Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/WfIQB0-vnHx8WDsgjE7xlSkfR4w.roa
File:                     WfIQB0-vnHx8WDsgjE7xlSkfR4w.roa (raw, json)
Hash identifier:          LuzElB2cbFpJY0O/0PJxB6Pt2vyRIMaAHypUE/bRjsM=
Subject key identifier:   59:F2:10:07:4F:AF:9C:7C:7C:58:3B:20:8C:4E:F1:95:29:1F:47:8C
Certificate issuer:       /CN=b869ee66164d3cb41dbd2df5417817c32f4cea05
Certificate serial:       018CC34966DB14DC00923F6BFD359FC6E692
Authority key identifier: B8:69:EE:66:16:4D:3C:B4:1D:BD:2D:F5:41:78:17:C3:2F:4C:EA:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uGnuZhZNPLQdvS31QXgXwy9M6gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/WfIQB0-vnHx8WDsgjE7xlSkfR4w.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        185.114.192.0/24 maxlen: 24
                          185.114.195.0/24 maxlen: 24
                          185.114.193.0/24 maxlen: 24
                          185.114.194.0/24 maxlen: 24
                          185.19.92.0/24 maxlen: 24
                          185.19.93.0/24 maxlen: 24
                          185.19.95.0/24 maxlen: 24
                          185.19.94.0/24 maxlen: 24
                          185.59.29.0/24 maxlen: 24
                          185.59.30.0/24 maxlen: 24
                          185.59.28.0/24 maxlen: 24
                          185.59.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/uGnuZhZNPLQdvS31QXgXwy9M6gU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/uGnuZhZNPLQdvS31QXgXwy9M6gU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uGnuZhZNPLQdvS31QXgXwy9M6gU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:66:db:14:dc:00:92:3f:6b:fd:35:9f:c6:e6:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b869ee66164d3cb41dbd2df5417817c32f4cea05
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59f210074faf9c7c7c583b208c4ef195291f478c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:37:60:be:77:cd:dc:d7:f6:6a:78:46:07:97:
                    bc:22:40:12:9c:1e:87:9c:32:72:c9:f6:89:0a:f0:
                    7e:0d:5a:c5:46:cd:b5:e2:a5:a9:68:a6:63:64:a5:
                    36:c3:95:c9:75:5f:fe:f0:14:83:f5:be:29:d6:be:
                    e4:2c:8e:2b:a4:04:bb:8f:2e:3a:9a:59:12:55:77:
                    cf:89:89:94:f1:b9:b0:59:08:7c:27:50:1a:55:5a:
                    5a:d1:c2:01:fe:30:9e:1c:7a:5c:7f:3c:1c:9f:61:
                    7a:53:57:74:fb:d2:93:17:18:88:f2:b4:25:cf:e2:
                    e9:d7:9e:63:60:34:b8:ad:bb:c0:79:9b:60:d1:d5:
                    44:9c:6c:7c:96:c4:c1:81:03:09:5a:77:71:7f:f8:
                    4f:5e:e3:93:8f:a1:33:6e:a8:c2:0f:58:15:4d:03:
                    f3:04:a8:14:66:d8:66:f0:09:51:5e:86:cb:37:96:
                    ac:fe:10:fa:48:81:b3:f0:bb:ab:1a:87:9b:93:c2:
                    59:85:b2:f0:11:68:b8:f3:b2:ae:b0:4c:7e:80:cb:
                    57:5d:0f:9f:28:b9:6d:ee:94:5d:76:d2:74:e1:19:
                    ce:fa:5c:9c:72:90:f0:16:1d:1c:d1:03:2a:eb:91:
                    ad:81:b1:4d:cc:9c:0a:64:68:7d:11:8a:81:ea:20:
                    5a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F2:10:07:4F:AF:9C:7C:7C:58:3B:20:8C:4E:F1:95:29:1F:47:8C
            X509v3 Authority Key Identifier:
                keyid:B8:69:EE:66:16:4D:3C:B4:1D:BD:2D:F5:41:78:17:C3:2F:4C:EA:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGnuZhZNPLQdvS31QXgXwy9M6gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/WfIQB0-vnHx8WDsgjE7xlSkfR4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/uGnuZhZNPLQdvS31QXgXwy9M6gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.92.0/22
                  185.59.28.0/22
                  185.114.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bd:64:3b:33:43:1a:57:a8:e3:a3:d7:1d:3b:7e:9d:53:c8:52:
         10:52:59:05:c0:c8:1a:85:44:8a:58:de:f6:44:12:27:57:55:
         0a:10:27:a7:be:97:87:59:4d:1e:05:21:49:95:6b:22:1b:6e:
         55:69:34:54:19:86:cb:94:1f:53:88:c3:b3:0f:78:9f:7e:f5:
         cc:91:20:cf:a8:8d:9d:d7:1d:41:1d:09:9f:46:44:62:27:fd:
         54:59:74:b8:0e:16:a7:92:ca:5a:f7:1f:fb:a9:a4:35:d3:c7:
         82:ca:6d:a3:31:82:05:56:5a:65:fe:28:47:35:44:7e:b1:35:
         96:90:d7:dc:f8:4c:2c:61:99:d2:99:78:d4:85:cc:36:e2:23:
         9b:09:ce:52:9e:cb:33:28:18:b0:4f:51:b7:14:56:16:09:ea:
         07:64:64:db:9a:45:8e:68:32:2b:ce:86:e5:ba:e5:cb:c6:21:
         22:21:fd:04:38:98:de:78:0b:87:29:f6:aa:14:fb:a0:77:82:
         0c:9c:18:1d:b5:2b:c5:77:26:06:08:95:08:ba:c5:53:08:e7:
         16:fb:49:c9:b6:8a:5e:c4:e4:39:f3:7e:db:7e:5c:1d:56:61:
         ba:0b:bf:b0:ee:6f:95:23:79:35:02:30:50:1b:95:b2:ce:28:
         3f:9a:00:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSWbbFNwAkj9r/TWfxuaSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjllZTY2MTY0ZDNjYjQxZGJkMmRmNTQxNzgxN2MzMmY0
Y2VhMDUwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWYyMTAwNzRmYWY5YzdjN2M1ODNiMjA4YzRlZjE5NTI5MWY0NzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTdgvnfN3Nf2anhGB5e8IkASnB6H
nDJyyfaJCvB+DVrFRs214qWpaKZjZKU2w5XJdV/+8BSD9b4p1r7kLI4rpAS7jy46
mlkSVXfPiYmU8bmwWQh8J1AaVVpa0cIB/jCeHHpcfzwcn2F6U1d0+9KTFxiI8rQl
z+Lp155jYDS4rbvAeZtg0dVEnGx8lsTBgQMJWndxf/hPXuOTj6EzbqjCD1gVTQPz
BKgUZthm8AlRXobLN5as/hD6SIGz8LurGoebk8JZhbLwEWi487KusEx+gMtXXQ+f
KLlt7pRddtJ04RnO+lyccpDwFh0c0QMq65GtgbFNzJwKZGh9EYqB6iBafwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFnyEAdPr5x8fFg7IIxO8ZUpH0eMMB8GA1UdIwQY
MBaAFLhp7mYWTTy0Hb0t9UF4F8MvTOoFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdudVpoWk5QTFFkdlMzMVFYZ1h3eTlNNmdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xZDVlZTEtYWNjZi00NzRmLWE1ODkt
Y2QxZmE0ODQ0MTFiLzEvV2ZJUUIwLXZuSHg4V0RzZ2pFN3hsU2tmUjR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xZDVlZTEtYWNjZi00NzRmLWE1ODktY2QxZmE0ODQ0MTFi
LzEvdUdudVpoWk5QTFFkdlMzMVFYZ1h3eTlNNmdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuRNcAwQC
uTscAwQCuXLAMA0GCSqGSIb3DQEBCwUAA4IBAQC9ZDszQxpXqOOj1x07fp1TyFIQ
UlkFwMgahUSKWN72RBInV1UKECenvpeHWU0eBSFJlWsiG25VaTRUGYbLlB9TiMOz
D3iffvXMkSDPqI2d1x1BHQmfRkRiJ/1UWXS4Dhankspa9x/7qaQ108eCym2jMYIF
Vlpl/ihHNUR+sTWWkNfc+EwsYZnSmXjUhcw24iObCc5SnsszKBiwT1G3FFYWCeoH
ZGTbmkWOaDIrzobluuXLxiEiIf0EOJjeeAuHKfaqFPugd4IMnBgdtSvFdyYGCJUI
usVTCOcW+0nJtopexOQ5837bflwdVmG6C7+w7m+VI3k1AjBQG5Wyzig/mgAI
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:29:11 2024 by rpki-client on console-ams.rpki-client.org