Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/45d3f3-7eca-4c14-aaf7-15b39134c41e/1/wQ8lKiM-P3Cl5D066iucEUjsiQk.roa
File:                     wQ8lKiM-P3Cl5D066iucEUjsiQk.roa (raw, json)
Hash identifier:          swJBKwGrDpp+RPL+AhUpmfuC+tf/QNWqv2Lroz0GeOo=
Subject key identifier:   C1:0F:25:2A:23:3E:3F:70:A5:E4:3D:3A:EA:2B:9C:11:48:EC:89:09
Certificate issuer:       /CN=e1c838891b51e067ea2ebf9a44d9680148562e96
Certificate serial:       018CC6B80890B8E1CD2BB1EA12B6BF289F78
Authority key identifier: E1:C8:38:89:1B:51:E0:67:EA:2E:BF:9A:44:D9:68:01:48:56:2E:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4cg4iRtR4GfqLr-aRNloAUhWLpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/45d3f3-7eca-4c14-aaf7-15b39134c41e/1/wQ8lKiM-P3Cl5D066iucEUjsiQk.roa
Signing time:             Mon 01 Jan 2024 20:29:58 +0000
ROA not before:           Mon 01 Jan 2024 20:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31087
IP address blocks:        185.97.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/45d3f3-7eca-4c14-aaf7-15b39134c41e/1/4cg4iRtR4GfqLr-aRNloAUhWLpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/45d3f3-7eca-4c14-aaf7-15b39134c41e/1/4cg4iRtR4GfqLr-aRNloAUhWLpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4cg4iRtR4GfqLr-aRNloAUhWLpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:08:90:b8:e1:cd:2b:b1:ea:12:b6:bf:28:9f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1c838891b51e067ea2ebf9a44d9680148562e96
        Validity
            Not Before: Jan  1 20:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c10f252a233e3f70a5e43d3aea2b9c1148ec8909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4f:a6:ed:83:e0:01:48:1e:8c:a6:35:16:4f:
                    3c:f2:3d:9f:09:a9:2b:a4:83:9f:5f:bf:c6:ea:e6:
                    78:7d:54:f5:cb:77:3e:e2:75:e2:e9:17:9e:ba:96:
                    e5:83:9a:a2:f2:2b:e4:da:54:37:f2:a3:55:7c:c5:
                    80:b5:d6:7a:4a:54:7c:5b:38:05:e5:ac:08:45:1d:
                    fc:21:44:df:8a:c0:55:a6:eb:da:b4:70:67:d5:6d:
                    5e:81:47:e7:3b:5e:f0:ce:00:eb:fc:89:60:02:77:
                    69:5d:11:6b:1a:89:16:1a:68:9c:bb:a0:78:42:00:
                    65:e3:8d:ed:ca:b6:5e:0a:8d:99:60:87:99:cf:3a:
                    96:81:8b:4a:e4:df:52:45:33:07:cc:50:38:df:1a:
                    46:d8:b8:7c:13:38:37:72:37:4b:a0:a9:38:a5:dd:
                    1a:fc:57:1a:1a:3d:e1:e6:da:d5:eb:a0:c1:19:66:
                    16:4e:5c:5b:6c:d0:22:b2:ee:8b:86:9a:dc:fd:ed:
                    39:df:59:a7:94:56:e7:05:43:ce:20:da:6d:35:a6:
                    87:24:89:49:21:b5:5d:10:cc:8d:e8:1a:ad:36:58:
                    d5:a4:76:ec:e6:04:68:3c:ee:17:00:e4:69:f2:1e:
                    3f:7a:7f:f0:b2:10:e7:48:fb:d3:01:b7:e8:5d:94:
                    a8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:0F:25:2A:23:3E:3F:70:A5:E4:3D:3A:EA:2B:9C:11:48:EC:89:09
            X509v3 Authority Key Identifier:
                keyid:E1:C8:38:89:1B:51:E0:67:EA:2E:BF:9A:44:D9:68:01:48:56:2E:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4cg4iRtR4GfqLr-aRNloAUhWLpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/45d3f3-7eca-4c14-aaf7-15b39134c41e/1/wQ8lKiM-P3Cl5D066iucEUjsiQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/45d3f3-7eca-4c14-aaf7-15b39134c41e/1/4cg4iRtR4GfqLr-aRNloAUhWLpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d9:98:ee:85:fb:51:9d:14:24:0b:30:d4:18:6e:97:d8:de:99:
         8c:9f:3a:74:89:35:5a:7f:a9:6b:83:c0:39:8c:61:b7:14:7c:
         01:3e:62:f6:16:a1:a3:65:78:c8:6d:cc:e4:96:53:9c:05:0b:
         c6:67:9f:c5:69:42:2f:1c:02:de:b1:b2:d5:89:8b:21:e4:86:
         90:b9:5d:3d:d0:73:3f:8d:a0:5a:83:de:e1:cb:be:4d:8d:ec:
         e4:c4:d0:83:98:03:c1:f5:fa:08:09:a0:b1:d8:06:27:45:d0:
         79:e8:96:73:fa:45:d8:3f:0f:9e:4e:94:3e:8f:e9:98:c9:cb:
         c0:86:24:04:74:01:d8:e2:b9:10:84:c1:6d:1d:3d:56:4b:4a:
         0d:15:43:39:5d:cd:89:8c:e2:cd:df:ac:e5:78:7a:68:af:67:
         69:b5:95:fd:93:fe:22:44:3a:09:5b:86:43:b1:5d:3c:94:c1:
         f1:d6:39:4a:5b:06:c0:f1:9a:46:05:d1:21:d7:bc:61:d5:3e:
         e4:ec:94:ae:b3:66:56:79:01:1a:91:a3:e9:65:ef:8f:6a:4e:
         16:b7:43:71:93:d6:36:67:71:85:6e:c1:a4:70:f1:3d:14:9a:
         88:61:69:db:68:79:53:e0:97:37:29:c4:29:70:68:5c:51:42:
         7c:91:a9:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuAiQuOHNK7HqEra/KJ94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYzgzODg5MWI1MWUwNjdlYTJlYmY5YTQ0ZDk2ODAxNDg1
NjJlOTYwHhcNMjQwMTAxMjAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTBmMjUyYTIzM2UzZjcwYTVlNDNkM2FlYTJiOWMxMTQ4ZWM4OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhU+m7YPgAUgejKY1Fk888j2fCakr
pIOfX7/G6uZ4fVT1y3c+4nXi6Reeupblg5qi8ivk2lQ38qNVfMWAtdZ6SlR8WzgF
5awIRR38IUTfisBVpuvatHBn1W1egUfnO17wzgDr/IlgAndpXRFrGokWGmicu6B4
QgBl443tyrZeCo2ZYIeZzzqWgYtK5N9SRTMHzFA43xpG2Lh8Ezg3cjdLoKk4pd0a
/FcaGj3h5trV66DBGWYWTlxbbNAisu6Lhprc/e0531mnlFbnBUPOINptNaaHJIlJ
IbVdEMyN6BqtNljVpHbs5gRoPO4XAORp8h4/en/wshDnSPvTAbfoXZSoVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEPJSojPj9wpeQ9OuornBFI7IkJMB8GA1UdIwQY
MBaAFOHIOIkbUeBn6i6/mkTZaAFIVi6WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGNnNGlSdFI0R2ZxTHItYVJObG9BVWhXTHBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80NWQzZjMtN2VjYS00YzE0LWFhZjct
MTViMzkxMzRjNDFlLzEvd1E4bEtpTS1QM0NsNUQwNjZpdWNFVWpzaVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80NWQzZjMtN2VjYS00YzE0LWFhZjctMTViMzkxMzRjNDFl
LzEvNGNnNGlSdFI0R2ZxTHItYVJObG9BVWhXTHBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWHcMA0G
CSqGSIb3DQEBCwUAA4IBAQDZmO6F+1GdFCQLMNQYbpfY3pmMnzp0iTVaf6lrg8A5
jGG3FHwBPmL2FqGjZXjIbczkllOcBQvGZ5/FaUIvHALesbLViYsh5IaQuV090HM/
jaBag97hy75NjezkxNCDmAPB9foICaCx2AYnRdB56JZz+kXYPw+eTpQ+j+mYycvA
hiQEdAHY4rkQhMFtHT1WS0oNFUM5Xc2JjOLN36zleHpor2dptZX9k/4iRDoJW4ZD
sV08lMHx1jlKWwbA8ZpGBdEh17xh1T7k7JSus2ZWeQEakaPpZe+Pak4Wt0Nxk9Y2
Z3GFbsGkcPE9FJqIYWnbaHlT4Jc3KcQpcGhcUUJ8kalx
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:36:06 2024 by rpki-client on console-fra.rpki-client.org