Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/wJBHcdCpRcObgq_EjIl4I6B63Qw.roa
File:                     wJBHcdCpRcObgq_EjIl4I6B63Qw.roa (raw, json)
Hash identifier:          poBwdpRjCZF50xsRHeW2SsjNtcSKszkD6W2XOyH3Qq4=
Subject key identifier:   C0:90:47:71:D0:A9:45:C3:9B:82:AF:C4:8C:89:78:23:A0:7A:DD:0C
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348ABCA0F6C76F632D09DD707B705CC
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/wJBHcdCpRcObgq_EjIl4I6B63Qw.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210594
IP address blocks:        95.183.206.0/24 maxlen: 24
                          95.183.206.0/23 maxlen: 23
                          95.183.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ab:ca:0f:6c:76:f6:32:d0:9d:d7:07:b7:05:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0904771d0a945c39b82afc48c897823a07add0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ee:64:3f:22:be:cc:fd:eb:aa:1f:91:03:70:
                    3a:f6:17:ae:fb:ce:8a:62:4c:88:f7:9f:59:6c:07:
                    6a:18:85:c4:48:b7:e6:5c:cb:45:ef:25:8a:33:cb:
                    8b:69:8c:d3:ec:dd:9e:0f:68:16:84:68:92:ef:17:
                    53:92:90:f8:1e:0a:9d:33:42:28:9e:85:5a:06:49:
                    6f:3d:ce:d6:26:f0:22:5f:ca:0c:39:ca:ea:6e:72:
                    5d:ad:d2:a3:43:d3:25:11:02:31:b6:5e:8c:a3:38:
                    f6:e0:e7:a4:6c:a0:36:ad:c7:ca:37:77:4f:4a:69:
                    e2:8f:67:e9:53:0b:7d:5d:2f:a5:00:cb:b3:75:99:
                    f4:8b:a7:0f:8d:71:63:80:f5:16:ca:9c:48:9f:92:
                    21:81:29:03:f5:24:ac:f6:c9:e7:26:ff:23:7e:6b:
                    10:8b:57:7c:ba:f4:4b:f1:2d:87:8c:69:c0:1b:f9:
                    0d:85:2e:3a:eb:18:7d:dd:a6:51:61:52:65:65:35:
                    57:8f:1a:dd:10:25:e7:cf:7c:37:d1:da:26:b7:47:
                    ff:7b:d6:ee:b0:76:6c:d7:34:0a:d3:56:51:46:a8:
                    30:fe:e6:12:a0:f4:bb:58:55:75:cc:62:1d:60:ef:
                    1e:49:df:d9:ed:c3:83:4d:dc:5c:c2:75:2f:c1:49:
                    54:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:90:47:71:D0:A9:45:C3:9B:82:AF:C4:8C:89:78:23:A0:7A:DD:0C
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/wJBHcdCpRcObgq_EjIl4I6B63Qw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.183.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:95:ba:9c:58:ef:a4:b2:b8:a3:0f:30:07:db:1c:29:b5:21:
         f4:ba:57:32:17:ad:a3:4c:88:cd:e5:93:be:6f:17:06:c0:1e:
         be:ab:e5:d1:6c:53:09:4c:9e:f8:72:f3:3b:cb:f0:a3:08:e4:
         69:a8:da:20:8b:20:77:2c:74:3d:dc:b4:c2:2f:40:ee:a3:84:
         cc:4d:f4:19:1d:5f:22:6e:0e:2d:a7:b3:b7:54:77:b2:bb:45:
         34:07:5e:a6:e9:f2:c5:a5:39:3b:37:30:6e:59:56:95:0f:63:
         9f:aa:4e:17:36:5c:da:d8:e7:24:d7:78:c8:2f:84:49:2e:88:
         04:6d:f5:c9:1d:06:2c:17:8e:4b:ec:4a:2f:55:09:0b:29:67:
         e5:c7:a6:86:ed:40:4a:d2:54:16:0b:90:21:df:e9:f8:c4:81:
         aa:7f:9a:45:61:f6:e2:44:b7:bd:75:8a:de:4d:86:d5:48:46:
         a2:07:75:c9:88:b5:55:f8:65:64:2d:50:8e:35:f0:14:7c:39:
         eb:f9:8d:71:03:2e:45:24:fb:1f:c2:eb:12:bc:7b:6f:73:d7:
         1b:e0:23:67:9e:d5:c0:e9:4a:9c:fc:c7:49:5d:61:3d:4a:30:
         80:75:16:c2:50:b0:50:25:1c:fd:28:94:5c:11:a8:99:50:73:
         d2:ec:18:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKvKD2x29jLQndcHtwXMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDkwNDc3MWQwYTk0NWMzOWI4MmFmYzQ4Yzg5NzgyM2EwN2FkZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO5kPyK+zP3rqh+RA3A69heu+86K
YkyI959ZbAdqGIXESLfmXMtF7yWKM8uLaYzT7N2eD2gWhGiS7xdTkpD4HgqdM0Io
noVaBklvPc7WJvAiX8oMOcrqbnJdrdKjQ9MlEQIxtl6Mozj24OekbKA2rcfKN3dP
Smnij2fpUwt9XS+lAMuzdZn0i6cPjXFjgPUWypxIn5IhgSkD9SSs9snnJv8jfmsQ
i1d8uvRL8S2HjGnAG/kNhS466xh93aZRYVJlZTVXjxrdECXnz3w30domt0f/e9bu
sHZs1zQK01ZRRqgw/uYSoPS7WFV1zGIdYO8eSd/Z7cODTdxcwnUvwUlUOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCQR3HQqUXDm4KvxIyJeCOget0MMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvd0pCSGNkQ3BSY09iZ3FfRWpJbDRJNkI2M1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX7fOMA0G
CSqGSIb3DQEBCwUAA4IBAQADlbqcWO+ksrijDzAH2xwptSH0ulcyF62jTIjN5ZO+
bxcGwB6+q+XRbFMJTJ74cvM7y/CjCORpqNogiyB3LHQ93LTCL0Duo4TMTfQZHV8i
bg4tp7O3VHeyu0U0B16m6fLFpTk7NzBuWVaVD2Ofqk4XNlza2Ock13jIL4RJLogE
bfXJHQYsF45L7EovVQkLKWflx6aG7UBK0lQWC5Ah3+n4xIGqf5pFYfbiRLe9dYre
TYbVSEaiB3XJiLVV+GVkLVCONfAUfDnr+Y1xAy5FJPsfwusSvHtvc9cb4CNnntXA
6Uqc/MdJXWE9SjCAdRbCULBQJRz9KJRcEaiZUHPS7BhV
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:55:19 2024 by rpki-client on console-ams.rpki-client.org