Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/wFNgIS4CIN10Qr9ru59SFhTzw5E.roa
File:                     wFNgIS4CIN10Qr9ru59SFhTzw5E.roa (raw, json)
Hash identifier:          D/tIzyfvRQOytNT6WwB/ijA+Z+DbAvuF7aOWfUR3JwE=
Subject key identifier:   C0:53:60:21:2E:02:20:DD:74:42:BF:6B:BB:9F:52:16:14:F3:C3:91
Certificate issuer:       /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial:       018CC6B7817E87F37A274434312ECCB81823
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/wFNgIS4CIN10Qr9ru59SFhTzw5E.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58653
IP address blocks:        192.157.15.0/24 maxlen: 24
                          192.157.14.0/24 maxlen: 24
                          153.112.224.0/22 maxlen: 22
                          153.112.228.0/22 maxlen: 22
                          193.53.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:81:7e:87:f3:7a:27:44:34:31:2e:cc:b8:18:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c05360212e0220dd7442bf6bbb9f521614f3c391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d3:05:a6:f8:13:c0:25:70:fd:97:ab:d4:8f:
                    7a:51:79:54:65:a2:6a:25:4d:6f:bb:36:3c:cb:ba:
                    bf:f1:57:0a:4d:48:f8:8b:61:dd:b4:ab:53:38:00:
                    0b:5b:62:88:b5:56:02:09:3c:6c:af:f8:79:f8:30:
                    57:fb:35:58:8f:df:fd:8b:9e:1e:87:31:86:ee:7f:
                    71:1f:7a:41:66:d1:6c:d1:62:8a:d7:2d:df:60:99:
                    53:76:a1:ac:94:69:04:b7:11:3d:b8:a7:1e:20:ff:
                    97:7e:bb:37:14:43:2c:9c:7e:21:49:c0:cf:ac:61:
                    bd:82:69:e9:e0:fd:b3:6d:b4:d8:f5:51:22:de:e2:
                    af:60:42:e8:7d:16:92:6d:f0:c9:76:1b:21:18:58:
                    85:67:9f:b2:60:56:4f:3d:6c:15:2a:6f:2d:b5:d8:
                    93:5d:10:06:be:2d:de:43:dc:bf:97:d9:bf:70:e1:
                    f1:06:02:4a:06:08:d2:70:91:c8:db:cb:18:fb:51:
                    80:ba:3e:6b:38:1a:c4:93:b3:56:b8:45:01:88:61:
                    52:68:60:c6:26:55:c2:1e:73:e4:5c:b2:29:2e:1d:
                    d7:94:25:f4:71:9d:d3:fe:f5:6a:d5:88:4c:da:5a:
                    36:31:a3:e0:52:a9:b3:f1:7f:76:29:1c:ec:5f:49:
                    80:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:53:60:21:2E:02:20:DD:74:42:BF:6B:BB:9F:52:16:14:F3:C3:91
            X509v3 Authority Key Identifier:
                keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/wFNgIS4CIN10Qr9ru59SFhTzw5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.112.224.0/21
                  192.157.14.0/23
                  193.53.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:15:ca:82:15:ae:ef:5c:1f:ac:39:f9:bc:6f:86:03:af:d2:
         d6:87:35:e6:f2:87:0d:35:95:16:f3:45:22:96:ab:f0:15:4f:
         61:c6:58:6c:74:74:aa:bc:7d:bf:e9:99:6c:2b:4b:cf:3c:c4:
         92:37:9c:23:73:91:e8:c8:ce:38:f7:06:30:56:0b:04:45:f4:
         d3:5b:00:64:d4:d2:5d:d5:59:44:88:82:4f:3a:39:10:f4:86:
         31:35:cd:19:5f:3d:0b:24:04:b3:bd:69:68:5c:b9:41:08:af:
         7b:94:4e:47:40:3c:fc:af:82:d0:5c:21:58:61:b2:b2:7b:f2:
         99:3b:fc:9b:a0:95:e8:a7:54:1d:89:51:f7:b5:7a:3c:19:b0:
         57:14:6a:de:72:09:1b:1b:a5:62:0a:9f:dd:d5:86:54:7f:07:
         da:28:ed:6d:de:dc:ac:82:2d:fa:86:b4:f4:9c:d5:20:91:7a:
         00:e2:50:e6:8e:ba:25:06:83:8b:1d:83:61:85:6f:e1:2a:ca:
         58:b3:f7:23:e7:7e:4d:e0:92:8d:e1:e7:81:ba:d4:41:fe:5a:
         b9:26:2c:56:f4:1f:6f:5b:b6:90:cd:97:8c:50:40:4e:33:bc:
         54:58:27:80:ac:b4:17:c4:73:fc:de:5e:3b:b2:cb:67:b7:ec:
         b7:65:7c:02
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGt4F+h/N6J0Q0MS7MuBgjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDUzNjAyMTJlMDIyMGRkNzQ0MmJmNmJiYjlmNTIxNjE0ZjNjMzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtMFpvgTwCVw/Zer1I96UXlUZaJq
JU1vuzY8y7q/8VcKTUj4i2HdtKtTOAALW2KItVYCCTxsr/h5+DBX+zVYj9/9i54e
hzGG7n9xH3pBZtFs0WKK1y3fYJlTdqGslGkEtxE9uKceIP+Xfrs3FEMsnH4hScDP
rGG9gmnp4P2zbbTY9VEi3uKvYELofRaSbfDJdhshGFiFZ5+yYFZPPWwVKm8ttdiT
XRAGvi3eQ9y/l9m/cOHxBgJKBgjScJHI28sY+1GAuj5rOBrEk7NWuEUBiGFSaGDG
JlXCHnPkXLIpLh3XlCX0cZ3T/vVq1YhM2lo2MaPgUqmz8X92KRzsX0mA5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMBTYCEuAiDddEK/a7ufUhYU88ORMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvd0ZOZ0lTNENJTjEwUXI5cnU1OVNGaFR6dzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDmXDgAwQB
wJ0OAwQAwTUdMA0GCSqGSIb3DQEBCwUAA4IBAQBaFcqCFa7vXB+sOfm8b4YDr9LW
hzXm8ocNNZUW80UilqvwFU9hxlhsdHSqvH2/6ZlsK0vPPMSSN5wjc5HoyM449wYw
VgsERfTTWwBk1NJd1VlEiIJPOjkQ9IYxNc0ZXz0LJASzvWloXLlBCK97lE5HQDz8
r4LQXCFYYbKye/KZO/yboJXop1QdiVH3tXo8GbBXFGrecgkbG6ViCp/d1YZUfwfa
KO1t3tysgi36hrT0nNUgkXoA4lDmjrolBoOLHYNhhW/hKspYs/cj535N4JKN4eeB
utRB/lq5JixW9B9vW7aQzZeMUEBOM7xUWCeArLQXxHP83l47sstnt+y3ZXwC
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:25:24 2024 by rpki-client on console-ams.rpki-client.org