Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/WF8c-GyDpaWF6fN0Zw-fBXDUoPg.roa
File:                     WF8c-GyDpaWF6fN0Zw-fBXDUoPg.roa (raw, json)
Hash identifier:          0vTTSB5mBZPYbST31/2xJZbiivnSMtuI4xW3GRgPSfI=
Subject key identifier:   58:5F:1C:F8:6C:83:A5:A5:85:E9:F3:74:67:0F:9F:05:70:D4:A0:F8
Certificate issuer:       /CN=b1bc850d17ca6d3c7b4d00e501e2d356f08a585e
Certificate serial:       018CC4251A8EC16C2928BB8B73F8878764AF
Authority key identifier: B1:BC:85:0D:17:CA:6D:3C:7B:4D:00:E5:01:E2:D3:56:F0:8A:58:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sbyFDRfKbTx7TQDlAeLTVvCKWF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/WF8c-GyDpaWF6fN0Zw-fBXDUoPg.roa
Signing time:             Mon 01 Jan 2024 08:30:15 +0000
ROA not before:           Mon 01 Jan 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     27281
IP address blocks:        91.228.74.0/24 maxlen: 24
                          91.228.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/sbyFDRfKbTx7TQDlAeLTVvCKWF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/sbyFDRfKbTx7TQDlAeLTVvCKWF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sbyFDRfKbTx7TQDlAeLTVvCKWF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1a:8e:c1:6c:29:28:bb:8b:73:f8:87:87:64:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1bc850d17ca6d3c7b4d00e501e2d356f08a585e
        Validity
            Not Before: Jan  1 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=585f1cf86c83a5a585e9f374670f9f0570d4a0f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:10:50:33:4b:3f:4f:18:d5:02:ba:4a:70:fe:
                    7b:cb:86:74:f9:c0:a2:af:3e:42:eb:c0:90:f5:da:
                    24:d4:20:54:32:ac:70:84:ea:03:4e:46:04:07:ed:
                    bf:ac:0d:63:cb:b6:65:db:98:8a:ec:bb:86:b2:0b:
                    d1:8f:49:d0:fc:65:47:6a:e4:91:15:ea:a4:0d:27:
                    8f:4d:90:8f:28:c1:3d:72:c4:e2:ae:dd:f8:cb:34:
                    56:ad:b2:98:e6:67:17:96:03:c0:af:9c:24:2b:49:
                    f7:29:94:59:5e:6d:1e:86:c3:91:15:8f:81:39:6d:
                    ff:2a:fd:3a:e3:20:f7:64:fd:e2:33:f5:ce:95:f5:
                    15:5a:9a:aa:e1:92:9e:f7:f6:d0:e5:23:4a:0d:3f:
                    96:1b:06:8f:60:81:50:e4:f7:96:87:d2:b6:a5:d8:
                    83:03:23:be:0d:e3:3b:81:42:45:21:ab:c7:51:13:
                    42:a6:86:3c:5a:50:8d:36:92:39:1a:fd:f0:04:3f:
                    ef:e4:e5:07:d5:86:ea:5d:3f:dd:76:45:19:3d:64:
                    d9:bf:a0:27:e0:68:f7:a5:91:42:23:80:d6:e4:3d:
                    01:d4:3b:ea:60:46:c6:6e:a7:88:56:19:42:1e:3d:
                    ad:8a:5b:ae:70:0a:aa:cc:b3:b6:0c:4d:db:32:9a:
                    25:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:5F:1C:F8:6C:83:A5:A5:85:E9:F3:74:67:0F:9F:05:70:D4:A0:F8
            X509v3 Authority Key Identifier:
                keyid:B1:BC:85:0D:17:CA:6D:3C:7B:4D:00:E5:01:E2:D3:56:F0:8A:58:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sbyFDRfKbTx7TQDlAeLTVvCKWF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/WF8c-GyDpaWF6fN0Zw-fBXDUoPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/sbyFDRfKbTx7TQDlAeLTVvCKWF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:54:9e:30:4b:ae:11:c0:e6:3e:6b:66:1a:24:68:37:6a:56:
         d2:27:44:aa:e2:03:aa:66:d4:cd:3c:6e:8e:7e:f3:f0:fc:ce:
         a8:ad:c1:ee:d1:62:89:7f:36:04:f7:08:24:d7:c2:94:de:f3:
         de:d7:a1:41:47:34:0b:53:2d:3b:c7:af:2b:43:0f:8a:f9:8b:
         33:9a:dc:28:4c:10:ba:0e:77:05:f5:43:2e:a5:e9:d5:ae:b2:
         9a:5e:b5:5d:57:2c:75:1c:71:a6:0e:54:35:7a:9f:2b:43:0c:
         7e:72:d9:5b:be:16:11:db:58:2f:2c:d2:79:77:31:94:d2:46:
         2a:4e:2b:8f:1c:e9:26:3a:60:b6:c5:e0:0e:89:ce:a2:26:8f:
         9d:23:d3:64:f4:25:3d:53:3b:db:a4:6f:27:40:88:06:0c:1e:
         a6:30:a2:d0:f1:c4:a4:5e:ce:ea:b6:02:da:f1:41:c4:93:d4:
         da:74:3c:52:8e:91:00:45:40:d6:d7:27:bd:be:8c:45:6d:d4:
         a6:1b:ac:3e:8f:fd:37:73:95:f8:3a:18:7b:3a:5a:eb:5f:83:
         a2:98:30:49:9c:08:11:45:04:76:34:57:3f:c4:62:e4:d9:bc:
         db:47:35:9a:95:6e:6b:b9:f8:8f:35:f5:62:47:bd:ff:3e:60:
         d5:29:64:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRqOwWwpKLuLc/iHh2SvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYmM4NTBkMTdjYTZkM2M3YjRkMDBlNTAxZTJkMzU2ZjA4
YTU4NWUwHhcNMjQwMTAxMDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODVmMWNmODZjODNhNWE1ODVlOWYzNzQ2NzBmOWYwNTcwZDRhMGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihBQM0s/TxjVArpKcP57y4Z0+cCi
rz5C68CQ9dok1CBUMqxwhOoDTkYEB+2/rA1jy7Zl25iK7LuGsgvRj0nQ/GVHauSR
FeqkDSePTZCPKME9csTirt34yzRWrbKY5mcXlgPAr5wkK0n3KZRZXm0ehsORFY+B
OW3/Kv064yD3ZP3iM/XOlfUVWpqq4ZKe9/bQ5SNKDT+WGwaPYIFQ5PeWh9K2pdiD
AyO+DeM7gUJFIavHURNCpoY8WlCNNpI5Gv3wBD/v5OUH1YbqXT/ddkUZPWTZv6An
4Gj3pZFCI4DW5D0B1DvqYEbGbqeIVhlCHj2tiluucAqqzLO2DE3bMpolrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhfHPhsg6WlhenzdGcPnwVw1KD4MB8GA1UdIwQY
MBaAFLG8hQ0Xym08e00A5QHi01bwilheMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2J5RkRSZktiVHg3VFFEbEFlTFRWdkNLV0Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC84YWEwMmQtOTRjOC00Njc4LTkyYWMt
MTdmYjRmZmI5ZmFkLzEvV0Y4Yy1HeURwYVdGNmZOMFp3LWZCWERVb1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC84YWEwMmQtOTRjOC00Njc4LTkyYWMtMTdmYjRmZmI5ZmFk
LzEvc2J5RkRSZktiVHg3VFFEbEFlTFRWdkNLV0Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+RIMA0G
CSqGSIb3DQEBCwUAA4IBAQBcVJ4wS64RwOY+a2YaJGg3albSJ0Sq4gOqZtTNPG6O
fvPw/M6orcHu0WKJfzYE9wgk18KU3vPe16FBRzQLUy07x68rQw+K+YszmtwoTBC6
DncF9UMupenVrrKaXrVdVyx1HHGmDlQ1ep8rQwx+ctlbvhYR21gvLNJ5dzGU0kYq
TiuPHOkmOmC2xeAOic6iJo+dI9Nk9CU9UzvbpG8nQIgGDB6mMKLQ8cSkXs7qtgLa
8UHEk9TadDxSjpEARUDW1ye9voxFbdSmG6w+j/03c5X4Ohh7OlrrX4OimDBJnAgR
RQR2NFc/xGLk2bzbRzWalW5rufiPNfViR73/PmDVKWQN
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:56:10 2024 by rpki-client on console-ams.rpki-client.org