Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/45c9ad-c4a7-4652-aad3-c952804932c2/1/WcR7zHhUmC6rSaxttpYk9euQIik.roa
File:                     WcR7zHhUmC6rSaxttpYk9euQIik.roa (raw, json)
Hash identifier:          wXzakS8nMeEGBjkg0PrjxyqwymvnWmh0iq5Wo7l7Qww=
Subject key identifier:   59:C4:7B:CC:78:54:98:2E:AB:49:AC:6D:B6:96:24:F5:EB:90:22:29
Certificate issuer:       /CN=6a016dad273047b18886691485dedd97171c4d68
Certificate serial:       018CC8DE464DA5ECDAD79F6ADE4C1AE38673
Authority key identifier: 6A:01:6D:AD:27:30:47:B1:88:86:69:14:85:DE:DD:97:17:1C:4D:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/agFtrScwR7GIhmkUhd7dlxccTWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/45c9ad-c4a7-4652-aad3-c952804932c2/1/WcR7zHhUmC6rSaxttpYk9euQIik.roa
Signing time:             Tue 02 Jan 2024 06:30:59 +0000
ROA not before:           Tue 02 Jan 2024 06:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.1.165.0/24 maxlen: 24
                          194.1.164.0/24 maxlen: 24
                          194.1.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/45c9ad-c4a7-4652-aad3-c952804932c2/1/agFtrScwR7GIhmkUhd7dlxccTWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/45c9ad-c4a7-4652-aad3-c952804932c2/1/agFtrScwR7GIhmkUhd7dlxccTWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/agFtrScwR7GIhmkUhd7dlxccTWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:46:4d:a5:ec:da:d7:9f:6a:de:4c:1a:e3:86:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a016dad273047b18886691485dedd97171c4d68
        Validity
            Not Before: Jan  2 06:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59c47bcc7854982eab49ac6db69624f5eb902229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:44:5c:f6:45:b0:5b:2d:d8:55:a9:a9:eb:5c:
                    b4:8c:5b:97:ec:e3:13:c7:c7:f2:0b:14:4c:71:c6:
                    81:09:d0:5d:7c:ae:72:3f:ca:3b:78:15:f3:82:97:
                    27:a8:24:2f:e5:08:d6:d5:31:bc:bf:29:35:bf:49:
                    be:c9:26:df:9d:f9:1a:e7:32:ca:f3:c8:57:e4:d7:
                    92:09:23:ba:26:55:b6:cd:ad:49:1f:64:af:87:b4:
                    07:4f:bc:57:f0:ae:97:a8:25:7b:a3:83:2e:0f:c7:
                    a7:e9:9a:e5:94:ad:77:64:61:61:14:74:14:47:56:
                    48:3c:9e:20:10:68:09:81:90:e3:54:a8:69:3d:bc:
                    c1:9d:7a:90:e5:90:94:33:0b:2c:bd:aa:01:9b:e3:
                    57:43:8d:c0:01:a8:cf:f0:60:1f:e3:9e:6e:a2:95:
                    d7:74:5f:e9:50:fe:7b:32:4b:24:86:11:be:41:4a:
                    17:c2:da:91:c1:94:b1:ba:f5:8c:b8:f8:bd:50:f9:
                    49:be:4c:cc:22:1a:5c:da:58:d0:4f:f9:ce:b1:85:
                    ef:76:e1:2a:e9:f1:90:49:6d:0d:3d:0c:f4:1b:63:
                    16:ab:a6:5a:4f:e7:a6:b0:79:da:2d:1f:c2:32:b4:
                    7d:1c:9f:ef:01:1f:b5:4d:e7:6a:54:63:94:88:b6:
                    89:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C4:7B:CC:78:54:98:2E:AB:49:AC:6D:B6:96:24:F5:EB:90:22:29
            X509v3 Authority Key Identifier:
                keyid:6A:01:6D:AD:27:30:47:B1:88:86:69:14:85:DE:DD:97:17:1C:4D:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/agFtrScwR7GIhmkUhd7dlxccTWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/45c9ad-c4a7-4652-aad3-c952804932c2/1/WcR7zHhUmC6rSaxttpYk9euQIik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/45c9ad-c4a7-4652-aad3-c952804932c2/1/agFtrScwR7GIhmkUhd7dlxccTWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.164.0-194.1.166.255

    Signature Algorithm: sha256WithRSAEncryption
         d9:f5:43:0c:6e:27:23:83:ef:5c:c9:80:04:96:46:94:ce:db:
         41:20:40:f8:0c:ed:16:c4:bf:61:43:03:dc:42:bc:7a:2e:34:
         42:03:65:7a:d4:c8:73:74:45:8f:46:8e:ff:45:0b:04:19:ea:
         4c:81:a9:19:59:57:84:77:07:84:dc:39:ff:18:54:47:a4:d6:
         77:e7:35:5c:0e:9d:2f:8f:4d:80:68:ab:b3:3d:25:8a:4b:65:
         2d:a6:0f:1d:76:5a:04:68:8f:d6:22:d4:1c:3f:0a:b7:76:54:
         3f:e5:45:02:e7:b3:1f:84:79:50:37:d9:48:76:6e:18:d4:95:
         ba:2c:e5:32:cb:73:bc:0f:ee:6e:12:5f:f1:66:33:28:5b:fd:
         19:d6:47:46:18:17:11:75:de:17:99:56:0a:4a:11:65:c4:f0:
         80:1f:65:3a:39:15:c1:1e:82:11:ef:c1:93:cd:06:76:61:c3:
         b8:6b:92:95:aa:aa:9f:52:d7:42:7e:ae:2d:9c:43:67:c6:c2:
         36:1e:13:ac:c1:1e:a1:eb:3a:51:b3:3c:88:7c:f2:9d:29:ce:
         29:25:48:e9:25:97:f9:b1:d7:4a:b7:40:df:10:d9:fd:68:1d:
         4f:63:28:a4:67:91:8f:23:1f:cc:66:b8:df:1c:e3:ab:d4:4e:
         6a:01:a4:ba
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI3kZNpeza159q3kwa44ZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMDE2ZGFkMjczMDQ3YjE4ODg2NjkxNDg1ZGVkZDk3MTcx
YzRkNjgwHhcNMjQwMTAyMDYzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWM0N2JjYzc4NTQ5ODJlYWI0OWFjNmRiNjk2MjRmNWViOTAyMjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtURc9kWwWy3YVamp61y0jFuX7OMT
x8fyCxRMccaBCdBdfK5yP8o7eBXzgpcnqCQv5QjW1TG8vyk1v0m+ySbfnfka5zLK
88hX5NeSCSO6JlW2za1JH2Svh7QHT7xX8K6XqCV7o4MuD8en6ZrllK13ZGFhFHQU
R1ZIPJ4gEGgJgZDjVKhpPbzBnXqQ5ZCUMwssvaoBm+NXQ43AAajP8GAf455uopXX
dF/pUP57MkskhhG+QUoXwtqRwZSxuvWMuPi9UPlJvkzMIhpc2ljQT/nOsYXvduEq
6fGQSW0NPQz0G2MWq6ZaT+emsHnaLR/CMrR9HJ/vAR+1TedqVGOUiLaJDwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFnEe8x4VJguq0msbbaWJPXrkCIpMB8GA1UdIwQY
MBaAFGoBba0nMEexiIZpFIXe3ZcXHE1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWdGdHJTY3dSN0dJaG1rVWhkN2RseGNjVFdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NWM5YWQtYzRhNy00NjUyLWFhZDMt
Yzk1MjgwNDkzMmMyLzEvV2NSN3pIaFVtQzZyU2F4dHRwWWs5ZXVRSWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NWM5YWQtYzRhNy00NjUyLWFhZDMtYzk1MjgwNDkzMmMy
LzEvYWdGdHJTY3dSN0dJaG1rVWhkN2RseGNjVFdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALCAaQD
BADCAaYwDQYJKoZIhvcNAQELBQADggEBANn1QwxuJyOD71zJgASWRpTO20EgQPgM
7RbEv2FDA9xCvHouNEIDZXrUyHN0RY9Gjv9FCwQZ6kyBqRlZV4R3B4TcOf8YVEek
1nfnNVwOnS+PTYBoq7M9JYpLZS2mDx12WgRoj9Yi1Bw/Crd2VD/lRQLnsx+EeVA3
2Uh2bhjUlbos5TLLc7wP7m4SX/FmMyhb/RnWR0YYFxF13heZVgpKEWXE8IAfZTo5
FcEeghHvwZPNBnZhw7hrkpWqqp9S10J+ri2cQ2fGwjYeE6zBHqHrOlGzPIh88p0p
ziklSOkll/mx10q3QN8Q2f1oHU9jKKRnkY8jH8xmuN8c46vUTmoBpLo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:43:10 2024 by rpki-client on console-fra.rpki-client.org