Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/GWot3od0uNOJoc4Wlxhdb5oOVj4.roa
File:                     GWot3od0uNOJoc4Wlxhdb5oOVj4.roa (raw, json)
Hash identifier:          /7R0Yx9S+b2aeUAvnl4vWcTsoI3M1TP22KHwlW4BilI=
Subject key identifier:   19:6A:2D:DE:87:74:B8:D3:89:A1:CE:16:97:18:5D:6F:9A:0E:56:3E
Certificate issuer:       /CN=c66a5f2b468db35eb562bd37e1f36ecea813ccac
Certificate serial:       018CC348F352919A46EA23FDB9C32868FE6D
Authority key identifier: C6:6A:5F:2B:46:8D:B3:5E:B5:62:BD:37:E1:F3:6E:CE:A8:13:CC:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmpfK0aNs161Yr034fNuzqgTzKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/GWot3od0uNOJoc4Wlxhdb5oOVj4.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41670
IP address blocks:        185.110.204.0/22 maxlen: 22
                          89.248.240.0/20 maxlen: 20
                          2a01:168::/29 maxlen: 29
                          2a01:168::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/xmpfK0aNs161Yr034fNuzqgTzKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/xmpfK0aNs161Yr034fNuzqgTzKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmpfK0aNs161Yr034fNuzqgTzKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f3:52:91:9a:46:ea:23:fd:b9:c3:28:68:fe:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66a5f2b468db35eb562bd37e1f36ecea813ccac
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=196a2dde8774b8d389a1ce1697185d6f9a0e563e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0e:9b:dd:60:bd:05:dc:0d:03:ad:37:ab:58:
                    00:21:d0:43:ef:04:28:7e:cd:94:cd:89:ca:a7:6d:
                    fa:92:a7:d0:d7:c6:4e:46:bc:7d:b8:56:ea:6a:c6:
                    c1:db:ab:c3:16:04:24:f4:c0:42:6b:10:9e:9e:22:
                    5a:aa:fa:1c:1c:c0:2b:43:2f:d5:69:5a:be:e5:50:
                    07:b9:99:54:43:2c:2d:01:74:f1:c9:6c:2b:c8:09:
                    57:2b:42:47:89:a2:64:c2:30:31:74:13:19:e7:5b:
                    2c:1d:b2:6c:77:ae:2a:c3:f0:64:39:73:91:f7:7c:
                    93:0f:13:7e:bb:09:ac:68:2a:03:62:18:90:01:9f:
                    5c:f1:06:d8:d8:ca:d3:74:09:66:d8:b3:33:1d:aa:
                    f6:b7:bd:a0:bb:7a:1a:4c:cf:a3:fa:90:07:16:15:
                    30:dc:fa:2f:d0:eb:cf:f6:79:b4:79:f2:8f:f8:8e:
                    ab:df:ab:df:c3:14:60:30:2d:75:72:42:ff:40:a0:
                    8c:8f:5d:32:b7:58:66:24:20:a2:42:e3:7f:d4:4c:
                    26:7b:57:65:eb:f0:3e:35:ac:32:80:53:12:2d:75:
                    6c:29:c1:fc:66:06:95:e5:41:18:49:de:00:ce:bc:
                    85:49:28:a5:3b:cb:f6:f8:70:cf:1d:a4:ab:59:6b:
                    63:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:6A:2D:DE:87:74:B8:D3:89:A1:CE:16:97:18:5D:6F:9A:0E:56:3E
            X509v3 Authority Key Identifier:
                keyid:C6:6A:5F:2B:46:8D:B3:5E:B5:62:BD:37:E1:F3:6E:CE:A8:13:CC:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmpfK0aNs161Yr034fNuzqgTzKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/GWot3od0uNOJoc4Wlxhdb5oOVj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/531a4c-6521-4ef9-8878-31f4cc12d620/1/xmpfK0aNs161Yr034fNuzqgTzKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.248.240.0/20
                  185.110.204.0/22
                IPv6:
                  2a01:168::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:e6:b3:49:e5:fb:72:70:ae:43:d7:78:e5:1a:51:69:1e:c7:
         5c:91:fe:cd:8e:25:4a:b8:c4:f5:29:03:19:2b:98:56:60:74:
         fa:3b:62:a1:db:cd:fc:2c:30:26:a5:6c:30:2d:c5:19:4d:46:
         6f:fb:e5:88:e5:70:0d:91:c2:bb:99:77:b8:76:ec:c6:fd:6a:
         93:99:77:4c:0b:8e:0a:5a:ba:08:e8:c3:58:66:c0:dc:5e:72:
         49:75:48:48:e6:85:30:7a:bc:1b:0f:24:aa:5e:4e:c4:5b:5f:
         00:fe:73:b5:4e:7b:82:73:67:e4:2e:69:72:05:86:f7:54:b2:
         c0:ba:d8:78:31:07:27:e0:6e:09:5e:ee:ad:14:52:a4:c4:1d:
         ed:19:ed:25:88:0c:71:76:e4:1f:bc:59:ae:14:8c:01:47:ca:
         91:5b:a9:c9:6e:fb:19:1b:ce:90:10:94:b8:a5:84:5c:a7:8c:
         76:e0:ac:7f:42:19:c3:75:93:df:54:7c:a4:4d:63:45:76:7a:
         38:6a:a7:1a:54:22:17:de:ee:8a:5f:20:41:3e:84:42:84:d1:
         65:6d:04:8f:81:9e:1f:28:d8:09:ee:24:ea:2c:17:ad:7a:73:
         75:59:9c:63:46:28:4d:97:32:9a:3a:88:0b:63:8b:a1:5f:0e:
         02:90:23:e0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSPNSkZpG6iP9ucMoaP5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmE1ZjJiNDY4ZGIzNWViNTYyYmQzN2UxZjM2ZWNlYTgx
M2NjYWMwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTZhMmRkZTg3NzRiOGQzODlhMWNlMTY5NzE4NWQ2ZjlhMGU1NjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA6b3WC9BdwNA603q1gAIdBD7wQo
fs2UzYnKp236kqfQ18ZORrx9uFbqasbB26vDFgQk9MBCaxCeniJaqvocHMArQy/V
aVq+5VAHuZlUQywtAXTxyWwryAlXK0JHiaJkwjAxdBMZ51ssHbJsd64qw/BkOXOR
93yTDxN+uwmsaCoDYhiQAZ9c8QbY2MrTdAlm2LMzHar2t72gu3oaTM+j+pAHFhUw
3Pov0OvP9nm0efKP+I6r36vfwxRgMC11ckL/QKCMj10yt1hmJCCiQuN/1Ewme1dl
6/A+NawygFMSLXVsKcH8ZgaV5UEYSd4AzryFSSilO8v2+HDPHaSrWWtjtQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBlqLd6HdLjTiaHOFpcYXW+aDlY+MB8GA1UdIwQY
MBaAFMZqXytGjbNetWK9N+Hzbs6oE8ysMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1wZkswYU5zMTYxWXIwMzRmTnV6cWdUekt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS81MzFhNGMtNjUyMS00ZWY5LTg4Nzgt
MzFmNGNjMTJkNjIwLzEvR1dvdDNvZDB1Tk9Kb2M0V2x4aGRiNW9PVmo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS81MzFhNGMtNjUyMS00ZWY5LTg4NzgtMzFmNGNjMTJkNjIw
LzEveG1wZkswYU5zMTYxWXIwMzRmTnV6cWdUekt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEWfjwAwQC
uW7MMA0EAgACMAcDBQMqAQFoMA0GCSqGSIb3DQEBCwUAA4IBAQCa5rNJ5ftycK5D
13jlGlFpHsdckf7NjiVKuMT1KQMZK5hWYHT6O2Kh2838LDAmpWwwLcUZTUZv++WI
5XANkcK7mXe4duzG/WqTmXdMC44KWroI6MNYZsDcXnJJdUhI5oUwerwbDySqXk7E
W18A/nO1TnuCc2fkLmlyBYb3VLLAuth4MQcn4G4JXu6tFFKkxB3tGe0liAxxduQf
vFmuFIwBR8qRW6nJbvsZG86QEJS4pYRcp4x24Kx/QhnDdZPfVHykTWNFdno4aqca
VCIX3u6KXyBBPoRChNFlbQSPgZ4fKNgJ7iTqLBetenN1WZxjRihNlzKaOogLY4uh
Xw4CkCPg
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:58:00 2024 by rpki-client on console-fra.rpki-client.org