Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/WIx3-BTiKtrwsKB5Nki7rVsZcR4.roa
File:                     WIx3-BTiKtrwsKB5Nki7rVsZcR4.roa (raw, json)
Hash identifier:          59/rPMkhxtEUbCJt8I6xGp592sfWtFMo/ZfHVO09raU=
Subject key identifier:   58:8C:77:F8:14:E2:2A:DA:F0:B0:A0:79:36:48:BB:AD:5B:19:71:1E
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D56E3BE8578C5E99A8FFBBF5F9390
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/WIx3-BTiKtrwsKB5Nki7rVsZcR4.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39163
IP address blocks:        213.91.197.0/24 maxlen: 24
                          95.43.201.0/24 maxlen: 24
                          62.176.120.0/24 maxlen: 24
                          95.43.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Nov 2024 16:12:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:56:e3:be:85:78:c5:e9:9a:8f:fb:bf:5f:93:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=588c77f814e22adaf0b0a0793648bbad5b19711e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ab:20:41:ee:91:df:ad:14:0a:00:57:15:61:
                    10:95:fe:0f:5b:ae:42:8b:26:24:b4:cf:44:ca:ab:
                    f8:92:20:2f:73:3f:13:42:52:71:7c:91:49:c2:6f:
                    9a:27:71:41:53:af:d0:30:3e:35:f3:a5:5e:9e:60:
                    fd:c9:6e:aa:22:9b:1b:f3:14:2a:47:5c:04:ab:38:
                    e1:c2:38:8d:fe:bd:db:98:43:7a:59:ee:b5:db:93:
                    f0:52:c4:d6:70:ba:08:6f:1d:ba:40:76:71:3c:5e:
                    4c:b6:9a:38:ec:79:39:24:06:64:e7:e9:6a:89:e3:
                    25:c9:a1:c6:e7:3b:fa:b6:29:f9:3f:c5:f5:e3:23:
                    aa:4b:05:1b:85:5f:43:5d:ee:33:ac:76:77:3a:97:
                    86:b5:9a:a9:a1:d7:f4:21:12:9e:a8:4c:b5:fc:83:
                    f0:f0:06:8b:62:59:69:11:f6:3e:fe:b1:b4:e8:7c:
                    3d:d4:b5:9d:81:79:9b:cc:a5:b3:a6:e7:b9:2d:50:
                    a4:03:30:95:3c:35:e9:b3:01:c7:02:e8:18:b9:2b:
                    de:04:15:ae:3e:1b:0e:8e:d1:79:85:3e:57:07:0d:
                    3d:bf:87:f4:5c:1d:9d:44:e7:54:1d:42:aa:e8:6f:
                    54:bc:25:b7:c4:aa:f5:a7:43:10:ab:5b:ff:1a:13:
                    41:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:8C:77:F8:14:E2:2A:DA:F0:B0:A0:79:36:48:BB:AD:5B:19:71:1E
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/WIx3-BTiKtrwsKB5Nki7rVsZcR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.176.120.0/24
                  95.43.201.0/24
                  95.43.251.0/24
                  213.91.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:e2:87:a6:8c:20:91:88:c0:53:96:92:15:ed:ad:23:c8:08:
         b7:0e:91:ba:66:1d:35:96:31:cc:69:cd:aa:26:9a:ca:a6:2c:
         95:72:69:b7:42:2c:62:f3:d3:08:bf:2c:ac:15:f3:3f:91:38:
         00:c1:e6:65:49:6f:a0:8d:7b:ac:d8:f7:73:80:e2:99:8c:ac:
         45:4c:5c:a7:28:67:d0:6d:99:29:3d:dd:01:13:d1:a0:e4:0b:
         35:30:bf:c3:e4:47:3e:a3:0f:40:9a:86:d7:37:ac:ec:cf:51:
         f0:9b:e2:9b:b1:b7:b1:50:82:d8:83:f9:d3:ca:93:a1:c0:a6:
         42:c3:75:ba:c1:ea:68:d7:3a:d4:d2:44:86:98:74:4e:4a:9e:
         29:c2:f0:97:23:5a:b2:c2:68:25:63:e7:0e:21:e1:74:7c:5a:
         10:2a:73:53:e5:e2:55:24:67:bc:9c:ac:2a:0b:b7:73:43:13:
         b7:26:64:68:6b:0d:dd:7a:26:71:c6:e7:af:6a:fc:57:f1:03:
         97:ec:c8:bb:e5:6e:83:e0:2a:93:5c:cc:b7:4f:96:2b:2a:53:
         8b:46:4d:bd:27:a1:a0:50:a6:78:ab:73:52:f3:e2:51:36:52:
         81:47:b3:0e:7c:49:c5:9b:4e:bd:50:83:7d:bd:01:6a:1f:d9:
         4c:97:ff:eb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzCbVbjvoV4xemaj/u/X5OQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODhjNzdmODE0ZTIyYWRhZjBiMGEwNzkzNjQ4YmJhZDViMTk3MTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqsgQe6R360UCgBXFWEQlf4PW65C
iyYktM9Eyqv4kiAvcz8TQlJxfJFJwm+aJ3FBU6/QMD4186VenmD9yW6qIpsb8xQq
R1wEqzjhwjiN/r3bmEN6We6125PwUsTWcLoIbx26QHZxPF5Mtpo47Hk5JAZk5+lq
ieMlyaHG5zv6tin5P8X14yOqSwUbhV9DXe4zrHZ3OpeGtZqpodf0IRKeqEy1/IPw
8AaLYllpEfY+/rG06Hw91LWdgXmbzKWzpue5LVCkAzCVPDXpswHHAugYuSveBBWu
PhsOjtF5hT5XBw09v4f0XB2dROdUHUKq6G9UvCW3xKr1p0MQq1v/GhNBFwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFiMd/gU4ira8LCgeTZIu61bGXEeMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvV0l4My1CVGlLdHJ3c0tCNU5raTdyVnNaY1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAPrB4AwQA
XyvJAwQAXyv7AwQA1VvFMA0GCSqGSIb3DQEBCwUAA4IBAQBG4oemjCCRiMBTlpIV
7a0jyAi3DpG6Zh01ljHMac2qJprKpiyVcmm3Qixi89MIvyysFfM/kTgAweZlSW+g
jXus2PdzgOKZjKxFTFynKGfQbZkpPd0BE9Gg5As1ML/D5Ec+ow9AmobXN6zsz1Hw
m+KbsbexUILYg/nTypOhwKZCw3W6wepo1zrU0kSGmHROSp4pwvCXI1qywmglY+cO
IeF0fFoQKnNT5eJVJGe8nKwqC7dzQxO3JmRoaw3deiZxxuevavxX8QOX7Mi75W6D
4CqTXMy3T5YrKlOLRk29J6GgUKZ4q3NS8+JRNlKBR7MOfEnFm069UIN9vQFqH9lM
l//r
-----END CERTIFICATE-----
Generated at Fri Nov 1 00:16:34 2024 by rpki-client on console-ams.rpki-client.org