Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a18a97-8fc7-4955-87af-0bcfc532933c/1/wrclbfr42kPGJVoASwhBNH-_0yI.roa
File:                     wrclbfr42kPGJVoASwhBNH-_0yI.roa (raw, json)
Hash identifier:          Z8DXKYHH7JGxVJ4DbjS4/aAjH7Bqj7lKEhjT62UpBEA=
Subject key identifier:   C2:B7:25:6D:FA:F8:DA:43:C6:25:5A:00:4B:08:41:34:7F:BF:D3:22
Certificate issuer:       /CN=f26920bbd7fb70ef5dbcf2d0fea202bd95765eba
Certificate serial:       018CC3B71B38FC3BCCDD1EBBC2ECDE6643EA
Authority key identifier: F2:69:20:BB:D7:FB:70:EF:5D:BC:F2:D0:FE:A2:02:BD:95:76:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8mkgu9f7cO9dvPLQ_qICvZV2Xro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a18a97-8fc7-4955-87af-0bcfc532933c/1/wrclbfr42kPGJVoASwhBNH-_0yI.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24929
IP address blocks:        45.66.140.0/22 maxlen: 24
                          83.175.168.0/22 maxlen: 24
                          109.232.240.0/24 maxlen: 24
                          194.54.24.0/22 maxlen: 22
                          2a0e:84c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a18a97-8fc7-4955-87af-0bcfc532933c/1/8mkgu9f7cO9dvPLQ_qICvZV2Xro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a18a97-8fc7-4955-87af-0bcfc532933c/1/8mkgu9f7cO9dvPLQ_qICvZV2Xro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8mkgu9f7cO9dvPLQ_qICvZV2Xro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1b:38:fc:3b:cc:dd:1e:bb:c2:ec:de:66:43:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f26920bbd7fb70ef5dbcf2d0fea202bd95765eba
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2b7256dfaf8da43c6255a004b0841347fbfd322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0f:91:11:fc:ae:e8:31:4d:a9:93:dd:d5:0f:
                    13:89:a1:30:e3:5a:6d:bc:1c:60:1b:e2:3f:ca:5e:
                    60:6b:b7:30:9d:61:e0:c4:f6:41:fe:0b:b0:e1:fb:
                    96:78:18:fd:56:72:89:42:f3:29:00:5e:b3:87:e1:
                    46:e3:cc:2d:89:9d:48:6e:be:21:ef:8a:fc:e1:bb:
                    2d:a3:52:7e:28:ec:84:7e:ea:0c:f0:87:b4:9c:a5:
                    70:61:36:36:d0:6e:ac:a9:bc:46:f7:aa:58:68:11:
                    bf:9c:63:83:89:f5:e0:82:e2:61:f9:1b:e5:09:04:
                    bc:c9:43:14:ac:4d:d9:b2:84:5a:d6:09:0c:f0:cd:
                    11:d3:79:2e:f7:e9:ab:4b:ff:50:59:a2:73:f8:12:
                    ac:f8:87:07:3c:a9:4a:05:e5:44:aa:e2:3e:af:e9:
                    7a:8c:19:53:39:ab:9f:24:cb:38:5c:f8:e8:13:0d:
                    38:e2:c7:3c:75:30:d8:7b:e4:30:cc:9c:66:54:71:
                    17:b3:12:cd:f0:9b:09:c9:ab:9e:0d:c2:8d:fe:f0:
                    80:e8:e2:ee:15:a2:cf:f9:d5:a3:5e:c3:c1:14:af:
                    e0:23:b2:86:94:77:0d:e0:af:91:4e:64:a7:c3:39:
                    0f:c6:60:c3:55:f2:47:c1:51:f1:5d:06:df:56:ac:
                    aa:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B7:25:6D:FA:F8:DA:43:C6:25:5A:00:4B:08:41:34:7F:BF:D3:22
            X509v3 Authority Key Identifier:
                keyid:F2:69:20:BB:D7:FB:70:EF:5D:BC:F2:D0:FE:A2:02:BD:95:76:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8mkgu9f7cO9dvPLQ_qICvZV2Xro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a18a97-8fc7-4955-87af-0bcfc532933c/1/wrclbfr42kPGJVoASwhBNH-_0yI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a18a97-8fc7-4955-87af-0bcfc532933c/1/8mkgu9f7cO9dvPLQ_qICvZV2Xro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.140.0/22
                  83.175.168.0/22
                  109.232.240.0/24
                  194.54.24.0/22
                IPv6:
                  2a0e:84c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:1e:5e:14:64:57:c4:4c:f6:51:4f:75:19:ad:9c:df:41:03:
         1e:13:61:2e:01:92:09:c0:5d:a0:eb:d7:e8:1b:e9:56:4e:40:
         75:7e:fa:54:7d:07:f8:b9:9f:db:c9:8d:ef:38:a4:9e:c9:65:
         45:26:ec:b3:25:1d:4d:f1:4e:30:67:2c:e5:98:a1:e1:cb:68:
         25:04:2b:e8:d3:6c:87:22:42:d6:12:75:4c:7c:e1:f7:99:cc:
         07:24:a5:b2:e3:b0:f3:c2:dc:a4:69:8d:8f:e6:31:e4:58:8e:
         97:83:cc:2b:55:23:16:9d:ea:c5:6a:f4:0a:6e:2e:87:22:1f:
         dd:39:e9:42:fc:c2:2a:d2:d4:63:ef:ff:ec:f8:e7:d9:69:84:
         9c:0b:1a:c0:aa:4b:13:07:69:08:dc:cf:6b:c2:2e:c7:93:64:
         ce:e5:6c:fb:29:ff:e6:ea:27:12:0c:3d:0a:eb:85:b4:08:f7:
         05:66:18:18:e9:05:24:a7:e6:67:3f:12:bc:c9:b1:42:f8:6b:
         1a:40:60:34:53:7d:d9:21:b9:37:93:dd:cc:82:0c:44:7b:a7:
         20:29:20:42:7f:7b:63:0c:9c:76:61:83:52:45:2c:ee:6a:ca:
         0e:c9:5a:1a:bf:54:c1:e4:50:81:9d:8e:52:2c:0b:50:c0:05:
         66:b0:39:2b
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzDtxs4/DvM3R67wuzeZkPqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNjkyMGJiZDdmYjcwZWY1ZGJjZjJkMGZlYTIwMmJkOTU3
NjVlYmEwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmI3MjU2ZGZhZjhkYTQzYzYyNTVhMDA0YjA4NDEzNDdmYmZkMzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg+REfyu6DFNqZPd1Q8TiaEw41pt
vBxgG+I/yl5ga7cwnWHgxPZB/guw4fuWeBj9VnKJQvMpAF6zh+FG48wtiZ1Ibr4h
74r84bsto1J+KOyEfuoM8Ie0nKVwYTY20G6sqbxG96pYaBG/nGODifXgguJh+Rvl
CQS8yUMUrE3ZsoRa1gkM8M0R03ku9+mrS/9QWaJz+BKs+IcHPKlKBeVEquI+r+l6
jBlTOaufJMs4XPjoEw044sc8dTDYe+QwzJxmVHEXsxLN8JsJyaueDcKN/vCA6OLu
FaLP+dWjXsPBFK/gI7KGlHcN4K+RTmSnwzkPxmDDVfJHwVHxXQbfVqyqbwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMK3JW36+NpDxiVaAEsIQTR/v9MiMB8GA1UdIwQY
MBaAFPJpILvX+3DvXbzy0P6iAr2Vdl66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG1rZ3U5ZjdjTzlkdlBMUV9xSUN2WlYyWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMThhOTctOGZjNy00OTU1LTg3YWYt
MGJjZmM1MzI5MzNjLzEvd3JjbGJmcjQya1BHSlZvQVN3aEJOSC1fMHlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMThhOTctOGZjNy00OTU1LTg3YWYtMGJjZmM1MzI5MzNj
LzEvOG1rZ3U5ZjdjTzlkdlBMUV9xSUN2WlYyWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCLUKMAwQC
U6+oAwQAbejwAwQCwjYYMA0EAgACMAcDBQAqDoTAMA0GCSqGSIb3DQEBCwUAA4IB
AQB+Hl4UZFfETPZRT3UZrZzfQQMeE2EuAZIJwF2g69foG+lWTkB1fvpUfQf4uZ/b
yY3vOKSeyWVFJuyzJR1N8U4wZyzlmKHhy2glBCvo02yHIkLWEnVMfOH3mcwHJKWy
47DzwtykaY2P5jHkWI6Xg8wrVSMWnerFavQKbi6HIh/dOelC/MIq0tRj7//s+OfZ
aYScCxrAqksTB2kI3M9rwi7Hk2TO5Wz7Kf/m6icSDD0K64W0CPcFZhgY6QUkp+Zn
PxK8ybFC+GsaQGA0U33ZIbk3k93MggxEe6cgKSBCf3tjDJx2YYNSRSzuasoOyVoa
v1TB5FCBnY5SLAtQwAVmsDkr
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:52:20 2024 by rpki-client on console-fra.rpki-client.org