xzq1EY/lWudC6Tuqs2Su026EAfwJKQzC2BhXGICb+jhReD7jzJ66TH
ulFax0H5Z4/BQD6U+fVLfcrbKYjd7tsEHDwWL7VDgjKeFeoB87PwQtlcmnnaL9pN
WqvXAgt8IUen3LbNkNiJ8xVJeiFNPGU+oVPMIPbotXJdgitNUQKTPNLiE2udGN3v
ryU+N4nC
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:39:47 2024 by rpki-client on console-ams.rpki-client.org